From 1a00eb194d7e52540b520daacffd1dc7cd678a2e Mon Sep 17 00:00:00 2001 From: golem9247 Date: Mon, 21 Oct 2024 11:36:15 +0200 Subject: [PATCH 1/2] fix null byte truncation in __place_input_wrapper when using input_bytes.value, the input buffer will be truncated to the first null bytes encountered. a initial seed such as : b"\x04\x08\x00\x66" will be b"\x04\x08" --- qiling/extensions/afl/afl.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qiling/extensions/afl/afl.py b/qiling/extensions/afl/afl.py index 90dd7b8af..c573145b0 100644 --- a/qiling/extensions/afl/afl.py +++ b/qiling/extensions/afl/afl.py @@ -94,7 +94,7 @@ def ql_afl_fuzz_custom(ql: Qiling, persistent_iters: int = 1): def __place_input_wrapper(uc: Uc, input_bytes: Array[c_char], iters: int, context: Any) -> bool: - return place_input_callback(ql, input_bytes.value, iters) + return place_input_callback(ql, bytes(input_bytes), iters) def __validate_crash_wrapper(uc: Uc, result: int, input_bytes: bytes, iters: int, context: Any) -> bool: return validate_crash_callback(ql, result, input_bytes, iters) From 2a7d8f9a2497c58287a662d5ef32e378caa7bd95 Mon Sep 17 00:00:00 2001 From: golem9247 Date: Wed, 23 Oct 2024 16:52:34 +0200 Subject: [PATCH 2/2] __place_input_wrapper : use input_bytes.raw instead of inputs_bytes.value to prevent null byte truncation --- qiling/extensions/afl/afl.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qiling/extensions/afl/afl.py b/qiling/extensions/afl/afl.py index c573145b0..4aef943ee 100644 --- a/qiling/extensions/afl/afl.py +++ b/qiling/extensions/afl/afl.py @@ -94,7 +94,7 @@ def ql_afl_fuzz_custom(ql: Qiling, persistent_iters: int = 1): def __place_input_wrapper(uc: Uc, input_bytes: Array[c_char], iters: int, context: Any) -> bool: - return place_input_callback(ql, bytes(input_bytes), iters) + return place_input_callback(ql, input_bytes.raw, iters) def __validate_crash_wrapper(uc: Uc, result: int, input_bytes: bytes, iters: int, context: Any) -> bool: return validate_crash_callback(ql, result, input_bytes, iters)