From e6d926265974186ebbbd4e92ed1fcaa4c07cc50c Mon Sep 17 00:00:00 2001
From: Huyou <huyou36@126.com>
Date: Thu, 22 Oct 2020 19:05:50 +0800
Subject: [PATCH] modify vuln5

---
 fuzzer/Fuzzer.java | 35 ++++++++++++++++++++++++-----------
 src/vuln-5/dc.c    | 10 ++++++++--
 2 files changed, 32 insertions(+), 13 deletions(-)

diff --git a/fuzzer/Fuzzer.java b/fuzzer/Fuzzer.java
index abdce16..55658e7 100644
--- a/fuzzer/Fuzzer.java
+++ b/fuzzer/Fuzzer.java
@@ -8,10 +8,7 @@ public class Fuzzer {
 
 	private static final String OUTPUT_FILE = "fuzz.txt";
 	private static Instruction[] INSTRUCTIONS = Instruction.values();
-	private static PrintWriter pw = null;
-
-//    private static final int TOTAL_STRATEGY = 30;
-//    private static final int RANDOM_SEED = 10;
+	private static PrintWriter pw  = null;
 	private static final int MAX_LINE_LENGTH = 1022;
 	private static final int MAX_INSTRUCTIONS = 1024;
 
@@ -30,16 +27,25 @@ public class Fuzzer {
 				String outputString = instruction.getOpcode();
 				if (instruction.equals(Instruction.PUSH) || instruction.equals(Instruction.LOAD)
 						|| instruction.equals(Instruction.REM) || instruction.equals(Instruction.STORE)) {
-					outputString += " ";
-					outputString += getRandomName(getRandomInt(0, MAX_LINE_LENGTH - outputString.length() - 1));
+					double spaceType = Math.random();
+					if(spaceType > 0.8){
+						outputString += "\t";
+					}else{
+						outputString += " ";
+					}
+					outputString += getRandomName(getRandomInt(0, MAX_LINE_LENGTH - outputString.length() - 1), false);
 				} else if (instruction.equals(Instruction.SAVE)) {
-					outputString += " ";
-					outputString += getRandomName(getRandomInt(0, MAX_LINE_LENGTH - outputString.length() - 5));
+					double spaceType = Math.random();
+					if(spaceType > 0.8){
+						outputString += "\t";
+					}else{
+						outputString += " ";
+					}
+					outputString += getRandomName(getRandomInt(0, MAX_LINE_LENGTH - outputString.length() - 5), true);
 					outputString += ".txt";
 				}
 				pw.println(outputString);
 			}
-
 		} catch (Exception e) {
 			e.printStackTrace(System.err);
 			System.exit(1);
@@ -60,11 +66,12 @@ public class Fuzzer {
 		return INSTRUCTIONS[index];
 	}
 
-	public static String getRandomName(int maxLenth) {
+	public static String getRandomName(int maxLenth, boolean isSAVE) {
 		StringBuffer stringBuffer = new StringBuffer();
 		int stringType = getRandomInt(0, 3);
 		switch (stringType) {
 		case 0:
+		//Mix arguments
 			for (int i = 0; i < maxLenth; i++) {
 				int charType = getRandomInt(0, 3);
 				long asci = 0;
@@ -89,7 +96,6 @@ public class Fuzzer {
 					stringBuffer.append(String.valueOf((char) asci));
 					break;
 				}
-
 			}
 			break;
 		case 1:
@@ -104,8 +110,15 @@ public class Fuzzer {
 			}
 			break;
 		case 2:
+			boolean isFloat = false;
 			for (int i = 0; i < maxLenth; i++) {
+				if(Math.random()>0.970 && !isFloat && !isSAVE)
+				{
+					stringBuffer.append(".");
+					isFloat = true;
+				}
 				stringBuffer.append(String.valueOf(getRandomInt(0, 9)));
+				
 			}
 			break;
 		case 3:
diff --git a/src/vuln-5/dc.c b/src/vuln-5/dc.c
index 129aadb..dd00dcd 100644
--- a/src/vuln-5/dc.c
+++ b/src/vuln-5/dc.c
@@ -75,8 +75,14 @@ static node_t *node_new(const char *varname, const value_t value){
   //new->varname = strdup(varname);
 
   /*---- vuln-5 ----*/
-  new->varname = (char *)malloc(1013 * sizeof(char));
-  strcpy(new->varname, varname);
+  char varname_copy[1015] = {};
+
+  unsigned int count = 0;
+  while (varname[count] != '\0') {
+	  varname_copy[count] = varname[count++];
+  }
+
+  new->varname = strdup(varname_copy);
 
   assert(new->varname != NULL && "new: strdup varname failed");
   new->value = value;
-- 
GitLab