diff options
| author | Dominik Maier <domenukk@gmail.com> | 2020-03-10 22:04:05 +0100 |
|---|---|---|
| committer | Dominik Maier <domenukk@gmail.com> | 2020-03-10 22:04:05 +0100 |
| commit | cc1d6b33b1524d52b21a6e9794ee6b0d6a2a9d50 (patch) | |
| tree | 717c62b52076b37cb9d4e4efc9f33cf09dea723b | |
| parent | 2832cb643d90ff6bad7a6ba4ff139988f10b171a (diff) | |
| download | afl++-cc1d6b33b1524d52b21a6e9794ee6b0d6a2a9d50.tar.gz | |
unified pointer placement
46 files changed, 1040 insertions, 1043 deletions
diff --git a/.clang-format b/.clang-format index ef4cb190..dcf2a476 100644 --- a/.clang-format +++ b/.clang-format @@ -52,7 +52,7 @@ ConstructorInitializerAllOnOneLineOrOnePerLine: true ConstructorInitializerIndentWidth: 4 ContinuationIndentWidth: 4 Cpp11BracedListStyle: true -DerivePointerAlignment: true +DerivePointerAlignment: false DisableFormat: false ExperimentalAutoDetectBinPacking: false FixNamespaceComments: true diff --git a/examples/argv_fuzzing/argv-fuzz-inl.h b/examples/argv_fuzzing/argv-fuzz-inl.h index c595f7ea..c15c0271 100644 --- a/examples/argv_fuzzing/argv-fuzz-inl.h +++ b/examples/argv_fuzzing/argv-fuzz-inl.h @@ -55,12 +55,12 @@ #define MAX_CMDLINE_LEN 100000 #define MAX_CMDLINE_PAR 50000 -static char** afl_init_argv(int* argc) { +static char **afl_init_argv(int *argc) { static char in_buf[MAX_CMDLINE_LEN]; - static char* ret[MAX_CMDLINE_PAR]; + static char *ret[MAX_CMDLINE_PAR]; - char* ptr = in_buf; + char *ptr = in_buf; int rc = 0; if (read(0, in_buf, MAX_CMDLINE_LEN - 2) < 0) {} diff --git a/examples/persistent_demo/persistent_demo.c b/examples/persistent_demo/persistent_demo.c index 7d8638fb..36f12850 100644 --- a/examples/persistent_demo/persistent_demo.c +++ b/examples/persistent_demo/persistent_demo.c @@ -30,7 +30,7 @@ /* Main entry point. */ -int main(int argc, char** argv) { +int main(int argc, char **argv) { ssize_t len; /* how much input did we read? */ char buf[100]; /* Example-only buffer, you'd replace it with other global or diff --git a/examples/post_library/post_library.so.c b/examples/post_library/post_library.so.c index 487b9a6d..a38652ce 100644 --- a/examples/post_library/post_library.so.c +++ b/examples/post_library/post_library.so.c @@ -76,11 +76,11 @@ /* The actual postprocessor routine called by afl-fuzz: */ -const unsigned char* afl_postprocess(const unsigned char* in_buf, - unsigned int* len) { +const unsigned char *afl_postprocess(const unsigned char *in_buf, + unsigned int *len) { - static unsigned char* saved_buf; - unsigned char* new_buf; + static unsigned char *saved_buf; + unsigned char *new_buf; /* Skip execution altogether for buffers shorter than 6 bytes (just to show how it's done). We can trust *len to be sane. */ diff --git a/examples/post_library/post_library_png.so.c b/examples/post_library/post_library_png.so.c index 43cb1101..60ab318f 100644 --- a/examples/post_library/post_library_png.so.c +++ b/examples/post_library/post_library_png.so.c @@ -35,13 +35,13 @@ #define UP4K(_i) ((((_i) >> 12) + 1) << 12) -const unsigned char* afl_postprocess(const unsigned char* in_buf, - unsigned int* len) { +const unsigned char *afl_postprocess(const unsigned char *in_buf, + unsigned int * len) { - static unsigned char* saved_buf; + static unsigned char *saved_buf; static unsigned int saved_len; - unsigned char* new_buf = (unsigned char*)in_buf; + unsigned char *new_buf = (unsigned char *)in_buf; unsigned int pos = 8; /* Don't do anything if there's not enough room for the PNG header @@ -58,7 +58,7 @@ const unsigned char* afl_postprocess(const unsigned char* in_buf, /* Chunk length is the first big-endian dword in the chunk. */ - chunk_len = ntohl(*(uint32_t*)(in_buf + pos)); + chunk_len = ntohl(*(uint32_t *)(in_buf + pos)); /* Bail out if chunk size is too big or goes past EOF. */ @@ -71,7 +71,7 @@ const unsigned char* afl_postprocess(const unsigned char* in_buf, /* The in-file checksum is the last dword past the chunk data. */ - file_cksum = *(uint32_t*)(in_buf + pos + 8 + chunk_len); + file_cksum = *(uint32_t *)(in_buf + pos + 8 + chunk_len); /* If the checksums do not match, we need to fix the file. */ @@ -98,7 +98,7 @@ const unsigned char* afl_postprocess(const unsigned char* in_buf, } - *(uint32_t*)(new_buf + pos + 8 + chunk_len) = real_cksum; + *(uint32_t *)(new_buf + pos + 8 + chunk_len) = real_cksum; } diff --git a/examples/qemu_persistent_hook/read_into_rdi.c b/examples/qemu_persistent_hook/read_into_rdi.c index 3994e790..43f1758f 100644 --- a/examples/qemu_persistent_hook/read_into_rdi.c +++ b/examples/qemu_persistent_hook/read_into_rdi.c @@ -2,7 +2,7 @@ #include <stdio.h> #include <unistd.h> -#define g2h(x) ((void*)((unsigned long)(x) + guest_base)) +#define g2h(x) ((void *)((unsigned long)(x) + guest_base)) #define h2g(x) ((uint64_t)(x)-guest_base) enum { @@ -35,7 +35,7 @@ enum { }; -void afl_persistent_hook(uint64_t* regs, uint64_t guest_base) { +void afl_persistent_hook(uint64_t *regs, uint64_t guest_base) { // In this example the register RDI is pointing to the memory location // of the target buffer, and the length of the input is in RAX. diff --git a/gcc_plugin/afl-gcc-fast.c b/gcc_plugin/afl-gcc-fast.c index 8de92cbc..247adabc 100644 --- a/gcc_plugin/afl-gcc-fast.c +++ b/gcc_plugin/afl-gcc-fast.c @@ -37,17 +37,17 @@ #include <stdlib.h> #include <string.h> -static u8* obj_path; /* Path to runtime libraries */ -static u8** cc_params; /* Parameters passed to the real CC */ +static u8 *obj_path; /* Path to runtime libraries */ +static u8 **cc_params; /* Parameters passed to the real CC */ static u32 cc_par_cnt = 1; /* Param count, including argv0 */ u8 use_stdin = 0; /* dummy */ u8 be_quiet; /* Try to find the runtime libraries. If that fails, abort. */ -static void find_obj(u8* argv0) { +static void find_obj(u8 *argv0) { - u8* afl_path = getenv("AFL_PATH"); + u8 *afl_path = getenv("AFL_PATH"); u8 *slash, *tmp; if (afl_path) { @@ -70,7 +70,7 @@ static void find_obj(u8* argv0) { if (slash) { - u8* dir; + u8 *dir; *slash = 0; dir = ck_strdup(argv0); @@ -106,12 +106,12 @@ static void find_obj(u8* argv0) { /* Copy argv to cc_params, making the necessary edits. */ -static void edit_params(u32 argc, char** argv) { +static void edit_params(u32 argc, char **argv) { u8 fortify_set = 0, asan_set = 0, x_set = 0, maybe_linking = 1; - u8* name; + u8 *name; - cc_params = ck_alloc((argc + 128) * sizeof(u8*)); + cc_params = ck_alloc((argc + 128) * sizeof(u8 *)); name = strrchr(argv[0], '/'); if (!name) @@ -121,17 +121,17 @@ static void edit_params(u32 argc, char** argv) { if (!strcmp(name, "afl-g++-fast")) { - u8* alt_cxx = getenv("AFL_CXX"); - cc_params[0] = alt_cxx ? alt_cxx : (u8*)AFL_GCC_CXX; + u8 *alt_cxx = getenv("AFL_CXX"); + cc_params[0] = alt_cxx ? alt_cxx : (u8 *)AFL_GCC_CXX; } else { - u8* alt_cc = getenv("AFL_CC"); - cc_params[0] = alt_cc ? alt_cc : (u8*)AFL_GCC_CC; + u8 *alt_cc = getenv("AFL_CC"); + cc_params[0] = alt_cc ? alt_cc : (u8 *)AFL_GCC_CC; } - char* fplugin_arg = alloc_printf("-fplugin=%s/afl-gcc-pass.so", obj_path); + char *fplugin_arg = alloc_printf("-fplugin=%s/afl-gcc-pass.so", obj_path); cc_params[cc_par_cnt++] = fplugin_arg; /* Detect stray -v calls from ./configure scripts. */ @@ -140,7 +140,7 @@ static void edit_params(u32 argc, char** argv) { while (--argc) { - u8* cur = *(++argv); + u8 *cur = *(++argv); #if defined(__x86_64__) if (!strcmp(cur, "-m32")) FATAL("-m32 is not supported"); @@ -297,7 +297,7 @@ static void edit_params(u32 argc, char** argv) { /* Main entry point */ -int main(int argc, char** argv, char** envp) { +int main(int argc, char **argv, char **envp) { if (argc < 2 || strcmp(argv[1], "-h") == 0) { @@ -378,7 +378,7 @@ int main(int argc, char** argv, char** envp) { } */ - execvp(cc_params[0], (char**)cc_params); + execvp(cc_params[0], (char **)cc_params); FATAL("Oops, failed to execute '%s' - check your PATH", cc_params[0]); diff --git a/gcc_plugin/afl-gcc-rt.o.c b/gcc_plugin/afl-gcc-rt.o.c index 77bb5325..1cdcfc67 100644 --- a/gcc_plugin/afl-gcc-rt.o.c +++ b/gcc_plugin/afl-gcc-rt.o.c @@ -86,7 +86,7 @@ static void __afl_map_shm(void) { if (id_str) { #ifdef USEMMAP - const char * shm_file_path = id_str; + const char *shm_file_path = id_str; int shm_fd = -1; unsigned char *shm_base = NULL; diff --git a/include/afl-as.h b/include/afl-as.h index 20830a67..7fc00ffe 100644 --- a/include/afl-as.h +++ b/include/afl-as.h @@ -108,7 +108,7 @@ */ -static const u8* trampoline_fmt_32 = +static const u8 *trampoline_fmt_32 = "\n" "/* --- AFL TRAMPOLINE (32-BIT) --- */\n" @@ -131,7 +131,7 @@ static const u8* trampoline_fmt_32 = "/* --- END --- */\n" "\n"; -static const u8* trampoline_fmt_64 = +static const u8 *trampoline_fmt_64 = "\n" "/* --- AFL TRAMPOLINE (64-BIT) --- */\n" @@ -152,7 +152,7 @@ static const u8* trampoline_fmt_64 = "/* --- END --- */\n" "\n"; -static const u8* main_payload_32 = +static const u8*main_payload_32 = "\n" "/* --- AFL MAIN PAYLOAD (32-BIT) --- */\n" diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index a28608ce..805d0084 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -115,7 +115,7 @@ extern s32 struct queue_entry { - u8* fname; /* File name for the test case */ + u8 *fname; /* File name for the test case */ u32 len; /* Input length */ u8 cal_failed, /* Calibration failed? */ @@ -137,7 +137,7 @@ struct queue_entry { n_fuzz, /* Number of fuzz, does not overflow */ depth; /* Path depth */ - u8* trace_mini; /* Trace bytes, if kept */ + u8 *trace_mini; /* Trace bytes, if kept */ u32 tc_ref; /* Trace bytes ref count */ struct queue_entry *next, /* Next element, if any */ @@ -147,7 +147,7 @@ struct queue_entry { struct extra_data { - u8* data; /* Dictionary token data */ + u8 *data; /* Dictionary token data */ u32 len; /* Dictionary token length */ u32 hit_cnt; /* Use count in the corpus */ @@ -234,7 +234,7 @@ enum { }; -extern u8* doc_path; /* gath to documentation dir */ +extern u8 *doc_path; /* gath to documentation dir */ /* Python stuff */ #ifdef USE_PYTHON @@ -284,22 +284,22 @@ enum { typedef struct MOpt_globals { - u64* finds; - u64* finds_v2; - u64* cycles; - u64* cycles_v2; - u64* cycles_v3; - u32 is_pilot_mode; - u64* pTime; - u64 period; - char* havoc_stagename; - char* splice_stageformat; - char* havoc_stagenameshort; - char* splice_stagenameshort; + u64 *finds; + u64 *finds_v2; + u64 *cycles; + u64 *cycles_v2; + u64 *cycles_v3; + u32 is_pilot_mode; + u64 *pTime; + u64 period; + char *havoc_stagename; + char *splice_stageformat; + char *havoc_stagenameshort; + char *splice_stagenameshort; } MOpt_globals_t; -extern char* power_names[POWER_SCHEDULES_NUM]; +extern char *power_names[POWER_SCHEDULES_NUM]; typedef struct afl_state { @@ -309,7 +309,7 @@ typedef struct afl_state { afl_forkserver_t fsrv; sharedmem_t shm; - char** argv; /* argv if needed */ + char **argv; /* argv if needed */ /* MOpt: Lots of globals, but mostly for the status UI and other things where it @@ -378,7 +378,7 @@ typedef struct afl_state { u8 havoc_max_mult; u8 use_radamsa; - size_t (*radamsa_mutate_ptr)(u8*, size_t, u8*, size_t, u32); + size_t (*radamsa_mutate_ptr)(u8 *, size_t, u8 *, size_t, u32); u8 skip_deterministic, /* Skip deterministic stages? */ force_deterministic, /* Force deterministic stages? */ @@ -503,23 +503,23 @@ typedef struct afl_state { *queue_top, /* Top of the list */ *q_prev100; /* Previous 100 marker */ - struct queue_entry* top_rated[MAP_SIZE]; /* Top entries for bitmap bytes */ + struct queue_entry *top_rated[MAP_SIZE]; /* Top entries for bitmap bytes */ - struct extra_data* extras; /* Extra tokens to fuzz with */ + struct extra_data *extras; /* Extra tokens to fuzz with */ u32 extras_cnt; /* Total number of tokens read */ - struct extra_data* a_extras; /* Automatically selected extras */ + struct extra_data *a_extras; /* Automatically selected extras */ u32 a_extras_cnt; /* Total number of tokens available */ - u8* (*post_handler)(u8* buf, u32* len); + u8 *(*post_handler)(u8 *buf, u32 *len); /* CmpLog */ - char* cmplog_binary; + char *cmplog_binary; s32 cmplog_child_pid, cmplog_fsrv_pid; /* Custom mutators */ - struct custom_mutator* mutator; + struct custom_mutator *mutator; /* cmplog forkserver ids */ s32 cmplog_fsrv_ctl_fd, cmplog_fsrv_st_fd; @@ -529,8 +529,8 @@ typedef struct afl_state { #ifdef USE_PYTHON /* Python Mutators */ - PyObject* py_module; - PyObject* py_functions[PY_FUNC_COUNT]; + PyObject *py_module; + PyObject *py_functions[PY_FUNC_COUNT]; #endif #ifdef _AFL_DOCUMENT_MUTATIONS @@ -547,8 +547,8 @@ extern list_t afl_states; struct custom_mutator { - const char* name; - void* dh; + const char *name; + void *dh; /* hooks for the custom mutator function */ @@ -559,7 +559,7 @@ struct custom_mutator { * * @param seed Seed used for the mutation. */ - void (*afl_custom_init)(afl_state_t* afl, unsigned int seed); + void (*afl_custom_init)(afl_state_t *afl, unsigned int seed); /** * Perform custom mutations on a given input @@ -575,8 +575,8 @@ struct custom_mutator { * not produce data larger than max_size. * @return Size of the mutated output. */ - size_t (*afl_custom_fuzz)(afl_state_t* afl, u8** buf, size_t buf_size, - u8* add_buf, size_t add_buf_size, size_t max_size); + size_t (*afl_custom_fuzz)(afl_state_t *afl, u8 **buf, size_t buf_size, + u8 *add_buf, size_t add_buf_size, size_t max_size); /** * A post-processing function to use right before AFL writes the test case to @@ -592,8 +592,8 @@ struct custom_mutator { * will release the memory after saving the test case. * @return Size of the output buffer after processing */ - size_t (*afl_custom_pre_save)(afl_state_t* afl, u8* buf, size_t buf_size, - u8** out_buf); + size_t (*afl_custom_pre_save)(afl_state_t *afl, u8 *buf, size_t buf_size, + u8 **out_buf); /** * This method is called at the start of each trimming operation and receives @@ -615,7 +615,7 @@ struct custom_mutator { * @param buf_size Size of the test case * @return The amount of possible iteration steps to trim the input */ - u32 (*afl_custom_init_trim)(afl_state_t* afl, u8* buf, size_t buf_size); + u32 (*afl_custom_init_trim)(afl_state_t *afl, u8 *buf, size_t buf_size); /** * This method is called for each trimming operation. It doesn't have any @@ -633,7 +633,7 @@ struct custom_mutator { * the memory after saving the test case. * @param[out] out_buf_size Pointer to the size of the trimmed test case */ - void (*afl_custom_trim)(afl_state_t* afl, u8** out_buf, size_t* out_buf_size); + void (*afl_custom_trim)(afl_state_t *afl, u8 **out_buf, size_t *out_buf_size); /** * This method is called after each trim operation to inform you if your @@ -646,7 +646,7 @@ struct custom_mutator { * @return The next trim iteration index (from 0 to the maximum amount of * steps returned in init_trim) */ - u32 (*afl_custom_post_trim)(afl_state_t* afl, u8 success); + u32 (*afl_custom_post_trim)(afl_state_t *afl, u8 success); /** * Perform a single custom mutation on a given input. @@ -661,7 +661,7 @@ struct custom_mutator { * not produce data larger than max_size. * @return Size of the mutated output. */ - size_t (*afl_custom_havoc_mutation)(afl_state_t* afl, u8** buf, + size_t (*afl_custom_havoc_mutation)(afl_state_t *afl, u8 **buf, size_t buf_size, size_t max_size); /** @@ -672,7 +672,7 @@ struct custom_mutator { * * @return The probability (0-100). */ - u8 (*afl_custom_havoc_mutation_probability)(afl_state_t* afl); + u8 (*afl_custom_havoc_mutation_probability)(afl_state_t *afl); /** * Determine whether the fuzzer should fuzz the current queue entry or not. @@ -683,7 +683,7 @@ struct custom_mutator { * @return Return True(1) if the fuzzer will fuzz the queue entry, and * False(0) otherwise. */ - u8 (*afl_custom_queue_get)(afl_state_t* afl, const u8* filename); + u8 (*afl_custom_queue_get)(afl_state_t *afl, const u8 *filename); /** * Allow for additional analysis (e.g. calling a different tool that does a @@ -695,148 +695,148 @@ struct custom_mutator { * @param filename_orig_queue File name of the original queue entry. This * argument can be NULL while initializing the fuzzer */ - void (*afl_custom_queue_new_entry)(afl_state_t* afl, - const u8* filename_new_queue, - const u8* filename_orig_queue); + void (*afl_custom_queue_new_entry)(afl_state_t *afl, + const u8 *filename_new_queue, + const u8 *filename_orig_queue); }; -void afl_state_init(afl_state_t*); -void afl_state_deinit(afl_state_t*); +void afl_state_init(afl_state_t *); +void afl_state_deinit(afl_state_t *); /**** Prototypes ****/ /* Custom mutators */ -void setup_custom_mutator(afl_state_t*); -void destroy_custom_mutator(afl_state_t*); -u8 trim_case_custom(afl_state_t*, struct queue_entry* q, u8* in_buf); +void setup_custom_mutator(afl_state_t *); +void destroy_custom_mutator(afl_state_t *); +u8 trim_case_custom(afl_state_t *, struct queue_entry *q, u8 *in_buf); /* Python */ #ifdef USE_PYTHON -int init_py_module(afl_state_t*, u8*); -void finalize_py_module(afl_state_t*); +int init_py_module(afl_state_t *, u8 *); +void finalize_py_module(afl_state_t *); -void init_py(afl_state_t*, unsigned int); -size_t fuzz_py(afl_state_t*, u8**, size_t, u8*, size_t, size_t); -size_t pre_save_py(afl_state_t*, u8*, size_t, u8**); -u32 init_trim_py(afl_state_t*, u8*, size_t); -u32 post_trim_py(afl_state_t*, u8); -void trim_py(afl_state_t*, u8**, size_t*); -size_t havoc_mutation_py(afl_state_t*, u8**, size_t, size_t); -u8 havoc_mutation_probability_py(afl_state_t*); -u8 queue_get_py(afl_state_t*, const u8*); -void queue_new_entry_py(afl_state_t*, const u8*, const u8*); +void init_py(afl_state_t *, unsigned int); +size_t fuzz_py(afl_state_t *, u8 **, size_t, u8 *, size_t, size_t); +size_t pre_save_py(afl_state_t *, u8 *, size_t, u8 **); +u32 init_trim_py(afl_state_t *, u8 *, size_t); +u32 post_trim_py(afl_state_t *, u8); +void trim_py(afl_state_t *, u8 **, size_t *); +size_t havoc_mutation_py(afl_state_t *, u8 **, size_t, size_t); +u8 havoc_mutation_probability_py(afl_state_t *); +u8 queue_get_py(afl_state_t *, const u8 *); +void queue_new_entry_py(afl_state_t *, const u8 *, const u8 *); #endif /* Queue */ -void mark_as_det_done(afl_state_t*, struct queue_entry*); -void mark_as_variable(afl_state_t*, struct queue_entry*); -void mark_as_redundant(afl_state_t*, struct queue_entry*, u8); -void add_to_queue(afl_state_t*, u8*, u32, u8); -void destroy_queue(afl_state_t*); -void update_bitmap_score(afl_state_t*, struct queue_entry*); -void cull_queue(afl_state_t*); -u32 calculate_score(afl_state_t*, struct queue_entry*); +void mark_as_det_done(afl_state_t *, struct queue_entry *); +void mark_as_variable(afl_state_t *, struct queue_entry *); +void mark_as_redundant(afl_state_t *, struct queue_entry *, u8); +void add_to_queue(afl_state_t *, u8 *, u32, u8); +void destroy_queue(afl_state_t *); +void update_bitmap_score(afl_state_t *, struct queue_entry *); +void cull_queue(afl_state_t *); +u32 calculate_score(afl_state_t *, struct queue_entry *); /* Bitmap */ -void read_bitmap(afl_state_t*, u8*); -void write_bitmap(afl_state_t*); -u32 count_bits(u8*); -u32 count_bytes(u8*); -u32 count_non_255_bytes(u8*); +void read_bitmap(afl_state_t *, u8 *); +void write_bitmap(afl_state_t *); +u32 count_bits(u8 *); +u32 count_bytes(u8 *); +u32 count_non_255_bytes(u8 *); #ifdef WORD_SIZE_64 -void simplify_trace(u64*); -void classify_counts(u64*); +void simplify_trace(u64 *); +void classify_counts(u64 *); #else -void simplify_trace(u32*); -void classify_counts(u32*); +void simplify_trace(u32 *); +void classify_counts(u32 *); #endif void init_count_class16(void); -void minimize_bits(u8*, u8*); +void minimize_bits(u8 *, u8 *); #ifndef SIMPLE_FILES -u8* describe_op(afl_state_t*, u8); +u8 *describe_op(afl_state_t *, u8); #endif -u8 save_if_interesting(afl_state_t*, void*, u32, u8); -u8 has_new_bits(afl_state_t*, u8*); +u8 save_if_interesting(afl_state_t *, void *, u32, u8); +u8 has_new_bits(afl_state_t *, u8 *); /* Misc */ -u8* DI(u64); -u8* DF(double); -u8* DMS(u64); -u8* DTD(u64, u64); +u8 *DI(u64); +u8 *DF(double); +u8 *DMS(u64); +u8 *DTD(u64, u64); /* Extras */ -void load_extras_file(afl_state_t*, u8*, u32*, u32*, u32); -void load_extras(afl_state_t*, u8*); -void maybe_add_auto(afl_state_t*, u8*, u32); -void save_auto(afl_state_t*); -void load_auto(afl_state_t*); -void destroy_extras(afl_state_t*); +void load_extras_file(afl_state_t *, u8 *, u32 *, u32 *, u32); +void load_extras(afl_state_t *, u8 *); +void maybe_add_auto(afl_state_t *, u8 *, u32); +void save_auto(afl_state_t *); +void load_auto(afl_state_t *); +void destroy_extras(afl_state_t *); /* Stats */ -void write_stats_file(afl_state_t*, double, double, double); -void maybe_update_plot_file(afl_state_t*, double, double); -void show_stats(afl_state_t*); -void show_init_stats(afl_state_t*); +void write_stats_file(afl_state_t *, double, double, double); +void maybe_update_plot_file(afl_state_t *, double, double); +void show_stats(afl_state_t *); +void show_init_stats(afl_state_t *); /* Run */ -u8 run_target(afl_state_t*, u32); -void write_to_testcase(afl_state_t*, void*, u32); -u8 calibrate_case(afl_state_t*, struct queue_entry*, u8*, u32, u8); -void sync_fuzzers(afl_state_t*); -u8 trim_case(afl_state_t*, struct queue_entry*, u8*); -u8 common_fuzz_stuff(afl_state_t*, u8*, u32); +u8 run_target(afl_state_t *, u32); +void write_to_testcase(afl_state_t *, void *, u32); +u8 calibrate_case(afl_state_t *, struct queue_entry *, u8 *, u32, u8); +void sync_fuzzers(afl_state_t *); +u8 trim_case(afl_state_t *, struct queue_entry *, u8 *); +u8 common_fuzz_stuff(afl_state_t *, u8 *, u32); /* Fuzz one */ -u8 fuzz_one_original(afl_state_t*); -u8 pilot_fuzzing(afl_state_t*); -u8 core_fuzzing(afl_state_t*); -void pso_updating(afl_state_t*); -u8 fuzz_one(afl_state_t*); +u8 fuzz_one_original(afl_state_t *); +u8 pilot_fuzzing(afl_state_t *); +u8 core_fuzzing(afl_state_t *); +void pso_updating(afl_state_t *); +u8 fuzz_one(afl_state_t *); /* Init */ #ifdef HAVE_AFFINITY -void bind_to_free_cpu(afl_state_t*); +void bind_to_free_cpu(afl_state_t *); #endif -void setup_post(afl_state_t*); -void read_testcases(afl_state_t*); -void perform_dry_run(afl_state_t*); -void pivot_inputs(afl_state_t*); -u32 find_start_position(afl_state_t*); -void find_timeout(afl_state_t*); +void setup_post(afl_state_t *); +void read_testcases(afl_state_t *); +void perform_dry_run(afl_state_t *); +void pivot_inputs(afl_state_t *); +u32 find_start_position(afl_state_t *); +void find_timeout(afl_state_t *); double get_runnable_processes(void); -void nuke_resume_dir(afl_state_t*); -void setup_dirs_fds(afl_state_t*); -void setup_cmdline_file(afl_state_t*, char**); -void setup_stdio_file(afl_state_t*); +void nuke_resume_dir(afl_state_t *); +void setup_dirs_fds(afl_state_t *); +void setup_cmdline_file(afl_state_t *, char **); +void setup_stdio_file(afl_state_t *); void check_crash_handling(void); -void check_cpu_governor(afl_state_t*); -void get_core_count(afl_state_t*); -void fix_up_sync(afl_state_t*); +void check_cpu_governor(afl_state_t *); +void get_core_count(afl_state_t *); +void fix_up_sync(afl_state_t *); void check_asan_opts(void); -void check_binary(afl_state_t*, u8*); -void fix_up_banner(afl_state_t*, u8*); -void check_if_tty(afl_state_t*); +void check_binary(afl_state_t *, u8 *); +void fix_up_banner(afl_state_t *, u8 *); +void check_if_tty(afl_state_t *); void setup_signal_handlers(void); -void save_cmdline(afl_state_t*, u32, char**); +void save_cmdline(afl_state_t *, u32, char **); /* CmpLog */ -void init_cmplog_forkserver(afl_state_t* afl); -u8 common_fuzz_cmplog_stuff(afl_state_t* afl, u8* out_buf, u32 len); +void init_cmplog_forkserver(afl_state_t *afl); +u8 common_fuzz_cmplog_stuff(afl_state_t *afl, u8 *out_buf, u32 len); /* RedQueen */ -u8 input_to_state_stage(afl_state_t* afl, u8* orig_buf, u8* buf, u32 len, +u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len, u32 exec_cksum); /**** Inline routines ****/ @@ -844,7 +844,7 @@ u8 input_to_state_stage(afl_state_t* afl, u8* orig_buf, u8* buf, u32 len, /* Generate a random number (from 0 to limit - 1). This may have slight bias. */ -static inline u32 UR(afl_state_t* afl, u32 limit) { +static inline u32 UR(afl_state_t *afl, u32 limit) { #ifdef HAVE_ARC4RANDOM if (afl->fixed_seed) { return random() % limit; } @@ -867,7 +867,7 @@ static inline u32 UR(afl_state_t* afl, u32 limit) { } -static inline u32 get_rand_seed(afl_state_t* afl) { +static inline u32 get_rand_seed(afl_state_t *afl) { if (afl->fixed_seed) return (u32)afl->init_seed; return afl->rand_seed[0]; diff --git a/include/alloc-inl.h b/include/alloc-inl.h index 4f9db489..c8783d96 100644 --- a/include/alloc-inl.h +++ b/include/alloc-inl.h @@ -45,11 +45,11 @@ #define alloc_printf(_str...) \ ({ \ \ - u8* _tmp; \ + u8 *_tmp; \ s32 _len = snprintf(NULL, 0, _str); \ if (_len < 0) FATAL("Whoa, snprintf() fails?!"); \ _tmp = ck_alloc(_len + 1); \ - snprintf((char*)_tmp, _len + 1, _str); \ + snprintf((char *)_tmp, _len + 1, _str); \ _tmp; \ \ }) @@ -80,9 +80,9 @@ /* Allocate a buffer, explicitly not zeroing it. Returns NULL for zero-sized requests. */ -static inline void* DFL_ck_alloc_nozero(u32 size) { +static inline void *DFL_ck_alloc_nozero(u32 size) { - u8* ret; + u8 *ret; if (!size) return NULL; @@ -90,15 +90,15 @@ static inline void* DFL_ck_alloc_nozero(u32 size) { ret = malloc(size); ALLOC_CHECK_RESULT(ret, size); - return (void*)ret; + return (void *)ret; } /* Allocate a buffer, returning zeroed memory. */ -static inline void* DFL_ck_alloc(u32 size) { +static inline void *DFL_ck_alloc(u32 size) { - void* mem; + void *mem; if (!size) return NULL; mem = DFL_ck_alloc_nozero(size); @@ -110,7 +110,7 @@ static inline void* DFL_ck_alloc(u32 size) { /* Free memory, checking for double free and corrupted heap. When DEBUG_BUILD is set, the old memory will be also clobbered with 0xFF. */ -static inline void DFL_ck_free(void* mem) { +static inline void DFL_ck_free(void *mem) { if (!mem) return; @@ -122,9 +122,9 @@ static inline void DFL_ck_free(void* mem) { With DEBUG_BUILD, the buffer is always reallocated to a new addresses and the old memory is clobbered with 0xFF. */ -static inline void* DFL_ck_realloc(void* orig, u32 size) { +static inline void *DFL_ck_realloc(void *orig, u32 size) { - u8* ret; + u8 *ret; if (!size) { @@ -142,14 +142,14 @@ static inline void* DFL_ck_realloc(void* orig, u32 size) { ALLOC_CHECK_RESULT(ret, size); - return (void*)ret; + return (void *)ret; } /* Re-allocate a buffer with ALLOC_BLK_INC increments (used to speed up repeated small reallocs without complicating the user code). */ -static inline void* DFL_ck_realloc_block(void* orig, u32 size) { +static inline void *DFL_ck_realloc_block(void *orig, u32 size) { return DFL_ck_realloc(orig, size); @@ -157,14 +157,14 @@ static inline void* DFL_ck_realloc_block(void* orig, u32 size) { /* Create a buffer with a copy of a string. Returns NULL for NULL inputs. */ -static inline u8* DFL_ck_strdup(u8* str) { +static inline u8 *DFL_ck_strdup(u8 *str) { - u8* ret; + u8 *ret; u32 size; if (!str) return NULL; - size = strlen((char*)str) + 1; + size = strlen((char *)str) + 1; ALLOC_CHECK_SIZE(size); ret = malloc(size); @@ -177,9 +177,9 @@ static inline u8* DFL_ck_strdup(u8* str) { /* Create a buffer with a copy of a memory block. Returns NULL for zero-sized or NULL inputs. */ -static inline void* DFL_ck_memdup(void* mem, u32 size) { +static inline void *DFL_ck_memdup(void *mem, u32 size) { - u8* ret; + u8 *ret; if (!mem || !size) return NULL; @@ -194,9 +194,9 @@ static inline void* DFL_ck_memdup(void* mem, u32 size) { /* Create a buffer with a block of text, appending a NUL terminator at the end. Returns NULL for zero-sized or NULL inputs. */ -static inline u8* DFL_ck_memdup_str(u8* mem, u32 size) { +static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) { - u8* ret; + u8 *ret; if (!mem || !size) return NULL; @@ -233,11 +233,11 @@ static inline u8* DFL_ck_memdup_str(u8* mem, u32 size) { #define alloc_printf(_str...) \ ({ \ \ - u8* _tmp; \ + u8 *_tmp; \ s32 _len = snprintf(NULL, 0, _str); \ if (_len < 0) FATAL("Whoa, snprintf() fails?!"); \ _tmp = ck_alloc(_len + 1); \ - snprintf((char*)_tmp, _len + 1, _str); \ + snprintf((char *)_tmp, _len + 1, _str); \ _tmp; \ \ }) @@ -269,9 +269,9 @@ static inline u8* DFL_ck_memdup_str(u8* mem, u32 size) { /* Positions of guard tokens in relation to the user-visible pointer. */ -#define ALLOC_C1(_ptr) (((u32*)(_ptr))[-2]) -#define ALLOC_S(_ptr) (((u32*)(_ptr))[-1]) -#define ALLOC_C2(_ptr) (((u8*)(_ptr))[ALLOC_S(_ptr)]) +#define ALLOC_C1(_ptr) (((u32 *)(_ptr))[-2]) +#define ALLOC_S(_ptr) (((u32 *)(_ptr))[-1]) +#define ALLOC_C2(_ptr) (((u8 *)(_ptr))[ALLOC_S(_ptr)]) #define ALLOC_OFF_HEAD 8 #define ALLOC_OFF_TOTAL (ALLOC_OFF_HEAD + 1) @@ -314,9 +314,9 @@ static inline u8* DFL_ck_memdup_str(u8* mem, u32 size) { /* Allocate a buffer, explicitly not zeroing it. Returns NULL for zero-sized requests. */ -static inline void* DFL_ck_alloc_nozero(u32 size) { +static inline void *DFL_ck_alloc_nozero(u32 size) { - void* ret; + void *ret; if (!size) return NULL; @@ -336,9 +336,9 @@ static inline void* DFL_ck_alloc_nozero(u32 size) { /* Allocate a buffer, returning zeroed memory. */ -static inline void* DFL_ck_alloc(u32 size) { +static inline void *DFL_ck_alloc(u32 size) { - void* mem; + void *mem; if (!size) return NULL; mem = DFL_ck_alloc_nozero(size); @@ -350,7 +350,7 @@ static inline void* DFL_ck_alloc(u32 size) { /* Free memory, checking for double free and corrupted heap. When DEBUG_BUILD is set, the old memory will be also clobbered with 0xFF. */ -static inline void DFL_ck_free(void* mem) { +static inline void DFL_ck_free(void *mem) { if (!mem) return; @@ -373,9 +373,9 @@ static inline void DFL_ck_free(void* mem) { With DEBUG_BUILD, the buffer is always reallocated to a new addresses and the old memory is clobbered with 0xFF. */ -static inline void* DFL_ck_realloc(void* orig, u32 size) { +static inline void *DFL_ck_realloc(void *orig, u32 size) { - void* ret; + void *ret; u32 old_size = 0; if (!size) { @@ -443,7 +443,7 @@ static inline void* DFL_ck_realloc(void* orig, u32 size) { /* Re-allocate a buffer with ALLOC_BLK_INC increments (used to speed up repeated small reallocs without complicating the user code). */ -static inline void* DFL_ck_realloc_block(void* orig, u32 size) { +static inline void *DFL_ck_realloc_block(void *orig, u32 size) { #ifndef DEBUG_BUILD @@ -465,14 +465,14 @@ static inline void* DFL_ck_realloc_block(void* orig, u32 size) { /* Create a buffer with a copy of a string. Returns NULL for NULL inputs. */ -static inline u8* DFL_ck_strdup(u8* str) { +static inline u8 *DFL_ck_strdup(u8 *str) { - void* ret; + void *ret; u32 size; if (!str) return NULL; - size = strlen((char*)str) + 1; + size = strlen((char *)str) + 1; ALLOC_CHECK_SIZE(size); ret = malloc(size + ALLOC_OFF_TOTAL); @@ -491,9 +491,9 @@ static inline u8* DFL_ck_strdup(u8* str) { /* Create a buffer with a copy of a memory block. Returns NULL for zero-sized or NULL inputs. */ -static inline void* DFL_ck_memdup(void* mem, u32 size) { +static inline void *DFL_ck_memdup(void *mem, u32 size) { - void* ret; + void *ret; if (!mem || !size) return NULL; @@ -514,9 +514,9 @@ static inline void* DFL_ck_memdup(void* mem, u32 size) { /* Create a buffer with a block of text, appending a NUL terminator at the end. Returns NULL for zero-sized or NULL inputs. */ -static inline u8* DFL_ck_memdup_str(u8* mem, u32 size) { +static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) { - u8* ret; + u8 *ret; if (!mem || !size) return NULL; @@ -564,7 +564,7 @@ static inline u8* DFL_ck_memdup_str(u8* mem, u32 size) { struct TRK_obj { - void* ptr; + void *ptr; char *file, *func; u32 line; @@ -572,14 +572,14 @@ struct TRK_obj { #ifdef AFL_MAIN -struct TRK_obj* TRK[ALLOC_BUCKETS]; +struct TRK_obj *TRK[ALLOC_BUCKETS]; u32 TRK_cnt[ALLOC_BUCKETS]; #define alloc_report() TRK_report() #else -extern struct TRK_obj* TRK[ALLOC_BUCKETS]; +extern struct TRK_obj *TRK[ALLOC_BUCKETS]; extern u32 TRK_cnt[ALLOC_BUCKETS]; #define alloc_report() @@ -592,7 +592,7 @@ extern u32 TRK_cnt[ALLOC_BUCKETS]; /* Add a new entry to the list of allocated objects. */ -static inline void TRK_alloc_buf(void* ptr, const char* file, const char* func, +static inline void TRK_alloc_buf(void *ptr, const char *file, const char *func, u32 line) { u32 i, bucket; @@ -608,8 +608,8 @@ static inline void TRK_alloc_buf(void* ptr, const char* file, const char* func, if (!TRK[bucket][i].ptr) { TRK[bucket][i].ptr = ptr; - TRK[bucket][i].file = (char*)file; - TRK[bucket][i].func = (char*)func; + TRK[bucket][i].file = (char *)file; + TRK[bucket][i].func = (char *)func; TRK[bucket][i].line = line; return; @@ -621,8 +621,8 @@ static inline void TRK_alloc_buf(void* ptr, const char* file, const char* func, TRK[bucket], (TRK_cnt[bucket] + 1) * sizeof(struct TRK_obj)); TRK[bucket][i].ptr = ptr; - TRK[bucket][i].file = (char*)file; - TRK[bucket][i].func = (char*)func; + TRK[bucket][i].file = (char *)file; + TRK[bucket][i].func = (char *)func; TRK[bucket][i].line = line; TRK_cnt[bucket]++; @@ -631,7 +631,7 @@ static inline void TRK_alloc_buf(void* ptr, const char* file, const char* func, /* Remove entry from the list of allocated objects. */ -static inline void TRK_free_buf(void* ptr, const char* file, const char* func, +static inline void TRK_free_buf(void *ptr, const char *file, const char *func, u32 line) { u32 i, bucket; @@ -674,63 +674,63 @@ static inline void TRK_report(void) { /* Simple wrappers for non-debugging functions: */ -static inline void* TRK_ck_alloc(u32 size, const char* file, const char* func, +static inline void *TRK_ck_alloc(u32 size, const char *file, const char *func, u32 line) { - void* ret = DFL_ck_alloc(size); + void *ret = DFL_ck_alloc(size); TRK_alloc_buf(ret, file, func, line); return ret; } -static inline void* TRK_ck_realloc(void* orig, u32 size, const char* file, - const char* func, u32 line) { +static inline void *TRK_ck_realloc(void *orig, u32 size, const char *file, + const char *func, u32 line) { - void* ret = DFL_ck_realloc(orig, size); + void *ret = DFL_ck_realloc(orig, size); TRK_free_buf(orig, file, func, line); TRK_alloc_buf(ret, file, func, line); return ret; } -static inline void* TRK_ck_realloc_block(void* orig, u32 size, const char* file, - const char* func, u32 line) { +static inline void *TRK_ck_realloc_block(void *orig, u32 size, const char *file, + const char *func, u32 line) { - void* ret = DFL_ck_realloc_block(orig, size); + void *ret = DFL_ck_realloc_block(orig, size); TRK_free_buf(orig, file, func, line); TRK_alloc_buf(ret, file, func, line); return ret; } -static inline void* TRK_ck_strdup(u8* str, const char* file, const char* func, +static inline void *TRK_ck_strdup(u8 *str, const char *file, const char *func, u32 line) { - void* ret = DFL_ck_strdup(str); + void *ret = DFL_ck_strdup(str); TRK_alloc_buf(ret, file, func, line); return ret; } -static inline void* TRK_ck_memdup(void* mem, u32 size, const char* file, - const char* func, u32 line) { +static inline void *TRK_ck_memdup(void *mem, u32 size, const char *file, + const char *func, u32 line) { - void* ret = DFL_ck_memdup(mem, size); + void *ret = DFL_ck_memdup(mem, size); TRK_alloc_buf(ret, file, func, line); return ret; } -static inline void* TRK_ck_memdup_str(void* mem, u32 size, const char* file, - const char* func, u32 line) { +static inline void *TRK_ck_memdup_str(void *mem, u32 size, const char *file, + const char *func, u32 line) { - void* ret = DFL_ck_memdup_str(mem, size); + void *ret = DFL_ck_memdup_str(mem, size); TRK_alloc_buf(ret, file, func, line); return ret; } -static inline void TRK_ck_free(void* ptr, const char* file, const char* func, +static inline void TRK_ck_free(void *ptr, const char *file, const char *func, u32 line) { TRK_free_buf(ptr, file, func, line); diff --git a/include/common.h b/include/common.h index 504783ba..28c11049 100644 --- a/include/common.h +++ b/include/common.h @@ -31,15 +31,15 @@ #include "types.h" #include "stdbool.h" -void detect_file_args(char** argv, u8* prog_in, u8* use_stdin); -void check_environment_vars(char** env); +void detect_file_args(char **argv, u8 *prog_in, u8 *use_stdin); +void check_environment_vars(char **env); -char** argv_cpy_dup(int argc, char** argv); -void argv_cpy_free(char** argv); +char **argv_cpy_dup(int argc, char **argv); +void argv_cpy_free(char **argv); -char** get_qemu_argv(u8* own_loc, u8** target_path_p, int argc, char** argv); -char** get_wine_argv(u8* own_loc, u8** target_path_p, int argc, char** argv); -char* get_afl_env(char* env); +char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv); +char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv); +char * get_afl_env(char *env); /* Get unix time in milliseconds */ diff --git a/include/hash.h b/include/hash.h index 5d00f3e5..3751ac33 100644 --- a/include/hash.h +++ b/include/hash.h @@ -34,9 +34,9 @@ #define ROL64(_x, _r) ((((u64)(_x)) << (_r)) | (((u64)(_x)) >> (64 - (_r)))) -static inline u32 hash32(const void* key, u32 len, u32 seed) { +static inline u32 hash32(const void *key, u32 len, u32 seed) { - const u64* data = (u64*)key; + const u64 *data = (u64 *)key; u64 h1 = seed ^ len; len >>= 3; @@ -69,9 +69,9 @@ static inline u32 hash32(const void* key, u32 len, u32 seed) { #define ROL32(_x, _r) ((((u32)(_x)) << (_r)) | (((u32)(_x)) >> (32 - (_r)))) -static inline u32 hash32(const void* key, u32 len, u32 seed) { +static inline u32 hash32(const void *key, u32 len, u32 seed) { - const u32* data = (u32*)key; + const u32 *data = (u32 *)key; u32 h1 = seed ^ len; len >>= 2; diff --git a/include/list.h b/include/list.h index 1190931f..f9760ccf 100644 --- a/include/list.h +++ b/include/list.h @@ -43,7 +43,7 @@ typedef struct list_element { struct list_element *prev; struct list_element *next; - void * data; + void *data; } element_t; @@ -100,7 +100,7 @@ static void list_append(list_t *list, void *el) { #define LIST_FOREACH(list, type, block) \ do { \ \ - list_t * li = (list); \ + list_t *li = (list); \ element_t *head = get_head((li)); \ element_t *el_box = (head)->next; \ if (!el_box) FATAL("foreach over uninitialized list"); \ diff --git a/libdislocator/libdislocator.so.c b/libdislocator/libdislocator.so.c index a0795c87..d61302e7 100644 --- a/libdislocator/libdislocator.so.c +++ b/libdislocator/libdislocator.so.c @@ -56,7 +56,7 @@ \ srand(time(NULL)); \ u32 i; \ - u8* ptr = (u8*)p; \ + u8 *ptr = (u8 *)p; \ for (i = 0; i < l; i++) \ ptr[i] = rand() % INT_MAX; \ \ @@ -136,8 +136,8 @@ typedef struct { #define TAIL_ALLOC_CANARY 0xAC -#define PTR_C(_p) (((u32*)(_p))[-1]) -#define PTR_L(_p) (((u32*)(_p))[-2]) +#define PTR_C(_p) (((u32 *)(_p))[-1]) +#define PTR_L(_p) (((u32 *)(_p))[-2]) /* Configurable stuff (use AFL_LD_* to set): */ @@ -161,9 +161,9 @@ static u32 alloc_canary; so that it is right-aligned to that boundary. Since it always uses mmap(), the returned memory will be zeroed. */ -static void* __dislocator_alloc(size_t len) { +static void *__dislocator_alloc(size_t len) { - u8* ret; + u8 *ret; size_t tlen; int flags, fd, sp; @@ -203,7 +203,7 @@ static void* __dislocator_alloc(size_t len) { /* We will also store buffer length and a canary below the actual buffer, so let's add 8 bytes for that. */ - ret = (u8*)mmap(NULL, tlen, PROT_READ | PROT_WRITE, flags, fd, 0); + ret = (u8 *)mmap(NULL, tlen, PROT_READ | PROT_WRITE, flags, fd, 0); #if defined(USEHUGEPAGE) /* We try one more time with regular call */ if (ret == MAP_FAILED) { @@ -215,7 +215,7 @@ static void* __dislocator_alloc(size_t len) { #elif defined(__FreeBSD__) flags &= -MAP_ALIGNED_SUPER; #endif - ret = (u8*)mmap(NULL, tlen, PROT_READ | PROT_WRITE, flags, fd, 0); + ret = (u8 *)mmap(NULL, tlen, PROT_READ | PROT_WRITE, flags, fd, 0); } @@ -265,9 +265,9 @@ static void* __dislocator_alloc(size_t len) { /* The "user-facing" wrapper for calloc(). This just checks for overflows and displays debug messages if requested. */ -void* calloc(size_t elem_len, size_t elem_cnt) { +void *calloc(size_t elem_len, size_t elem_cnt) { - void* ret; + void *ret; size_t len = elem_len * elem_cnt; @@ -304,9 +304,9 @@ void* calloc(size_t elem_len, size_t elem_cnt) { memory (unlike calloc(), malloc() is not guaranteed to return zeroed memory). */ -void* malloc(size_t len) { +void *malloc(size_t len) { - void* ret; + void *ret; ret = __dislocator_alloc(len); @@ -322,7 +322,7 @@ void* malloc(size_t len) { If the region is already freed, the code will segfault during the attempt to read the canary. Not very graceful, but works, right? */ -void free(void* ptr) { +void free(void *ptr) { u32 len; @@ -338,7 +338,7 @@ void free(void* ptr) { if (align_allocations && (len & (ALLOC_ALIGN_SIZE - 1))) { - u8* ptr_ = ptr; + u8 *ptr_ = ptr; size_t rlen = (len & ~(ALLOC_ALIGN_SIZE - 1)) + ALLOC_ALIGN_SIZE; for (; len < rlen; ++len) if (ptr_[len] != TAIL_ALLOC_CANARY) @@ -361,9 +361,9 @@ void free(void* ptr) { /* Realloc is pretty straightforward, too. We forcibly reallocate the buffer, move data, and then free (aka mprotect()) the original one. */ -void* realloc(void* ptr, size_t len) { +void *realloc(void *ptr, size_t len) { - void* ret; + void *ret; ret = malloc(len); @@ -387,10 +387,10 @@ void* realloc(void* ptr, size_t len) { if the requested size fits within the alignment we do a normal request */ -int posix_memalign(void** ptr, size_t align, size_t len) { +int posix_memalign(void **ptr, size_t align, size_t len) { // if (*ptr == NULL) return EINVAL; // (andrea) Why? I comment it out for now - if ((align % 2) || (align % sizeof(void*))) return EINVAL; + if ((align % 2) || (align % sizeof(void *))) return EINVAL; if (len == 0) { *ptr = NULL; @@ -413,9 +413,9 @@ int posix_memalign(void** ptr, size_t align, size_t len) { /* just the non-posix fashion */ -void* memalign(size_t align, size_t len) { +void *memalign(size_t align, size_t len) { - void* ret = NULL; + void *ret = NULL; if (posix_memalign(&ret, align, len)) { @@ -429,9 +429,9 @@ void* memalign(size_t align, size_t len) { /* sort of C11 alias of memalign only more severe, alignment-wise */ -void* aligned_alloc(size_t align, size_t len) { +void *aligned_alloc(size_t align, size_t len) { - void* ret = NULL; + void *ret = NULL; if ((len % align)) return NULL; @@ -447,11 +447,11 @@ void* aligned_alloc(size_t align, size_t len) { /* specific BSD api mainly checking possible overflow for the size */ -void* reallocarray(void* ptr, size_t elem_len, size_t elem_cnt) { +void *reallocarray(void *ptr, size_t elem_len, size_t elem_cnt) { const size_t elem_lim = 1UL << (sizeof(size_t) * 4); const size_t elem_tot = elem_len * elem_cnt; - void* ret = NULL; + void *ret = NULL; if ((elem_len >= elem_lim || elem_cnt >= elem_lim) && elem_len > 0 && elem_cnt > (SIZE_MAX / elem_len)) { @@ -470,19 +470,19 @@ void* reallocarray(void* ptr, size_t elem_len, size_t elem_cnt) { __attribute__((constructor)) void __dislocator_init(void) { - u8* tmp = (u8*)getenv("AFL_LD_LIMIT_MB"); + u8 *tmp = (u8 *)getenv("AFL_LD_LIMIT_MB"); if (tmp) { - u8* tok; - s32 mmem = (s32)strtol((char*)tmp, (char**)&tok, 10); + u8 *tok; + s32 mmem = (s32)strtol((char *)tmp, (char **)&tok, 10); if (*tok != '\0' || errno == ERANGE) FATAL("Bad value for AFL_LD_LIMIT_MB"); max_mem = mmem * 1024 * 1024; } alloc_canary = ALLOC_CANARY; - tmp = (u8*)getenv("AFL_RANDOM_ALLOC_CANARY"); + tmp = (u8 *)getenv("AFL_RANDOM_ALLOC_CANARY"); if (tmp) arc4random_buf(&alloc_canary, sizeof(alloc_canary)); diff --git a/libtokencap/libtokencap.so.c b/libtokencap/libtokencap.so.c index d400d3b3..7057c36a 100644 --- a/libtokencap/libtokencap.so.c +++ b/libtokencap/libtokencap.so.c @@ -54,16 +54,16 @@ #ifdef RTLD_NEXT /* The libc functions are a magnitude faster than our replacements. Use them when RTLD_NEXT is available. */ -int (*__libc_strcmp)(const char* str1, const char* str2); -int (*__libc_strncmp)(const char* str1, const char* str2, size_t len); -int (*__libc_strcasecmp)(const char* str1, const char* str2); -int (*__libc_strncasecmp)(const char* str1, const char* str2, size_t len); -int (*__libc_memcmp)(const void* mem1, const void* mem2, size_t len); -int (*__libc_bcmp)(const void* mem1, const void* mem2, size_t len); -char* (*__libc_strstr)(const char* haystack, const char* needle); -char* (*__libc_strcasestr)(const char* haystack, const char* needle); -void* (*__libc_memmem)(const void* haystack, size_t haystack_len, - const void* needle, size_t needle_len); +int (*__libc_strcmp)(const char *str1, const char *str2); +int (*__libc_strncmp)(const char *str1, const char *str2, size_t len); +int (*__libc_strcasecmp)(const char *str1, const char *str2); +int (*__libc_strncasecmp)(const char *str1, const char *str2, size_t len); +int (*__libc_memcmp)(const void *mem1, const void *mem2, size_t len); +int (*__libc_bcmp)(const void *mem1, const void *mem2, size_t len); +char *(*__libc_strstr)(const char *haystack, const char *needle); +char *(*__libc_strcasestr)(const char *haystack, const char *needle); +void *(*__libc_memmem)(const void *haystack, size_t haystack_len, + const void *needle, size_t needle_len); #endif /* Mapping data and such */ @@ -86,7 +86,7 @@ static void __tokencap_load_mappings(void) { #if defined __linux__ u8 buf[MAX_LINE]; - FILE* f = fopen("/proc/self/maps", "r"); + FILE *f = fopen("/proc/self/maps", "r"); __tokencap_ro_loaded = 1; @@ -100,8 +100,8 @@ static void __tokencap_load_mappings(void) { if (sscanf(buf, "%p-%p %c%c", &st, &en, &rf, &wf) != 4) continue; if (wf == 'w' || rf != 'r') continue; - __tokencap_ro[__tokencap_ro_cnt].st = (void*)st; - __tokencap_ro[__tokencap_ro_cnt].en = (void*)en; + __tokencap_ro[__tokencap_ro_cnt].st = (void *)st; + __tokencap_ro[__tokencap_ro_cnt].en = (void *)en; if (++__tokencap_ro_cnt == MAX_MAPPINGS) break; @@ -136,8 +136,8 @@ static void __tokencap_load_mappings(void) { if ((region.protection & VM_PROT_READ) && !(region.protection & VM_PROT_WRITE)) { - __tokencap_ro[__tokencap_ro_cnt].st = (void*)base; - __tokencap_ro[__tokencap_ro_cnt].en = (void*)(base + size); + __tokencap_ro[__tokencap_ro_cnt].st = (void *)base; + __tokencap_ro[__tokencap_ro_cnt].en = (void *)(base + size); if (++__tokencap_ro_cnt == MAX_MAPPINGS) break; @@ -160,7 +160,7 @@ static void __tokencap_load_mappings(void) { int mib[] = {CTL_VM, VM_PROC, VM_PROC_MAP, __tokencap_pid, sizeof(struct kinfo_vmentry)}; #endif - char * buf, *low, *high; + char *buf, *low, *high; size_t miblen = sizeof(mib) / sizeof(mib[0]); size_t len; @@ -189,7 +189,7 @@ static void __tokencap_load_mappings(void) { while (low < high) { - struct kinfo_vmentry* region = (struct kinfo_vmentry*)low; + struct kinfo_vmentry *region = (struct kinfo_vmentry *)low; #if defined __FreeBSD__ || defined __NetBSD__ @@ -216,8 +216,8 @@ static void __tokencap_load_mappings(void) { !(region->kve_protection & KVE_PROT_WRITE)) { #endif - __tokencap_ro[__tokencap_ro_cnt].st = (void*)region->kve_start; - __tokencap_ro[__tokencap_ro_cnt].en = (void*)region->kve_end; + __tokencap_ro[__tokencap_ro_cnt].st = (void *)region->kve_start; + __tokencap_ro[__tokencap_ro_cnt].en = (void *)region->kve_end; if (++__tokencap_ro_cnt == MAX_MAPPINGS) break; @@ -234,7 +234,7 @@ static void __tokencap_load_mappings(void) { /* Check an address against the list of read-only mappings. */ -static u8 __tokencap_is_ro(const void* ptr) { +static u8 __tokencap_is_ro(const void *ptr) { u32 i; @@ -250,7 +250,7 @@ static u8 __tokencap_is_ro(const void* ptr) { /* Dump an interesting token to output file, quoting and escaping it properly. */ -static void __tokencap_dump(const u8* ptr, size_t len, u8 is_text) { +static void __tokencap_dump(const u8 *ptr, size_t len, u8 is_text) { u8 buf[MAX_AUTO_EXTRA * 4 + 1]; u32 i; @@ -293,7 +293,7 @@ static void __tokencap_dump(const u8* ptr, size_t len, u8 is_text) { #undef strcmp -int strcmp(const char* str1, const char* str2) { +int strcmp(const char *str1, const char *str2) { if (__tokencap_is_ro(str1)) __tokencap_dump(str1, strlen(str1), 1); if (__tokencap_is_ro(str2)) __tokencap_dump(str2, strlen(str2), 1); @@ -317,7 +317,7 @@ int strcmp(const char* str1, const char* str2) { #undef strncmp -int strncmp(const char* str1, const char* str2, size_t len) { +int strncmp(const char *str1, const char *str2, size_t len) { if (__tokencap_is_ro(str1)) __tokencap_dump(str1, len, 1); if (__tokencap_is_ro(str2)) __tokencap_dump(str2, len, 1); @@ -343,7 +343,7 @@ int strncmp(const char* str1, const char* str2, size_t len) { #undef strcasecmp -int strcasecmp(const char* str1, const char* str2) { +int strcasecmp(const char *str1, const char *str2) { if (__tokencap_is_ro(str1)) __tokencap_dump(str1, strlen(str1), 1); if (__tokencap_is_ro(str2)) __tokencap_dump(str2, strlen(str2), 1); @@ -367,7 +367,7 @@ int strcasecmp(const char* str1, const char* str2) { #undef strncasecmp -int strncasecmp(const char* str1, const char* str2, size_t len) { +int strncasecmp(const char *str1, const char *str2, size_t len) { if (__tokencap_is_ro(str1)) __tokencap_dump(str1, len, 1); if (__tokencap_is_ro(str2)) __tokencap_dump(str2, len, 1); @@ -393,7 +393,7 @@ int strncasecmp(const char* str1, const char* str2, size_t len) { #undef memcmp -int memcmp(const void* mem1, const void* mem2, size_t len) { +int memcmp(const void *mem1, const void *mem2, size_t len) { if (__tokencap_is_ro(mem1)) __tokencap_dump(mem1, len, 0); if (__tokencap_is_ro(mem2)) __tokencap_dump(mem2, len, 0); @@ -402,8 +402,8 @@ int memcmp(const void* mem1, const void* mem2, size_t len) { if (__libc_memcmp) return __libc_memcmp(mem1, mem2, len); #endif - const char* strmem1 = (const char*)mem1; - const char* strmem2 = (const char*)mem2; + const char *strmem1 = (const char *)mem1; + const char *strmem2 = (const char *)mem2; while (len--) { @@ -420,7 +420,7 @@ int memcmp(const void* mem1, const void* mem2, size_t len) { #undef bcmp -int bcmp(const void* mem1, const void* mem2, size_t len) { +int bcmp(const void *mem1, const void *mem2, size_t len) { if (__tokencap_is_ro(mem1)) __tokencap_dump(mem1, len, 0); if (__tokencap_is_ro(mem2)) __tokencap_dump(mem2, len, 0); @@ -429,8 +429,8 @@ int bcmp(const void* mem1, const void* mem2, size_t len) { if (__libc_bcmp) return __libc_bcmp(mem1, mem2, len); #endif - const char* strmem1 = (const char*)mem1; - const char* strmem2 = (const char*)mem2; + const char *strmem1 = (const char *)mem1; + const char *strmem2 = (const char *)mem2; while (len--) { @@ -447,7 +447,7 @@ int bcmp(const void* mem1, const void* mem2, size_t len) { #undef strstr -char* strstr(const char* haystack, const char* needle) { +char *strstr(const char *haystack, const char *needle) { if (__tokencap_is_ro(haystack)) __tokencap_dump(haystack, strlen(haystack), 1); @@ -460,13 +460,13 @@ char* strstr(const char* haystack, const char* needle) { do { - const char* n = needle; - const char* h = haystack; + const char *n = needle; + const char *h = haystack; while (*n && *h && *n == *h) n++, h++; - if (!*n) return (char*)haystack; + if (!*n) return (char *)haystack; } while (*(haystack++)); @@ -476,7 +476,7 @@ char* strstr(const char* haystack, const char* needle) { #undef strcasestr -char* strcasestr(const char* haystack, const char* needle) { +char *strcasestr(const char *haystack, const char *needle) { if (__tokencap_is_ro(haystack)) __tokencap_dump(haystack, strlen(haystack), 1); @@ -489,13 +489,13 @@ char* strcasestr(const char* haystack, const char* needle) { do { - const char* n = needle; - const char* h = haystack; + const char *n = needle; + const char *h = haystack; while (*n && *h && tolower(*n) == tolower(*h)) n++, h++; - if (!*n) return (char*)haystack; + if (!*n) return (char *)haystack; } while (*(haystack++)); @@ -505,7 +505,7 @@ char* strcasestr(const char* haystack, const char* needle) { #undef memmem -void* memmem(const void* haystack, size_t haystack_len, const void* needle, +void *memmem(const void *haystack, size_t haystack_len, const void *needle, size_t needle_len) { if (__tokencap_is_ro(haystack)) __tokencap_dump(haystack, haystack_len, 1); @@ -517,19 +517,19 @@ void* memmem(const void* haystack, size_t haystack_len, const void* needle, return __libc_memmem(haystack, haystack_len, needle, needle_len); #endif - const char* n = (const char*)needle; - const char* h = (const char*)haystack; + const char *n = (const char *)needle; + const char *h = (const char *)haystack; if (haystack_len < needle_len) return 0; - if (needle_len == 0) return (void*)haystack; + if (needle_len == 0) return (void *)haystack; if (needle_len == 1) return memchr(haystack, *n, haystack_len); - const char* end = h + (haystack_len - needle_len); + const char *end = h + (haystack_len - needle_len); do { if (*h == *n) { - if (memcmp(h, n, needle_len) == 0) return (void*)h; + if (memcmp(h, n, needle_len) == 0) return (void *)h; } @@ -544,31 +544,31 @@ void* memmem(const void* haystack, size_t haystack_len, const void* needle, /* * Apache's httpd wrappers */ -int ap_cstr_casecmp(const char* s1, const char* s2) { +int ap_cstr_casecmp(const char *s1, const char *s2) { return strcasecmp(s1, s2); } -int ap_cstr_casecmpn(const char* s1, const char* s2, size_t n) { +int ap_cstr_casecmpn(const char *s1, const char *s2, size_t n) { return strncasecmp(s1, s2, n); } -const char* ap_strcasestr(const char* s1, const char* s2) { +const char *ap_strcasestr(const char *s1, const char *s2) { return strcasestr(s1, s2); } -int apr_cstr_casecmp(const char* s1, const char* s2) { +int apr_cstr_casecmp(const char *s1, const char *s2) { return strcasecmp(s1, s2); } -int apr_cstr_casecmpn(const char* s1, const char* s2, size_t n) { +int apr_cstr_casecmpn(const char *s1, const char *s2, size_t n) { return strncasecmp(s1, s2, n); @@ -577,31 +577,31 @@ int apr_cstr_casecmpn(const char* s1, const char* s2, size_t n) { /* * *SSL wrappers */ -int CRYPTO_memcmp(const void* m1, const void* m2, size_t len) { +int CRYPTO_memcmp(const void *m1, const void *m2, size_t len) { return memcmp(m1, m2, len); } -int OPENSSL_memcmp(const void* m1, const void* m2, size_t len) { +int OPENSSL_memcmp(const void *m1, const void *m2, size_t len) { return memcmp(m1, m2, len); } -int OPENSSL_strcasecmp(const char* s1, const char* s2) { +int OPENSSL_strcasecmp(const char *s1, const char *s2) { return strcasecmp(s1, s2); } -int OPENSSL_strncasecmp(const char* s1, const char* s2, size_t len) { +int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t len) { return strncasecmp(s1, s2, len); } -int32_t memcmpct(const void* s1, const void* s2, size_t len) { +int32_t memcmpct(const void *s1, const void *s2, size_t len) { return memcmp(s1, s2, len); @@ -610,7 +610,7 @@ int32_t memcmpct(const void* s1, const void* s2, size_t len) { /* * libXML wrappers */ -int xmlStrncmp(const char* s1, const char* s2, int len) { +int xmlStrncmp(const char *s1, const char *s2, int len) { if (len <= 0) { return 0; } if (s1 == s2) { return 0; } @@ -620,7 +620,7 @@ int xmlStrncmp(const char* s1, const char* s2, int len) { } -int xmlStrcmp(const char* s1, const char* s2) { +int xmlStrcmp(const char *s1, const char *s2) { if (s1 == s2) { return 0; } if (s1 == NULL) { return -1; } @@ -629,7 +629,7 @@ int xmlStrcmp(const char* s1, const char* s2) { } -int xmlStrEqual(const char* s1, const char* s2) { +int xmlStrEqual(const char *s1, const char *s2) { if (s1 == s2) { return 1; } if (s1 == NULL) { return 0; } @@ -639,7 +639,7 @@ int xmlStrEqual(const char* s1, const char* s2) { } -int xmlStrcasecmp(const char* s1, const char* s2) { +int xmlStrcasecmp(const char *s1, const char *s2) { if (s1 == s2) { return 0; } if (s1 == NULL) { return -1; } @@ -648,7 +648,7 @@ int xmlStrcasecmp(const char* s1, const char* s2) { } -int xmlStrncasecmp(const char* s1, const char* s2, int len) { +int xmlStrncasecmp(const char *s1, const char *s2, int len) { if (len <= 0) { return 0; } if (s1 == s2) { return 0; } @@ -658,7 +658,7 @@ int xmlStrncasecmp(const char* s1, const char* s2, int len) { } -const char* xmlStrstr(const char* haystack, const char* needle) { +const char *xmlStrstr(const char *haystack, const char *needle) { if (haystack == NULL) { return NULL; } if (needle == NULL) { return NULL; } @@ -666,7 +666,7 @@ const char* xmlStrstr(const char* haystack, const char* needle) { } -const char* xmlStrcasestr(const char* haystack, const char* needle) { +const char *xmlStrcasestr(const char *haystack, const char *needle) { if (haystack == NULL) { return NULL; } if (needle == NULL) { return NULL; } @@ -677,13 +677,13 @@ const char* xmlStrcasestr(const char* haystack, const char* needle) { /* * Samba wrappers */ -int memcmp_const_time(const void* s1, const void* s2, size_t n) { +int memcmp_const_time(const void *s1, const void *s2, size_t n) { return memcmp(s1, s2, n); } -bool strcsequal(const void* s1, const void* s2) { +bool strcsequal(const void *s1, const void *s2) { if (s1 == s2) { return true; } if (!s1 || !s2) { return false; } @@ -693,13 +693,13 @@ bool strcsequal(const void* s1, const void* s2) { /* bcmp/memcmp BSD flavors, similar to CRYPTO_memcmp */ -int timingsafe_bcmp(const void* mem1, const void* mem2, size_t len) { +int timingsafe_bcmp(const void *mem1, const void *mem2, size_t len) { return bcmp(mem1, mem2, len); } -int timingsafe_memcmp(const void* mem1, const void* mem2, size_t len) { +int timingsafe_memcmp(const void *mem1, const void *mem2, size_t len) { return memcmp(mem1, mem2, len); @@ -709,7 +709,7 @@ int timingsafe_memcmp(const void* mem1, const void* mem2, size_t len) { __attribute__((constructor)) void __tokencap_init(void) { - u8* fn = getenv("AFL_TOKEN_FILE"); + u8 *fn = getenv("AFL_TOKEN_FILE"); if (fn) __tokencap_out_file = open(fn, O_RDWR | O_CREAT | O_APPEND, 0655); if (__tokencap_out_file == -1) __tokencap_out_file = STDERR_FILENO; __tokencap_pid = getpid(); diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index bd2579c0..9caa7111 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -37,20 +37,20 @@ #include <limits.h> #include <assert.h> -static u8* obj_path; /* Path to runtime libraries */ -static u8** cc_params; /* Parameters passed to the real CC */ +static u8 *obj_path; /* Path to runtime libraries */ +static u8 **cc_params; /* Parameters passed to the real CC */ static u32 cc_par_cnt = 1; /* Param count, including argv0 */ static u8 llvm_fullpath[PATH_MAX]; static u8 lto_mode; -static u8* lto_flag = AFL_CLANG_FLTO; -static u8* march_opt = CFLAGS_OPT; +static u8 *lto_flag = AFL_CLANG_FLTO; +static u8 *march_opt = CFLAGS_OPT; static u8 debug; static u8 cwd[4096]; static u8 cmplog_mode; u8 use_stdin = 0; /* dummy */ u8 be_quiet = 0; -u8* getthecwd() { +u8 *getthecwd() { static u8 fail[] = ""; if (getcwd(cwd, sizeof(cwd)) == NULL) return fail; @@ -60,9 +60,9 @@ u8* getthecwd() { /* Try to find the runtime libraries. If that fails, abort. */ -static void find_obj(u8* argv0) { +static void find_obj(u8 *argv0) { - u8* afl_path = getenv("AFL_PATH"); + u8 *afl_path = getenv("AFL_PATH"); u8 *slash, *tmp; if (afl_path) { @@ -89,7 +89,7 @@ static void find_obj(u8* argv0) { if (slash) { - u8* dir; + u8 *dir; *slash = 0; dir = ck_strdup(argv0); @@ -135,13 +135,13 @@ static void find_obj(u8* argv0) { /* Copy argv to cc_params, making the necessary edits. */ -static void edit_params(u32 argc, char** argv) { +static void edit_params(u32 argc, char **argv) { u8 fortify_set = 0, asan_set = 0, x_set = 0, maybe_linking = 1, bit_mode = 0; u8 has_llvm_config = 0; - u8* name; + u8 *name; - cc_params = ck_alloc((argc + 128) * sizeof(u8*)); + cc_params = ck_alloc((argc + 128) * sizeof(u8 *)); name = strrchr(argv[0], '/'); if (!name) @@ -168,21 +168,21 @@ static void edit_params(u32 argc, char** argv) { if (!strcmp(name, "afl-clang-fast++") || !strcmp(name, "afl-clang-lto++")) { - u8* alt_cxx = getenv("AFL_CXX"); + u8 *alt_cxx = getenv("AFL_CXX"); if (has_llvm_config) snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang++", LLVM_BINDIR); else sprintf(llvm_fullpath, "clang++"); - cc_params[0] = alt_cxx ? alt_cxx : (u8*)llvm_fullpath; + cc_params[0] = alt_cxx ? alt_cxx : (u8 *)llvm_fullpath; } else { - u8* alt_cc = getenv("AFL_CC"); + u8 *alt_cc = getenv("AFL_CC"); if (has_llvm_config) snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang", LLVM_BINDIR); else sprintf(llvm_fullpath, "clang"); - cc_params[0] = alt_cc ? alt_cc : (u8*)llvm_fullpath; + cc_params[0] = alt_cc ? alt_cc : (u8 *)llvm_fullpath; } @@ -267,8 +267,8 @@ static void edit_params(u32 argc, char** argv) { if (lto_mode) { - char* old_path = getenv("PATH"); - char* new_path = alloc_printf("%s:%s", AFL_PATH, old_path); + char *old_path = getenv("PATH"); + char *new_path = alloc_printf("%s:%s", AFL_PATH, old_path); setenv("PATH", new_path, 1); setenv("AFL_LD", "1", 1); @@ -322,7 +322,7 @@ static void edit_params(u32 argc, char** argv) { while (--argc) { - u8* cur = *(++argv); + u8 *cur = *(++argv); if (!strcmp(cur, "-m32")) bit_mode = 32; if (!strcmp(cur, "armv7a-linux-androideabi")) bit_mode = 32; @@ -521,10 +521,10 @@ static void edit_params(u32 argc, char** argv) { /* Main entry point */ -int main(int argc, char** argv, char** envp) { +int main(int argc, char **argv, char **envp) { int i; - char* callname = "afl-clang-fast"; + char *callname = "afl-clang-fast"; if (getenv("AFL_DEBUG")) { @@ -671,7 +671,7 @@ int main(int argc, char** argv, char** envp) { } - execvp(cc_params[0], (char**)cc_params); + execvp(cc_params[0], (char **)cc_params); FATAL("Oops, failed to execute '%s' - check your PATH", cc_params[0]); diff --git a/llvm_mode/afl-ld.c b/llvm_mode/afl-ld.c index bd451ca5..0a244727 100644 --- a/llvm_mode/afl-ld.c +++ b/llvm_mode/afl-ld.c @@ -51,17 +51,17 @@ static u8 **ld_params, /* Parameters passed to the real 'ld' */ **opt_params, /* Parameters passed to 'opt' opt */ **inst_params; /* Parameters passed to 'opt' inst */ -static u8* input_file; /* Originally specified input file */ +static u8 *input_file; /* Originally specified input file */ static u8 *final_file, /* Instrumented file for the real 'ld' */ *linked_file, /* file where we link all files */ *modified_file; /* file that was optimized before instr */ -static u8* afl_path = AFL_PATH; -static u8* real_ld = AFL_REAL_LD; +static u8 *afl_path = AFL_PATH; +static u8 *real_ld = AFL_REAL_LD; static u8 cwd[4096]; -static u8* tmp_dir; -static u8* ar_dir; +static u8 *tmp_dir; +static u8 *ar_dir; static u8 ar_dir_cnt; -static u8* libdirs[254]; +static u8 *libdirs[254]; static u8 libdir_cnt; static u8 be_quiet, /* Quiet mode (no stderr output) */ @@ -76,10 +76,10 @@ static u32 ld_param_cnt = 1, /* Number of params to 'ld' */ inst_param_cnt = 1; /* Number of params to 'opt' instr */ /* This function wipes a directory - our AR unpack directory in this case */ -static u8 wipe_directory(u8* path) { +static u8 wipe_directory(u8 *path) { - DIR* d; - struct dirent* d_ent; + DIR *d; + struct dirent *d_ent; d = opendir(path); @@ -89,7 +89,7 @@ static u8 wipe_directory(u8* path) { if (strcmp(d_ent->d_name, ".") != 0 && strcmp(d_ent->d_name, "..") != 0) { - u8* fname = alloc_printf("%s/%s", path, d_ent->d_name); + u8 *fname = alloc_printf("%s/%s", path, d_ent->d_name); if (unlink(fname)) PFATAL("Unable to delete '%s'", fname); ck_free(fname); @@ -142,7 +142,7 @@ static void at_exit_handler(void) { /* This function checks if the parameter is a) an existing file and b) if it is a BC or LL file, if both are true it returns 1 and 0 otherwise */ -int is_llvm_file(const char* file) { +int is_llvm_file(const char *file) { int fd; u8 buf[5]; @@ -169,7 +169,7 @@ int is_llvm_file(const char* file) { } /* Return the current working directory, not thread safe ;-) */ -u8* getthecwd() { +u8 *getthecwd() { static u8 fail[] = ""; if (getcwd(cwd, sizeof(cwd)) == NULL) return fail; @@ -178,7 +178,7 @@ u8* getthecwd() { } /* Check if an ar extracted file is already in the parameter list */ -int is_duplicate(u8** params, u32 ld_param_cnt, u8* ar_file) { +int is_duplicate(u8 **params, u32 ld_param_cnt, u8 *ar_file) { for (uint32_t i = 0; i < ld_param_cnt; i++) if (params[i] != NULL) @@ -191,7 +191,7 @@ int is_duplicate(u8** params, u32 ld_param_cnt, u8* ar_file) { /* Examine and modify parameters to pass to 'ld', 'llvm-link' and 'llmv-ar'. Note that the file name is always the last parameter passed by GCC, so we exploit this property to keep the code "simple". */ -static void edit_params(int argc, char** argv) { +static void edit_params(int argc, char **argv) { u32 i, have_lto = 0, libdir_index; u8 libdir_file[4096]; @@ -212,12 +212,12 @@ static void edit_params(int argc, char** argv) { final_file = alloc_printf("%s/.afl-%u-%u-3.bc", tmp_dir, getpid(), (u32)time(NULL)); - ld_params = ck_alloc(4096 * sizeof(u8*)); - link_params = ck_alloc(4096 * sizeof(u8*)); - inst_params = ck_alloc(12 * sizeof(u8*)); - opt_params = ck_alloc(12 * sizeof(u8*)); + ld_params = ck_alloc(4096 * sizeof(u8 *)); + link_params = ck_alloc(4096 * sizeof(u8 *)); + inst_params = ck_alloc(12 * sizeof(u8 *)); + opt_params = ck_alloc(12 * sizeof(u8 *)); - ld_params[0] = (u8*)real_ld; + ld_params[0] = (u8 *)real_ld; ld_params[ld_param_cnt++] = "--allow-multiple-definition"; link_params[0] = alloc_printf("%s/%s", LLVM_BINDIR, "llvm-link"); @@ -328,13 +328,13 @@ static void edit_params(int argc, char** argv) { // where the same "foo.o" was in both .a archives. llvm-link does not // like this so we have to work around that ... - u8 this_wd[4096], *this_ar; - u8 ar_params_cnt = 4; - u8* ar_params[ar_params_cnt]; - u8* file = argv[i]; - s32 pid, status; - DIR* arx; - struct dirent* dir_ent; + u8 this_wd[4096], *this_ar; + u8 ar_params_cnt = 4; + u8 *ar_params[ar_params_cnt]; + u8 *file = argv[i]; + s32 pid, status; + DIR *arx; + struct dirent *dir_ent; if (libdir_index < libdir_cnt) file = libdir_file; @@ -373,7 +373,7 @@ static void edit_params(int argc, char** argv) { if (!(pid = fork())) { - execvp(ar_params[0], (char**)ar_params); + execvp(ar_params[0], (char **)ar_params); FATAL("Oops, failed to execute '%s'", ar_params[0]); } @@ -389,7 +389,7 @@ static void edit_params(int argc, char** argv) { while ((dir_ent = readdir(arx)) != NULL) { - u8* ar_file = alloc_printf("%s/%s", ar_dir, dir_ent->d_name); + u8 *ar_file = alloc_printf("%s/%s", ar_dir, dir_ent->d_name); if (dir_ent->d_name[strlen(dir_ent->d_name) - 1] == 'o' && dir_ent->d_name[strlen(dir_ent->d_name) - 2] == '.') { @@ -535,7 +535,7 @@ void clean_path() { /* Main entry point */ -int main(int argc, char** argv) { +int main(int argc, char **argv) { s32 pid, i; int status; @@ -665,7 +665,7 @@ int main(int argc, char** argv) { if (!(pid = fork())) { - execvp(link_params[0], (char**)link_params); + execvp(link_params[0], (char **)link_params); FATAL("Oops, failed to execute '%s'", link_params[0]); } @@ -707,7 +707,7 @@ int main(int argc, char** argv) { if (!(pid = fork())) { - execvp(opt_params[0], (char**)opt_params); + execvp(opt_params[0], (char **)opt_params); FATAL("Oops, failed to execute '%s'", opt_params[0]); } @@ -730,7 +730,7 @@ int main(int argc, char** argv) { if (!(pid = fork())) { - execvp(inst_params[0], (char**)inst_params); + execvp(inst_params[0], (char **)inst_params); FATAL("Oops, failed to execute '%s'", inst_params[0]); } @@ -761,8 +761,8 @@ int main(int argc, char** argv) { unsetenv("AFL_LD"); - if (strlen(real_ld) > 1) execvp(real_ld, (char**)ld_params); - execvp("ld", (char**)ld_params); // fallback + if (strlen(real_ld) > 1) execvp(real_ld, (char **)ld_params); + execvp("ld", (char **)ld_params); // fallback FATAL("Oops, failed to execute 'ld' - check your PATH"); } diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c index 58b64670..1fa77fd9 100644 --- a/llvm_mode/afl-llvm-rt.o.c +++ b/llvm_mode/afl-llvm-rt.o.c @@ -59,7 +59,7 @@ run. It will end up as .comm, so it shouldn't be too wasteful. */ u8 __afl_area_initial[MAP_SIZE]; -u8* __afl_area_ptr = __afl_area_initial; +u8 *__afl_area_ptr = __afl_area_initial; #ifdef __ANDROID__ u32 __afl_prev_loc; @@ -69,7 +69,7 @@ __thread u32 __afl_prev_loc; __thread u32 __afl_final_loc; #endif -struct cmp_map* __afl_cmp_map; +struct cmp_map *__afl_cmp_map; __thread u32 __afl_cmp_counter; /* Running in persistent mode? */ @@ -80,7 +80,7 @@ static u8 is_persistent; static void __afl_map_shm(void) { - u8* id_str = getenv(SHM_ENV_VAR); + u8 *id_str = getenv(SHM_ENV_VAR); /* If we're running under AFL, attach to the appropriate region, replacing the early-stage __afl_area_initial region that is needed to allow some really @@ -89,9 +89,9 @@ static void __afl_map_shm(void) { if (id_str) { #ifdef USEMMAP - const char* shm_file_path = id_str; - int shm_fd = -1; - unsigned char* shm_base = NULL; + const char *shm_file_path = id_str; + int shm_fd = -1; + unsigned char *shm_base = NULL; /* create the shared memory segment as if it was a file */ shm_fd = shm_open(shm_file_path, O_RDWR, 0600); @@ -123,7 +123,7 @@ static void __afl_map_shm(void) { /* Whooooops. */ - if (__afl_area_ptr == (void*)-1) _exit(1); + if (__afl_area_ptr == (void *)-1) _exit(1); /* Write something into the bitmap so that even with low AFL_INST_RATIO, our parent doesn't give up on us. */ @@ -137,9 +137,9 @@ static void __afl_map_shm(void) { if (id_str) { #ifdef USEMMAP - const char* shm_file_path = id_str; - int shm_fd = -1; - unsigned char* shm_base = NULL; + const char *shm_file_path = id_str; + int shm_fd = -1; + unsigned char *shm_base = NULL; /* create the shared memory segment as if it was a file */ shm_fd = shm_open(shm_file_path, O_RDWR, 0600); @@ -170,7 +170,7 @@ static void __afl_map_shm(void) { __afl_cmp_map = shmat(shm_id, NULL, 0); #endif - if (__afl_cmp_map == (void*)-1) _exit(1); + if (__afl_cmp_map == (void *)-1) _exit(1); } @@ -354,7 +354,7 @@ __attribute__((constructor(CONST_PRIO))) void __afl_auto_init(void) { The first function (__sanitizer_cov_trace_pc_guard) is called back on every edge (as opposed to every basic block). */ -void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { +void __sanitizer_cov_trace_pc_guard(uint32_t *guard) { __afl_area_ptr[*guard]++; @@ -364,10 +364,10 @@ void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { ID of 0 as a special value to indicate non-instrumented bits. That may still touch the bitmap, but in a fairly harmless way. */ -void __sanitizer_cov_trace_pc_guard_init(uint32_t* start, uint32_t* stop) { +void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { u32 inst_ratio = 100; - u8* x; + u8 *x; if (start == stop || *start) return; @@ -504,7 +504,7 @@ void __sanitizer_cov_trace_cmp8(uint64_t Arg1, uint64_t Arg2) __attribute__((alias("__cmplog_ins_hook8"))); #endif /* defined(__APPLE__) */ -void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t* Cases) { +void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t *Cases) { for (uint64_t i = 0; i < Cases[0]; i++) { @@ -530,10 +530,10 @@ void __sanitizer_cov_trace_switch(uint64_t Val, uint64_t* Cases) { // POSIX shenanigan to see if an area is mapped. // If it is mapped as X-only, we have a problem, so maybe we should add a check // to avoid to call it on .text addresses -static int area_is_mapped(void* ptr, size_t len) { +static int area_is_mapped(void *ptr, size_t len) { - char* p = ptr; - char* page = (char*)((uintptr_t)p & ~(sysconf(_SC_PAGE_SIZE) - 1)); + char *p = ptr; + char *page = (char *)((uintptr_t)p & ~(sysconf(_SC_PAGE_SIZE) - 1)); int r = msync(page, (p - page) + len, MS_ASYNC); if (r < 0) return errno != ENOMEM; @@ -541,7 +541,7 @@ static int area_is_mapped(void* ptr, size_t len) { } -void __cmplog_rtn_hook(void* ptr1, void* ptr2) { +void __cmplog_rtn_hook(void *ptr1, void *ptr2) { if (!__afl_cmp_map) return; @@ -559,9 +559,9 @@ void __cmplog_rtn_hook(void* ptr1, void* ptr2) { __afl_cmp_map->headers[k].shape = 31; hits &= CMP_MAP_RTN_H - 1; - __builtin_memcpy(((struct cmpfn_operands*)__afl_cmp_map->log[k])[hits].v0, + __builtin_memcpy(((struct cmpfn_operands *)__afl_cmp_map->log[k])[hits].v0, ptr1, 32); - __builtin_memcpy(((struct cmpfn_operands*)__afl_cmp_map->log[k])[hits].v1, + __builtin_memcpy(((struct cmpfn_operands *)__afl_cmp_map->log[k])[hits].v1, ptr2, 32); } diff --git a/qemu_mode/libcompcov/libcompcov.so.c b/qemu_mode/libcompcov/libcompcov.so.c index 8e2c279b..a2695985 100644 --- a/qemu_mode/libcompcov/libcompcov.so.c +++ b/qemu_mode/libcompcov/libcompcov.so.c @@ -45,15 +45,15 @@ static void *__compcov_code_start, *__compcov_code_end; -static u8* __compcov_afl_map; +static u8 *__compcov_afl_map; static u32 __compcov_level; -static int (*__libc_strcmp)(const char*, const char*); -static int (*__libc_strncmp)(const char*, const char*, size_t); -static int (*__libc_strcasecmp)(const char*, const char*); -static int (*__libc_strncasecmp)(const char*, const char*, size_t); -static int (*__libc_memcmp)(const void*, const void*, size_t); +static int (*__libc_strcmp)(const char *, const char *); +static int (*__libc_strncmp)(const char *, const char *, size_t); +static int (*__libc_strcasecmp)(const char *, const char *); +static int (*__libc_strncasecmp)(const char *, const char *, size_t); +static int (*__libc_memcmp)(const void *, const void *, size_t); static int debug_fd = -1; @@ -65,7 +65,7 @@ static u32 __compcov_ro_cnt; /* Check an address against the list of read-only mappings. */ -static u8 __compcov_is_ro(const void* ptr) { +static u8 __compcov_is_ro(const void *ptr) { u32 i; @@ -76,7 +76,7 @@ static u8 __compcov_is_ro(const void* ptr) { } -static size_t __strlen2(const char* s1, const char* s2, size_t max_length) { +static size_t __strlen2(const char *s1, const char *s2, size_t max_length) { // from https://github.com/googleprojectzero/CompareCoverage @@ -103,7 +103,7 @@ static void __compcov_load(void) { } - char* id_str = getenv(SHM_ENV_VAR); + char *id_str = getenv(SHM_ENV_VAR); int shm_id; if (id_str) { @@ -111,7 +111,7 @@ static void __compcov_load(void) { shm_id = atoi(id_str); __compcov_afl_map = shmat(shm_id, NULL, 0); - if (__compcov_afl_map == (void*)-1) exit(1); + if (__compcov_afl_map == (void *)-1) exit(1); } else { @@ -121,16 +121,16 @@ static void __compcov_load(void) { if (getenv("AFL_INST_LIBS")) { - __compcov_code_start = (void*)0; - __compcov_code_end = (void*)-1; + __compcov_code_start = (void *)0; + __compcov_code_end = (void *)-1; return; } - char* bin_name = getenv("AFL_COMPCOV_BINNAME"); + char *bin_name = getenv("AFL_COMPCOV_BINNAME"); - procmaps_iterator* maps = pmparser_parse(-1); - procmaps_struct* maps_tmp = NULL; + procmaps_iterator *maps = pmparser_parse(-1); + procmaps_struct *maps_tmp = NULL; while ((maps_tmp = pmparser_next(maps)) != NULL) { @@ -159,7 +159,7 @@ static void __compcov_load(void) { } -static void __compcov_trace(u64 cur_loc, const u8* v0, const u8* v1, size_t n) { +static void __compcov_trace(u64 cur_loc, const u8 *v0, const u8 *v1, size_t n) { size_t i; @@ -167,8 +167,8 @@ static void __compcov_trace(u64 cur_loc, const u8* v0, const u8* v1, size_t n) { char debugbuf[4096]; snprintf(debugbuf, sizeof(debugbuf), "0x%llx %s %s %lu\n", cur_loc, - v0 == NULL ? "(null)" : (char*)v0, - v1 == NULL ? "(null)" : (char*)v1, n); + v0 == NULL ? "(null)" : (char *)v0, + v1 == NULL ? "(null)" : (char *)v1, n); write(debug_fd, debugbuf, strlen(debugbuf)); } @@ -183,7 +183,7 @@ static void __compcov_trace(u64 cur_loc, const u8* v0, const u8* v1, size_t n) { /* Check an address against the list of read-only mappings. */ -static u8 __compcov_is_in_bound(const void* ptr) { +static u8 __compcov_is_in_bound(const void *ptr) { return ptr >= __compcov_code_start && ptr < __compcov_code_end; @@ -194,9 +194,9 @@ static u8 __compcov_is_in_bound(const void* ptr) { #undef strcmp -int strcmp(const char* str1, const char* str2) { +int strcmp(const char *str1, const char *str2) { - void* retaddr = __builtin_return_address(0); + void *retaddr = __builtin_return_address(0); if (__compcov_is_in_bound(retaddr) && !(__compcov_level < 2 && !__compcov_is_ro(str1) && @@ -222,9 +222,9 @@ int strcmp(const char* str1, const char* str2) { #undef strncmp -int strncmp(const char* str1, const char* str2, size_t len) { +int strncmp(const char *str1, const char *str2, size_t len) { - void* retaddr = __builtin_return_address(0); + void *retaddr = __builtin_return_address(0); if (__compcov_is_in_bound(retaddr) && !(__compcov_level < 2 && !__compcov_is_ro(str1) && @@ -251,9 +251,9 @@ int strncmp(const char* str1, const char* str2, size_t len) { #undef strcasecmp -int strcasecmp(const char* str1, const char* str2) { +int strcasecmp(const char *str1, const char *str2) { - void* retaddr = __builtin_return_address(0); + void *retaddr = __builtin_return_address(0); if (__compcov_is_in_bound(retaddr) && !(__compcov_level < 2 && !__compcov_is_ro(str1) && @@ -281,9 +281,9 @@ int strcasecmp(const char* str1, const char* str2) { #undef strncasecmp -int strncasecmp(const char* str1, const char* str2, size_t len) { +int strncasecmp(const char *str1, const char *str2, size_t len) { - void* retaddr = __builtin_return_address(0); + void *retaddr = __builtin_return_address(0); if (__compcov_is_in_bound(retaddr) && !(__compcov_level < 2 && !__compcov_is_ro(str1) && @@ -312,9 +312,9 @@ int strncasecmp(const char* str1, const char* str2, size_t len) { #undef memcmp -int memcmp(const void* mem1, const void* mem2, size_t len) { +int memcmp(const void *mem1, const void *mem2, size_t len) { - void* retaddr = __builtin_return_address(0); + void *retaddr = __builtin_return_address(0); if (__compcov_is_in_bound(retaddr) && !(__compcov_level < 2 && !__compcov_is_ro(mem1) && @@ -345,25 +345,25 @@ int memcmp(const void* mem1, const void* mem2, size_t len) { /* * Apache's httpd wrappers */ -int ap_cstr_casecmp(const char* s1, const char* s2) { +int ap_cstr_casecmp(const char *s1, const char *s2) { return strcasecmp(s1, s2); } -int ap_cstr_casecmpn(const char* s1, const char* s2, size_t n) { +int ap_cstr_casecmpn(const char *s1, const char *s2, size_t n) { return strncasecmp(s1, s2, n); } -int apr_cstr_casecmp(const char* s1, const char* s2) { +int apr_cstr_casecmp(const char *s1, const char *s2) { return strcasecmp(s1, s2); } -int apr_cstr_casecmpn(const char* s1, const char* s2, size_t n) { +int apr_cstr_casecmpn(const char *s1, const char *s2, size_t n) { return strncasecmp(s1, s2, n); @@ -372,31 +372,31 @@ int apr_cstr_casecmpn(const char* s1, const char* s2, size_t n) { /* * *SSL wrappers */ -int CRYPTO_memcmp(const void* m1, const void* m2, size_t len) { +int CRYPTO_memcmp(const void *m1, const void *m2, size_t len) { return memcmp(m1, m2, len); } -int OPENSSL_memcmp(const void* m1, const void* m2, size_t len) { +int OPENSSL_memcmp(const void *m1, const void *m2, size_t len) { return memcmp(m1, m2, len); } -int OPENSSL_strcasecmp(const char* s1, const char* s2) { +int OPENSSL_strcasecmp(const char *s1, const char *s2) { return strcasecmp(s1, s2); } -int OPENSSL_strncasecmp(const char* s1, const char* s2, size_t len) { +int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t len) { return strncasecmp(s1, s2, len); } -int32_t memcmpct(const void* s1, const void* s2, size_t len) { +int32_t memcmpct(const void *s1, const void *s2, size_t len) { return memcmp(s1, s2, len); @@ -405,7 +405,7 @@ int32_t memcmpct(const void* s1, const void* s2, size_t len) { /* * libXML wrappers */ -int xmlStrncmp(const char* s1, const char* s2, int len) { +int xmlStrncmp(const char *s1, const char *s2, int len) { if (len <= 0) { return 0; } if (s1 == s2) { return 0; } @@ -415,7 +415,7 @@ int xmlStrncmp(const char* s1, const char* s2, int len) { } -int xmlStrcmp(const char* s1, const char* s2) { +int xmlStrcmp(const char *s1, const char *s2) { if (s1 == s2) { return 0; } if (s1 == NULL) { return -1; } @@ -424,7 +424,7 @@ int xmlStrcmp(const char* s1, const char* s2) { } -int xmlStrEqual(const char* s1, const char* s2) { +int xmlStrEqual(const char *s1, const char *s2) { if (s1 == s2) { return 1; } if (s1 == NULL) { return 0; } @@ -434,7 +434,7 @@ int xmlStrEqual(const char* s1, const char* s2) { } -int xmlStrcasecmp(const char* s1, const char* s2) { +int xmlStrcasecmp(const char *s1, const char *s2) { if (s1 == s2) { return 0; } if (s1 == NULL) { return -1; } @@ -443,7 +443,7 @@ int xmlStrcasecmp(const char* s1, const char* s2) { } -int xmlStrncasecmp(const char* s1, const char* s2, int len) { +int xmlStrncasecmp(const char *s1, const char *s2, int len) { if (len <= 0) { return 0; } if (s1 == s2) { return 0; } @@ -453,7 +453,7 @@ int xmlStrncasecmp(const char* s1, const char* s2, int len) { } -const char* xmlStrcasestr(const char* haystack, const char* needle) { +const char *xmlStrcasestr(const char *haystack, const char *needle) { if (haystack == NULL) { return NULL; } if (needle == NULL) { return NULL; } @@ -464,13 +464,13 @@ const char* xmlStrcasestr(const char* haystack, const char* needle) { /* * Samba wrappers */ -int memcmp_const_time(const void* s1, const void* s2, size_t n) { +int memcmp_const_time(const void *s1, const void *s2, size_t n) { return memcmp(s1, s2, n); } -bool strcsequal(const void* s1, const void* s2) { +bool strcsequal(const void *s1, const void *s2) { if (s1 == s2) { return true; } if (!s1 || !s2) { return false; } diff --git a/qemu_mode/libcompcov/pmparser.h b/qemu_mode/libcompcov/pmparser.h index e7fcf187..d37bfcaf 100644 --- a/qemu_mode/libcompcov/pmparser.h +++ b/qemu_mode/libcompcov/pmparser.h @@ -32,8 +32,8 @@ implied warranty. */ typedef struct procmaps_struct { - void* addr_start; //< start address of the area - void* addr_end; //< end address + void *addr_start; //< start address of the area + void *addr_end; //< end address unsigned long length; //< size of the range char perm[5]; //< permissions rwxp @@ -48,7 +48,7 @@ typedef struct procmaps_struct { char pathname[600]; //< the path of the file that backs the area // chained list - struct procmaps_struct* next; //<handler of the chinaed list + struct procmaps_struct *next; //<handler of the chinaed list } procmaps_struct; @@ -58,8 +58,8 @@ typedef struct procmaps_struct { */ typedef struct procmaps_iterator { - procmaps_struct* head; - procmaps_struct* current; + procmaps_struct *head; + procmaps_struct *current; } procmaps_iterator; @@ -69,7 +69,7 @@ typedef struct procmaps_iterator { * if pid<0 * @return an iterator over all the nodes */ -procmaps_iterator* pmparser_parse(int pid); +procmaps_iterator *pmparser_parse(int pid); /** * pmparser_next @@ -77,28 +77,28 @@ procmaps_iterator* pmparser_parse(int pid); * @param p_procmaps_it the iterator to move on step in the chained list * @return a procmaps structure filled with information about this VM area */ -procmaps_struct* pmparser_next(procmaps_iterator* p_procmaps_it); +procmaps_struct *pmparser_next(procmaps_iterator *p_procmaps_it); /** * pmparser_free * @description should be called at the end to free the resources * @param p_procmaps_it the iterator structure returned by pmparser_parse */ -void pmparser_free(procmaps_iterator* p_procmaps_it); +void pmparser_free(procmaps_iterator *p_procmaps_it); /** * _pmparser_split_line * @description internal usage */ -void _pmparser_split_line(char* buf, char* addr1, char* addr2, char* perm, - char* offset, char* device, char* inode, - char* pathname); +void _pmparser_split_line(char *buf, char *addr1, char *addr2, char *perm, + char *offset, char *device, char *inode, + char *pathname); /** * pmparser_print * @param map the head of the list * @order the order of the area to print, -1 to print everything */ -void pmparser_print(procmaps_struct* map, int order); +void pmparser_print(procmaps_struct *map, int order); /** * gobal variables @@ -106,9 +106,9 @@ void pmparser_print(procmaps_struct* map, int order); // procmaps_struct* g_last_head=NULL; // procmaps_struct* g_current=NULL; -procmaps_iterator* pmparser_parse(int pid) { +procmaps_iterator *pmparser_parse(int pid) { - procmaps_iterator* maps_it = malloc(sizeof(procmaps_iterator)); + procmaps_iterator *maps_it = malloc(sizeof(procmaps_iterator)); char maps_path[500]; if (pid >= 0) { @@ -120,7 +120,7 @@ procmaps_iterator* pmparser_parse(int pid) { } - FILE* file = fopen(maps_path, "r"); + FILE *file = fopen(maps_path, "r"); if (!file) { fprintf(stderr, "pmparser : cannot open the memory maps, %s\n", @@ -132,24 +132,24 @@ procmaps_iterator* pmparser_parse(int pid) { int ind = 0; char buf[PROCMAPS_LINE_MAX_LENGTH]; // int c; - procmaps_struct* list_maps = NULL; - procmaps_struct* tmp; - procmaps_struct* current_node = list_maps; + procmaps_struct *list_maps = NULL; + procmaps_struct *tmp; + procmaps_struct *current_node = list_maps; char addr1[20], addr2[20], perm[8], offset[20], dev[10], inode[30], pathname[PATH_MAX]; while (!feof(file)) { fgets(buf, PROCMAPS_LINE_MAX_LENGTH, file); // allocate a node - tmp = (procmaps_struct*)malloc(sizeof(procmaps_struct)); + tmp = (procmaps_struct *)malloc(sizeof(procmaps_struct)); // fill the node _pmparser_split_line(buf, addr1, addr2, perm, offset, dev, inode, pathname); // printf("#%s",buf); // printf("%s-%s %s %s %s // %s\t%s\n",addr1,addr2,perm,offset,dev,inode,pathname); addr_start & // addr_end unsigned long l_addr_start; - sscanf(addr1, "%lx", (long unsigned*)&tmp->addr_start); - sscanf(addr2, "%lx", (long unsigned*)&tmp->addr_end); + sscanf(addr1, "%lx", (long unsigned *)&tmp->addr_start); + sscanf(addr2, "%lx", (long unsigned *)&tmp->addr_end); // size tmp->length = (unsigned long)(tmp->addr_end - tmp->addr_start); // perm @@ -194,10 +194,10 @@ procmaps_iterator* pmparser_parse(int pid) { } -procmaps_struct* pmparser_next(procmaps_iterator* p_procmaps_it) { +procmaps_struct *pmparser_next(procmaps_iterator *p_procmaps_it) { if (p_procmaps_it->current == NULL) return NULL; - procmaps_struct* p_current = p_procmaps_it->current; + procmaps_struct *p_current = p_procmaps_it->current; p_procmaps_it->current = p_procmaps_it->current->next; return p_current; /* @@ -214,12 +214,12 @@ procmaps_struct* pmparser_next(procmaps_iterator* p_procmaps_it) { } -void pmparser_free(procmaps_iterator* p_procmaps_it) { +void pmparser_free(procmaps_iterator *p_procmaps_it) { - procmaps_struct* maps_list = p_procmaps_it->head; + procmaps_struct *maps_list = p_procmaps_it->head; if (maps_list == NULL) return; - procmaps_struct* act = maps_list; - procmaps_struct* nxt = act->next; + procmaps_struct *act = maps_list; + procmaps_struct *nxt = act->next; while (act != NULL) { free(act); @@ -230,9 +230,9 @@ void pmparser_free(procmaps_iterator* p_procmaps_it) { } -void _pmparser_split_line(char* buf, char* addr1, char* addr2, char* perm, - char* offset, char* device, char* inode, - char* pathname) { +void _pmparser_split_line(char *buf, char *addr1, char *addr2, char *perm, + char *offset, char *device, char *inode, + char *pathname) { // int orig = 0; diff --git a/qemu_mode/patches/afl-qemu-floats.h b/qemu_mode/patches/afl-qemu-floats.h index f88bbf4a..2e50cf7e 100644 --- a/qemu_mode/patches/afl-qemu-floats.h +++ b/qemu_mode/patches/afl-qemu-floats.h @@ -64,14 +64,14 @@ union afl_float64 { // TODO figure out why float*_unpack_canonical does not work void afl_float_compcov_log_32(target_ulong cur_loc, float32 arg1, float32 arg2, - void* status) { + void *status) { cur_loc = (cur_loc >> 4) ^ (cur_loc << 8); cur_loc &= MAP_SIZE - 7; if (cur_loc >= afl_inst_rms) return; - // float_status* s = (float_status*)status; + // float_status*s = (float_status*)status; // FloatParts a = float32_unpack_canonical(arg1, s); // FloatParts b = float32_unpack_canonical(arg2, s); union afl_float32 a = {.f = arg1}; @@ -96,14 +96,14 @@ void afl_float_compcov_log_32(target_ulong cur_loc, float32 arg1, float32 arg2, } void afl_float_compcov_log_64(target_ulong cur_loc, float64 arg1, float64 arg2, - void* status) { + void *status) { cur_loc = (cur_loc >> 4) ^ (cur_loc << 8); cur_loc &= MAP_SIZE - 7; if (cur_loc >= afl_inst_rms) return; - // float_status* s = (float_status*)status; + // float_status*s = (float_status*)status; // FloatParts a = float64_unpack_canonical(arg1, s); // FloatParts b = float64_unpack_canonical(arg2, s); union afl_float64 a = {.f = arg1}; diff --git a/qemu_mode/patches/afl-qemu-tcg-runtime-inl.h b/qemu_mode/patches/afl-qemu-tcg-runtime-inl.h index a510ac83..04fcde4e 100644 --- a/qemu_mode/patches/afl-qemu-tcg-runtime-inl.h +++ b/qemu_mode/patches/afl-qemu-tcg-runtime-inl.h @@ -34,7 +34,7 @@ #include "afl-qemu-common.h" #include "tcg.h" -void HELPER(afl_entry_routine)(CPUArchState* env) { +void HELPER(afl_entry_routine)(CPUArchState *env) { afl_forkserver(ENV_GET_CPU(env)); @@ -160,10 +160,10 @@ void HELPER(afl_cmplog_64)(target_ulong cur_loc, target_ulong arg1, #include <sys/mman.h> -static int area_is_mapped(void* ptr, size_t len) { +static int area_is_mapped(void *ptr, size_t len) { - char* p = ptr; - char* page = (char*)((uintptr_t)p & ~(sysconf(_SC_PAGE_SIZE) - 1)); + char *p = ptr; + char *page = (char *)((uintptr_t)p & ~(sysconf(_SC_PAGE_SIZE) - 1)); int r = msync(page, (p - page) + len, MS_ASYNC); if (r < 0) return errno != ENOMEM; @@ -171,28 +171,28 @@ static int area_is_mapped(void* ptr, size_t len) { } -void HELPER(afl_cmplog_rtn)(CPUX86State* env) { +void HELPER(afl_cmplog_rtn)(CPUX86State *env) { #if defined(TARGET_X86_64) - void* ptr1 = g2h(env->regs[R_EDI]); - void* ptr2 = g2h(env->regs[R_ESI]); + void *ptr1 = g2h(env->regs[R_EDI]); + void *ptr2 = g2h(env->regs[R_ESI]); #elif defined(TARGET_I386) - target_ulong* stack = g2h(env->regs[R_ESP]); + target_ulong *stack = g2h(env->regs[R_ESP]); if (!area_is_mapped(stack, sizeof(target_ulong) * 2)) return; // when this hook is executed, the retaddr is not on stack yet - void* ptr1 = g2h(stack[0]); - void* ptr2 = g2h(stack[1]); + void *ptr1 = g2h(stack[0]); + void *ptr2 = g2h(stack[1]); #else // dumb code to make it compile - void* ptr1 = NULL; - void* ptr2 = NULL; + void *ptr1 = NULL; + void *ptr2 = NULL; return; #endif @@ -211,9 +211,9 @@ void HELPER(afl_cmplog_rtn)(CPUX86State* env) { __afl_cmp_map->headers[k].shape = 31; hits &= CMP_MAP_RTN_H - 1; - __builtin_memcpy(((struct cmpfn_operands*)__afl_cmp_map->log[k])[hits].v0, + __builtin_memcpy(((struct cmpfn_operands *)__afl_cmp_map->log[k])[hits].v0, ptr1, 32); - __builtin_memcpy(((struct cmpfn_operands*)__afl_cmp_map->log[k])[hits].v1, + __builtin_memcpy(((struct cmpfn_operands *)__afl_cmp_map->log[k])[hits].v1, ptr2, 32); } diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 7d78ffc8..3a392da4 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -57,13 +57,13 @@ static s32 child_pid; /* PID of the tested program */ -u8* trace_bits; /* SHM with instrumentation bitmap */ +u8 *trace_bits; /* SHM with instrumentation bitmap */ static u8 *in_file, /* Analyzer input test case */ *prog_in, /* Targeted program input file */ *doc_path; /* Path to docs */ -static u8* in_data; /* Input data for analysis */ +static u8 *in_data; /* Input data for analysis */ static u32 in_len, /* Input data length */ orig_cksum, /* Original checksum */ @@ -84,7 +84,7 @@ static volatile u8 stop_soon, /* Ctrl-C pressed? */ static u8 qemu_mode; -static u8* target_path; +static u8 *target_path; /* Constants used for describing byte behavior. */ @@ -114,7 +114,7 @@ static u8 count_class_lookup[256] = { }; -static void classify_counts(u8* mem) { +static void classify_counts(u8 *mem) { u32 i = MAP_SIZE; @@ -144,7 +144,7 @@ static void classify_counts(u8* mem) { static inline u8 anything_set(void) { - u32* ptr = (u32*)trace_bits; + u32 *ptr = (u32 *)trace_bits; u32 i = (MAP_SIZE >> 2); while (i--) @@ -189,7 +189,7 @@ static void read_initial_file(void) { /* Write output file. */ -static s32 write_to_file(u8* path, u8* mem, u32 len) { +static s32 write_to_file(u8 *path, u8 *mem, u32 len) { s32 ret; @@ -219,7 +219,7 @@ static void handle_timeout(int sig) { /* Execute target application. Returns exec checksum, or 0 if program times out. */ -static u32 run_target(char** argv, u8* mem, u32 len, u8 first_run) { +static u32 run_target(char **argv, u8 *mem, u32 len, u8 first_run) { static struct itimerval it; int status = 0; @@ -243,7 +243,7 @@ static u32 run_target(char** argv, u8* mem, u32 len, u8 first_run) { if (dup2(use_stdin ? prog_in_fd : dev_null_fd, 0) < 0 || dup2(dev_null_fd, 1) < 0 || dup2(dev_null_fd, 2) < 0) { - *(u32*)trace_bits = EXEC_FAIL_SIG; + *(u32 *)trace_bits = EXEC_FAIL_SIG; PFATAL("dup2() failed"); } @@ -272,7 +272,7 @@ static u32 run_target(char** argv, u8* mem, u32 len, u8 first_run) { execv(target_path, argv); - *(u32*)trace_bits = EXEC_FAIL_SIG; + *(u32 *)trace_bits = EXEC_FAIL_SIG; exit(0); } @@ -299,7 +299,7 @@ static u32 run_target(char** argv, u8* mem, u32 len, u8 first_run) { /* Clean up bitmap, analyze exit condition, etc. */ - if (*(u32*)trace_bits == EXEC_FAIL_SIG) + if (*(u32 *)trace_bits == EXEC_FAIL_SIG) FATAL("Unable to execute '%s'", argv[0]); classify_counts(trace_bits); @@ -378,7 +378,7 @@ static void show_legend(void) { /* Interpret and report a pattern in the input file. */ -static void dump_hex(u8* buf, u32 len, u8* b_data) { +static void dump_hex(u8 *buf, u32 len, u8 *b_data) { u32 i; @@ -409,7 +409,7 @@ static void dump_hex(u8* buf, u32 len, u8* b_data) { case 2: { - u16 val = *(u16*)(in_data + i); + u16 val = *(u16 *)(in_data + i); /* Small integers may be length fields. */ @@ -435,7 +435,7 @@ static void dump_hex(u8* buf, u32 len, u8* b_data) { case 4: { - u32 val = *(u32*)(in_data + i); + u32 val = *(u32 *)(in_data + i); /* Small integers may be length fields. */ @@ -544,12 +544,12 @@ static void dump_hex(u8* buf, u32 len, u8* b_data) { /* Actually analyze! */ -static void analyze(char** argv) { +static void analyze(char **argv) { u32 i; u32 boring_len = 0, prev_xff = 0, prev_x01 = 0, prev_s10 = 0, prev_a10 = 0; - u8* b_data = ck_alloc(in_len + 1); + u8 *b_data = ck_alloc(in_len + 1); u8 seq_byte = 0; b_data[in_len] = 0xff; /* Intentional terminator. */ @@ -651,14 +651,14 @@ static void handle_stop_sig(int sig) { static void set_up_environment(void) { - u8* x; + u8 *x; dev_null_fd = open("/dev/null", O_RDWR); if (dev_null_fd < 0) PFATAL("Unable to open /dev/null"); if (!prog_in) { - u8* use_dir = "."; + u8 *use_dir = "."; if (access(use_dir, R_OK | W_OK | X_OK)) { @@ -715,9 +715,9 @@ static void set_up_environment(void) { if (qemu_mode) { - u8* qemu_preload = getenv("QEMU_SET_ENV"); - u8* afl_preload = getenv("AFL_PRELOAD"); - u8* buf; + u8 *qemu_preload = getenv("QEMU_SET_ENV"); + u8 *afl_preload = getenv("AFL_PRELOAD"); + u8 *buf; s32 i, afl_preload_size = strlen(afl_preload); for (i = 0; i < afl_preload_size; ++i) { @@ -779,7 +779,7 @@ static void setup_signal_handlers(void) { /* Display usage hints. */ -static void usage(u8* argv0) { +static void usage(u8 *argv0) { SAYF( "\n%s [ options ] -- /path/to/target_app [ ... ]\n\n" @@ -822,9 +822,9 @@ static void usage(u8* argv0) { /* Find binary. */ -static void find_binary(u8* fname) { +static void find_binary(u8 *fname) { - u8* env_path = 0; + u8 *env_path = 0; struct stat st; if (strchr(fname, '/') || !(env_path = getenv("PATH"))) { @@ -877,11 +877,11 @@ static void find_binary(u8* fname) { /* Main entry point */ -int main(int argc, char** argv, char** envp) { +int main(int argc, char **argv, char **envp) { s32 opt; u8 mem_limit_given = 0, timeout_given = 0, unicorn_mode = 0, use_wine = 0; - char** use_argv; + char **use_argv; doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; diff --git a/src/afl-as.c b/src/afl-as.c index a89b8636..d0b61ac1 100644 --- a/src/afl-as.c +++ b/src/afl-as.c @@ -53,10 +53,10 @@ #include <sys/wait.h> #include <sys/time.h> -static u8** as_params; /* Parameters passed to the real 'as' */ +static u8 **as_params; /* Parameters passed to the real 'as' */ -static u8* input_file; /* Originally specified input file */ -static u8* modified_file; /* Instrumented file for the real 'as' */ +static u8 *input_file; /* Originally specified input file */ +static u8 *modified_file; /* Instrumented file for the real 'as' */ static u8 be_quiet, /* Quiet mode (no stderr output) */ clang_mode, /* Running in clang mode? */ @@ -89,7 +89,7 @@ static u8 use_64bit = 0; is always the last parameter passed by GCC, so we exploit this property to keep the code simple. */ -static void edit_params(int argc, char** argv) { +static void edit_params(int argc, char **argv) { u8 *tmp_dir = getenv("TMPDIR"), *afl_as = getenv("AFL_AS"); u32 i; @@ -130,9 +130,9 @@ static void edit_params(int argc, char** argv) { if (!tmp_dir) tmp_dir = getenv("TMP"); if (!tmp_dir) tmp_dir = "/tmp"; - as_params = ck_alloc((argc + 32) * sizeof(u8*)); + as_params = ck_alloc((argc + 32) * sizeof(u8 *)); - as_params[0] = afl_as ? afl_as : (u8*)"as"; + as_params[0] = afl_as ? afl_as : (u8 *)"as"; as_params[argc] = 0; @@ -234,8 +234,8 @@ static void add_instrumentation(void) { static u8 line[MAX_LINE]; - FILE* inf; - FILE* outf; + FILE *inf; + FILE *outf; s32 outfd; u32 ins_lines = 0; @@ -244,7 +244,7 @@ static void add_instrumentation(void) { #ifdef __APPLE__ - u8* colon_pos; + u8 *colon_pos; #endif /* __APPLE__ */ @@ -498,12 +498,12 @@ static void add_instrumentation(void) { /* Main entry point */ -int main(int argc, char** argv) { +int main(int argc, char **argv) { s32 pid; u32 rand_seed; int status; - u8* inst_ratio_str = getenv("AFL_INST_RATIO"); + u8 *inst_ratio_str = getenv("AFL_INST_RATIO"); struct timeval tv; struct timezone tz; @@ -590,7 +590,7 @@ int main(int argc, char** argv) { if (!(pid = fork())) { - execvp(as_params[0], (char**)as_params); + execvp(as_params[0], (char **)as_params); FATAL("Oops, failed to execute '%s' - check your PATH", as_params[0]); } diff --git a/src/afl-common.c b/src/afl-common.c index e25162c2..71041875 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -38,16 +38,16 @@ extern u8 be_quiet; -void detect_file_args(char** argv, u8* prog_in, u8* use_stdin) { +void detect_file_args(char **argv, u8 *prog_in, u8 *use_stdin) { u32 i = 0; #ifdef __GLIBC__ - u8* cwd = getcwd(NULL, 0); /* non portable glibc extension */ + u8 *cwd = getcwd(NULL, 0); /* non portable glibc extension */ #else - u8* cwd; - char* buf; + u8 *cwd; + char *buf; long size = pathconf(".", _PC_PATH_MAX); - if ((buf = (char*)malloc((size_t)size)) != NULL) { + if ((buf = (char *)malloc((size_t)size)) != NULL) { cwd = getcwd(buf, (size_t)size); /* portable version */ ck_free(buf); @@ -67,7 +67,7 @@ void detect_file_args(char** argv, u8* prog_in, u8* use_stdin) { while (argv[i]) { - u8* aa_loc = strstr(argv[i], "@@"); + u8 *aa_loc = strstr(argv[i], "@@"); if (aa_loc) { @@ -111,11 +111,11 @@ void detect_file_args(char** argv, u8* prog_in, u8* use_stdin) { /* duplicate the system argv so that we can edit (and free!) it later */ -char** argv_cpy_dup(int argc, char** argv) { +char **argv_cpy_dup(int argc, char **argv) { u32 i = 0; - char** ret = ck_alloc((argc + 1) * sizeof(char*)); + char **ret = ck_alloc((argc + 1) * sizeof(char *)); for (i = 0; i < argc; i++) { @@ -132,7 +132,7 @@ char** argv_cpy_dup(int argc, char** argv) { /* frees all args in the given argv, previously created by argv_cpy_dup */ -void argv_cpy_free(char** argv) { +void argv_cpy_free(char **argv) { u32 i = 0; while (argv[i]) { @@ -148,12 +148,12 @@ void argv_cpy_free(char** argv) { /* Rewrite argv for QEMU. */ -char** get_qemu_argv(u8* own_loc, u8** target_path_p, int argc, char** argv) { +char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) { - char** new_argv = ck_alloc(sizeof(char*) * (argc + 4)); - u8 * tmp, *cp = NULL, *rsl, *own_copy; + char **new_argv = ck_alloc(sizeof(char *) * (argc + 4)); + u8 *tmp, *cp = NULL, *rsl, *own_copy; - memcpy(new_argv + 3, argv + 1, (int)(sizeof(char*)) * argc); + memcpy(new_argv + 3, argv + 1, (int)(sizeof(char *)) * argc); new_argv[2] = *target_path_p; new_argv[1] = "--"; @@ -226,12 +226,12 @@ char** get_qemu_argv(u8* own_loc, u8** target_path_p, int argc, char** argv) { /* Rewrite argv for Wine+QEMU. */ -char** get_wine_argv(u8* own_loc, u8** target_path_p, int argc, char** argv) { +char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) { - char** new_argv = ck_alloc(sizeof(char*) * (argc + 3)); - u8 * tmp, *cp = NULL, *rsl, *own_copy; + char **new_argv = ck_alloc(sizeof(char *) * (argc + 3)); + u8 *tmp, *cp = NULL, *rsl, *own_copy; - memcpy(new_argv + 2, argv + 1, (int)(sizeof(char*)) * argc); + memcpy(new_argv + 2, argv + 1, (int)(sizeof(char *)) * argc); new_argv[1] = *target_path_p; @@ -285,7 +285,7 @@ char** get_wine_argv(u8* own_loc, u8** target_path_p, int argc, char** argv) { ck_free(own_copy); - u8* ncp = BIN_PATH "/afl-qemu-trace"; + u8 *ncp = BIN_PATH "/afl-qemu-trace"; if (!access(ncp, X_OK)) { @@ -322,10 +322,10 @@ char** get_wine_argv(u8* own_loc, u8** target_path_p, int argc, char** argv) { } -void check_environment_vars(char** envp) { +void check_environment_vars(char **envp) { int index = 0, found = 0; - char* env; + char *env; while ((env = envp[index++]) != NULL) { if (strncmp(env, "ALF_", 4) == 0) { @@ -358,9 +358,9 @@ void check_environment_vars(char** envp) { } -char* get_afl_env(char* env) { +char *get_afl_env(char *env) { - char* val; + char *val; if ((val = getenv(env)) != NULL) if (!be_quiet) diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 70bb4cfd..083f1966 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -331,6 +331,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv) { rlen = read(fsrv->fsrv_st_fd, &status, 4); } + } else { rlen = read(fsrv->fsrv_st_fd, &status, 4); diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 47040fb8..96772032 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -29,9 +29,9 @@ -B option, to focus a separate fuzzing session on a particular interesting input without rediscovering all the others. */ -void write_bitmap(afl_state_t* afl) { +void write_bitmap(afl_state_t *afl) { - u8* fname; + u8 *fname; s32 fd; if (!afl->bitmap_changed) return; @@ -51,7 +51,7 @@ void write_bitmap(afl_state_t* afl) { /* Read bitmap from file. This is for the -B option again. */ -void read_bitmap(afl_state_t* afl, u8* fname) { +void read_bitmap(afl_state_t *afl, u8 *fname) { s32 fd = open(fname, O_RDONLY); @@ -71,19 +71,19 @@ void read_bitmap(afl_state_t* afl, u8* fname) { This function is called after every exec() on a fairly large buffer, so it needs to be fast. We do this in 32-bit and 64-bit flavors. */ -u8 has_new_bits(afl_state_t* afl, u8* virgin_map) { +u8 has_new_bits(afl_state_t *afl, u8 *virgin_map) { #ifdef WORD_SIZE_64 - u64* current = (u64*)afl->fsrv.trace_bits; - u64* virgin = (u64*)virgin_map; + u64 *current = (u64 *)afl->fsrv.trace_bits; + u64 *virgin = (u64 *)virgin_map; u32 i = (MAP_SIZE >> 3); #else - u32* current = (u32*)afl->fsrv.trace_bits; - u32* virgin = (u32*)virgin_map; + u32 *current = (u32 *)afl->fsrv.trace_bits; + u32 *virgin = (u32 *)virgin_map; u32 i = (MAP_SIZE >> 2); @@ -101,8 +101,8 @@ u8 has_new_bits(afl_state_t* afl, u8* virgin_map) { if (likely(ret < 2)) { - u8* cur = (u8*)current; - u8* vir = (u8*)virgin; + u8 *cur = (u8 *)current; + u8 *vir = (u8 *)virgin; /* Looks like we have not found any new bytes yet; see if any non-zero bytes in current[] are pristine in virgin[]. */ @@ -147,9 +147,9 @@ u8 has_new_bits(afl_state_t* afl, u8* virgin_map) { /* Count the number of bits set in the provided bitmap. Used for the status screen several times every second, does not have to be fast. */ -u32 count_bits(u8* mem) { +u32 count_bits(u8 *mem) { - u32* ptr = (u32*)mem; + u32 *ptr = (u32 *)mem; u32 i = (MAP_SIZE >> 2); u32 ret = 0; @@ -183,9 +183,9 @@ u32 count_bits(u8* mem) { mostly to update the status screen or calibrate and examine confirmed new paths. */ -u32 count_bytes(u8* mem) { +u32 count_bytes(u8 *mem) { - u32* ptr = (u32*)mem; + u32 *ptr = (u32 *)mem; u32 i = (MAP_SIZE >> 2); u32 ret = 0; @@ -208,9 +208,9 @@ u32 count_bytes(u8* mem) { /* Count the number of non-255 bytes set in the bitmap. Used strictly for the status screen, several calls per second or so. */ -u32 count_non_255_bytes(u8* mem) { +u32 count_non_255_bytes(u8 *mem) { - u32* ptr = (u32*)mem; + u32 *ptr = (u32 *)mem; u32 i = (MAP_SIZE >> 2); u32 ret = 0; @@ -246,7 +246,7 @@ const u8 simplify_lookup[256] = { #ifdef WORD_SIZE_64 -void simplify_trace(u64* mem) { +void simplify_trace(u64 *mem) { u32 i = MAP_SIZE >> 3; @@ -256,7 +256,7 @@ void simplify_trace(u64* mem) { if (unlikely(*mem)) { - u8* mem8 = (u8*)mem; + u8 *mem8 = (u8 *)mem; mem8[0] = simplify_lookup[mem8[0]]; mem8[1] = simplify_lookup[mem8[1]]; @@ -279,7 +279,7 @@ void simplify_trace(u64* mem) { #else -void simplify_trace(u32* mem) { +void simplify_trace(u32 *mem) { u32 i = MAP_SIZE >> 2; @@ -289,7 +289,7 @@ void simplify_trace(u32* mem) { if (unlikely(*mem)) { - u8* mem8 = (u8*)mem; + u8 *mem8 = (u8 *)mem; mem8[0] = simplify_lookup[mem8[0]]; mem8[1] = simplify_lookup[mem8[1]]; @@ -341,7 +341,7 @@ void init_count_class16(void) { #ifdef WORD_SIZE_64 -void classify_counts(u64* mem) { +void classify_counts(u64 *mem) { u32 i = MAP_SIZE >> 3; @@ -351,7 +351,7 @@ void classify_counts(u64* mem) { if (unlikely(*mem)) { - u16* mem16 = (u16*)mem; + u16 *mem16 = (u16 *)mem; mem16[0] = count_class_lookup16[mem16[0]]; mem16[1] = count_class_lookup16[mem16[1]]; @@ -368,7 +368,7 @@ void classify_counts(u64* mem) { #else -void classify_counts(u32* mem) { +void classify_counts(u32 *mem) { u32 i = MAP_SIZE >> 2; @@ -378,7 +378,7 @@ void classify_counts(u32* mem) { if (unlikely(*mem)) { - u16* mem16 = (u16*)mem; + u16 *mem16 = (u16 *)mem; mem16[0] = count_class_lookup16[mem16[0]]; mem16[1] = count_class_lookup16[mem16[1]]; @@ -397,7 +397,7 @@ void classify_counts(u32* mem) { count information here. This is called only sporadically, for some new paths. */ -void minimize_bits(u8* dst, u8* src) { +void minimize_bits(u8 *dst, u8 *src) { u32 i = 0; @@ -415,9 +415,9 @@ void minimize_bits(u8* dst, u8* src) { /* Construct a file name for a new test case, capturing the operation that led to its discovery. Uses a static buffer. */ -u8* describe_op(afl_state_t* afl, u8 hnb) { +u8 *describe_op(afl_state_t *afl, u8 hnb) { - u8* ret = afl->describe_op_buf_256; + u8 *ret = afl->describe_op_buf_256; if (afl->syncing_party) { @@ -459,11 +459,11 @@ u8* describe_op(afl_state_t* afl, u8 hnb) { /* Write a message accompanying the crash directory :-) */ -static void write_crash_readme(afl_state_t* afl) { +static void write_crash_readme(afl_state_t *afl) { - u8* fn = alloc_printf("%s/crashes/README.txt", afl->out_dir); - s32 fd; - FILE* f; + u8 *fn = alloc_printf("%s/crashes/README.txt", afl->out_dir); + s32 fd; + FILE *f; fd = open(fn, O_WRONLY | O_CREAT | O_EXCL, 0600); ck_free(fn); @@ -511,11 +511,11 @@ static void write_crash_readme(afl_state_t* afl) { save or queue the input test case for further analysis if so. Returns 1 if entry is saved, 0 otherwise. */ -u8 save_if_interesting(afl_state_t* afl, void* mem, u32 len, u8 fault) { +u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { if (len == 0) return 0; - u8* fn = ""; + u8 *fn = ""; u8 hnb; s32 fd; u8 keeping = 0, res; @@ -523,7 +523,7 @@ u8 save_if_interesting(afl_state_t* afl, void* mem, u32 len, u8 fault) { /* Update path frequency. */ u32 cksum = hash32(afl->fsrv.trace_bits, MAP_SIZE, HASH_CONST); - struct queue_entry* q = afl->queue; + struct queue_entry *q = afl->queue; while (q) { if (q->exec_cksum == cksum) { @@ -603,9 +603,9 @@ u8 save_if_interesting(afl_state_t* afl, void* mem, u32 len, u8 fault) { if (!afl->dumb_mode) { #ifdef WORD_SIZE_64 - simplify_trace((u64*)afl->fsrv.trace_bits); + simplify_trace((u64 *)afl->fsrv.trace_bits); #else - simplify_trace((u32*)afl->fsrv.trace_bits); + simplify_trace((u32 *)afl->fsrv.trace_bits); #endif /* ^WORD_SIZE_64 */ if (!has_new_bits(afl, afl->virgin_tmout)) return keeping; @@ -666,9 +666,9 @@ u8 save_if_interesting(afl_state_t* afl, void* mem, u32 len, u8 fault) { if (!afl->dumb_mode) { #ifdef WORD_SIZE_64 - simplify_trace((u64*)afl->fsrv.trace_bits); + simplify_trace((u64 *)afl->fsrv.trace_bits); #else - simplify_trace((u32*)afl->fsrv.trace_bits); + simplify_trace((u32 *)afl->fsrv.trace_bits); #endif /* ^WORD_SIZE_64 */ if (!has_new_bits(afl, afl->virgin_crash)) return keeping; diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c index 6e9f603b..d74f4536 100644 --- a/src/afl-fuzz-cmplog.c +++ b/src/afl-fuzz-cmplog.c @@ -190,7 +190,8 @@ void init_cmplog_forkserver(afl_state_t *afl) { timeout.tv_sec = ((afl->fsrv.exec_tmout * FORK_WAIT_MULT) / 1000); timeout.tv_usec = ((afl->fsrv.exec_tmout * FORK_WAIT_MULT) % 1000) * 1000; - int sret = select(afl->cmplog_fsrv_st_fd + 1, &readfds, NULL, NULL, &timeout); + int sret = + select(afl->cmplog_fsrv_st_fd + 1, &readfds, NULL, NULL, &timeout); if (sret == 0) { @@ -201,6 +202,7 @@ void init_cmplog_forkserver(afl_state_t *afl) { rlen = read(afl->cmplog_fsrv_st_fd, &status, 4); } + } else { rlen = read(afl->cmplog_fsrv_st_fd, &status, 4); diff --git a/src/afl-fuzz-extras.c b/src/afl-fuzz-extras.c index ce7e5780..5cad29ec 100644 --- a/src/afl-fuzz-extras.c +++ b/src/afl-fuzz-extras.c @@ -27,17 +27,19 @@ /* Helper function for load_extras. */ -static int compare_extras_len(const void* p1, const void* p2) { +static int compare_extras_len(const void *p1, const void *p2) { - struct extra_data *e1 = (struct extra_data*)p1, *e2 = (struct extra_data*)p2; + struct extra_data *e1 = (struct extra_data *)p1, + *e2 = (struct extra_data *)p2; return e1->len - e2->len; } -static int compare_extras_use_d(const void* p1, const void* p2) { +static int compare_extras_use_d(const void *p1, const void *p2) { - struct extra_data *e1 = (struct extra_data*)p1, *e2 = (struct extra_data*)p2; + struct extra_data *e1 = (struct extra_data *)p1, + *e2 = (struct extra_data *)p2; return e2->hit_cnt - e1->hit_cnt; @@ -45,13 +47,13 @@ static int compare_extras_use_d(const void* p1, const void* p2) { /* Read extras from a file, sort by size. */ -void load_extras_file(afl_state_t* afl, u8* fname, u32* min_len, u32* max_len, +void load_extras_file(afl_state_t *afl, u8 *fname, u32 *min_len, u32 *max_len, u32 dict_level) { - FILE* f; - u8 buf[MAX_LINE]; - u8* lptr; - u32 cur_line = 0; + FILE *f; + u8 buf[MAX_LINE]; + u8 *lptr; + u32 cur_line = 0; f = fopen(fname, "r"); @@ -128,7 +130,7 @@ void load_extras_file(afl_state_t* afl, u8* fname, u32* min_len, u32* max_len, while (*lptr) { - char* hexdigits = "0123456789abcdef"; + char *hexdigits = "0123456789abcdef"; switch (*lptr) { @@ -184,12 +186,12 @@ void load_extras_file(afl_state_t* afl, u8* fname, u32* min_len, u32* max_len, /* Read extras from the extras directory and sort them by size. */ -void load_extras(afl_state_t* afl, u8* dir) { +void load_extras(afl_state_t *afl, u8 *dir) { - DIR* d; - struct dirent* de; - u32 min_len = MAX_DICT_FILE, max_len = 0, dict_level = 0; - u8* x; + DIR *d; + struct dirent *de; + u32 min_len = MAX_DICT_FILE, max_len = 0, dict_level = 0; + u8 *x; /* If the name ends with @, extract level and continue. */ @@ -222,8 +224,8 @@ void load_extras(afl_state_t* afl, u8* dir) { while ((de = readdir(d))) { struct stat st; - u8* fn = alloc_printf("%s/%s", dir, de->d_name); - s32 fd; + u8 *fn = alloc_printf("%s/%s", dir, de->d_name); + s32 fd; if (lstat(fn, &st) || access(fn, R_OK)) PFATAL("Unable to access '%s'", fn); @@ -285,7 +287,7 @@ check_and_sort: /* Helper function for maybe_add_auto(afl, ) */ -static inline u8 memcmp_nocase(u8* m1, u8* m2, u32 len) { +static inline u8 memcmp_nocase(u8 *m1, u8 *m2, u32 len) { while (len--) if (tolower(*(m1++)) ^ tolower(*(m2++))) return 1; @@ -295,7 +297,7 @@ static inline u8 memcmp_nocase(u8* m1, u8* m2, u32 len) { /* Maybe add automatic extra. */ -void maybe_add_auto(afl_state_t* afl, u8* mem, u32 len) { +void maybe_add_auto(afl_state_t *afl, u8 *mem, u32 len) { u32 i; @@ -317,8 +319,8 @@ void maybe_add_auto(afl_state_t* afl, u8* mem, u32 len) { i = sizeof(interesting_16) >> 1; while (i--) - if (*((u16*)mem) == interesting_16[i] || - *((u16*)mem) == SWAP16(interesting_16[i])) + if (*((u16 *)mem) == interesting_16[i] || + *((u16 *)mem) == SWAP16(interesting_16[i])) return; } @@ -328,8 +330,8 @@ void maybe_add_auto(afl_state_t* afl, u8* mem, u32 len) { i = sizeof(interesting_32) >> 2; while (i--) - if (*((u32*)mem) == interesting_32[i] || - *((u32*)mem) == SWAP32(interesting_32[i])) + if (*((u32 *)mem) == interesting_32[i] || + *((u32 *)mem) == SWAP32(interesting_32[i])) return; } @@ -402,7 +404,7 @@ sort_a_extras: /* Save automatically generated extras. */ -void save_auto(afl_state_t* afl) { +void save_auto(afl_state_t *afl) { u32 i; @@ -411,7 +413,7 @@ void save_auto(afl_state_t* afl) { for (i = 0; i < MIN(USE_AUTO_EXTRAS, afl->a_extras_cnt); ++i) { - u8* fn = + u8 *fn = alloc_printf("%s/queue/.state/auto_extras/auto_%06u", afl->out_dir, i); s32 fd; @@ -430,14 +432,14 @@ void save_auto(afl_state_t* afl) { /* Load automatically generated extras. */ -void load_auto(afl_state_t* afl) { +void load_auto(afl_state_t *afl) { u32 i; for (i = 0; i < USE_AUTO_EXTRAS; ++i) { u8 tmp[MAX_AUTO_EXTRA + 1]; - u8* fn = alloc_printf("%s/.state/auto_extras/auto_%06u", afl->in_dir, i); + u8 *fn = alloc_printf("%s/.state/auto_extras/auto_%06u", afl->in_dir, i); s32 fd, len; fd = open(fn, O_RDONLY, 0600); @@ -474,7 +476,7 @@ void load_auto(afl_state_t* afl) { /* Destroy extras. */ -void destroy_extras(afl_state_t* afl) { +void destroy_extras(afl_state_t *afl) { u32 i; diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index e7652e87..16049bb5 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -30,12 +30,12 @@ /* Build a list of processes bound to specific cores. Returns -1 if nothing can be found. Assumes an upper bound of 4k CPUs. */ -void bind_to_free_cpu(afl_state_t* afl) { +void bind_to_free_cpu(afl_state_t *afl) { #if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) cpu_set_t c; #elif defined(__NetBSD__) - cpuset_t* c; + cpuset_t *c; #endif u8 cpu_used[4096] = {0}; @@ -51,8 +51,8 @@ void bind_to_free_cpu(afl_state_t* afl) { } #if defined(__linux__) - DIR* d; - struct dirent* de; + DIR *d; + struct dirent *de; d = opendir("/proc"); if (!d) { @@ -76,8 +76,8 @@ void bind_to_free_cpu(afl_state_t* afl) { while ((de = readdir(d))) { - u8* fn; - FILE* f; + u8 *fn; + FILE *f; u8 tmp[MAX_LINE]; u8 has_vmsize = 0; @@ -118,7 +118,7 @@ void bind_to_free_cpu(afl_state_t* afl) { closedir(d); #elif defined(__FreeBSD__) || defined(__DragonFly__) - struct kinfo_proc* procs; + struct kinfo_proc *procs; size_t nprocs; size_t proccount; int s_name[] = {CTL_KERN, KERN_PROC, KERN_PROC_ALL}; @@ -151,7 +151,7 @@ void bind_to_free_cpu(afl_state_t* afl) { ck_free(procs); #elif defined(__NetBSD__) - struct kinfo_proc2* procs; + struct kinfo_proc2 *procs; size_t nprocs; size_t proccount; int s_name[] = { @@ -272,11 +272,11 @@ cpuset_destroy(c); /* Load postprocessor, if available. */ -void setup_post(afl_state_t* afl) { +void setup_post(afl_state_t *afl) { - void* dh; - u8* fn = get_afl_env("AFL_POST_LIBRARY"); - u32 tlen = 6; + void *dh; + u8 *fn = get_afl_env("AFL_POST_LIBRARY"); + u32 tlen = 6; if (!fn) return; @@ -298,14 +298,14 @@ void setup_post(afl_state_t* afl) { /* Shuffle an array of pointers. Might be slightly biased. */ -static void shuffle_ptrs(afl_state_t* afl, void** ptrs, u32 cnt) { +static void shuffle_ptrs(afl_state_t *afl, void **ptrs, u32 cnt) { u32 i; for (i = 0; i < cnt - 2; ++i) { u32 j = i + UR(afl, cnt - i); - void* s = ptrs[i]; + void *s = ptrs[i]; ptrs[i] = ptrs[j]; ptrs[j] = s; @@ -316,12 +316,12 @@ static void shuffle_ptrs(afl_state_t* afl, void** ptrs, u32 cnt) { /* Read all testcases from the input directory, then queue them for testing. Called at startup. */ -void read_testcases(afl_state_t* afl) { +void read_testcases(afl_state_t *afl) { - struct dirent** nl; - s32 nl_cnt; - u32 i; - u8* fn1; + struct dirent **nl; + s32 nl_cnt; + u32 i; + u8 *fn1; /* Auto-detect non-in-place resumption attempts. */ @@ -359,7 +359,7 @@ void read_testcases(afl_state_t* afl) { if (afl->shuffle_queue && nl_cnt > 1) { ACTF("Shuffling queue..."); - shuffle_ptrs(afl, (void**)nl, nl_cnt); + shuffle_ptrs(afl, (void **)nl, nl_cnt); } @@ -367,8 +367,8 @@ void read_testcases(afl_state_t* afl) { struct stat st; - u8* fn2 = alloc_printf("%s/%s", afl->in_dir, nl[i]->d_name); - u8* dfn = alloc_printf("%s/.state/deterministic_done/%s", afl->in_dir, + u8 *fn2 = alloc_printf("%s/%s", afl->in_dir, nl[i]->d_name); + u8 *dfn = alloc_printf("%s/.state/deterministic_done/%s", afl->in_dir, nl[i]->d_name); u8 passed_det = 0; @@ -428,7 +428,7 @@ void read_testcases(afl_state_t* afl) { /* Examine map coverage. Called once, for first test case. */ -static void check_map_coverage(afl_state_t* afl) { +static void check_map_coverage(afl_state_t *afl) { u32 i; @@ -444,19 +444,19 @@ static void check_map_coverage(afl_state_t* afl) { /* Perform dry run of all test cases to confirm that the app is working as expected. This is done only for the initial inputs, and only once. */ -void perform_dry_run(afl_state_t* afl) { +void perform_dry_run(afl_state_t *afl) { - struct queue_entry* q = afl->queue; - u32 cal_failures = 0; - u8* skip_crashes = get_afl_env("AFL_SKIP_CRASHES"); + struct queue_entry *q = afl->queue; + u32 cal_failures = 0; + u8 *skip_crashes = get_afl_env("AFL_SKIP_CRASHES"); while (q) { - u8* use_mem; + u8 *use_mem; u8 res; s32 fd; - u8* fn = strrchr(q->fname, '/') + 1; + u8 *fn = strrchr(q->fname, '/') + 1; ACTF("Attempting dry run with '%s'...", fn); @@ -673,11 +673,11 @@ void perform_dry_run(afl_state_t* afl) { /* Helper function: link() if possible, copy otherwise. */ -static void link_or_copy(u8* old_path, u8* new_path) { +static void link_or_copy(u8 *old_path, u8 *new_path) { s32 i = link(old_path, new_path); s32 sfd, dfd; - u8* tmp; + u8 *tmp; if (!i) return; @@ -703,9 +703,9 @@ static void link_or_copy(u8* old_path, u8* new_path) { /* Create hard links for input test cases in the output directory, choosing good names and pivoting accordingly. */ -void pivot_inputs(afl_state_t* afl) { +void pivot_inputs(afl_state_t *afl) { - struct queue_entry* q = afl->queue; + struct queue_entry *q = afl->queue; u32 id = 0; ACTF("Creating hard links for all input files..."); @@ -727,7 +727,7 @@ void pivot_inputs(afl_state_t* afl) { if (!strncmp(rsl, CASE_PREFIX, 3) && sscanf(rsl + 3, "%06u", &orig_id) == 1 && orig_id == id) { - u8* src_str; + u8 *src_str; u32 src_id; afl->resuming_fuzz = 1; @@ -740,7 +740,7 @@ void pivot_inputs(afl_state_t* afl) { if (src_str && sscanf(src_str + 1, "%06u", &src_id) == 1) { - struct queue_entry* s = afl->queue; + struct queue_entry *s = afl->queue; while (src_id-- && s) s = s->next; if (s) q->depth = s->depth + 1; @@ -756,7 +756,7 @@ void pivot_inputs(afl_state_t* afl) { #ifndef SIMPLE_FILES - u8* use_name = strstr(rsl, ",orig:"); + u8 *use_name = strstr(rsl, ",orig:"); if (use_name) use_name += 6; @@ -795,7 +795,7 @@ void pivot_inputs(afl_state_t* afl) { /* When resuming, try to find the queue position to start from. This makes sense only when resuming, and when we can find the original fuzzer_stats. */ -u32 find_start_position(afl_state_t* afl) { +u32 find_start_position(afl_state_t *afl) { static u8 tmp[4096]; /* Ought to be enough for anybody. */ @@ -832,7 +832,7 @@ u32 find_start_position(afl_state_t* afl) { -t given, we don't want to keep auto-scaling the timeout over and over again to prevent it from growing due to random flukes. */ -void find_timeout(afl_state_t* afl) { +void find_timeout(afl_state_t *afl) { static u8 tmp[4096]; /* Ought to be enough for anybody. */ @@ -870,10 +870,10 @@ void find_timeout(afl_state_t* afl) { /* A helper function for handle_existing_out_dir(), deleting all prefixed files in a directory. */ -static u8 delete_files(u8* path, u8* prefix) { +static u8 delete_files(u8 *path, u8 *prefix) { - DIR* d; - struct dirent* d_ent; + DIR *d; + struct dirent *d_ent; d = opendir(path); @@ -884,7 +884,7 @@ static u8 delete_files(u8* path, u8* prefix) { if (d_ent->d_name[0] != '.' && (!prefix || !strncmp(d_ent->d_name, prefix, strlen(prefix)))) { - u8* fname = alloc_printf("%s/%s", path, d_ent->d_name); + u8 *fname = alloc_printf("%s/%s", path, d_ent->d_name); if (unlink(fname)) PFATAL("Unable to delete '%s'", fname); ck_free(fname); @@ -919,7 +919,7 @@ double get_runnable_processes(void) { computed in funny ways and sometimes don't reflect extremely short-lived processes well. */ - FILE* f = fopen("/proc/stat", "r"); + FILE *f = fopen("/proc/stat", "r"); u8 tmp[1024]; u32 val = 0; @@ -954,9 +954,9 @@ double get_runnable_processes(void) { /* Delete the temporary directory used for in-place session resume. */ -void nuke_resume_dir(afl_state_t* afl) { +void nuke_resume_dir(afl_state_t *afl) { - u8* fn; + u8 *fn; fn = alloc_printf("%s/_resume/.state/deterministic_done", afl->out_dir); if (delete_files(fn, CASE_PREFIX)) goto dir_cleanup_failed; @@ -994,10 +994,10 @@ dir_cleanup_failed: is not currently running, and if the last run time isn't too great. Resume fuzzing if `-` is set as in_dir or if AFL_AUTORESUME is set */ -static void handle_existing_out_dir(afl_state_t* afl) { +static void handle_existing_out_dir(afl_state_t *afl) { - FILE* f; - u8* fn = alloc_printf("%s/fuzzer_stats", afl->out_dir); + FILE *f; + u8 *fn = alloc_printf("%s/fuzzer_stats", afl->out_dir); /* See if the output directory is locked. If yes, bail out. If not, create a lock that will persist for the lifetime of the process @@ -1084,7 +1084,7 @@ static void handle_existing_out_dir(afl_state_t* afl) { if (afl->in_place_resume) { - u8* orig_q = alloc_printf("%s/queue", afl->out_dir); + u8 *orig_q = alloc_printf("%s/queue", afl->out_dir); afl->in_dir = alloc_printf("%s/_resume", afl->out_dir); @@ -1161,17 +1161,17 @@ static void handle_existing_out_dir(afl_state_t* afl) { if (afl->in_place_resume && rmdir(fn)) { time_t cur_t = time(0); - struct tm* t = localtime(&cur_t); + struct tm *t = localtime(&cur_t); #ifndef SIMPLE_FILES - u8* nfn = alloc_printf("%s.%04d-%02d-%02d-%02d:%02d:%02d", fn, + u8 *nfn = alloc_printf("%s.%04d-%02d-%02d-%02d:%02d:%02d", fn, t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec); #else - u8* nfn = alloc_printf("%s_%04d%02d%02d%02d%02d%02d", fn, t->tm_year + 1900, + u8 *nfn = alloc_printf("%s_%04d%02d%02d%02d%02d%02d", fn, t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec); @@ -1192,17 +1192,17 @@ static void handle_existing_out_dir(afl_state_t* afl) { if (afl->in_place_resume && rmdir(fn)) { time_t cur_t = time(0); - struct tm* t = localtime(&cur_t); + struct tm *t = localtime(&cur_t); #ifndef SIMPLE_FILES - u8* nfn = alloc_printf("%s.%04d-%02d-%02d-%02d:%02d:%02d", fn, + u8 *nfn = alloc_printf("%s.%04d-%02d-%02d-%02d:%02d:%02d", fn, t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec); #else - u8* nfn = alloc_printf("%s_%04d%02d%02d%02d%02d%02d", fn, t->tm_year + 1900, + u8 *nfn = alloc_printf("%s_%04d%02d%02d%02d%02d%02d", fn, t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec); @@ -1278,9 +1278,9 @@ dir_cleanup_failed: /* Prepare output directories and fds. */ -void setup_dirs_fds(afl_state_t* afl) { +void setup_dirs_fds(afl_state_t *afl) { - u8* tmp; + u8 *tmp; s32 fd; ACTF("Setting up output directories..."); @@ -1402,13 +1402,13 @@ void setup_dirs_fds(afl_state_t* afl) { } -void setup_cmdline_file(afl_state_t* afl, char** argv) { +void setup_cmdline_file(afl_state_t *afl, char **argv) { - u8* tmp; + u8 *tmp; s32 fd; u32 i = 0; - FILE* cmdline_file = NULL; + FILE *cmdline_file = NULL; /* Store the command line to reproduce our findings */ tmp = alloc_printf("%s/cmdline", afl->out_dir); @@ -1432,9 +1432,9 @@ void setup_cmdline_file(afl_state_t* afl, char** argv) { /* Setup the output file for fuzzed data, if not using -f. */ -void setup_stdio_file(afl_state_t* afl) { +void setup_stdio_file(afl_state_t *afl) { - u8* fn; + u8 *fn; if (afl->file_extension) { fn = alloc_printf("%s/.cur_input.%s", afl->tmp_dir, afl->file_extension); @@ -1531,10 +1531,10 @@ void check_crash_handling(void) { /* Check CPU governor. */ -void check_cpu_governor(afl_state_t* afl) { +void check_cpu_governor(afl_state_t *afl) { #ifdef __linux__ - FILE* f; + FILE *f; u8 tmp[128]; u64 min = 0, max = 0; @@ -1654,7 +1654,7 @@ void check_cpu_governor(afl_state_t* afl) { /* Count the number of logical CPU cores. */ -void get_core_count(afl_state_t* afl) { +void get_core_count(afl_state_t *afl) { #if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || \ defined(__DragonFly__) @@ -1684,7 +1684,7 @@ void get_core_count(afl_state_t* afl) { #else - FILE* f = fopen("/proc/stat", "r"); + FILE *f = fopen("/proc/stat", "r"); u8 tmp[1024]; if (!f) return; @@ -1742,9 +1742,9 @@ void get_core_count(afl_state_t* afl) { /* Validate and fix up afl->out_dir and sync_dir when using -S. */ -void fix_up_sync(afl_state_t* afl) { +void fix_up_sync(afl_state_t *afl) { - u8* x = afl->sync_id; + u8 *x = afl->sync_id; if (afl->dumb_mode) FATAL("-S / -M and -n are mutually exclusive"); @@ -1793,7 +1793,7 @@ static void handle_resize(int sig) { void check_asan_opts(void) { - u8* x = get_afl_env("ASAN_OPTIONS"); + u8 *x = get_afl_env("ASAN_OPTIONS"); if (x) { @@ -1849,13 +1849,13 @@ static void handle_skipreq(int sig) { isn't a shell script - a common and painful mistake. We also check for a valid ELF header and for evidence of AFL instrumentation. */ -void check_binary(afl_state_t* afl, u8* fname) { +void check_binary(afl_state_t *afl, u8 *fname) { - u8* env_path = 0; + u8 *env_path = 0; struct stat st; s32 fd; - u8* f_data; + u8 *f_data; u32 f_len = 0; ACTF("Validating target binary..."); @@ -2042,7 +2042,7 @@ void check_binary(afl_state_t* afl, u8* fname) { /* Trim and possibly create a banner for the run. */ -void fix_up_banner(afl_state_t* afl, u8* name) { +void fix_up_banner(afl_state_t *afl, u8 *name) { if (!afl->use_banner) { @@ -2052,7 +2052,7 @@ void fix_up_banner(afl_state_t* afl, u8* name) { } else { - u8* trim = strrchr(name, '/'); + u8 *trim = strrchr(name, '/'); if (!trim) afl->use_banner = name; else @@ -2064,7 +2064,7 @@ void fix_up_banner(afl_state_t* afl, u8* name) { if (strlen(afl->use_banner) > 32) { - u8* tmp = ck_alloc(36); + u8 *tmp = ck_alloc(36); sprintf(tmp, "%.32s...", afl->use_banner); afl->use_banner = tmp; @@ -2074,7 +2074,7 @@ void fix_up_banner(afl_state_t* afl, u8* name) { /* Check if we're on TTY. */ -void check_if_tty(afl_state_t* afl) { +void check_if_tty(afl_state_t *afl) { struct winsize ws; @@ -2148,10 +2148,10 @@ void setup_signal_handlers(void) { /* Make a copy of the current command line. */ -void save_cmdline(afl_state_t* afl, u32 argc, char** argv) { +void save_cmdline(afl_state_t *afl, u32 argc, char **argv) { u32 len = 1, i; - u8* buf; + u8 *buf; for (i = 0; i < argc; ++i) len += strlen(argv[i]) + 1; diff --git a/src/afl-fuzz-misc.c b/src/afl-fuzz-misc.c index 0da0cb0a..29e8bd82 100644 --- a/src/afl-fuzz-misc.c +++ b/src/afl-fuzz-misc.c @@ -29,7 +29,7 @@ returned should be five characters or less for all the integers we reasonably expect to see. */ -u8* DI(u64 val) { +u8 *DI(u64 val) { static u8 tmp[12][16]; static u8 cur; @@ -90,7 +90,7 @@ u8* DI(u64 val) { /* Describe float. Similar to the above, except with a single static buffer. */ -u8* DF(double val) { +u8 *DF(double val) { static u8 tmp[16]; @@ -114,7 +114,7 @@ u8* DF(double val) { /* Describe integer as memory size. */ -u8* DMS(u64 val) { +u8 *DMS(u64 val) { static u8 tmp[12][16]; static u8 cur; @@ -164,7 +164,7 @@ u8* DMS(u64 val) { /* Describe time delta. Returns one static buffer, 34 chars of less. */ -u8* DTD(u64 cur_ms, u64 event_ms) { +u8 *DTD(u64 cur_ms, u64 event_ms) { static u8 tmp[64]; u64 delta; diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index 02d7661e..159b40c3 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -25,15 +25,15 @@ #include "afl-fuzz.h" -void load_custom_mutator(afl_state_t*, const char*); +void load_custom_mutator(afl_state_t *, const char *); #ifdef USE_PYTHON -void load_custom_mutator_py(afl_state_t*, const char*); +void load_custom_mutator_py(afl_state_t *, const char *); #endif -void setup_custom_mutator(afl_state_t* afl) { +void setup_custom_mutator(afl_state_t *afl) { /* Try mutator library first */ - u8* fn = getenv("AFL_CUSTOM_MUTATOR_LIBRARY"); + u8 *fn = getenv("AFL_CUSTOM_MUTATOR_LIBRARY"); if (fn) { @@ -51,7 +51,7 @@ void setup_custom_mutator(afl_state_t* afl) { /* Try Python module */ #ifdef USE_PYTHON - u8* module_name = getenv("AFL_PYTHON_MODULE"); + u8 *module_name = getenv("AFL_PYTHON_MODULE"); if (module_name) { @@ -75,7 +75,7 @@ void setup_custom_mutator(afl_state_t* afl) { } -void destroy_custom_mutator(afl_state_t* afl) { +void destroy_custom_mutator(afl_state_t *afl) { if (afl->mutator) { @@ -96,9 +96,9 @@ void destroy_custom_mutator(afl_state_t* afl) { } -void load_custom_mutator(afl_state_t* afl, const char* fn) { +void load_custom_mutator(afl_state_t *afl, const char *fn) { - void* dh; + void *dh; afl->mutator = ck_alloc(sizeof(struct custom_mutator)); afl->mutator->name = fn; @@ -190,7 +190,7 @@ void load_custom_mutator(afl_state_t* afl, const char* fn) { } -u8 trim_case_custom(afl_state_t* afl, struct queue_entry* q, u8* in_buf) { +u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { static u8 tmp[64]; static u8 clean_trace[MAP_SIZE]; @@ -216,7 +216,7 @@ u8 trim_case_custom(afl_state_t* afl, struct queue_entry* q, u8* in_buf) { u32 cksum; - u8* retbuf = NULL; + u8 *retbuf = NULL; size_t retlen = 0; afl->mutator->afl_custom_trim(afl, &retbuf, &retlen); @@ -312,9 +312,9 @@ abort_trimming: } #ifdef USE_PYTHON -void load_custom_mutator_py(afl_state_t* afl, const char* module_name) { +void load_custom_mutator_py(afl_state_t *afl, const char *module_name) { - PyObject** py_functions = afl->py_functions; + PyObject **py_functions = afl->py_functions; afl->mutator = ck_alloc(sizeof(struct custom_mutator)); diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index aefcb231..8e88693c 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -27,7 +27,7 @@ /* MOpt */ -int select_algorithm(afl_state_t* afl) { +int select_algorithm(afl_state_t *afl) { int i_puppet, j_puppet; @@ -62,7 +62,7 @@ int select_algorithm(afl_state_t* afl) { /* Helper to choose random block len for block operations in fuzz_one(). Doesn't return zero, provided that max_len is > 0. */ -static u32 choose_block_len(afl_state_t* afl, u32 limit) { +static u32 choose_block_len(afl_state_t *afl, u32 limit) { u32 min_value, max_value; u32 rlim = MIN(afl->queue_cycle, 3); @@ -305,7 +305,7 @@ static u8 could_be_interest(u32 old_val, u32 new_val, u8 blen, u8 check_le) { /* Helper function to compare buffers; returns first and last differing offset. We use this to find reasonable locations for splicing two files. */ -static void locate_diffs(u8* ptr1, u8* ptr2, u32 len, s32* first, s32* last) { +static void locate_diffs(u8 *ptr1, u8 *ptr2, u32 len, s32 *first, s32 *last) { s32 f_loc = -1; s32 l_loc = -1; @@ -335,7 +335,7 @@ static void locate_diffs(u8* ptr1, u8* ptr2, u32 len, s32* first, s32* last) { function is a tad too long... returns 0 if fuzzed successfully, 1 if skipped or bailed out. */ -u8 fuzz_one_original(afl_state_t* afl) { +u8 fuzz_one_original(afl_state_t *afl) { s32 len, fd, temp_len, i, j; u8 *in_buf, *out_buf, *orig_in, *ex_tmp, *eff_map = 0; @@ -538,7 +538,7 @@ u8 fuzz_one_original(afl_state_t* afl) { #define FLIP_BIT(_ar, _b) \ do { \ \ - u8* _arf = (u8*)(_ar); \ + u8 *_arf = (u8 *)(_ar); \ u32 _bf = (_b); \ _arf[(_bf) >> 3] ^= (128 >> ((_bf)&7)); \ \ @@ -820,12 +820,12 @@ u8 fuzz_one_original(afl_state_t* afl) { afl->stage_cur_byte = i; - *(u16*)(out_buf + i) ^= 0xFFFF; + *(u16 *)(out_buf + i) ^= 0xFFFF; if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; - *(u16*)(out_buf + i) ^= 0xFFFF; + *(u16 *)(out_buf + i) ^= 0xFFFF; } @@ -858,12 +858,12 @@ u8 fuzz_one_original(afl_state_t* afl) { afl->stage_cur_byte = i; - *(u32*)(out_buf + i) ^= 0xFFFFFFFF; + *(u32 *)(out_buf + i) ^= 0xFFFFFFFF; if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; - *(u32*)(out_buf + i) ^= 0xFFFFFFFF; + *(u32 *)(out_buf + i) ^= 0xFFFFFFFF; } @@ -963,7 +963,7 @@ skip_bitflip: for (i = 0; i < len - 1; ++i) { - u16 orig = *(u16*)(out_buf + i); + u16 orig = *(u16 *)(out_buf + i); /* Let's consult the effector map... */ @@ -992,7 +992,7 @@ skip_bitflip: if ((orig & 0xff) + j > 0xff && !could_be_bitflip(r1)) { afl->stage_cur_val = j; - *(u16*)(out_buf + i) = orig + j; + *(u16 *)(out_buf + i) = orig + j; if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -1004,7 +1004,7 @@ skip_bitflip: if ((orig & 0xff) < j && !could_be_bitflip(r2)) { afl->stage_cur_val = -j; - *(u16*)(out_buf + i) = orig - j; + *(u16 *)(out_buf + i) = orig - j; if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -1020,7 +1020,7 @@ skip_bitflip: if ((orig >> 8) + j > 0xff && !could_be_bitflip(r3)) { afl->stage_cur_val = j; - *(u16*)(out_buf + i) = SWAP16(SWAP16(orig) + j); + *(u16 *)(out_buf + i) = SWAP16(SWAP16(orig) + j); if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -1032,7 +1032,7 @@ skip_bitflip: if ((orig >> 8) < j && !could_be_bitflip(r4)) { afl->stage_cur_val = -j; - *(u16*)(out_buf + i) = SWAP16(SWAP16(orig) - j); + *(u16 *)(out_buf + i) = SWAP16(SWAP16(orig) - j); if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -1041,7 +1041,7 @@ skip_bitflip: --afl->stage_max; - *(u16*)(out_buf + i) = orig; + *(u16 *)(out_buf + i) = orig; } @@ -1065,7 +1065,7 @@ skip_bitflip: for (i = 0; i < len - 3; ++i) { - u32 orig = *(u32*)(out_buf + i); + u32 orig = *(u32 *)(out_buf + i); /* Let's consult the effector map... */ @@ -1093,7 +1093,7 @@ skip_bitflip: if ((orig & 0xffff) + j > 0xffff && !could_be_bitflip(r1)) { afl->stage_cur_val = j; - *(u32*)(out_buf + i) = orig + j; + *(u32 *)(out_buf + i) = orig + j; if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -1105,7 +1105,7 @@ skip_bitflip: if ((orig & 0xffff) < j && !could_be_bitflip(r2)) { afl->stage_cur_val = -j; - *(u32*)(out_buf + i) = orig - j; + *(u32 *)(out_buf + i) = orig - j; if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -1121,7 +1121,7 @@ skip_bitflip: if ((SWAP32(orig) & 0xffff) + j > 0xffff && !could_be_bitflip(r3)) { afl->stage_cur_val = j; - *(u32*)(out_buf + i) = SWAP32(SWAP32(orig) + j); + *(u32 *)(out_buf + i) = SWAP32(SWAP32(orig) + j); if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -1133,7 +1133,7 @@ skip_bitflip: if ((SWAP32(orig) & 0xffff) < j && !could_be_bitflip(r4)) { afl->stage_cur_val = -j; - *(u32*)(out_buf + i) = SWAP32(SWAP32(orig) - j); + *(u32 *)(out_buf + i) = SWAP32(SWAP32(orig) - j); if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -1142,7 +1142,7 @@ skip_bitflip: --afl->stage_max; - *(u32*)(out_buf + i) = orig; + *(u32 *)(out_buf + i) = orig; } @@ -1227,7 +1227,7 @@ skip_arith: for (i = 0; i < len - 1; ++i) { - u16 orig = *(u16*)(out_buf + i); + u16 orig = *(u16 *)(out_buf + i); /* Let's consult the effector map... */ @@ -1253,7 +1253,7 @@ skip_arith: afl->stage_val_type = STAGE_VAL_LE; - *(u16*)(out_buf + i) = interesting_16[j]; + *(u16 *)(out_buf + i) = interesting_16[j]; if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -1269,7 +1269,7 @@ skip_arith: afl->stage_val_type = STAGE_VAL_BE; - *(u16*)(out_buf + i) = SWAP16(interesting_16[j]); + *(u16 *)(out_buf + i) = SWAP16(interesting_16[j]); if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -1279,7 +1279,7 @@ skip_arith: } - *(u16*)(out_buf + i) = orig; + *(u16 *)(out_buf + i) = orig; } @@ -1301,7 +1301,7 @@ skip_arith: for (i = 0; i < len - 3; i++) { - u32 orig = *(u32*)(out_buf + i); + u32 orig = *(u32 *)(out_buf + i); /* Let's consult the effector map... */ @@ -1328,7 +1328,7 @@ skip_arith: afl->stage_val_type = STAGE_VAL_LE; - *(u32*)(out_buf + i) = interesting_32[j]; + *(u32 *)(out_buf + i) = interesting_32[j]; if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -1344,7 +1344,7 @@ skip_arith: afl->stage_val_type = STAGE_VAL_BE; - *(u32*)(out_buf + i) = SWAP32(interesting_32[j]); + *(u32 *)(out_buf + i) = SWAP32(interesting_32[j]); if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -1354,7 +1354,7 @@ skip_arith: } - *(u32*)(out_buf + i) = orig; + *(u32 *)(out_buf + i) = orig; } @@ -1565,9 +1565,9 @@ custom_mutator_stage: for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) { - struct queue_entry* target; - u32 tid; - u8* new_buf; + struct queue_entry *target; + u32 tid; + u8 *new_buf; retry_external_pick: /* Pick a random other queue entry for passing to external API */ @@ -1751,12 +1751,12 @@ havoc_stage: if (UR(afl, 2)) { - *(u16*)(out_buf + UR(afl, temp_len - 1)) = + *(u16 *)(out_buf + UR(afl, temp_len - 1)) = interesting_16[UR(afl, sizeof(interesting_16) >> 1)]; } else { - *(u16*)(out_buf + UR(afl, temp_len - 1)) = + *(u16 *)(out_buf + UR(afl, temp_len - 1)) = SWAP16(interesting_16[UR(afl, sizeof(interesting_16) >> 1)]); } @@ -1771,12 +1771,12 @@ havoc_stage: if (UR(afl, 2)) { - *(u32*)(out_buf + UR(afl, temp_len - 3)) = + *(u32 *)(out_buf + UR(afl, temp_len - 3)) = interesting_32[UR(afl, sizeof(interesting_32) >> 2)]; } else { - *(u32*)(out_buf + UR(afl, temp_len - 3)) = + *(u32 *)(out_buf + UR(afl, temp_len - 3)) = SWAP32(interesting_32[UR(afl, sizeof(interesting_32) >> 2)]); } @@ -1807,15 +1807,15 @@ havoc_stage: u32 pos = UR(afl, temp_len - 1); - *(u16*)(out_buf + pos) -= 1 + UR(afl, ARITH_MAX); + *(u16 *)(out_buf + pos) -= 1 + UR(afl, ARITH_MAX); } else { u32 pos = UR(afl, temp_len - 1); u16 num = 1 + UR(afl, ARITH_MAX); - *(u16*)(out_buf + pos) = - SWAP16(SWAP16(*(u16*)(out_buf + pos)) - num); + *(u16 *)(out_buf + pos) = + SWAP16(SWAP16(*(u16 *)(out_buf + pos)) - num); } @@ -1831,15 +1831,15 @@ havoc_stage: u32 pos = UR(afl, temp_len - 1); - *(u16*)(out_buf + pos) += 1 + UR(afl, ARITH_MAX); + *(u16 *)(out_buf + pos) += 1 + UR(afl, ARITH_MAX); } else { u32 pos = UR(afl, temp_len - 1); u16 num = 1 + UR(afl, ARITH_MAX); - *(u16*)(out_buf + pos) = - SWAP16(SWAP16(*(u16*)(out_buf + pos)) + num); + *(u16 *)(out_buf + pos) = + SWAP16(SWAP16(*(u16 *)(out_buf + pos)) + num); } @@ -1855,15 +1855,15 @@ havoc_stage: u32 pos = UR(afl, temp_len - 3); - *(u32*)(out_buf + pos) -= 1 + UR(afl, ARITH_MAX); + *(u32 *)(out_buf + pos) -= 1 + UR(afl, ARITH_MAX); } else { u32 pos = UR(afl, temp_len - 3); u32 num = 1 + UR(afl, ARITH_MAX); - *(u32*)(out_buf + pos) = - SWAP32(SWAP32(*(u32*)(out_buf + pos)) - num); + *(u32 *)(out_buf + pos) = + SWAP32(SWAP32(*(u32 *)(out_buf + pos)) - num); } @@ -1879,15 +1879,15 @@ havoc_stage: u32 pos = UR(afl, temp_len - 3); - *(u32*)(out_buf + pos) += 1 + UR(afl, ARITH_MAX); + *(u32 *)(out_buf + pos) += 1 + UR(afl, ARITH_MAX); } else { u32 pos = UR(afl, temp_len - 3); u32 num = 1 + UR(afl, ARITH_MAX); - *(u32*)(out_buf + pos) = - SWAP32(SWAP32(*(u32*)(out_buf + pos)) + num); + *(u32 *)(out_buf + pos) = + SWAP32(SWAP32(*(u32 *)(out_buf + pos)) + num); } @@ -1935,7 +1935,7 @@ havoc_stage: u8 actually_clone = UR(afl, 4); u32 clone_from, clone_to, clone_len; - u8* new_buf; + u8 *new_buf; if (actually_clone) { @@ -2051,7 +2051,7 @@ havoc_stage: case 16: { u32 use_extra, extra_len, insert_at = UR(afl, temp_len + 1); - u8* new_buf; + u8 *new_buf; /* Insert an extra. Do the same dice-rolling stuff as for the previous case. */ @@ -2162,10 +2162,10 @@ retry_splicing: if (afl->use_splicing && splice_cycle++ < SPLICE_CYCLES && afl->queued_paths > 1 && afl->queue_cur->len > 1) { - struct queue_entry* target; - u32 tid, split_at; - u8* new_buf; - s32 f_diff, l_diff; + struct queue_entry *target; + u32 tid, split_at; + u8 *new_buf; + s32 f_diff, l_diff; /* First of all, if we've modified in_buf for havoc, let's clean that up... */ @@ -2275,12 +2275,12 @@ radamsa_stage: orig_hit_cnt = afl->queued_paths + afl->unique_crashes; /* Read the additional testcase into a new buffer. */ - u8* save_buf = ck_alloc_nozero(len); + u8 *save_buf = ck_alloc_nozero(len); memcpy(save_buf, out_buf, len); u32 max_len = len + choose_block_len(afl, HAVOC_BLK_XL); - u8* new_buf = ck_alloc_nozero(max_len); - u8* tmp_buf; + u8 *new_buf = ck_alloc_nozero(max_len); + u8 *tmp_buf; for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) { @@ -2352,7 +2352,7 @@ abandon_entry: } /* MOpt mode */ -u8 mopt_common_fuzzing(afl_state_t* afl, MOpt_globals_t MOpt_globals) { +u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { if (!MOpt_globals.is_pilot_mode) { @@ -2544,7 +2544,7 @@ u8 mopt_common_fuzzing(afl_state_t* afl, MOpt_globals_t MOpt_globals) { #define FLIP_BIT(_ar, _b) \ do { \ \ - u8* _arf = (u8*)(_ar); \ + u8 *_arf = (u8 *)(_ar); \ u32 _bf = (_b); \ _arf[(_bf) >> 3] ^= (128 >> ((_bf)&7)); \ \ @@ -2826,12 +2826,12 @@ u8 mopt_common_fuzzing(afl_state_t* afl, MOpt_globals_t MOpt_globals) { afl->stage_cur_byte = i; - *(u16*)(out_buf + i) ^= 0xFFFF; + *(u16 *)(out_buf + i) ^= 0xFFFF; if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; - *(u16*)(out_buf + i) ^= 0xFFFF; + *(u16 *)(out_buf + i) ^= 0xFFFF; } /* for i = 0; i < len */ @@ -2864,12 +2864,12 @@ u8 mopt_common_fuzzing(afl_state_t* afl, MOpt_globals_t MOpt_globals) { afl->stage_cur_byte = i; - *(u32*)(out_buf + i) ^= 0xFFFFFFFF; + *(u32 *)(out_buf + i) ^= 0xFFFFFFFF; if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; - *(u32*)(out_buf + i) ^= 0xFFFFFFFF; + *(u32 *)(out_buf + i) ^= 0xFFFFFFFF; } /* for i = 0; i < len - 3 */ @@ -2969,7 +2969,7 @@ skip_bitflip: for (i = 0; i < len - 1; ++i) { - u16 orig = *(u16*)(out_buf + i); + u16 orig = *(u16 *)(out_buf + i); /* Let's consult the effector map... */ @@ -2998,7 +2998,7 @@ skip_bitflip: if ((orig & 0xff) + j > 0xff && !could_be_bitflip(r1)) { afl->stage_cur_val = j; - *(u16*)(out_buf + i) = orig + j; + *(u16 *)(out_buf + i) = orig + j; if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -3010,7 +3010,7 @@ skip_bitflip: if ((orig & 0xff) < j && !could_be_bitflip(r2)) { afl->stage_cur_val = -j; - *(u16*)(out_buf + i) = orig - j; + *(u16 *)(out_buf + i) = orig - j; if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -3026,7 +3026,7 @@ skip_bitflip: if ((orig >> 8) + j > 0xff && !could_be_bitflip(r3)) { afl->stage_cur_val = j; - *(u16*)(out_buf + i) = SWAP16(SWAP16(orig) + j); + *(u16 *)(out_buf + i) = SWAP16(SWAP16(orig) + j); if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -3038,7 +3038,7 @@ skip_bitflip: if ((orig >> 8) < j && !could_be_bitflip(r4)) { afl->stage_cur_val = -j; - *(u16*)(out_buf + i) = SWAP16(SWAP16(orig) - j); + *(u16 *)(out_buf + i) = SWAP16(SWAP16(orig) - j); if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -3047,7 +3047,7 @@ skip_bitflip: --afl->stage_max; - *(u16*)(out_buf + i) = orig; + *(u16 *)(out_buf + i) = orig; } @@ -3071,7 +3071,7 @@ skip_bitflip: for (i = 0; i < len - 3; ++i) { - u32 orig = *(u32*)(out_buf + i); + u32 orig = *(u32 *)(out_buf + i); /* Let's consult the effector map... */ @@ -3099,7 +3099,7 @@ skip_bitflip: if ((orig & 0xffff) + j > 0xffff && !could_be_bitflip(r1)) { afl->stage_cur_val = j; - *(u32*)(out_buf + i) = orig + j; + *(u32 *)(out_buf + i) = orig + j; if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -3111,7 +3111,7 @@ skip_bitflip: if ((orig & 0xffff) < j && !could_be_bitflip(r2)) { afl->stage_cur_val = -j; - *(u32*)(out_buf + i) = orig - j; + *(u32 *)(out_buf + i) = orig - j; if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -3127,7 +3127,7 @@ skip_bitflip: if ((SWAP32(orig) & 0xffff) + j > 0xffff && !could_be_bitflip(r3)) { afl->stage_cur_val = j; - *(u32*)(out_buf + i) = SWAP32(SWAP32(orig) + j); + *(u32 *)(out_buf + i) = SWAP32(SWAP32(orig) + j); if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -3139,7 +3139,7 @@ skip_bitflip: if ((SWAP32(orig) & 0xffff) < j && !could_be_bitflip(r4)) { afl->stage_cur_val = -j; - *(u32*)(out_buf + i) = SWAP32(SWAP32(orig) - j); + *(u32 *)(out_buf + i) = SWAP32(SWAP32(orig) - j); if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -3148,7 +3148,7 @@ skip_bitflip: --afl->stage_max; - *(u32*)(out_buf + i) = orig; + *(u32 *)(out_buf + i) = orig; } @@ -3233,7 +3233,7 @@ skip_arith: for (i = 0; i < len - 1; ++i) { - u16 orig = *(u16*)(out_buf + i); + u16 orig = *(u16 *)(out_buf + i); /* Let's consult the effector map... */ @@ -3259,7 +3259,7 @@ skip_arith: afl->stage_val_type = STAGE_VAL_LE; - *(u16*)(out_buf + i) = interesting_16[j]; + *(u16 *)(out_buf + i) = interesting_16[j]; if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -3275,7 +3275,7 @@ skip_arith: afl->stage_val_type = STAGE_VAL_BE; - *(u16*)(out_buf + i) = SWAP16(interesting_16[j]); + *(u16 *)(out_buf + i) = SWAP16(interesting_16[j]); if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -3285,7 +3285,7 @@ skip_arith: } - *(u16*)(out_buf + i) = orig; + *(u16 *)(out_buf + i) = orig; } /* for i = 0; i < len - 1 */ @@ -3307,7 +3307,7 @@ skip_arith: for (i = 0; i < len - 3; ++i) { - u32 orig = *(u32*)(out_buf + i); + u32 orig = *(u32 *)(out_buf + i); /* Let's consult the effector map... */ @@ -3334,7 +3334,7 @@ skip_arith: afl->stage_val_type = STAGE_VAL_LE; - *(u32*)(out_buf + i) = interesting_32[j]; + *(u32 *)(out_buf + i) = interesting_32[j]; if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -3350,7 +3350,7 @@ skip_arith: afl->stage_val_type = STAGE_VAL_BE; - *(u32*)(out_buf + i) = SWAP32(interesting_32[j]); + *(u32 *)(out_buf + i) = SWAP32(interesting_32[j]); if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry; ++afl->stage_cur; @@ -3360,7 +3360,7 @@ skip_arith: } - *(u32*)(out_buf + i) = orig; + *(u32 *)(out_buf + i) = orig; } /* for i = 0; i < len - 3 */ @@ -3688,13 +3688,13 @@ pacemaker_fuzzing: case 4: if (temp_len < 8) break; - *(u16*)(out_buf + UR(afl, temp_len - 1)) ^= 0xFFFF; + *(u16 *)(out_buf + UR(afl, temp_len - 1)) ^= 0xFFFF; MOpt_globals.cycles_v2[STAGE_FLIP16] += 1; break; case 5: if (temp_len < 8) break; - *(u32*)(out_buf + UR(afl, temp_len - 3)) ^= 0xFFFFFFFF; + *(u32 *)(out_buf + UR(afl, temp_len - 3)) ^= 0xFFFFFFFF; MOpt_globals.cycles_v2[STAGE_FLIP32] += 1; break; @@ -3710,14 +3710,14 @@ pacemaker_fuzzing: if (UR(afl, 2)) { u32 pos = UR(afl, temp_len - 1); - *(u16*)(out_buf + pos) -= 1 + UR(afl, ARITH_MAX); + *(u16 *)(out_buf + pos) -= 1 + UR(afl, ARITH_MAX); } else { u32 pos = UR(afl, temp_len - 1); u16 num = 1 + UR(afl, ARITH_MAX); - *(u16*)(out_buf + pos) = - SWAP16(SWAP16(*(u16*)(out_buf + pos)) - num); + *(u16 *)(out_buf + pos) = + SWAP16(SWAP16(*(u16 *)(out_buf + pos)) - num); } @@ -3725,14 +3725,14 @@ pacemaker_fuzzing: if (UR(afl, 2)) { u32 pos = UR(afl, temp_len - 1); - *(u16*)(out_buf + pos) += 1 + UR(afl, ARITH_MAX); + *(u16 *)(out_buf + pos) += 1 + UR(afl, ARITH_MAX); } else { u32 pos = UR(afl, temp_len - 1); u16 num = 1 + UR(afl, ARITH_MAX); - *(u16*)(out_buf + pos) = - SWAP16(SWAP16(*(u16*)(out_buf + pos)) + num); + *(u16 *)(out_buf + pos) = + SWAP16(SWAP16(*(u16 *)(out_buf + pos)) + num); } @@ -3745,14 +3745,14 @@ pacemaker_fuzzing: if (UR(afl, 2)) { u32 pos = UR(afl, temp_len - 3); - *(u32*)(out_buf + pos) -= 1 + UR(afl, ARITH_MAX); + *(u32 *)(out_buf + pos) -= 1 + UR(afl, ARITH_MAX); } else { u32 pos = UR(afl, temp_len - 3); u32 num = 1 + UR(afl, ARITH_MAX); - *(u32*)(out_buf + pos) = - SWAP32(SWAP32(*(u32*)(out_buf + pos)) - num); + *(u32 *)(out_buf + pos) = + SWAP32(SWAP32(*(u32 *)(out_buf + pos)) - num); } @@ -3761,14 +3761,14 @@ pacemaker_fuzzing: if (UR(afl, 2)) { u32 pos = UR(afl, temp_len - 3); - *(u32*)(out_buf + pos) += 1 + UR(afl, ARITH_MAX); + *(u32 *)(out_buf + pos) += 1 + UR(afl, ARITH_MAX); } else { u32 pos = UR(afl, temp_len - 3); u32 num = 1 + UR(afl, ARITH_MAX); - *(u32*)(out_buf + pos) = - SWAP32(SWAP32(*(u32*)(out_buf + pos)) + num); + *(u32 *)(out_buf + pos) = + SWAP32(SWAP32(*(u32 *)(out_buf + pos)) + num); } @@ -3788,12 +3788,12 @@ pacemaker_fuzzing: if (temp_len < 8) break; if (UR(afl, 2)) { - *(u16*)(out_buf + UR(afl, temp_len - 1)) = + *(u16 *)(out_buf + UR(afl, temp_len - 1)) = interesting_16[UR(afl, sizeof(interesting_16) >> 1)]; } else { - *(u16*)(out_buf + UR(afl, temp_len - 1)) = SWAP16( + *(u16 *)(out_buf + UR(afl, temp_len - 1)) = SWAP16( interesting_16[UR(afl, sizeof(interesting_16) >> 1)]); } @@ -3808,12 +3808,12 @@ pacemaker_fuzzing: if (UR(afl, 2)) { - *(u32*)(out_buf + UR(afl, temp_len - 3)) = + *(u32 *)(out_buf + UR(afl, temp_len - 3)) = interesting_32[UR(afl, sizeof(interesting_32) >> 2)]; } else { - *(u32*)(out_buf + UR(afl, temp_len - 3)) = SWAP32( + *(u32 *)(out_buf + UR(afl, temp_len - 3)) = SWAP32( interesting_32[UR(afl, sizeof(interesting_32) >> 2)]); } @@ -3865,7 +3865,7 @@ pacemaker_fuzzing: u8 actually_clone = UR(afl, 4); u32 clone_from, clone_to, clone_len; - u8* new_buf; + u8 *new_buf; if (actually_clone) { @@ -4020,9 +4020,9 @@ pacemaker_fuzzing: if (afl->use_splicing && splice_cycle++ < afl->SPLICE_CYCLES_puppet && afl->queued_paths > 1 && afl->queue_cur->len > 1) { - struct queue_entry* target; + struct queue_entry *target; u32 tid, split_at; - u8* new_buf; + u8 * new_buf; s32 f_diff, l_diff; /* First of all, if we've modified in_buf for havoc, let's clean that @@ -4268,19 +4268,19 @@ pacemaker_fuzzing: #undef FLIP_BIT -u8 core_fuzzing(afl_state_t* afl) { +u8 core_fuzzing(afl_state_t *afl) { return mopt_common_fuzzing(afl, afl->mopt_globals_core); } -u8 pilot_fuzzing(afl_state_t* afl) { +u8 pilot_fuzzing(afl_state_t *afl) { return mopt_common_fuzzing(afl, afl->mopt_globals_pilot); } -void pso_updating(afl_state_t* afl) { +void pso_updating(afl_state_t *afl) { afl->g_now += 1; if (afl->g_now > afl->g_max) afl->g_now = 0; @@ -4358,14 +4358,14 @@ void pso_updating(afl_state_t* afl) { to fuzz_one_original. All documentation references to fuzz_one therefore mean fuzz_one_original */ -u8 fuzz_one(afl_state_t* afl) { +u8 fuzz_one(afl_state_t *afl) { int key_val_lv = 0; #ifdef _AFL_DOCUMENT_MUTATIONS if (afl->do_document == 0) { - char* fn = alloc_printf("%s/mutations", afl->out_dir); + char *fn = alloc_printf("%s/mutations", afl->out_dir); if (fn) { afl->do_document = mkdir(fn, 0700); // if it exists we do not care diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index 595c1ed0..cc565860 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -43,7 +43,7 @@ int init_py_module(afl_state_t *afl, u8 *module_name) { afl->py_module = PyImport_Import(py_name); Py_DECREF(py_name); - PyObject * py_module = afl->py_module; + PyObject *py_module = afl->py_module; PyObject **py_functions = afl->py_functions; if (afl->py_module != NULL) { diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 988f1ace..37d18a2d 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -28,9 +28,9 @@ .state file to avoid repeating deterministic fuzzing when resuming aborted scans. */ -void mark_as_det_done(afl_state_t* afl, struct queue_entry* q) { +void mark_as_det_done(afl_state_t *afl, struct queue_entry *q) { - u8* fn = strrchr(q->fname, '/'); + u8 *fn = strrchr(q->fname, '/'); s32 fd; fn = alloc_printf("%s/queue/.state/deterministic_done/%s", afl->out_dir, @@ -49,7 +49,7 @@ void mark_as_det_done(afl_state_t* afl, struct queue_entry* q) { /* Mark as variable. Create symlinks if possible to make it easier to examine the files. */ -void mark_as_variable(afl_state_t* afl, struct queue_entry* q) { +void mark_as_variable(afl_state_t *afl, struct queue_entry *q) { u8 *fn = strrchr(q->fname, '/') + 1, *ldest; @@ -74,9 +74,9 @@ void mark_as_variable(afl_state_t* afl, struct queue_entry* q) { /* Mark / unmark as redundant (edge-only). This is not used for restoring state, but may be useful for post-processing datasets. */ -void mark_as_redundant(afl_state_t* afl, struct queue_entry* q, u8 state) { +void mark_as_redundant(afl_state_t *afl, struct queue_entry *q, u8 state) { - u8* fn; + u8 *fn; if (state == q->fs_redundant) return; @@ -105,9 +105,9 @@ void mark_as_redundant(afl_state_t* afl, struct queue_entry* q, u8 state) { /* Append new test case to the queue. */ -void add_to_queue(afl_state_t* afl, u8* fname, u32 len, u8 passed_det) { +void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) { - struct queue_entry* q = ck_alloc(sizeof(struct queue_entry)); + struct queue_entry *q = ck_alloc(sizeof(struct queue_entry)); q->fname = fname; q->len = len; @@ -142,7 +142,7 @@ void add_to_queue(afl_state_t* afl, u8* fname, u32 len, u8 passed_det) { if (afl->mutator && afl->mutator->afl_custom_queue_new_entry) { - u8* fname_orig = NULL; + u8 *fname_orig = NULL; /* At the initialization stage, queue_cur is NULL */ if (afl->queue_cur) fname_orig = afl->queue_cur->fname; @@ -155,7 +155,7 @@ void add_to_queue(afl_state_t* afl, u8* fname, u32 len, u8 passed_det) { /* Destroy the entire queue. */ -void destroy_queue(afl_state_t* afl) { +void destroy_queue(afl_state_t *afl) { struct queue_entry *q = afl->queue, *n; @@ -182,7 +182,7 @@ void destroy_queue(afl_state_t* afl) { previous contender, or if the contender has a more favorable speed x size factor. */ -void update_bitmap_score(afl_state_t* afl, struct queue_entry* q) { +void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { u32 i; u64 fav_factor = q->exec_us * q->len; @@ -251,9 +251,9 @@ void update_bitmap_score(afl_state_t* afl, struct queue_entry* q) { until the next run. The favored entries are given more air time during all fuzzing steps. */ -void cull_queue(afl_state_t* afl) { +void cull_queue(afl_state_t *afl) { - struct queue_entry* q; + struct queue_entry *q; static u8 temp_v[MAP_SIZE >> 3]; u32 i; @@ -312,7 +312,7 @@ void cull_queue(afl_state_t* afl) { A helper function for fuzz_one(). Maybe some of these constants should go into config.h. */ -u32 calculate_score(afl_state_t* afl, struct queue_entry* q) { +u32 calculate_score(afl_state_t *afl, struct queue_entry *q) { u32 avg_exec_us = afl->total_cal_us / afl->total_cal_cycles; u32 avg_bitmap_size = afl->total_bitmap_size / afl->total_bitmap_entries; @@ -405,7 +405,7 @@ u32 calculate_score(afl_state_t* afl, struct queue_entry* q) { fuzz_total = 0; n_paths = 0; - struct queue_entry* queue_it = afl->queue; + struct queue_entry *queue_it = afl->queue; while (queue_it) { fuzz_total += queue_it->n_fuzz; diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index e012c4c3..c910e75e 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -33,13 +33,13 @@ struct range { u32 start; u32 end; - struct range* next; + struct range *next; }; -struct range* add_range(struct range* ranges, u32 start, u32 end) { +struct range *add_range(struct range *ranges, u32 start, u32 end) { - struct range* r = ck_alloc_nozero(sizeof(struct range)); + struct range *r = ck_alloc_nozero(sizeof(struct range)); r->start = start; r->end = end; r->next = ranges; @@ -47,12 +47,12 @@ struct range* add_range(struct range* ranges, u32 start, u32 end) { } -struct range* pop_biggest_range(struct range** ranges) { +struct range *pop_biggest_range(struct range **ranges) { - struct range* r = *ranges; - struct range* prev = NULL; - struct range* rmax = NULL; - struct range* prev_rmax = NULL; + struct range *r = *ranges; + struct range *prev = NULL; + struct range *rmax = NULL; + struct range *prev_rmax = NULL; u32 max_size = 0; while (r) { @@ -84,7 +84,7 @@ struct range* pop_biggest_range(struct range** ranges) { } -static u8 get_exec_checksum(afl_state_t* afl, u8* buf, u32 len, u32* cksum) { +static u8 get_exec_checksum(afl_state_t *afl, u8 *buf, u32 len, u32 *cksum) { if (unlikely(common_fuzz_stuff(afl, buf, len))) return 1; @@ -93,7 +93,7 @@ static u8 get_exec_checksum(afl_state_t* afl, u8* buf, u32 len, u32* cksum) { } -static void rand_replace(afl_state_t* afl, u8* buf, u32 len) { +static void rand_replace(afl_state_t *afl, u8 *buf, u32 len) { u32 i; for (i = 0; i < len; ++i) @@ -101,10 +101,10 @@ static void rand_replace(afl_state_t* afl, u8* buf, u32 len) { } -static u8 colorization(afl_state_t* afl, u8* buf, u32 len, u32 exec_cksum) { +static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, u32 exec_cksum) { - struct range* ranges = add_range(NULL, 0, len); - u8* backup = ck_alloc_nozero(len); + struct range *ranges = add_range(NULL, 0, len); + u8 * backup = ck_alloc_nozero(len); u8 needs_write = 0; @@ -115,7 +115,7 @@ static u8 colorization(afl_state_t* afl, u8* buf, u32 len, u32 exec_cksum) { afl->stage_short = "colorization"; afl->stage_max = 1000; - struct range* rng; + struct range *rng; afl->stage_cur = 0; while ((rng = pop_biggest_range(&ranges)) != NULL && afl->stage_cur < afl->stage_max) { @@ -205,7 +205,7 @@ checksum_fail: ///// Input to State replacement -static u8 its_fuzz(afl_state_t* afl, u8* buf, u32 len, u8* status) { +static u8 its_fuzz(afl_state_t *afl, u8 *buf, u32 len, u8 *status) { u64 orig_hit_cnt, new_hit_cnt; @@ -224,13 +224,13 @@ static u8 its_fuzz(afl_state_t* afl, u8* buf, u32 len, u8* status) { } -static u8 cmp_extend_encoding(afl_state_t* afl, struct cmp_header* h, - u64 pattern, u64 repl, u32 idx, u8* orig_buf, - u8* buf, u32 len, u8 do_reverse, u8* status) { +static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, + u64 pattern, u64 repl, u32 idx, u8 *orig_buf, + u8 *buf, u32 len, u8 do_reverse, u8 *status) { - u64* buf_64 = (u64*)&buf[idx]; - u32* buf_32 = (u32*)&buf[idx]; - u16* buf_16 = (u16*)&buf[idx]; + u64 *buf_64 = (u64 *)&buf[idx]; + u32 *buf_32 = (u32 *)&buf[idx]; + u16 *buf_16 = (u16 *)&buf[idx]; // u8* buf_8 = &buf[idx]; // u64* o_buf_64 = (u64*)&orig_buf[idx]; // u32* o_buf_32 = (u32*)&orig_buf[idx]; @@ -313,9 +313,9 @@ static u8 cmp_extend_encoding(afl_state_t* afl, struct cmp_header* h, } -static void try_to_add_to_dict(afl_state_t* afl, u64 v, u8 shape) { +static void try_to_add_to_dict(afl_state_t *afl, u64 v, u8 shape) { - u8* b = (u8*)&v; + u8 *b = (u8 *)&v; u32 k; u8 cons_ff = 0, cons_0 = 0; @@ -332,7 +332,7 @@ static void try_to_add_to_dict(afl_state_t* afl, u64 v, u8 shape) { } - maybe_add_auto(afl, (u8*)&v, shape); + maybe_add_auto(afl, (u8 *)&v, shape); u64 rev; switch (shape) { @@ -340,24 +340,24 @@ static void try_to_add_to_dict(afl_state_t* afl, u64 v, u8 shape) { case 1: break; case 2: rev = SWAP16((u16)v); - maybe_add_auto(afl, (u8*)&rev, shape); + maybe_add_auto(afl, (u8 *)&rev, shape); break; case 4: rev = SWAP32((u32)v); - maybe_add_auto(afl, (u8*)&rev, shape); + maybe_add_auto(afl, (u8 *)&rev, shape); break; case 8: rev = SWAP64(v); - maybe_add_auto(afl, (u8*)&rev, shape); + maybe_add_auto(afl, (u8 *)&rev, shape); break; } } -static u8 cmp_fuzz(afl_state_t* afl, u32 key, u8* orig_buf, u8* buf, u32 len) { +static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u32 len) { - struct cmp_header* h = &afl->shm.cmp_map->headers[key]; + struct cmp_header *h = &afl->shm.cmp_map->headers[key]; u32 i, j, idx; u32 loggeds = h->hits; @@ -369,7 +369,7 @@ static u8 cmp_fuzz(afl_state_t* afl, u32 key, u8* orig_buf, u8* buf, u32 len) { for (i = 0; i < loggeds; ++i) { - struct cmp_operands* o = &afl->shm.cmp_map->log[key][i]; + struct cmp_operands *o = &afl->shm.cmp_map->log[key][i]; // opt not in the paper for (j = 0; j < i; ++j) @@ -414,9 +414,9 @@ static u8 cmp_fuzz(afl_state_t* afl, u32 key, u8* orig_buf, u8* buf, u32 len) { } -static u8 rtn_extend_encoding(afl_state_t* afl, struct cmp_header* h, - u8* pattern, u8* repl, u32 idx, u8* orig_buf, - u8* buf, u32 len, u8* status) { +static u8 rtn_extend_encoding(afl_state_t *afl, struct cmp_header *h, + u8 *pattern, u8 *repl, u32 idx, u8 *orig_buf, + u8 *buf, u32 len, u8 *status) { u32 i; u32 its_len = MIN(32, len - idx); @@ -440,9 +440,9 @@ static u8 rtn_extend_encoding(afl_state_t* afl, struct cmp_header* h, } -static u8 rtn_fuzz(afl_state_t* afl, u32 key, u8* orig_buf, u8* buf, u32 len) { +static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u32 len) { - struct cmp_header* h = &afl->shm.cmp_map->headers[key]; + struct cmp_header *h = &afl->shm.cmp_map->headers[key]; u32 i, j, idx; u32 loggeds = h->hits; @@ -454,12 +454,12 @@ static u8 rtn_fuzz(afl_state_t* afl, u32 key, u8* orig_buf, u8* buf, u32 len) { for (i = 0; i < loggeds; ++i) { - struct cmpfn_operands* o = - &((struct cmpfn_operands*)afl->shm.cmp_map->log[key])[i]; + struct cmpfn_operands *o = + &((struct cmpfn_operands *)afl->shm.cmp_map->log[key])[i]; // opt not in the paper for (j = 0; j < i; ++j) - if (!memcmp(&((struct cmpfn_operands*)afl->shm.cmp_map->log[key])[j], o, + if (!memcmp(&((struct cmpfn_operands *)afl->shm.cmp_map->log[key])[j], o, sizeof(struct cmpfn_operands))) goto rtn_fuzz_next_iter; @@ -503,7 +503,7 @@ static u8 rtn_fuzz(afl_state_t* afl, u32 key, u8* orig_buf, u8* buf, u32 len) { ///// Input to State stage // afl->queue_cur->exec_cksum -u8 input_to_state_stage(afl_state_t* afl, u8* orig_buf, u8* buf, u32 len, +u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len, u32 exec_cksum) { u8 r = 1; diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 28abad65..527782e4 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -32,12 +32,12 @@ void timeout_handle(union sigval timer_data) { - pid_t child_pid = timer_data.sival_int; + pid_t child_pid = timer_data.sival_int; if (child_pid > 0) kill(child_pid, SIGKILL); } -u8 run_target(afl_state_t* afl, u32 timeout) { +u8 run_target(afl_state_t *afl, u32 timeout) { // static struct itimerval it; struct sigevent timer_signal_event; @@ -146,7 +146,7 @@ u8 run_target(afl_state_t* afl, u32 timeout) { /* Use a distinctive bitmap value to tell the parent about execv() falling through. */ - *(u32*)afl->fsrv.trace_bits = EXEC_FAIL_SIG; + *(u32 *)afl->fsrv.trace_bits = EXEC_FAIL_SIG; exit(0); } @@ -181,11 +181,7 @@ u8 run_target(afl_state_t* afl, u32 timeout) { timer_signal_event.sigev_value.sival_int = afl->fsrv.child_pid; timer_status = timer_create(CLOCK_MONOTONIC, &timer_signal_event, &timer); - if (timer_status == -1) { - - FATAL("Failed to create Timer"); - - } + if (timer_status == -1) { FATAL("Failed to create Timer"); } timer_period.it_value.tv_sec = (timeout / 1000); timer_period.it_value.tv_nsec = (timeout % 1000) * 1000000; @@ -203,13 +199,12 @@ u8 run_target(afl_state_t* afl, u32 timeout) { } else { - FATAL("Failed to set the timer to the given timeout"); + FATAL("Failed to set the timer to the given timeout"); } } - /* The SIGALRM handler simply kills the afl->fsrv.child_pid and sets * afl->fsrv.child_timed_out. */ @@ -221,6 +216,7 @@ u8 run_target(afl_state_t* afl, u32 timeout) { PFATAL("waitpid() failed"); } + } else { s32 res; @@ -261,11 +257,7 @@ u8 run_target(afl_state_t* afl, u32 timeout) { timer_period.it_value.tv_nsec / 1000000); if (afl->slowest_exec_ms < exec_ms) afl->slowest_exec_ms = exec_ms; - if (exec_ms >= timeout) { - - afl->fsrv.child_timed_out = 1; - - } + if (exec_ms >= timeout) { afl->fsrv.child_timed_out = 1; } timer_period.it_value.tv_sec = 0; timer_period.it_value.tv_nsec = 0; @@ -289,12 +281,12 @@ u8 run_target(afl_state_t* afl, u32 timeout) { MEM_BARRIER(); - tb4 = *(u32*)afl->fsrv.trace_bits; + tb4 = *(u32 *)afl->fsrv.trace_bits; #ifdef WORD_SIZE_64 - classify_counts((u64*)afl->fsrv.trace_bits); + classify_counts((u64 *)afl->fsrv.trace_bits); #else - classify_counts((u32*)afl->fsrv.trace_bits); + classify_counts((u32 *)afl->fsrv.trace_bits); #endif /* ^WORD_SIZE_64 */ prev_timed_out = afl->fsrv.child_timed_out; @@ -327,9 +319,9 @@ u8 run_target(afl_state_t* afl, u32 timeout) { return FAULT_NONE; - handle_stop_soon: - timer_delete(timer); - return 0; +handle_stop_soon: + timer_delete(timer); + return 0; } @@ -337,13 +329,13 @@ u8 run_target(afl_state_t* afl, u32 timeout) { old file is unlinked and a new one is created. Otherwise, afl->fsrv.out_fd is rewound and truncated. */ -void write_to_testcase(afl_state_t* afl, void* mem, u32 len) { +void write_to_testcase(afl_state_t *afl, void *mem, u32 len) { s32 fd = afl->fsrv.out_fd; #ifdef _AFL_DOCUMENT_MUTATIONS s32 doc_fd; - char* fn = alloc_printf("%s/mutations/%09u:%s", afl->out_dir, + char *fn = alloc_printf("%s/mutations/%09u:%s", afl->out_dir, afl->document_counter++, describe_op(0)); if (fn != NULL) { @@ -382,7 +374,7 @@ void write_to_testcase(afl_state_t* afl, void* mem, u32 len) { if (afl->mutator && afl->mutator->afl_custom_pre_save) { - u8* new_data; + u8 *new_data; size_t new_size = afl->mutator->afl_custom_pre_save(afl, mem, len, &new_data); ck_write(fd, new_data, new_size, afl->fsrv.out_file); @@ -407,7 +399,7 @@ void write_to_testcase(afl_state_t* afl, void* mem, u32 len) { /* The same, but with an adjustable gap. Used for trimming. */ -static void write_with_gap(afl_state_t* afl, void* mem, u32 len, u32 skip_at, +static void write_with_gap(afl_state_t *afl, void *mem, u32 len, u32 skip_at, u32 skip_len) { s32 fd = afl->fsrv.out_fd; @@ -434,7 +426,7 @@ static void write_with_gap(afl_state_t* afl, void* mem, u32 len, u32 skip_at, if (skip_at) ck_write(fd, mem, skip_at, afl->fsrv.out_file); - u8* memu8 = mem; + u8 *memu8 = mem; if (tail_len) ck_write(fd, memu8 + skip_at + skip_len, tail_len, afl->fsrv.out_file); @@ -453,7 +445,7 @@ static void write_with_gap(afl_state_t* afl, void* mem, u32 len, u32 skip_at, to warn about flaky or otherwise problematic test cases early on; and when new paths are discovered to detect variable behavior and so on. */ -u8 calibrate_case(afl_state_t* afl, struct queue_entry* q, u8* use_mem, +u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, u32 handicap, u8 from_queue) { static u8 first_trace[MAP_SIZE]; @@ -465,7 +457,7 @@ u8 calibrate_case(afl_state_t* afl, struct queue_entry* q, u8* use_mem, s32 old_sc = afl->stage_cur, old_sm = afl->stage_max; u32 use_tmout = afl->fsrv.exec_tmout; - u8* old_sn = afl->stage_name; + u8 *old_sn = afl->stage_name; /* Be a bit more generous about timeouts when resuming sessions, or when trying to calibrate already-added finds. This helps avoid trouble due @@ -612,11 +604,11 @@ abort_calibration: /* Grab interesting test cases from other fuzzers. */ -void sync_fuzzers(afl_state_t* afl) { +void sync_fuzzers(afl_state_t *afl) { - DIR* sd; - struct dirent* sd_ent; - u32 sync_cnt = 0; + DIR *sd; + struct dirent *sd_ent; + u32 sync_cnt = 0; sd = opendir(afl->sync_dir); if (!sd) PFATAL("Unable to open '%s'", afl->sync_dir); @@ -631,10 +623,10 @@ void sync_fuzzers(afl_state_t* afl) { static u8 stage_tmp[128]; - DIR* qd; - struct dirent* qd_ent; - u8 * qd_path, *qd_synced_path; - u32 min_accept = 0, next_min_accept; + DIR *qd; + struct dirent *qd_ent; + u8 *qd_path, *qd_synced_path; + u32 min_accept = 0, next_min_accept; s32 id_fd; @@ -679,8 +671,8 @@ void sync_fuzzers(afl_state_t* afl) { while ((qd_ent = readdir(qd))) { - u8* path; - s32 fd; + u8 *path; + s32 fd; struct stat st; if (qd_ent->d_name[0] == '.' || @@ -713,7 +705,7 @@ void sync_fuzzers(afl_state_t* afl) { if (st.st_size && st.st_size <= MAX_FILE) { u8 fault; - u8* mem = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0); + u8 *mem = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0); if (mem == MAP_FAILED) PFATAL("Unable to mmap '%s'", path); @@ -760,7 +752,7 @@ void sync_fuzzers(afl_state_t* afl) { trimmer uses power-of-two increments somewhere between 1/16 and 1/1024 of file size, to keep the stage short and sweet. */ -u8 trim_case(afl_state_t* afl, struct queue_entry* q, u8* in_buf) { +u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { /* Custom mutator trimmer */ if (afl->mutator && afl->mutator->afl_custom_trim) @@ -896,7 +888,7 @@ abort_trimming: error conditions, returning 1 if it's time to bail out. This is a helper function for fuzz_one(). */ -u8 common_fuzz_stuff(afl_state_t* afl, u8* out_buf, u32 len) { +u8 common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { u8 fault; diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index f2f6efb9..e03018a1 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -347,9 +347,9 @@ void show_stats(afl_state_t *afl) { /* Lord, forgive me this. */ - SAYF(SET_G1 bSTG bLT bH bSTOP cCYA + SAYF(SET_G1 bSTG bLT bH bSTOP cCYA " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA - " overall results " bSTG bH2 bH2 bRT "\n"); + " overall results " bSTG bH2 bH2 bRT "\n"); if (afl->dumb_mode) { @@ -429,9 +429,9 @@ void show_stats(afl_state_t *afl) { " uniq hangs : " cRST "%-6s" bSTG bV "\n", DTD(cur_ms, afl->last_hang_time), tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA - " map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); + " map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); /* This gets funny because we want to print several variable-length variables together, but then cram them into a fixed-width field - so we need to @@ -460,9 +460,9 @@ void show_stats(afl_state_t *afl) { SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA - " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); + " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); sprintf(tmp, "%s (%0.02f%%)", DI(afl->queued_favored), ((double)afl->queued_favored) * 100 / afl->queued_paths); @@ -533,7 +533,7 @@ void show_stats(afl_state_t *afl) { /* Aaaalmost there... hold on! */ - SAYF(bVR bH cCYA bSTOP + SAYF(bVR bH cCYA bSTOP " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA " path geometry " bSTG bH5 bH2 bVL "\n"); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 3483f02c..2082633f 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -27,7 +27,7 @@ u8 be_quiet = 0; -static u8* get_libradamsa_path(u8* own_loc) { +static u8 *get_libradamsa_path(u8 *own_loc) { u8 *tmp, *cp, *rsl, *own_copy; @@ -84,7 +84,7 @@ static u8* get_libradamsa_path(u8* own_loc) { /* Display usage hints. */ -static void usage(afl_state_t* afl, u8* argv0, int more_help) { +static void usage(afl_state_t *afl, u8 *argv0, int more_help) { SAYF( "\n%s [ options ] -- /path/to/fuzzed_app [ ... ]\n\n" @@ -198,7 +198,7 @@ static void usage(afl_state_t* afl, u8* argv0, int more_help) { #ifdef USE_PYTHON SAYF("Compiled with %s module support, see docs/custom_mutator.md\n", - (char*)PYTHON_VERSION); + (char *)PYTHON_VERSION); #endif SAYF("For additional help please consult %s/README.md\n\n", doc_path); @@ -210,7 +210,7 @@ static void usage(afl_state_t* afl, u8* argv0, int more_help) { #ifndef AFL_LIB -static int stricmp(char const* a, char const* b) { +static int stricmp(char const *a, char const *b) { for (;; ++a, ++b) { @@ -224,22 +224,22 @@ static int stricmp(char const* a, char const* b) { /* Main entry point */ -int main(int argc, char** argv_orig, char** envp) { +int main(int argc, char **argv_orig, char **envp) { s32 opt; u64 prev_queued = 0; u32 sync_interval_cnt = 0, seek_to, show_help = 0; - u8* extras_dir = 0; + u8 * extras_dir = 0; u8 mem_limit_given = 0; u8 exit_1 = !!get_afl_env("AFL_BENCH_JUST_ONE"); - char** use_argv; + char **use_argv; struct timeval tv; struct timezone tz; - char** argv = argv_cpy_dup(argc, argv_orig); + char **argv = argv_cpy_dup(argc, argv_orig); - afl_state_t* afl = calloc(1, sizeof(afl_state_t)); + afl_state_t *afl = calloc(1, sizeof(afl_state_t)); if (!afl) { FATAL("Could not create afl state"); } afl_state_init(afl); @@ -248,7 +248,7 @@ int main(int argc, char** argv_orig, char** envp) { SAYF(cCYA "afl-fuzz" VERSION cRST " based on afl by Michal Zalewski and a big online community\n"); - doc_path = access(DOC_PATH, F_OK) ? (u8*)"docs" : doc_path; + doc_path = access(DOC_PATH, F_OK) ? (u8 *)"docs" : doc_path; gettimeofday(&tv, &tz); afl->init_seed = tv.tv_sec ^ tv.tv_usec ^ getpid(); @@ -337,7 +337,7 @@ int main(int argc, char** argv_orig, char** envp) { case 'M': { /* master sync ID */ - u8* c; + u8 *c; if (afl->sync_id) FATAL("Multiple -S or -M options not supported"); afl->sync_id = ck_strdup(optarg); @@ -696,8 +696,8 @@ int main(int argc, char** argv_orig, char** envp) { OKF("Using Radamsa add-on"); - u8* libradamsa_path = get_libradamsa_path(argv[0]); - void* handle = dlopen(libradamsa_path, RTLD_NOW); + u8 * libradamsa_path = get_libradamsa_path(argv[0]); + void *handle = dlopen(libradamsa_path, RTLD_NOW); ck_free(libradamsa_path); if (!handle) FATAL("Failed to dlopen() libradamsa"); @@ -794,9 +794,9 @@ int main(int argc, char** argv_orig, char** envp) { if (afl->qemu_mode) { - u8* qemu_preload = getenv("QEMU_SET_ENV"); - u8* afl_preload = getenv("AFL_PRELOAD"); - u8* buf; + u8 *qemu_preload = getenv("QEMU_SET_ENV"); + u8 *afl_preload = getenv("AFL_PRELOAD"); + u8 *buf; s32 i, afl_preload_size = strlen(afl_preload); for (i = 0; i < afl_preload_size; ++i) { @@ -926,7 +926,7 @@ int main(int argc, char** argv_orig, char** envp) { u32 i = optind + 1; while (argv[i]) { - u8* aa_loc = strstr(argv[i], "@@"); + u8 *aa_loc = strstr(argv[i], "@@"); if (aa_loc && !afl->fsrv.out_file) { diff --git a/src/afl-gcc.c b/src/afl-gcc.c index 033c1eea..bb3baf56 100644 --- a/src/afl-gcc.c +++ b/src/afl-gcc.c @@ -48,18 +48,18 @@ #include <stdlib.h> #include <string.h> -static u8* as_path; /* Path to the AFL 'as' wrapper */ -static u8** cc_params; /* Parameters passed to the real CC */ -static u32 cc_par_cnt = 1; /* Param count, including argv0 */ -static u8 be_quiet, /* Quiet mode */ +static u8 *as_path; /* Path to the AFL 'as' wrapper */ +static u8 **cc_params; /* Parameters passed to the real CC */ +static u32 cc_par_cnt = 1; /* Param count, including argv0 */ +static u8 be_quiet, /* Quiet mode */ clang_mode; /* Invoked as afl-clang*? */ /* Try to find our "fake" GNU assembler in AFL_PATH or at the location derived from argv[0]. If that fails, abort. */ -static void find_as(u8* argv0) { +static void find_as(u8 *argv0) { - u8* afl_path = getenv("AFL_PATH"); + u8 *afl_path = getenv("AFL_PATH"); u8 *slash, *tmp; if (afl_path) { @@ -82,7 +82,7 @@ static void find_as(u8* argv0) { if (slash) { - u8* dir; + u8 *dir; *slash = 0; dir = ck_strdup(argv0); @@ -116,16 +116,16 @@ static void find_as(u8* argv0) { /* Copy argv to cc_params, making the necessary edits. */ -static void edit_params(u32 argc, char** argv) { +static void edit_params(u32 argc, char **argv) { u8 fortify_set = 0, asan_set = 0; - u8* name; + u8 *name; #if defined(__FreeBSD__) && defined(WORD_SIZE_64) u8 m32_set = 0; #endif - cc_params = ck_alloc((argc + 128) * sizeof(u8*)); + cc_params = ck_alloc((argc + 128) * sizeof(u8 *)); name = strrchr(argv[0], '/'); if (!name) @@ -141,13 +141,13 @@ static void edit_params(u32 argc, char** argv) { if (!strcmp(name, "afl-clang++")) { - u8* alt_cxx = getenv("AFL_CXX"); - cc_params[0] = alt_cxx ? alt_cxx : (u8*)"clang++"; + u8 *alt_cxx = getenv("AFL_CXX"); + cc_params[0] = alt_cxx ? alt_cxx : (u8 *)"clang++"; } else { - u8* alt_cc = getenv("AFL_CC"); - cc_params[0] = alt_cc ? alt_cc : (u8*)"clang"; + u8 *alt_cc = getenv("AFL_CC"); + cc_params[0] = alt_cc ? alt_cc : (u8 *)"clang"; } @@ -186,18 +186,18 @@ static void edit_params(u32 argc, char** argv) { if (!strcmp(name, "afl-g++")) { - u8* alt_cxx = getenv("AFL_CXX"); - cc_params[0] = alt_cxx ? alt_cxx : (u8*)"g++"; + u8 *alt_cxx = getenv("AFL_CXX"); + cc_params[0] = alt_cxx ? alt_cxx : (u8 *)"g++"; } else if (!strcmp(name, "afl-gcj")) { - u8* alt_cc = getenv("AFL_GCJ"); - cc_params[0] = alt_cc ? alt_cc : (u8*)"gcj"; + u8 *alt_cc = getenv("AFL_GCJ"); + cc_params[0] = alt_cc ? alt_cc : (u8 *)"gcj"; } else { - u8* alt_cc = getenv("AFL_CC"); - cc_params[0] = alt_cc ? alt_cc : (u8*)"gcc"; + u8 *alt_cc = getenv("AFL_CC"); + cc_params[0] = alt_cc ? alt_cc : (u8 *)"gcc"; } @@ -207,7 +207,7 @@ static void edit_params(u32 argc, char** argv) { while (--argc) { - u8* cur = *(++argv); + u8 *cur = *(++argv); if (!strncmp(cur, "-B", 2)) { @@ -340,9 +340,9 @@ static void edit_params(u32 argc, char** argv) { /* Main entry point */ -int main(int argc, char** argv) { +int main(int argc, char **argv) { - char* env_info = + char *env_info = "Environment variables used by afl-gcc:\n" "AFL_CC: path to the C compiler to use\n" "AFL_CXX: path to the C++ compiler to use\n" @@ -415,7 +415,7 @@ int main(int argc, char** argv) { edit_params(argc, argv); - execvp(cc_params[0], (char**)cc_params); + execvp(cc_params[0], (char **)cc_params); FATAL("Oops, failed to execute '%s' - check your PATH", cc_params[0]); diff --git a/src/afl-gotcpu.c b/src/afl-gotcpu.c index 31455b66..70ed4dbc 100644 --- a/src/afl-gotcpu.c +++ b/src/afl-gotcpu.c @@ -129,7 +129,7 @@ repeat_loop: /* Do the benchmark thing. */ -int main(int argc, char** argv) { +int main(int argc, char **argv) { if (argc > 1) { @@ -165,7 +165,7 @@ int main(int argc, char** argv) { CPU_ZERO(&c); CPU_SET(i, &c); #elif defined(__NetBSD__) - cpuset_t* c; + cpuset_t *c; c = cpuset_create(); if (c == NULL) PFATAL("cpuset_create failed"); diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 3122ab04..acddbbc7 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -61,13 +61,13 @@ u8 be_quiet; -char* stdin_file; /* stdin file */ +char *stdin_file; /* stdin file */ u8 *in_dir, /* input folder */ *doc_path, /* Path to docs */ *at_file = NULL; /* Substitution string for @@ */ -static u8* in_data; /* Input data */ +static u8 *in_data; /* Input data */ static u32 total, highest; /* tuple content information */ @@ -111,7 +111,7 @@ static const u8 count_class_binary[256] = { }; -static void classify_counts(u8* mem, const u8* map) { +static void classify_counts(u8 *mem, const u8 *map) { u32 i = MAP_SIZE; @@ -147,7 +147,7 @@ static void at_exit_handler(void) { /* Write results. */ -static u32 write_results_to_file(afl_forkserver_t* fsrv, u8* outfile) { +static u32 write_results_to_file(afl_forkserver_t *fsrv, u8 *outfile) { s32 fd; u32 i, ret = 0; @@ -183,7 +183,7 @@ static u32 write_results_to_file(afl_forkserver_t* fsrv, u8* outfile) { } else { - FILE* f = fdopen(fd, "w"); + FILE *f = fdopen(fd, "w"); if (!f) PFATAL("fdopen() failed"); @@ -218,7 +218,7 @@ static u32 write_results_to_file(afl_forkserver_t* fsrv, u8* outfile) { /* Write results. */ -static u32 write_results(afl_forkserver_t* fsrv) { +static u32 write_results(afl_forkserver_t *fsrv) { return write_results_to_file(fsrv, fsrv->out_file); @@ -226,7 +226,7 @@ static u32 write_results(afl_forkserver_t* fsrv) { /* Write output file. */ -static s32 write_to_file(u8* path, u8* mem, u32 len) { +static s32 write_to_file(u8 *path, u8 *mem, u32 len) { s32 ret; @@ -248,7 +248,7 @@ static s32 write_to_file(u8* path, u8* mem, u32 len) { is unlinked and a new one is created. Otherwise, out_fd is rewound and truncated. */ -static void write_to_testcase(afl_forkserver_t* fsrv, void* mem, u32 len) { +static void write_to_testcase(afl_forkserver_t *fsrv, void *mem, u32 len) { lseek(fsrv->out_fd, 0, SEEK_SET); ck_write(fsrv->out_fd, mem, len, fsrv->out_file); @@ -260,7 +260,7 @@ static void write_to_testcase(afl_forkserver_t* fsrv, void* mem, u32 len) { /* Execute target application. Returns 0 if the changes are a dud, or 1 if they should be kept. */ -static u8 run_target_forkserver(afl_forkserver_t* fsrv, char** argv, u8* mem, +static u8 run_target_forkserver(afl_forkserver_t *fsrv, char **argv, u8 *mem, u32 len) { static struct itimerval it; @@ -321,7 +321,7 @@ static u8 run_target_forkserver(afl_forkserver_t* fsrv, char** argv, u8* mem, /* Clean up bitmap, analyze exit condition, etc. */ - if (*(u32*)fsrv->trace_bits == EXEC_FAIL_SIG) + if (*(u32 *)fsrv->trace_bits == EXEC_FAIL_SIG) FATAL("Unable to execute '%s'", argv[0]); classify_counts(fsrv->trace_bits, @@ -356,7 +356,7 @@ static u8 run_target_forkserver(afl_forkserver_t* fsrv, char** argv, u8* mem, /* Read initial file. */ -u32 read_file(u8* in_file) { +u32 read_file(u8 *in_file) { struct stat st; s32 fd = open(in_file, O_RDONLY); @@ -381,7 +381,7 @@ u32 read_file(u8* in_file) { /* Execute target application. */ -static void run_target(afl_forkserver_t* fsrv, char** argv) { +static void run_target(afl_forkserver_t *fsrv, char **argv) { static struct itimerval it; int status = 0; @@ -404,7 +404,7 @@ static void run_target(afl_forkserver_t* fsrv, char** argv) { if (fd < 0 || dup2(fd, 1) < 0 || dup2(fd, 2) < 0) { - *(u32*)fsrv->trace_bits = EXEC_FAIL_SIG; + *(u32 *)fsrv->trace_bits = EXEC_FAIL_SIG; PFATAL("Descriptor initialization failed"); } @@ -442,7 +442,7 @@ static void run_target(afl_forkserver_t* fsrv, char** argv) { execv(fsrv->target_path, argv); - *(u32*)fsrv->trace_bits = EXEC_FAIL_SIG; + *(u32 *)fsrv->trace_bits = EXEC_FAIL_SIG; exit(0); } @@ -470,7 +470,7 @@ static void run_target(afl_forkserver_t* fsrv, char** argv) { /* Clean up bitmap, analyze exit condition, etc. */ - if (*(u32*)fsrv->trace_bits == EXEC_FAIL_SIG) + if (*(u32 *)fsrv->trace_bits == EXEC_FAIL_SIG) FATAL("Unable to execute '%s'", argv[0]); classify_counts(fsrv->trace_bits, @@ -525,9 +525,9 @@ static void set_up_environment(void) { if (qemu_mode) { - u8* qemu_preload = getenv("QEMU_SET_ENV"); - u8* afl_preload = getenv("AFL_PRELOAD"); - u8* buf; + u8 *qemu_preload = getenv("QEMU_SET_ENV"); + u8 *afl_preload = getenv("AFL_PRELOAD"); + u8 *buf; s32 i, afl_preload_size = strlen(afl_preload); for (i = 0; i < afl_preload_size; ++i) { @@ -597,7 +597,7 @@ static void show_banner(void) { /* Display usage hints. */ -static void usage(u8* argv0) { +static void usage(u8 *argv0) { show_banner(); @@ -647,9 +647,9 @@ static void usage(u8* argv0) { /* Find binary. */ -static void find_binary(afl_forkserver_t* fsrv, u8* fname) { +static void find_binary(afl_forkserver_t *fsrv, u8 *fname) { - u8* env_path = 0; + u8 *env_path = 0; struct stat st; if (strchr(fname, '/') || !(env_path = getenv("PATH"))) { @@ -703,19 +703,19 @@ static void find_binary(afl_forkserver_t* fsrv, u8* fname) { /* Main entry point */ -int main(int argc, char** argv_orig, char** envp) { +int main(int argc, char **argv_orig, char **envp) { // TODO: u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ s32 opt, i; u8 mem_limit_given = 0, timeout_given = 0, unicorn_mode = 0, use_wine = 0; u32 tcnt = 0; - char** use_argv; + char **use_argv; - char** argv = argv_cpy_dup(argc, argv_orig); + char **argv = argv_cpy_dup(argc, argv_orig); afl_forkserver_t fsrv_var = {0}; - afl_forkserver_t* fsrv = &fsrv_var; + afl_forkserver_t *fsrv = &fsrv_var; afl_fsrv_init(fsrv); doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; @@ -929,10 +929,10 @@ int main(int argc, char** argv_orig, char** envp) { if (in_dir) { - DIR * dir_in, *dir_out; - struct dirent* dir_ent; - int done = 0; - u8 infile[4096], outfile[4096]; + DIR *dir_in, *dir_out; + struct dirent *dir_ent; + int done = 0; + u8 infile[4096], outfile[4096]; #if !defined(DT_REG) struct stat statbuf; #endif @@ -946,7 +946,7 @@ int main(int argc, char** argv_orig, char** envp) { if (mkdir(fsrv->out_file, 0700)) PFATAL("cannot create output directory %s", fsrv->out_file); - u8* use_dir = "."; + u8 *use_dir = "."; if (access(use_dir, R_OK | W_OK | X_OK)) { diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 65cc00ce..17e9af5a 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -58,13 +58,13 @@ #include <sys/types.h> #include <sys/resource.h> -static u8* mask_bitmap; /* Mask for trace bits (-B) */ +static u8 *mask_bitmap; /* Mask for trace bits (-B) */ u8 *in_file, /* Minimizer input test case */ *output_file, /* Minimizer output file */ *doc_path; /* Path to docs */ -static u8* in_data; /* Input data for trimming */ +static u8 *in_data; /* Input data for trimming */ static u32 in_len, /* Input data length */ orig_cksum, /* Original checksum */ @@ -105,7 +105,7 @@ static const u8 count_class_lookup[256] = { }; -static void classify_counts(u8* mem) { +static void classify_counts(u8 *mem) { u32 i = MAP_SIZE; @@ -133,7 +133,7 @@ static void classify_counts(u8* mem) { /* Apply mask to classified bitmap (if set). */ -static void apply_mask(u32* mem, u32* mask) { +static void apply_mask(u32 *mem, u32 *mask) { u32 i = (MAP_SIZE >> 2); @@ -151,9 +151,9 @@ static void apply_mask(u32* mem, u32* mask) { /* See if any bytes are set in the bitmap. */ -static inline u8 anything_set(afl_forkserver_t* fsrv) { +static inline u8 anything_set(afl_forkserver_t *fsrv) { - u32* ptr = (u32*)fsrv->trace_bits; + u32 *ptr = (u32 *)fsrv->trace_bits; u32 i = (MAP_SIZE >> 2); while (i--) @@ -196,7 +196,7 @@ static void read_initial_file(void) { /* Write output file. */ -static s32 write_to_file(u8* path, u8* mem, u32 len) { +static s32 write_to_file(u8 *path, u8 *mem, u32 len) { s32 ret; @@ -218,7 +218,7 @@ static s32 write_to_file(u8* path, u8* mem, u32 len) { is unlinked and a new one is created. Otherwise, out_fd is rewound and truncated. */ -static void write_to_testcase(afl_forkserver_t* fsrv, void* mem, u32 len) { +static void write_to_testcase(afl_forkserver_t *fsrv, void *mem, u32 len) { s32 fd = fsrv->out_fd; @@ -395,7 +395,7 @@ static void init_forkserver(char **argv) { /* Execute target application. Returns 0 if the changes are a dud, or 1 if they should be kept. */ -static u8 run_target(afl_forkserver_t* fsrv, char** argv, u8* mem, u32 len, +static u8 run_target(afl_forkserver_t *fsrv, char **argv, u8 *mem, u32 len, u8 first_run) { static struct itimerval it; @@ -460,13 +460,13 @@ static u8 run_target(afl_forkserver_t* fsrv, char** argv, u8* mem, u32 len, /* Clean up bitmap, analyze exit condition, etc. */ - if (*(u32*)fsrv->trace_bits == EXEC_FAIL_SIG) + if (*(u32 *)fsrv->trace_bits == EXEC_FAIL_SIG) FATAL("Unable to execute '%s'", argv[0]); if (!hang_mode) { classify_counts(fsrv->trace_bits); - apply_mask((u32*)fsrv->trace_bits, (u32*)mask_bitmap); + apply_mask((u32 *)fsrv->trace_bits, (u32 *)mask_bitmap); } @@ -565,11 +565,11 @@ static u32 next_p2(u32 val) { /* Actually minimize! */ -static void minimize(afl_forkserver_t* fsrv, char** argv) { +static void minimize(afl_forkserver_t *fsrv, char **argv) { static u32 alpha_map[256]; - u8* tmp_buf = ck_alloc_nozero(in_len); + u8 *tmp_buf = ck_alloc_nozero(in_len); u32 orig_len = in_len, stage_o_len; u32 del_len, set_len, del_pos, set_pos, i, alpha_size, cur_pass = 0; @@ -835,16 +835,16 @@ static void handle_stop_sig(int sig) { /* Do basic preparations - persistent fds, filenames, etc. */ -static void set_up_environment(afl_forkserver_t* fsrv) { +static void set_up_environment(afl_forkserver_t *fsrv) { - u8* x; + u8 *x; fsrv->dev_null_fd = open("/dev/null", O_RDWR); if (fsrv->dev_null_fd < 0) PFATAL("Unable to open /dev/null"); if (!fsrv->out_file) { - u8* use_dir = "."; + u8 *use_dir = "."; if (access(use_dir, R_OK | W_OK | X_OK)) { @@ -907,9 +907,9 @@ static void set_up_environment(afl_forkserver_t* fsrv) { if (qemu_mode) { - u8* qemu_preload = getenv("QEMU_SET_ENV"); - u8* afl_preload = getenv("AFL_PRELOAD"); - u8* buf; + u8 *qemu_preload = getenv("QEMU_SET_ENV"); + u8 *afl_preload = getenv("AFL_PRELOAD"); + u8 *buf; s32 i, afl_preload_size = strlen(afl_preload); for (i = 0; i < afl_preload_size; ++i) { @@ -971,7 +971,7 @@ static void setup_signal_handlers(void) { /* Display usage hints. */ -static void usage(u8* argv0) { +static void usage(u8 *argv0) { SAYF( "\n%s [ options ] -- /path/to/target_app [ ... ]\n\n" @@ -1018,9 +1018,9 @@ static void usage(u8* argv0) { /* Find binary. */ -static void find_binary(afl_forkserver_t* fsrv, u8* fname) { +static void find_binary(afl_forkserver_t *fsrv, u8 *fname) { - u8* env_path = 0; + u8 * env_path = 0; struct stat st; if (strchr(fname, '/') || !(env_path = getenv("PATH"))) { @@ -1074,7 +1074,7 @@ static void find_binary(afl_forkserver_t* fsrv, u8* fname) { /* Read mask bitmap from file. This is for the -B option. */ -static void read_bitmap(u8* fname) { +static void read_bitmap(u8 *fname) { s32 fd = open(fname, O_RDONLY); @@ -1088,16 +1088,16 @@ static void read_bitmap(u8* fname) { /* Main entry point */ -int main(int argc, char** argv_orig, char** envp) { +int main(int argc, char **argv_orig, char **envp) { s32 opt; u8 mem_limit_given = 0, timeout_given = 0, unicorn_mode = 0, use_wine = 0; - char** use_argv; + char **use_argv; - char** argv = argv_cpy_dup(argc, argv_orig); + char **argv = argv_cpy_dup(argc, argv_orig); afl_forkserver_t fsrv_var = {0}; - afl_forkserver_t* fsrv = &fsrv_var; + afl_forkserver_t *fsrv = &fsrv_var; afl_fsrv_init(fsrv); doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; diff --git a/test-instr.c b/test-instr.c index f96db868..579577a4 100644 --- a/test-instr.c +++ b/test-instr.c @@ -23,11 +23,11 @@ #include <sys/stat.h> #include <fcntl.h> -int main(int argc, char** argv) { +int main(int argc, char **argv) { int fd = 0; char buff[8]; - char* buf = buff; + char *buf = buff; // we support command line parameter and stdin if (argc == 2) { diff --git a/test/test-compcov.c b/test/test-compcov.c index b1711586..89611bfb 100644 --- a/test/test-compcov.c +++ b/test/test-compcov.c @@ -3,7 +3,7 @@ #include <unistd.h> #include <string.h> -int main(int argc, char** argv) { +int main(int argc, char **argv) { char *input = argv[1], *buf, buffer[20]; if (argc < 2) { |