diff options
| author | vanhauser-thc <vh@thc.org> | 2022-07-12 09:04:54 +0200 |
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2022-07-12 09:04:54 +0200 |
| commit | b847e0f414e7b310e1a68bc501d4e2453bfce70e (patch) | |
| tree | 1ea5ebbb0b47e8d55b1950e9b787ec9f254655af | |
| parent | 338f1ae2f85dffe7daa88fa78cd1d078a986d0d5 (diff) | |
| download | afl++-b847e0f414e7b310e1a68bc501d4e2453bfce70e.tar.gz | |
clang format 14
89 files changed, 544 insertions, 521 deletions
diff --git a/frida_mode/include/instrument.h b/frida_mode/include/instrument.h index 4a54ee22..cd480202 100644 --- a/frida_mode/include/instrument.h +++ b/frida_mode/include/instrument.h @@ -5,13 +5,13 @@ #include "config.h" -extern char * instrument_debug_filename; -extern char * instrument_coverage_filename; +extern char *instrument_debug_filename; +extern char *instrument_coverage_filename; extern gboolean instrument_tracing; extern gboolean instrument_optimize; extern gboolean instrument_unique; extern guint64 instrument_hash_zero; -extern char * instrument_coverage_unstable_filename; +extern char *instrument_coverage_unstable_filename; extern gboolean instrument_coverage_insn; extern gboolean instrument_use_fixed_seed; @@ -35,9 +35,9 @@ GumStalkerTransformer *instrument_get_transformer(void); gboolean instrument_is_coverage_optimize_supported(void); void instrument_coverage_optimize_init(void); -void instrument_coverage_optimize(const cs_insn * instr, +void instrument_coverage_optimize(const cs_insn *instr, GumStalkerOutput *output); -void instrument_coverage_optimize_insn(const cs_insn * instr, +void instrument_coverage_optimize_insn(const cs_insn *instr, GumStalkerOutput *output); void instrument_debug_config(void); diff --git a/frida_mode/include/persistent.h b/frida_mode/include/persistent.h index c79f0143..5edd8801 100644 --- a/frida_mode/include/persistent.h +++ b/frida_mode/include/persistent.h @@ -13,7 +13,7 @@ typedef void (*afl_persistent_hook_fn)(api_regs *regs, uint64_t guest_base, extern int __afl_persistent_loop(unsigned int max_cnt); -extern unsigned int * __afl_fuzz_len; +extern unsigned int *__afl_fuzz_len; extern unsigned char *__afl_fuzz_ptr; extern guint64 persistent_start; diff --git a/frida_mode/include/seccomp.h b/frida_mode/include/seccomp.h index 7e8a7d25..0cd90bc2 100644 --- a/frida_mode/include/seccomp.h +++ b/frida_mode/include/seccomp.h @@ -401,9 +401,9 @@ enum { typedef void (*seccomp_child_func_t)(int event_fd, void *ctx); -typedef void (*seccomp_filter_callback_t)(struct seccomp_notif * req, +typedef void (*seccomp_filter_callback_t)(struct seccomp_notif *req, struct seccomp_notif_resp *resp, - GumReturnAddressArray * frames); + GumReturnAddressArray *frames); void seccomp_atomic_set(volatile bool *ptr, bool val); bool seccomp_atomic_try_set(volatile bool *ptr, bool val); diff --git a/frida_mode/include/stats.h b/frida_mode/include/stats.h index 0ad227c3..8c2c74b9 100644 --- a/frida_mode/include/stats.h +++ b/frida_mode/include/stats.h @@ -43,7 +43,7 @@ typedef struct { G_DECLARE_FINAL_TYPE(GumAflStalkerStats, gum_afl_stalker_stats, GUM, AFL_STALKER_STATS, GObject) -extern char * stats_filename; +extern char *stats_filename; extern guint64 stats_interval; void stats_config(void); diff --git a/frida_mode/src/asan/asan.c b/frida_mode/src/asan/asan.c index cad409ee..3a672d31 100644 --- a/frida_mode/src/asan/asan.c +++ b/frida_mode/src/asan/asan.c @@ -30,7 +30,7 @@ void asan_init(void) { static gboolean asan_exclude_module(const GumModuleDetails *details, gpointer user_data) { - gchar * symbol_name = (gchar *)user_data; + gchar *symbol_name = (gchar *)user_data; GumAddress address; address = gum_module_find_export_by_name(details->name, symbol_name); diff --git a/frida_mode/src/asan/asan_arm64.c b/frida_mode/src/asan/asan_arm64.c index b2adfa52..94729939 100644 --- a/frida_mode/src/asan/asan_arm64.c +++ b/frida_mode/src/asan/asan_arm64.c @@ -22,8 +22,8 @@ asan_storeN_t asan_storeN = NULL; static void asan_callout(GumCpuContext *ctx, gpointer user_data) { - asan_ctx_t * asan_ctx = (asan_ctx_t *)user_data; - cs_arm64_op * operand = &asan_ctx->operand; + asan_ctx_t *asan_ctx = (asan_ctx_t *)user_data; + cs_arm64_op *operand = &asan_ctx->operand; arm64_op_mem *mem = &operand->mem; gsize base = 0; gsize index = 0; @@ -59,7 +59,7 @@ void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { cs_arm64 arm64 = instr->detail->arm64; cs_arm64_op *operand; - asan_ctx_t * ctx; + asan_ctx_t *ctx; if (!asan_initialized) return; diff --git a/frida_mode/src/asan/asan_x64.c b/frida_mode/src/asan/asan_x64.c index a287ea34..61ce7403 100644 --- a/frida_mode/src/asan/asan_x64.c +++ b/frida_mode/src/asan/asan_x64.c @@ -17,7 +17,7 @@ static void asan_callout(GumCpuContext *ctx, gpointer user_data) { UNUSED_PARAMETER(user_data); - cs_x86_op * operand = (cs_x86_op *)user_data; + cs_x86_op *operand = (cs_x86_op *)user_data; x86_op_mem *mem = &operand->mem; gsize base = 0; gsize index = 0; @@ -48,9 +48,9 @@ void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { UNUSED_PARAMETER(iterator); cs_x86 x86 = instr->detail->x86; - cs_x86_op * operand; + cs_x86_op *operand; x86_op_mem *mem; - cs_x86_op * ctx; + cs_x86_op *ctx; if (!asan_initialized) return; diff --git a/frida_mode/src/asan/asan_x86.c b/frida_mode/src/asan/asan_x86.c index 331d026b..d398c102 100644 --- a/frida_mode/src/asan/asan_x86.c +++ b/frida_mode/src/asan/asan_x86.c @@ -17,7 +17,7 @@ static void asan_callout(GumCpuContext *ctx, gpointer user_data) { UNUSED_PARAMETER(user_data); - cs_x86_op * operand = (cs_x86_op *)user_data; + cs_x86_op *operand = (cs_x86_op *)user_data; x86_op_mem *mem = &operand->mem; gsize base = 0; gsize index = 0; @@ -48,9 +48,9 @@ void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { UNUSED_PARAMETER(iterator); cs_x86 x86 = instr->detail->x86; - cs_x86_op * operand; + cs_x86_op *operand; x86_op_mem *mem; - cs_x86_op * ctx; + cs_x86_op *ctx; if (!asan_initialized) return; diff --git a/frida_mode/src/cmplog/cmplog.c b/frida_mode/src/cmplog/cmplog.c index 355df0b7..b752ac20 100644 --- a/frida_mode/src/cmplog/cmplog.c +++ b/frida_mode/src/cmplog/cmplog.c @@ -13,9 +13,9 @@ #define MAX_MEMFD_SIZE (64UL << 10) extern struct cmp_map *__afl_cmp_map; -static GArray * cmplog_ranges = NULL; -static GHashTable * hash_yes = NULL; -static GHashTable * hash_no = NULL; +static GArray *cmplog_ranges = NULL; +static GHashTable *hash_yes = NULL; +static GHashTable *hash_no = NULL; static long page_size = 0; static long page_offset_mask = 0; @@ -24,7 +24,7 @@ static long page_mask = 0; static gboolean cmplog_range(const GumRangeDetails *details, gpointer user_data) { - GArray * cmplog_ranges = (GArray *)user_data; + GArray *cmplog_ranges = (GArray *)user_data; GumMemoryRange range = *details->range; g_array_append_val(cmplog_ranges, range); return TRUE; @@ -118,7 +118,7 @@ gboolean cmplog_test_addr(guint64 addr, size_t size) { if (g_hash_table_contains(hash_yes, GSIZE_TO_POINTER(addr))) { return true; } if (g_hash_table_contains(hash_no, GSIZE_TO_POINTER(addr))) { return false; } - void * page_addr = GSIZE_TO_POINTER(addr & page_mask); + void *page_addr = GSIZE_TO_POINTER(addr & page_mask); size_t page_offset = addr & page_offset_mask; /* If it spans a page, then bail */ diff --git a/frida_mode/src/cmplog/cmplog_arm64.c b/frida_mode/src/cmplog/cmplog_arm64.c index 515a6256..5792cbfa 100644 --- a/frida_mode/src/cmplog/cmplog_arm64.c +++ b/frida_mode/src/cmplog/cmplog_arm64.c @@ -148,7 +148,7 @@ static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) { } static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, - cs_arm64_op * operand) { + cs_arm64_op *operand) { ctx->type = operand->type; switch (operand->type) { @@ -169,7 +169,7 @@ static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, } -static void cmplog_instrument_call(const cs_insn * instr, +static void cmplog_instrument_call(const cs_insn *instr, GumStalkerIterator *iterator) { cs_arm64 arm64 = instr->detail->arm64; @@ -247,8 +247,8 @@ static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) { } static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, - cs_arm64_op * operand1, - cs_arm64_op * operand2, + cs_arm64_op *operand1, + cs_arm64_op *operand2, size_t size) { cmplog_pair_ctx_t *ctx = g_malloc(sizeof(cmplog_pair_ctx_t)); @@ -263,7 +263,7 @@ static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, } -static void cmplog_instrument_cmp_sub(const cs_insn * instr, +static void cmplog_instrument_cmp_sub(const cs_insn *instr, GumStalkerIterator *iterator) { cs_arm64 arm64 = instr->detail->arm64; diff --git a/frida_mode/src/cmplog/cmplog_x64.c b/frida_mode/src/cmplog/cmplog_x64.c index 7d515336..17912648 100644 --- a/frida_mode/src/cmplog/cmplog_x64.c +++ b/frida_mode/src/cmplog/cmplog_x64.c @@ -141,7 +141,7 @@ static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) { } static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, - cs_x86_op * operand) { + cs_x86_op *operand) { ctx->type = operand->type; ctx->size = operand->size; @@ -163,7 +163,7 @@ static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, } -static void cmplog_instrument_call(const cs_insn * instr, +static void cmplog_instrument_call(const cs_insn *instr, GumStalkerIterator *iterator) { cs_x86 x86 = instr->detail->x86; @@ -230,7 +230,7 @@ static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) { } static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, - cs_x86_op * operand1, + cs_x86_op *operand1, cs_x86_op *operand2) { cmplog_pair_ctx_t *ctx = g_malloc(sizeof(cmplog_pair_ctx_t)); @@ -244,7 +244,7 @@ static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, } -static void cmplog_instrument_cmp_sub(const cs_insn * instr, +static void cmplog_instrument_cmp_sub(const cs_insn *instr, GumStalkerIterator *iterator) { cs_x86 x86 = instr->detail->x86; diff --git a/frida_mode/src/cmplog/cmplog_x86.c b/frida_mode/src/cmplog/cmplog_x86.c index 4a747417..a3a02457 100644 --- a/frida_mode/src/cmplog/cmplog_x86.c +++ b/frida_mode/src/cmplog/cmplog_x86.c @@ -146,7 +146,7 @@ static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) { } static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, - cs_x86_op * operand) { + cs_x86_op *operand) { ctx->type = operand->type; ctx->size = operand->size; @@ -168,7 +168,7 @@ static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, } -static void cmplog_instrument_call(const cs_insn * instr, +static void cmplog_instrument_call(const cs_insn *instr, GumStalkerIterator *iterator) { cs_x86 x86 = instr->detail->x86; @@ -238,7 +238,7 @@ static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) { } static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, - cs_x86_op * operand1, + cs_x86_op *operand1, cs_x86_op *operand2) { cmplog_pair_ctx_t *ctx = g_malloc(sizeof(cmplog_pair_ctx_t)); @@ -252,7 +252,7 @@ static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, } -static void cmplog_instrument_cmp_sub(const cs_insn * instr, +static void cmplog_instrument_cmp_sub(const cs_insn *instr, GumStalkerIterator *iterator) { cs_x86 x86 = instr->detail->x86; diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index 003c3d00..9ee7db2d 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -28,14 +28,14 @@ guint64 instrument_hash_seed = 0; gboolean instrument_use_fixed_seed = FALSE; guint64 instrument_fixed_seed = 0; -char * instrument_coverage_unstable_filename = NULL; +char *instrument_coverage_unstable_filename = NULL; gboolean instrument_coverage_insn = FALSE; static GumStalkerTransformer *transformer = NULL; static GumAddress previous_rip = 0; static GumAddress previous_end = 0; -static u8 * edges_notified = NULL; +static u8 *edges_notified = NULL; __thread guint64 instrument_previous_pc; __thread guint64 *instrument_previous_pc_addr = NULL; @@ -149,7 +149,7 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, } static void instrument_basic_block(GumStalkerIterator *iterator, - GumStalkerOutput * output, + GumStalkerOutput *output, gpointer user_data) { UNUSED_PARAMETER(user_data); @@ -157,7 +157,7 @@ static void instrument_basic_block(GumStalkerIterator *iterator, const cs_insn *instr; gboolean begin = TRUE; gboolean excluded; - block_ctx_t * ctx = NULL; + block_ctx_t *ctx = NULL; while (gum_stalker_iterator_next(iterator, &instr)) { diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index 80f3c26d..572b706c 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -14,7 +14,7 @@ gboolean instrument_is_coverage_optimize_supported(void) { } -void instrument_coverage_optimize(const cs_insn * instr, +void instrument_coverage_optimize(const cs_insn *instr, GumStalkerOutput *output) { UNUSED_PARAMETER(instr); @@ -23,7 +23,7 @@ void instrument_coverage_optimize(const cs_insn * instr, } -void instrument_coverage_optimize_insn(const cs_insn * instr, +void instrument_coverage_optimize_insn(const cs_insn *instr, GumStalkerOutput *output) { UNUSED_PARAMETER(instr); diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index fab9eee2..afc20f42 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -159,8 +159,8 @@ static gboolean instrument_is_deterministic(const cs_insn *from_insn) { static void instrument_coverage_switch(GumStalkerObserver *self, gpointer from_address, gpointer start_address, - const cs_insn * from_insn, - gpointer * target) { + const cs_insn *from_insn, + gpointer *target) { UNUSED_PARAMETER(self); UNUSED_PARAMETER(from_address); @@ -218,7 +218,7 @@ static void instrument_coverage_suppress_init(void) { if (initialized) { return; } initialized = true; - GumStalkerObserver * observer = stalker_get_observer(); + GumStalkerObserver *observer = stalker_get_observer(); GumStalkerObserverInterface *iface = GUM_STALKER_OBSERVER_GET_IFACE(observer); iface->switch_callback = instrument_coverage_switch; @@ -257,7 +257,7 @@ static void instrument_patch_ardp(guint32 *patch, GumAddress insn, } -void instrument_coverage_optimize(const cs_insn * instr, +void instrument_coverage_optimize(const cs_insn *instr, GumStalkerOutput *output) { afl_log_code code = {0}; @@ -345,7 +345,7 @@ void instrument_coverage_optimize(const cs_insn * instr, } -void instrument_coverage_optimize_insn(const cs_insn * instr, +void instrument_coverage_optimize_insn(const cs_insn *instr, GumStalkerOutput *output) { UNUSED_PARAMETER(instr); diff --git a/frida_mode/src/instrument/instrument_coverage.c b/frida_mode/src/instrument/instrument_coverage.c index ec421861..68842feb 100644 --- a/frida_mode/src/instrument/instrument_coverage.c +++ b/frida_mode/src/instrument/instrument_coverage.c @@ -17,7 +17,7 @@ static int unstable_coverage_fd = -1; static int unstable_coverage_pipes[2] = {-1, -1}; static uint64_t normal_coverage_last_start = 0; -static gchar * unstable_coverage_fuzzer_stats = NULL; +static gchar *unstable_coverage_fuzzer_stats = NULL; typedef struct { @@ -68,7 +68,7 @@ typedef struct { static gboolean coverage_range(const GumRangeDetails *details, gpointer user_data) { - GArray * coverage_ranges = (GArray *)user_data; + GArray *coverage_ranges = (GArray *)user_data; coverage_range_t coverage = {0}; if (details->file == NULL) { return TRUE; } @@ -210,8 +210,8 @@ static GArray *coverage_get_modules(void) { static void instrument_coverage_mark(void *key, void *value, void *user_data) { UNUSED_PARAMETER(key); - coverage_mark_ctx_t * ctx = (coverage_mark_ctx_t *)user_data; - GArray * coverage_modules = ctx->modules; + coverage_mark_ctx_t *ctx = (coverage_mark_ctx_t *)user_data; + GArray *coverage_modules = ctx->modules; normal_coverage_data_t *val = (normal_coverage_data_t *)value; guint i; @@ -426,7 +426,7 @@ static void instrument_coverage_normal_run() { static GArray *instrument_coverage_unstable_read_unstable_ids(void) { - gchar * contents = NULL; + gchar *contents = NULL; gsize length = 0; GArray *unstable_edge_ids = g_array_sized_new(false, false, sizeof(gpointer), 100); @@ -533,7 +533,7 @@ static GHashTable *instrument_collect_unstable_blocks( while (g_hash_table_iter_next(&iter, NULL, &value)) { unstable_coverage_data_t *unstable = (unstable_coverage_data_t *)value; - normal_coverage_data_t * from = + normal_coverage_data_t *from = gum_malloc0(sizeof(normal_coverage_data_t)); normal_coverage_data_t *to = gum_malloc0(sizeof(normal_coverage_data_t)); from->start = unstable->from; diff --git a/frida_mode/src/instrument/instrument_x64.c b/frida_mode/src/instrument/instrument_x64.c index a764b054..bfafe067 100644 --- a/frida_mode/src/instrument/instrument_x64.c +++ b/frida_mode/src/instrument/instrument_x64.c @@ -174,13 +174,13 @@ void instrument_coverage_optimize_init(void) { static void instrument_coverage_switch(GumStalkerObserver *self, gpointer from_address, gpointer start_address, - const cs_insn * from_insn, - gpointer * target) { + const cs_insn *from_insn, + gpointer *target) { UNUSED_PARAMETER(self); UNUSED_PARAMETER(from_address); - cs_x86 * x86; + cs_x86 *x86; cs_x86_op *op; if (from_insn == NULL) { return; } @@ -230,7 +230,7 @@ static void instrument_coverage_suppress_init(void) { if (initialized) { return; } initialized = true; - GumStalkerObserver * observer = stalker_get_observer(); + GumStalkerObserver *observer = stalker_get_observer(); GumStalkerObserverInterface *iface = GUM_STALKER_OBSERVER_GET_IFACE(observer); iface->switch_callback = instrument_coverage_switch; @@ -333,7 +333,7 @@ static void instrument_coverage_write(GumAddress address, } -void instrument_coverage_optimize(const cs_insn * instr, +void instrument_coverage_optimize(const cs_insn *instr, GumStalkerOutput *output) { GumX86Writer *cw = output->writer.x86; @@ -364,7 +364,7 @@ void instrument_coverage_optimize(const cs_insn * instr, } -void instrument_coverage_optimize_insn(const cs_insn * instr, +void instrument_coverage_optimize_insn(const cs_insn *instr, GumStalkerOutput *output) { GumX86Writer *cw = output->writer.x86; diff --git a/frida_mode/src/instrument/instrument_x64_cache.c b/frida_mode/src/instrument/instrument_x64_cache.c index f9901e2f..ef10e133 100644 --- a/frida_mode/src/instrument/instrument_x64_cache.c +++ b/frida_mode/src/instrument/instrument_x64_cache.c @@ -105,11 +105,11 @@ static gboolean instrument_cache_relocate(GumAddress old_pc, GumAddress new_pc, } -static void instrument_cache_rewrite_branch_insn(const cs_insn * instr, +static void instrument_cache_rewrite_branch_insn(const cs_insn *instr, GumStalkerOutput *output) { GumX86Writer *cw = output->writer.x86; - cs_x86 * x86 = &instr->detail->x86; + cs_x86 *x86 = &instr->detail->x86; guint8 modified[sizeof(instr->bytes)] = {0}; guint8 offset = 0; guint8 skip = 0; @@ -295,7 +295,7 @@ static void instrument_cache_write_lookup(GumX86Writer *cw) { void instrument_cache_jmp_call(const cs_insn *instr, GumStalkerOutput *output) { GumX86Writer *cw = output->writer.x86; - cs_x86 * x86 = &instr->detail->x86; + cs_x86 *x86 = &instr->detail->x86; if (x86->op_count != 1) { FFATAL("Unexpected operand count"); } @@ -362,7 +362,7 @@ void instrument_cache_jmp_call(const cs_insn *instr, GumStalkerOutput *output) { void instrument_cache_ret(const cs_insn *instr, GumStalkerOutput *output) { GumX86Writer *cw = output->writer.x86; - cs_x86 * x86 = &instr->detail->x86; + cs_x86 *x86 = &instr->detail->x86; guint16 n = 0; if (x86->op_count != 0) { diff --git a/frida_mode/src/instrument/instrument_x86.c b/frida_mode/src/instrument/instrument_x86.c index 1baa98ca..048daf32 100644 --- a/frida_mode/src/instrument/instrument_x86.c +++ b/frida_mode/src/instrument/instrument_x86.c @@ -86,14 +86,14 @@ gboolean instrument_is_coverage_optimize_supported(void) { static void instrument_coverage_switch(GumStalkerObserver *self, gpointer from_address, gpointer start_address, - const cs_insn * from_insn, - gpointer * target) { + const cs_insn *from_insn, + gpointer *target) { UNUSED_PARAMETER(self); UNUSED_PARAMETER(from_address); UNUSED_PARAMETER(start_address); - cs_x86 * x86; + cs_x86 *x86; cs_x86_op *op; if (from_insn == NULL) { return; } @@ -136,7 +136,7 @@ static void instrument_coverage_suppress_init(void) { if (initialized) { return; } initialized = true; - GumStalkerObserver * observer = stalker_get_observer(); + GumStalkerObserver *observer = stalker_get_observer(); GumStalkerObserverInterface *iface = GUM_STALKER_OBSERVER_GET_IFACE(observer); iface->switch_callback = instrument_coverage_switch; @@ -149,7 +149,7 @@ static void instrument_coverage_suppress_init(void) { } -void instrument_coverage_optimize(const cs_insn * instr, +void instrument_coverage_optimize(const cs_insn *instr, GumStalkerOutput *output) { afl_log_code code = {0}; @@ -223,7 +223,7 @@ void instrument_coverage_optimize(const cs_insn * instr, } -void instrument_coverage_optimize_insn(const cs_insn * instr, +void instrument_coverage_optimize_insn(const cs_insn *instr, GumStalkerOutput *output) { UNUSED_PARAMETER(instr); diff --git a/frida_mode/src/js/js.c b/frida_mode/src/js/js.c index 1ca2237f..6bc31864 100644 --- a/frida_mode/src/js/js.c +++ b/frida_mode/src/js/js.c @@ -7,16 +7,16 @@ gboolean js_done = FALSE; js_api_stalker_callback_t js_user_callback = NULL; js_main_hook_t js_main_hook = NULL; -static char * js_script = NULL; -static gchar * filename = "afl.js"; -static gchar * contents; -static GumScriptBackend * backend; -static GCancellable * cancellable = NULL; -static GError * error = NULL; -static GumScript * script; +static char *js_script = NULL; +static gchar *filename = "afl.js"; +static gchar *contents; +static GumScriptBackend *backend; +static GCancellable *cancellable = NULL; +static GError *error = NULL; +static GumScript *script; static GumScriptScheduler *scheduler; -static GMainContext * context; -static GMainLoop * main_loop; +static GMainContext *context; +static GMainLoop *main_loop; static void js_msg(GumScript *script, const gchar *message, GBytes *data, gpointer user_data) { diff --git a/frida_mode/src/lib/lib.c b/frida_mode/src/lib/lib.c index 39480ce9..d563b69b 100644 --- a/frida_mode/src/lib/lib.c +++ b/frida_mode/src/lib/lib.c @@ -69,8 +69,8 @@ static void lib_read_text_section(lib_details_t *lib_details, Elf_Ehdr *hdr) { Elf_Addr preferred_base; Elf_Shdr *shdr; Elf_Shdr *shstrtab; - char * shstr; - char * section_name; + char *shstr; + char *section_name; Elf_Shdr *curr; char text_name[] = ".text"; diff --git a/frida_mode/src/lib/lib_apple.c b/frida_mode/src/lib/lib_apple.c index 65c1d937..634e0e30 100644 --- a/frida_mode/src/lib/lib_apple.c +++ b/frida_mode/src/lib/lib_apple.c @@ -16,9 +16,9 @@ static gboolean lib_get_main_module(const GumModuleDetails *details, gpointer user_data) { GumDarwinModule **ret = (GumDarwinModule **)user_data; - GumDarwinModule * module = gum_darwin_module_new_from_memory( - details->path, mach_task_self(), details->range->base_address, - GUM_DARWIN_MODULE_FLAGS_NONE, NULL); + GumDarwinModule *module = gum_darwin_module_new_from_memory( + details->path, mach_task_self(), details->range->base_address, + GUM_DARWIN_MODULE_FLAGS_NONE, NULL); FVERBOSE("Found main module: %s", module->name); diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index bb6e4109..844c42b9 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -92,7 +92,7 @@ static void embedded_init(void) { static void afl_print_cmdline(void) { #if defined(__linux__) - char * buffer = g_malloc0(PROC_MAX); + char *buffer = g_malloc0(PROC_MAX); gchar *fname = g_strdup_printf("/proc/%d/cmdline", getppid()); int fd = open(fname, O_RDONLY); @@ -144,7 +144,7 @@ static void afl_print_cmdline(void) { static void afl_print_env(void) { - char * buffer = g_malloc0(PROC_MAX); + char *buffer = g_malloc0(PROC_MAX); gchar *fname = g_strdup_printf("/proc/%d/environ", getppid()); int fd = open(fname, O_RDONLY); diff --git a/frida_mode/src/module.c b/frida_mode/src/module.c index 60e69fec..4b6b2b3f 100644 --- a/frida_mode/src/module.c +++ b/frida_mode/src/module.c @@ -31,7 +31,7 @@ typedef struct { gboolean found_range(const GumRangeDetails *details, gpointer user_data) { gum_range_t range = {0}; - GArray * ranges = (GArray *)user_data; + GArray *ranges = (GArray *)user_data; range.range = *details->range; range.protection = details->protection; @@ -45,9 +45,9 @@ gboolean found_range(const GumRangeDetails *details, gpointer user_data) { #if defined(__linux__) && !defined(__ANDROID__) static int on_dlclose(void *handle) { - GArray * ranges = NULL; + GArray *ranges = NULL; struct link_map *lm = NULL; - gum_range_t * range = NULL; + gum_range_t *range = NULL; GumAddress base; GumAddress limit; gpointer mem; diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c index fbfc3833..565a2b8c 100644 --- a/frida_mode/src/persistent/persistent_arm64.c +++ b/frida_mode/src/persistent/persistent_arm64.c @@ -24,7 +24,7 @@ gboolean persistent_is_supported(void) { } -static void instrument_persitent_save_regs(GumArm64Writer * cw, +static void instrument_persitent_save_regs(GumArm64Writer *cw, persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); @@ -106,11 +106,12 @@ static void instrument_persitent_save_regs(GumArm64Writer * cw, /* Q */ for (int i = 0; i < 16; i++) { + gum_arm64_writer_put_stp_reg_reg_reg_offset( - cw, ARM64_REG_Q0 + (i*2), ARM64_REG_Q0 + (i*2) + 1, ARM64_REG_X0, - offsetof(GumCpuContext, v[i]), GUM_INDEX_SIGNED_OFFSET); - } + cw, ARM64_REG_Q0 + (i * 2), ARM64_REG_Q0 + (i * 2) + 1, ARM64_REG_X0, + offsetof(GumCpuContext, v[i]), GUM_INDEX_SIGNED_OFFSET); + } /* x0 & x1 */ gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, @@ -130,7 +131,7 @@ static void instrument_persitent_save_regs(GumArm64Writer * cw, } -static void instrument_persitent_restore_regs(GumArm64Writer * cw, +static void instrument_persitent_restore_regs(GumArm64Writer *cw, persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); @@ -197,9 +198,11 @@ static void instrument_persitent_restore_regs(GumArm64Writer * cw, /* Q */ for (int i = 0; i < 16; i++) { + gum_arm64_writer_put_ldp_reg_reg_reg_offset( - cw, ARM64_REG_Q0 + (i*2), ARM64_REG_Q0 + (i*2) + 1, ARM64_REG_X0, - offsetof(GumCpuContext, v[i]), GUM_INDEX_SIGNED_OFFSET); + cw, ARM64_REG_Q0 + (i * 2), ARM64_REG_Q0 + (i * 2) + 1, ARM64_REG_X0, + offsetof(GumCpuContext, v[i]), GUM_INDEX_SIGNED_OFFSET); + } /* x2 & x3 */ @@ -246,7 +249,7 @@ static void instrument_afl_persistent_loop(GumArm64Writer *cw) { } -static void persistent_prologue_hook(GumArm64Writer * cw, +static void persistent_prologue_hook(GumArm64Writer *cw, persistent_ctx_t *regs) { if (persistent_hook == NULL) return; diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index 8ec9204f..a8bed7be 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -25,7 +25,7 @@ gboolean persistent_is_supported(void) { } -static void instrument_persitent_save_regs(GumX86Writer * cw, +static void instrument_persitent_save_regs(GumX86Writer *cw, persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); @@ -101,7 +101,7 @@ static void instrument_persitent_save_regs(GumX86Writer * cw, } -static void instrument_persitent_restore_regs(GumX86Writer * cw, +static void instrument_persitent_restore_regs(GumX86Writer *cw, persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index 535679be..e9bde3d2 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -9,6 +9,7 @@ #if defined(__i386__) typedef struct { + GumCpuContext ctx; uint32_t eflags; @@ -19,11 +20,14 @@ static persistent_ctx_t saved_regs = {0}; static gpointer saved_ret = NULL; gboolean persistent_is_supported(void) { + return true; + } -static void instrument_persitent_save_regs(GumX86Writer * cw, +static void instrument_persitent_save_regs(GumX86Writer *cw, persistent_ctx_t *regs) { + GumAddress regs_address = GUM_ADDRESS(regs); /* Should be pushing FPU here, but meh */ @@ -72,10 +76,12 @@ static void instrument_persitent_save_regs(GumX86Writer * cw, /* Pop the saved values */ gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_ESP, GUM_X86_ESP, 0x8); + } -static void instrument_persitent_restore_regs(GumX86Writer * cw, +static void instrument_persitent_restore_regs(GumX86Writer *cw, persistent_ctx_t *regs) { + GumAddress regs_address = GUM_ADDRESS(regs); gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, regs_address); @@ -109,32 +115,42 @@ static void instrument_persitent_restore_regs(GumX86Writer * cw, gum_x86_writer_put_popfx(cw); gum_x86_writer_put_pop_reg(cw, GUM_X86_EAX); gum_x86_writer_put_pop_reg(cw, GUM_X86_EBX); + } static void instrument_exit(GumX86Writer *cw) { + gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, GUM_ADDRESS(_exit)); gum_x86_writer_put_mov_reg_u32(cw, GUM_X86_EDI, 0); gum_x86_writer_put_push_reg(cw, GUM_X86_EDI); gum_x86_writer_put_call_reg(cw, GUM_X86_EAX); + } static int instrument_afl_persistent_loop_func(void) { + int ret = __afl_persistent_loop(persistent_count); if (instrument_previous_pc_addr == NULL) { + FATAL("instrument_previous_pc_addr uninitialized"); + } *instrument_previous_pc_addr = instrument_hash_zero; return ret; + } static void instrument_afl_persistent_loop(GumX86Writer *cw) { + gum_x86_writer_put_call_address_with_arguments( cw, GUM_CALL_CAPI, GUM_ADDRESS(instrument_afl_persistent_loop_func), 0); gum_x86_writer_put_test_reg_reg(cw, GUM_X86_EAX, GUM_X86_EAX); + } static void persistent_prologue_hook(GumX86Writer *cw, persistent_ctx_t *regs) { + if (persistent_hook == NULL) return; gum_x86_writer_put_mov_reg_address(cw, GUM_X86_ECX, @@ -151,9 +167,11 @@ static void persistent_prologue_hook(GumX86Writer *cw, persistent_ctx_t *regs) { cw, GUM_CALL_CAPI, GUM_ADDRESS(persistent_hook), 3, GUM_ARG_ADDRESS, GUM_ADDRESS(®s->ctx), GUM_ARG_REGISTER, GUM_X86_EDX, GUM_ARG_REGISTER, GUM_X86_ECX); + } static void instrument_persitent_save_ret(GumX86Writer *cw) { + /* Stack usage by this function */ gssize offset = (3 * 4); @@ -169,9 +187,11 @@ static void instrument_persitent_save_ret(GumX86Writer *cw) { gum_x86_writer_put_pop_reg(cw, GUM_X86_EBX); gum_x86_writer_put_pop_reg(cw, GUM_X86_EAX); gum_x86_writer_put_popfx(cw); + } void persistent_prologue_arch(GumStalkerOutput *output) { + /* * SAVE REGS * SAVE RET @@ -234,15 +254,19 @@ void persistent_prologue_arch(GumStalkerOutput *output) { instrument_persitent_save_ret(cw); if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } + } void persistent_epilogue_arch(GumStalkerOutput *output) { + GumX86Writer *cw = output->writer.x86; if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, GUM_ADDRESS(&saved_ret)); gum_x86_writer_put_jmp_reg_ptr(cw, GUM_X86_EAX); + } #endif + diff --git a/frida_mode/src/prefetch.c b/frida_mode/src/prefetch.c index 59bfecc2..5621a685 100644 --- a/frida_mode/src/prefetch.c +++ b/frida_mode/src/prefetch.c @@ -19,7 +19,7 @@ typedef struct { size_t count; - void * entry[PREFETCH_ENTRIES]; + void *entry[PREFETCH_ENTRIES]; guint8 backpatch_data[BP_SIZE]; gsize backpatch_size; @@ -173,7 +173,7 @@ static void prefetch_read_blocks(void) { static void prefetch_read_patches(void) { gsize offset = 0; - GumStalker * stalker = stalker_get(); + GumStalker *stalker = stalker_get(); GumBackpatch *backpatch = NULL; for (gsize remaining = prefetch_data->backpatch_size - offset; @@ -319,7 +319,7 @@ void prefetch_init(void) { if (!prefetch_backpatch) { return; } - GumStalkerObserver * observer = stalker_get_observer(); + GumStalkerObserver *observer = stalker_get_observer(); GumStalkerObserverInterface *iface = GUM_STALKER_OBSERVER_GET_IFACE(observer); iface->notify_backpatch = gum_afl_stalker_backpatcher_notify; diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c index d47d1c14..72cb9730 100644 --- a/frida_mode/src/ranges.c +++ b/frida_mode/src/ranges.c @@ -9,7 +9,7 @@ typedef struct { - gchar * suffix; + gchar *suffix; GumMemoryRange *range; gboolean done; @@ -135,7 +135,7 @@ static gboolean convert_name_token_for_module(const GumModuleDetails *details, static void convert_name_token(gchar *token, GumMemoryRange *range) { - gchar * suffix = g_strconcat("/", token, NULL); + gchar *suffix = g_strconcat("/", token, NULL); convert_name_ctx_t ctx = {.suffix = suffix, .range = range, .done = false}; gum_process_enumerate_modules(convert_name_token_for_module, &ctx); @@ -235,7 +235,7 @@ static void print_ranges(char *key, GArray *ranges) { static gboolean collect_module_ranges_callback(const GumRangeDetails *details, gpointer user_data) { - GArray * ranges = (GArray *)user_data; + GArray *ranges = (GArray *)user_data; GumMemoryRange range = *details->range; g_array_append_val(ranges, range); return TRUE; @@ -292,12 +292,12 @@ void ranges_add_exclude(GumMemoryRange *range) { static GArray *collect_ranges(char *env_key) { - char * env_val; - gchar ** tokens; + char *env_val; + gchar **tokens; int token_count; GumMemoryRange range; int i; - GArray * result; + GArray *result; result = g_array_new(false, false, sizeof(GumMemoryRange)); @@ -330,7 +330,7 @@ static GArray *collect_ranges(char *env_key) { static GArray *collect_libs_ranges(void) { - GArray * result; + GArray *result; GumMemoryRange range; result = g_array_new(false, false, sizeof(GumMemoryRange)); @@ -422,7 +422,7 @@ static gboolean intersect_range(GumMemoryRange *rr, GumMemoryRange *ra, static GArray *intersect_ranges(GArray *a, GArray *b) { - GArray * result; + GArray *result; GumMemoryRange *ra; GumMemoryRange *rb; GumMemoryRange ri; @@ -452,7 +452,7 @@ static GArray *intersect_ranges(GArray *a, GArray *b) { static GArray *subtract_ranges(GArray *a, GArray *b) { - GArray * result; + GArray *result; GumMemoryRange *ra; GumAddress ral; GumMemoryRange *rb; @@ -528,7 +528,7 @@ static GArray *subtract_ranges(GArray *a, GArray *b) { static GArray *merge_ranges(GArray *a) { - GArray * result; + GArray *result; GumMemoryRange rp; GumMemoryRange *r; @@ -585,11 +585,11 @@ void ranges_config(void) { void ranges_init(void) { GumMemoryRange ri; - GArray * step1; - GArray * step2; - GArray * step3; - GArray * step4; - GArray * step5; + GArray *step1; + GArray *step2; + GArray *step3; + GArray *step4; + GArray *step5; FOKF(cBLU "Ranges" cRST " - " cGRN "instrument jit:" cYEL " [%c]", ranges_inst_jit ? 'X' : ' '); @@ -669,7 +669,7 @@ gboolean range_is_excluded(GumAddress address) { void ranges_exclude() { GumMemoryRange *r; - GumStalker * stalker = stalker_get(); + GumStalker *stalker = stalker_get(); FVERBOSE("Excluding ranges"); diff --git a/frida_mode/src/seccomp/seccomp_callback.c b/frida_mode/src/seccomp/seccomp_callback.c index c86e753f..8d3c8af0 100644 --- a/frida_mode/src/seccomp/seccomp_callback.c +++ b/frida_mode/src/seccomp/seccomp_callback.c @@ -8,9 +8,9 @@ #include "seccomp.h" #include "util.h" -static void seccomp_callback_filter(struct seccomp_notif * req, +static void seccomp_callback_filter(struct seccomp_notif *req, struct seccomp_notif_resp *resp, - GumReturnAddressArray * frames) { + GumReturnAddressArray *frames) { GumDebugSymbolDetails details = {0}; if (req->data.nr == SYS_OPENAT) { @@ -54,7 +54,7 @@ static void seccomp_callback_filter(struct seccomp_notif * req, free(syms); #else void **syms = (void **)__builtin_frame_address(0); - void * framep = __builtin_frame_address(1); + void *framep = __builtin_frame_address(1); int i = 0; syms = framep; diff --git a/frida_mode/src/seccomp/seccomp_child.c b/frida_mode/src/seccomp/seccomp_child.c index c02ef67c..493aafcf 100644 --- a/frida_mode/src/seccomp/seccomp_child.c +++ b/frida_mode/src/seccomp/seccomp_child.c @@ -21,7 +21,7 @@ typedef struct { seccomp_child_func_t func; int event_fd; - void * ctx; + void *ctx; } seccomp_child_func_ctx_t; diff --git a/frida_mode/src/seccomp/seccomp_filter.c b/frida_mode/src/seccomp/seccomp_filter.c index 075d793a..c96b919c 100644 --- a/frida_mode/src/seccomp/seccomp_filter.c +++ b/frida_mode/src/seccomp/seccomp_filter.c @@ -129,7 +129,7 @@ static volatile bool seccomp_filter_child_done = false; static pid_t seccomp_filter_child = -1; static GumCpuContext seccomp_filter_cpu_context = {0}; static GumReturnAddressArray seccomp_filter_frames = {.len = 0, .items = {0}}; -static GumBacktracer * seccomp_filter_backtracer = NULL; +static GumBacktracer *seccomp_filter_backtracer = NULL; static void seccomp_filter_child_handler(int sig, siginfo_t *info, void *ucontext) { @@ -209,7 +209,7 @@ int seccomp_filter_install(pid_t child) { void seccomp_filter_run(int fd, seccomp_filter_callback_t callback) { - struct seccomp_notif * req = NULL; + struct seccomp_notif *req = NULL; struct seccomp_notif_resp *resp = NULL; struct seccomp_notif_sizes sizes; diff --git a/frida_mode/src/seccomp/seccomp_socket.c b/frida_mode/src/seccomp/seccomp_socket.c index a01e88ee..fbedbc75 100644 --- a/frida_mode/src/seccomp/seccomp_socket.c +++ b/frida_mode/src/seccomp/seccomp_socket.c @@ -59,9 +59,9 @@ void seccomp_socket_send(int sockfd, int fd) { struct iovec iov = {.iov_base = &data, .iov_len = sizeof(data)}; union cmsg control_msg = {.hdr = { - .cmsg_len = CMSG_LEN(sizeof(int)), - .cmsg_level = SOL_SOCKET, - .cmsg_type = SCM_RIGHTS, + .cmsg_len = CMSG_LEN(sizeof(int)), + .cmsg_level = SOL_SOCKET, + .cmsg_type = SCM_RIGHTS, }}; diff --git a/frida_mode/src/stalker.c b/frida_mode/src/stalker.c index ddc17b81..5abda34a 100644 --- a/frida_mode/src/stalker.c +++ b/frida_mode/src/stalker.c @@ -74,7 +74,7 @@ static gboolean stalker_exclude_self(const GumRangeDetails *details, gpointer user_data) { UNUSED_PARAMETER(user_data); - gchar * name; + gchar *name; gboolean found; GumStalker *stalker; if (details->file == NULL) { return TRUE; } diff --git a/frida_mode/src/stats/stats.c b/frida_mode/src/stats/stats.c index 39aca0db..af08cd71 100644 --- a/frida_mode/src/stats/stats.c +++ b/frida_mode/src/stats/stats.c @@ -16,7 +16,7 @@ #define MICRO_TO_SEC 1000000 -char * stats_filename = NULL; +char *stats_filename = NULL; guint64 stats_interval = 0; static guint64 stats_interval_us = 0; static int stats_fd = -1; @@ -41,8 +41,8 @@ void stats_write(void) { stats_data->curr.stats_time = current_time; GDateTime *date_time = g_date_time_new_now_local(); - char * date_string = g_date_time_format(date_time, "%Y-%m-%d"); - char * time_string = g_date_time_format(date_time, "%H:%M:%S"); + char *date_string = g_date_time_format(date_time, "%Y-%m-%d"); + char *time_string = g_date_time_format(date_time, "%H:%M:%S"); guint elapsed = (stats_data->curr.stats_time - stats_data->prev.stats_time) / MICRO_TO_SEC; diff --git a/frida_mode/src/stats/stats_x86_64.c b/frida_mode/src/stats/stats_x86_64.c index 0bfe3baa..761ca133 100644 --- a/frida_mode/src/stats/stats_x86_64.c +++ b/frida_mode/src/stats/stats_x86_64.c @@ -248,7 +248,7 @@ void stats_write_arch(stats_data_t *data) { static x86_op_type stats_get_operand_type(const cs_insn *instr) { - cs_x86 * x86 = &instr->detail->x86; + cs_x86 *x86 = &instr->detail->x86; cs_x86_op *operand; if (x86->op_count != 1) { @@ -266,7 +266,7 @@ static x86_op_type stats_get_operand_type(const cs_insn *instr) { static void stats_collect_call_imm_excluded_arch(const cs_insn *instr) { - cs_x86 * x86 = &instr->detail->x86; + cs_x86 *x86 = &instr->detail->x86; cs_x86_op *operand = &x86->operands[0]; if (range_is_excluded(GUM_ADDRESS(operand->imm))) { diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index ce42a107..061076ed 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -188,7 +188,7 @@ struct queue_entry { u8 *testcase_buf; /* The testcase buffer, if loaded. */ - u8 * cmplog_colorinput; /* the result buf of colorization */ + u8 *cmplog_colorinput; /* the result buf of colorization */ struct tainted *taint; /* Taint information from CmpLog */ struct queue_entry *mother; /* queue entry this based on */ @@ -341,18 +341,18 @@ typedef struct py_mutator { PyObject *py_module; PyObject *py_functions[PY_FUNC_COUNT]; - void * afl_state; - void * py_data; + void *afl_state; + void *py_data; - u8 * fuzz_buf; + u8 *fuzz_buf; size_t fuzz_size; Py_buffer post_process_buf; - u8 * trim_buf; + u8 *trim_buf; size_t trim_size; - u8 * havoc_buf; + u8 *havoc_buf; size_t havoc_size; } py_mutator_t; @@ -361,13 +361,13 @@ typedef struct py_mutator { typedef struct MOpt_globals { - u64 * finds; - u64 * finds_v2; - u64 * cycles; - u64 * cycles_v2; - u64 * cycles_v3; + u64 *finds; + u64 *finds_v2; + u64 *cycles; + u64 *cycles_v2; + u64 *cycles_v3; u32 is_pilot_mode; - u64 * pTime; + u64 *pTime; u64 period; char *havoc_stagename; char *splice_stageformat; @@ -406,7 +406,7 @@ struct afl_pass_stat { struct foreign_sync { - u8 * dir; + u8 *dir; time_t mtime; }; @@ -418,7 +418,7 @@ typedef struct afl_state { afl_forkserver_t fsrv; sharedmem_t shm; - sharedmem_t * shm_fuzz; + sharedmem_t *shm_fuzz; afl_env_vars_t afl_env; char **argv; /* argv if needed */ @@ -529,7 +529,7 @@ typedef struct afl_state { *virgin_crash; /* Bits we haven't seen in crashes */ double *alias_probability; /* alias weighted probabilities */ - u32 * alias_table; /* alias weighted random lookup table */ + u32 *alias_table; /* alias weighted random lookup table */ u32 active_items; /* enabled entries in the queue */ u8 *var_bytes; /* Bytes that appear to be variable */ @@ -643,7 +643,7 @@ typedef struct afl_state { /* CmpLog */ - char * cmplog_binary; + char *cmplog_binary; afl_forkserver_t cmplog_fsrv; /* cmplog has its own little forkserver */ /* Custom mutators */ @@ -658,7 +658,7 @@ typedef struct afl_state { u8 cmplog_enable_arith, cmplog_enable_transform; struct afl_pass_stat *pass_stats; - struct cmp_map * orig_cmp_map; + struct cmp_map *orig_cmp_map; u8 describe_op_buf_256[256]; /* describe_op will use this to return a string up to 256 */ @@ -690,9 +690,9 @@ typedef struct afl_state { u64 statsd_last_send_ms; struct sockaddr_in statsd_server; int statsd_sock; - char * statsd_tags_flavor; - char * statsd_tags_format; - char * statsd_metric_format; + char *statsd_tags_flavor; + char *statsd_tags_format; + char *statsd_metric_format; int statsd_metric_format_type; double stats_avg_exec; @@ -770,9 +770,9 @@ typedef struct afl_state { struct custom_mutator { const char *name; - char * name_short; - void * dh; - u8 * post_process_buf; + char *name_short; + void *dh; + u8 *post_process_buf; u8 stacked_custom_prob, stacked_custom; void *data; /* custom mutator data ptr */ diff --git a/include/common.h b/include/common.h index 896c5fb2..a983bb0e 100644 --- a/include/common.h +++ b/include/common.h @@ -49,7 +49,7 @@ void argv_cpy_free(char **argv); char **get_cs_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv); char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv); char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv); -char * get_afl_env(char *env); +char *get_afl_env(char *env); /* Extract env vars from input string and set them using setenv() For use with AFL_TARGET_ENV, ... */ diff --git a/include/debug.h b/include/debug.h index c2f20f0f..566b1d00 100644 --- a/include/debug.h +++ b/include/debug.h @@ -192,7 +192,7 @@ static inline const char *colorfilter(const char *x) { if (likely(disabled)) return x; static char monochromestring[4096]; - char * d = monochromestring; + char *d = monochromestring; int in_seq = 0; while (*x) { diff --git a/include/forkserver.h b/include/forkserver.h index 5b66e7ec..59ce0ee7 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -150,7 +150,7 @@ typedef struct afl_forkserver { #ifdef AFL_PERSISTENT_RECORD u32 persistent_record_idx; /* persistent replay cache ptr */ u32 persistent_record_cnt; /* persistent replay counter */ - u8 * persistent_record_dir; + u8 *persistent_record_dir; u8 **persistent_record_data; u32 *persistent_record_len; s32 persistent_record_pid; @@ -168,14 +168,14 @@ typedef struct afl_forkserver { #ifdef __linux__ nyx_plugin_handler_t *nyx_handlers; - char * out_dir_path; /* path to the output directory */ + char *out_dir_path; /* path to the output directory */ u8 nyx_mode; /* if running in nyx mode or not */ bool nyx_parent; /* create initial snapshot */ bool nyx_standalone; /* don't serialize the snapshot */ - void * nyx_runner; /* nyx runner object */ + void *nyx_runner; /* nyx runner object */ u32 nyx_id; /* nyx runner id (0 -> master) */ u32 nyx_bind_cpu_id; /* nyx runner cpu id */ - char * nyx_aux_string; + char *nyx_aux_string; #endif } afl_forkserver_t; diff --git a/include/list.h b/include/list.h index a6223564..72bef749 100644 --- a/include/list.h +++ b/include/list.h @@ -43,7 +43,7 @@ typedef struct list_element { struct list_element *prev; struct list_element *next; - void * data; + void *data; } element_t; @@ -102,7 +102,7 @@ static inline void list_append(list_t *list, void *el) { #define LIST_FOREACH(list, type, block) \ do { \ \ - list_t * li = (list); \ + list_t *li = (list); \ element_t *head = get_head((li)); \ element_t *el_box = (head)->next; \ if (!el_box) FATAL("foreach over uninitialized list"); \ diff --git a/include/sharedmem.h b/include/sharedmem.h index e646b73f..fbe68abe 100644 --- a/include/sharedmem.h +++ b/include/sharedmem.h @@ -56,7 +56,7 @@ typedef struct sharedmem { } sharedmem_t; -u8 * afl_shm_init(sharedmem_t *, size_t, unsigned char non_instrumented_mode); +u8 *afl_shm_init(sharedmem_t *, size_t, unsigned char non_instrumented_mode); void afl_shm_deinit(sharedmem_t *); #endif diff --git a/include/xxhash.h b/include/xxhash.h index 4f101003..4cabc884 100644 --- a/include/xxhash.h +++ b/include/xxhash.h @@ -510,7 +510,7 @@ XXH_PUBLIC_API XXH_errorcode XXH32_freeState(XXH32_state_t *statePtr); * @pre * @p dst_state and @p src_state must not be `NULL` and must not overlap. */ -XXH_PUBLIC_API void XXH32_copyState(XXH32_state_t * dst_state, +XXH_PUBLIC_API void XXH32_copyState(XXH32_state_t *dst_state, const XXH32_state_t *src_state); /*! @@ -742,10 +742,10 @@ XXH_PUBLIC_API XXH64_hash_t XXH64(const void *input, size_t length, * * @see XXH64_state_s for details. */ -typedef struct XXH64_state_s XXH64_state_t; /* incomplete type */ +typedef struct XXH64_state_s XXH64_state_t; /* incomplete type */ XXH_PUBLIC_API XXH64_state_t *XXH64_createState(void); XXH_PUBLIC_API XXH_errorcode XXH64_freeState(XXH64_state_t *statePtr); -XXH_PUBLIC_API void XXH64_copyState(XXH64_state_t * dst_state, +XXH_PUBLIC_API void XXH64_copyState(XXH64_state_t *dst_state, const XXH64_state_t *src_state); XXH_PUBLIC_API XXH_errorcode XXH64_reset(XXH64_state_t *statePtr, @@ -870,10 +870,10 @@ XXH_PUBLIC_API XXH64_hash_t XXH3_64bits_withSecret(const void *data, size_t len, * * @see XXH3_state_s for details. */ -typedef struct XXH3_state_s XXH3_state_t; +typedef struct XXH3_state_s XXH3_state_t; XXH_PUBLIC_API XXH3_state_t *XXH3_createState(void); XXH_PUBLIC_API XXH_errorcode XXH3_freeState(XXH3_state_t *statePtr); -XXH_PUBLIC_API void XXH3_copyState(XXH3_state_t * dst_state, +XXH_PUBLIC_API void XXH3_copyState(XXH3_state_t *dst_state, const XXH3_state_t *src_state); /* @@ -902,7 +902,7 @@ XXH_PUBLIC_API XXH_errorcode XXH3_64bits_reset_withSecret( XXH3_state_t *statePtr, const void *secret, size_t secretSize); XXH_PUBLIC_API XXH_errorcode XXH3_64bits_update(XXH3_state_t *statePtr, - const void * input, + const void *input, size_t length); XXH_PUBLIC_API XXH64_hash_t XXH3_64bits_digest(const XXH3_state_t *statePtr); @@ -955,7 +955,7 @@ XXH_PUBLIC_API XXH_errorcode XXH3_128bits_reset_withSecret( XXH3_state_t *statePtr, const void *secret, size_t secretSize); XXH_PUBLIC_API XXH_errorcode XXH3_128bits_update(XXH3_state_t *statePtr, - const void * input, + const void *input, size_t length); XXH_PUBLIC_API XXH128_hash_t XXH3_128bits_digest(const XXH3_state_t *statePtr); @@ -1229,7 +1229,7 @@ struct XXH3_state_s { * `secretBuffer`. When customSeedSize > 0, supplying NULL as customSeed is * undefined behavior. */ -XXH_PUBLIC_API void XXH3_generateSecret(void * secretBuffer, +XXH_PUBLIC_API void XXH3_generateSecret(void *secretBuffer, const void *customSeed, size_t customSeedSize); @@ -1951,7 +1951,7 @@ static xxh_u32 XXH_readBE32(const void *ptr) { #endif -XXH_FORCE_INLINE xxh_u32 XXH_readLE32_align(const void * ptr, +XXH_FORCE_INLINE xxh_u32 XXH_readLE32_align(const void *ptr, XXH_alignment align) { if (align == XXH_unaligned) { @@ -2317,7 +2317,7 @@ XXH_PUBLIC_API XXH_errorcode XXH32_freeState(XXH32_state_t *statePtr) { } /*! @ingroup xxh32_family */ -XXH_PUBLIC_API void XXH32_copyState(XXH32_state_t * dstState, +XXH_PUBLIC_API void XXH32_copyState(XXH32_state_t *dstState, const XXH32_state_t *srcState) { memcpy(dstState, srcState, sizeof(*dstState)); @@ -2355,7 +2355,7 @@ XXH_PUBLIC_API XXH_errorcode XXH32_update(XXH32_state_t *state, { - const xxh_u8 * p = (const xxh_u8 *)input; + const xxh_u8 *p = (const xxh_u8 *)input; const xxh_u8 *const bEnd = p + len; state->total_len_32 += (XXH32_hash_t)len; @@ -2625,7 +2625,7 @@ static xxh_u64 XXH_readBE64(const void *ptr) { #endif -XXH_FORCE_INLINE xxh_u64 XXH_readLE64_align(const void * ptr, +XXH_FORCE_INLINE xxh_u64 XXH_readLE64_align(const void *ptr, XXH_alignment align) { if (align == XXH_unaligned) @@ -2852,7 +2852,7 @@ XXH_PUBLIC_API XXH_errorcode XXH64_freeState(XXH64_state_t *statePtr) { } /*! @ingroup xxh64_family */ -XXH_PUBLIC_API void XXH64_copyState(XXH64_state_t * dstState, +XXH_PUBLIC_API void XXH64_copyState(XXH64_state_t *dstState, const XXH64_state_t *srcState) { memcpy(dstState, srcState, sizeof(*dstState)); @@ -2890,7 +2890,7 @@ XXH_PUBLIC_API XXH_errorcode XXH64_update(XXH64_state_t *state, { - const xxh_u8 * p = (const xxh_u8 *)input; + const xxh_u8 *p = (const xxh_u8 *)input; const xxh_u8 *const bEnd = p + len; state->total_len += len; @@ -4268,7 +4268,7 @@ XXH_FORCE_INLINE XXH_TARGET_AVX512 void XXH3_initCustomSecret_avx512( union { const __m512i *cp; - void * p; + void *p; } remote_const_void; @@ -4385,7 +4385,7 @@ XXH_FORCE_INLINE XXH_TARGET_AVX2 void XXH3_initCustomSecret_avx2( (xxh_i64)(0U - seed64), (xxh_i64)seed64); const __m256i *const src = (const __m256i *)((const void *)XXH3_kSecret); - __m256i * dest = (__m256i *)customSecret; + __m256i *dest = (__m256i *)customSecret; #if defined(__GNUC__) || defined(__clang__) /* @@ -4519,7 +4519,7 @@ XXH_FORCE_INLINE XXH_TARGET_SSE2 void XXH3_initCustomSecret_sse2( int i; const void *const src16 = XXH3_kSecret; - __m128i * dst16 = (__m128i *)customSecret; + __m128i *dst16 = (__m128i *)customSecret; #if defined(__GNUC__) || defined(__clang__) /* * On GCC & Clang, marking 'dest' as modified will cause the compiler: @@ -4594,7 +4594,7 @@ XXH_FORCE_INLINE void XXH3_scrambleAcc_neon(void *XXH_RESTRICT acc, { - uint64x2_t * xacc = (uint64x2_t *)acc; + uint64x2_t *xacc = (uint64x2_t *)acc; uint8_t const *xsecret = (uint8_t const *)secret; uint32x2_t prime = vdup_n_u32(XXH_PRIME32_1); @@ -5106,7 +5106,7 @@ XXH_FORCE_INLINE XXH64_hash_t XXH3_hashLong_64b_withSeed_internal( /* * It's important for performance that XXH3_hashLong is not inlined. */ -XXH_NO_INLINE XXH64_hash_t XXH3_hashLong_64b_withSeed(const void * input, +XXH_NO_INLINE XXH64_hash_t XXH3_hashLong_64b_withSeed(const void *input, size_t len, XXH64_hash_t seed, const xxh_u8 *secret, @@ -5277,7 +5277,7 @@ XXH_PUBLIC_API XXH_errorcode XXH3_freeState(XXH3_state_t *statePtr) { } /*! @ingroup xxh3_family */ -XXH_PUBLIC_API void XXH3_copyState(XXH3_state_t * dst_state, +XXH_PUBLIC_API void XXH3_copyState(XXH3_state_t *dst_state, const XXH3_state_t *src_state) { memcpy(dst_state, src_state, sizeof(*dst_state)); @@ -5482,8 +5482,8 @@ XXH_PUBLIC_API XXH_errorcode XXH3_64bits_update(XXH3_state_t *state, } -XXH_FORCE_INLINE void XXH3_digest_long(XXH64_hash_t * acc, - const XXH3_state_t * state, +XXH_FORCE_INLINE void XXH3_digest_long(XXH64_hash_t *acc, + const XXH3_state_t *state, const unsigned char *secret) { /* @@ -5545,7 +5545,7 @@ XXH_PUBLIC_API XXH64_hash_t XXH3_64bits_digest(const XXH3_state_t *state) { #define XXH_MIN(x, y) (((x) > (y)) ? (y) : (x)) /*! @ingroup xxh3_family */ -XXH_PUBLIC_API void XXH3_generateSecret(void * secretBuffer, +XXH_PUBLIC_API void XXH3_generateSecret(void *secretBuffer, const void *customSeed, size_t customSeedSize) { @@ -6081,7 +6081,7 @@ XXH_PUBLIC_API XXH128_hash_t XXH3_128bits_withSecret(const void *input, } /*! @ingroup xxh3_family */ -XXH_PUBLIC_API XXH128_hash_t XXH3_128bits_withSeed(const void * input, +XXH_PUBLIC_API XXH128_hash_t XXH3_128bits_withSeed(const void *input, size_t len, XXH64_hash_t seed) { @@ -6142,7 +6142,7 @@ XXH_PUBLIC_API XXH_errorcode XXH3_128bits_reset_withSeed(XXH3_state_t *statePtr, /*! @ingroup xxh3_family */ XXH_PUBLIC_API XXH_errorcode XXH3_128bits_update(XXH3_state_t *state, - const void * input, + const void *input, size_t len) { return XXH3_update(state, (const xxh_u8 *)input, len, XXH3_accumulate_512, diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index f976f48a..721bc487 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -182,7 +182,7 @@ class ModuleSanitizerCoverageLTO private: void instrumentFunction(Function &F, DomTreeCallback DTCallback, PostDomTreeCallback PDTCallback); - void InjectCoverageForIndirectCalls(Function & F, + void InjectCoverageForIndirectCalls(Function &F, ArrayRef<Instruction *> IndirCalls); bool InjectCoverage(Function &F, ArrayRef<BasicBlock *> AllBlocks, bool IsLeafFunc = true); @@ -211,10 +211,10 @@ class ModuleSanitizerCoverageLTO FunctionCallee SanCovTracePC /*, SanCovTracePCGuard*/; Type *IntptrTy, *IntptrPtrTy, *Int64Ty, *Int64PtrTy, *Int32Ty, *Int32PtrTy, *Int16Ty, *Int8Ty, *Int8PtrTy, *Int1Ty, *Int1PtrTy; - Module * CurModule; + Module *CurModule; std::string CurModuleUniqueId; Triple TargetTriple; - LLVMContext * C; + LLVMContext *C; const DataLayout *DL; GlobalVariable *FunctionGuardArray; // for trace-pc-guard. @@ -235,20 +235,20 @@ class ModuleSanitizerCoverageLTO uint32_t unhandled = 0; uint32_t select_cnt = 0; uint64_t map_addr = 0; - const char * skip_nozero = NULL; - const char * use_threadsafe_counters = nullptr; + const char *skip_nozero = NULL; + const char *use_threadsafe_counters = nullptr; std::vector<BasicBlock *> BlockList; DenseMap<Value *, std::string *> valueMap; std::vector<std::string> dictionary; - IntegerType * Int8Tyi = NULL; - IntegerType * Int32Tyi = NULL; - IntegerType * Int64Tyi = NULL; - ConstantInt * Zero = NULL; - ConstantInt * One = NULL; - LLVMContext * Ct = NULL; - Module * Mo = NULL; - GlobalVariable * AFLMapPtr = NULL; - Value * MapPtrFixed = NULL; + IntegerType *Int8Tyi = NULL; + IntegerType *Int32Tyi = NULL; + IntegerType *Int64Tyi = NULL; + ConstantInt *Zero = NULL; + ConstantInt *One = NULL; + LLVMContext *Ct = NULL; + Module *Mo = NULL; + GlobalVariable *AFLMapPtr = NULL; + Value *MapPtrFixed = NULL; std::ofstream dFile; size_t found = 0; // afl++ END @@ -330,12 +330,12 @@ llvmGetPassPluginInfo() { } -PreservedAnalyses ModuleSanitizerCoverageLTO::run(Module & M, +PreservedAnalyses ModuleSanitizerCoverageLTO::run(Module &M, ModuleAnalysisManager &MAM) { ModuleSanitizerCoverageLTO ModuleSancov(Options); auto &FAM = MAM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager(); - auto DTCallback = [&FAM](Function &F) -> const DominatorTree * { + auto DTCallback = [&FAM](Function &F) -> const DominatorTree *{ return &FAM.getResult<DominatorTreeAnalysis>(F); @@ -380,7 +380,7 @@ bool ModuleSanitizerCoverageLTO::instrumentModule( FunctionPCsArray = nullptr; IntptrTy = Type::getIntNTy(*C, DL->getPointerSizeInBits()); IntptrPtrTy = PointerType::getUnqual(IntptrTy); - Type * VoidTy = Type::getVoidTy(*C); + Type *VoidTy = Type::getVoidTy(*C); IRBuilder<> IRB(*C); Int64PtrTy = PointerType::getUnqual(IRB.getInt64Ty()); Int32PtrTy = PointerType::getUnqual(IRB.getInt32Ty()); @@ -393,7 +393,7 @@ bool ModuleSanitizerCoverageLTO::instrumentModule( Int1Ty = IRB.getInt1Ty(); /* afl++ START */ - char * ptr; + char *ptr; LLVMContext &Ctx = M.getContext(); Ct = &Ctx; Int8Tyi = IntegerType::getInt8Ty(Ctx); @@ -499,11 +499,11 @@ bool ModuleSanitizerCoverageLTO::instrumentModule( for (auto &IN : BB) { CallInst *callInst = nullptr; - CmpInst * cmpInst = nullptr; + CmpInst *cmpInst = nullptr; if ((cmpInst = dyn_cast<CmpInst>(&IN))) { - Value * op = cmpInst->getOperand(1); + Value *op = cmpInst->getOperand(1); ConstantInt *ilen = dyn_cast<ConstantInt>(op); if (ilen && ilen->uge(0xffffffffffffffff) == false) { @@ -759,7 +759,7 @@ bool ModuleSanitizerCoverageLTO::instrumentModule( if (HasStr2 == true) { - Value * op2 = callInst->getArgOperand(2); + Value *op2 = callInst->getArgOperand(2); ConstantInt *ilen = dyn_cast<ConstantInt>(op2); if (ilen) { @@ -866,7 +866,7 @@ bool ModuleSanitizerCoverageLTO::instrumentModule( if (isMemcmp || isStrncmp || isStrncasecmp) { - Value * op2 = callInst->getArgOperand(2); + Value *op2 = callInst->getArgOperand(2); ConstantInt *ilen = dyn_cast<ConstantInt>(op2); if (ilen) { @@ -1017,7 +1017,7 @@ bool ModuleSanitizerCoverageLTO::instrumentModule( GlobalVariable *AFLMapAddrFixed = new GlobalVariable( M, Int64Tyi, true, GlobalValue::ExternalLinkage, 0, "__afl_map_addr"); ConstantInt *MapAddr = ConstantInt::get(Int64Tyi, map_addr); - StoreInst * StoreMapAddr = IRB.CreateStore(MapAddr, AFLMapAddrFixed); + StoreInst *StoreMapAddr = IRB.CreateStore(MapAddr, AFLMapAddrFixed); ModuleSanitizerCoverageLTO::SetNoSanitizeMetadata(StoreMapAddr); } @@ -1032,7 +1032,7 @@ bool ModuleSanitizerCoverageLTO::instrumentModule( new GlobalVariable(M, Int32Tyi, true, GlobalValue::ExternalLinkage, 0, "__afl_final_loc"); ConstantInt *const_loc = ConstantInt::get(Int32Tyi, write_loc); - StoreInst * StoreFinalLoc = IRB.CreateStore(const_loc, AFLFinalLoc); + StoreInst *StoreFinalLoc = IRB.CreateStore(const_loc, AFLFinalLoc); ModuleSanitizerCoverageLTO::SetNoSanitizeMetadata(StoreFinalLoc); } @@ -1159,7 +1159,7 @@ static bool isFullDominator(const BasicBlock *BB, const DominatorTree *DT) { } // True if block has predecessors and it postdominates all of them. -static bool isFullPostDominator(const BasicBlock * BB, +static bool isFullPostDominator(const BasicBlock *BB, const PostDominatorTree *PDT) { if (pred_begin(BB) == pred_end(BB)) return false; @@ -1175,8 +1175,8 @@ static bool isFullPostDominator(const BasicBlock * BB, } static bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB, - const DominatorTree * DT, - const PostDominatorTree * PDT, + const DominatorTree *DT, + const PostDominatorTree *PDT, const SanitizerCoverageOptions &Options) { // Don't insert coverage for blocks containing nothing but unreachable: we @@ -1246,7 +1246,7 @@ void ModuleSanitizerCoverageLTO::instrumentFunction( SmallVector<Instruction *, 8> IndirCalls; SmallVector<BasicBlock *, 16> BlocksToInstrument; - const DominatorTree * DT = DTCallback(F); + const DominatorTree *DT = DTCallback(F); const PostDominatorTree *PDT = PDTCallback(F); bool IsLeafFunc = true; uint32_t skip_next = 0; @@ -1294,8 +1294,8 @@ void ModuleSanitizerCoverageLTO::instrumentFunction( if (!skip_next && (selectInst = dyn_cast<SelectInst>(&IN))) { uint32_t vector_cnt = 0; - Value * condition = selectInst->getCondition(); - Value * result; + Value *condition = selectInst->getCondition(); + Value *result; auto t = condition->getType(); IRBuilder<> IRB(selectInst->getNextNode()); @@ -1451,8 +1451,8 @@ GlobalVariable *ModuleSanitizerCoverageLTO::CreateFunctionLocalArrayInSection( ArrayType *ArrayTy = ArrayType::get(Ty, NumElements); auto Array = new GlobalVariable( - *CurModule, ArrayTy, false, GlobalVariable::PrivateLinkage, - Constant::getNullValue(ArrayTy), "__sancov_gen_"); + *CurModule, ArrayTy, false, GlobalVariable::PrivateLinkage, + Constant::getNullValue(ArrayTy), "__sancov_gen_"); #if LLVM_VERSION_MAJOR >= 13 if (TargetTriple.supportsCOMDAT() && @@ -1584,8 +1584,8 @@ void ModuleSanitizerCoverageLTO::InjectCoverageForIndirectCalls( for (auto I : IndirCalls) { IRBuilder<> IRB(I); - CallBase & CB = cast<CallBase>(*I); - Value * Callee = CB.getCalledOperand(); + CallBase &CB = cast<CallBase>(*I); + Value *Callee = CB.getCalledOperand(); if (isa<InlineAsm>(Callee)) continue; IRB.CreateCall(SanCovTracePCIndir, IRB.CreatePointerCast(Callee, IntptrTy)); @@ -1593,7 +1593,7 @@ void ModuleSanitizerCoverageLTO::InjectCoverageForIndirectCalls( } -void ModuleSanitizerCoverageLTO::InjectCoverageAtBlock(Function & F, +void ModuleSanitizerCoverageLTO::InjectCoverageAtBlock(Function &F, BasicBlock &BB, size_t Idx, bool IsLeafFunc) { diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 408353b3..d5f56aa8 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -142,14 +142,14 @@ class ModuleSanitizerCoverageAFL private: void instrumentFunction(Function &F, DomTreeCallback DTCallback, PostDomTreeCallback PDTCallback); - void InjectCoverageForIndirectCalls(Function & F, + void InjectCoverageForIndirectCalls(Function &F, ArrayRef<Instruction *> IndirCalls); void InjectTraceForCmp(Function &F, ArrayRef<Instruction *> CmpTraceTargets); - void InjectTraceForDiv(Function & F, + void InjectTraceForDiv(Function &F, ArrayRef<BinaryOperator *> DivTraceTargets); - void InjectTraceForGep(Function & F, + void InjectTraceForGep(Function &F, ArrayRef<GetElementPtrInst *> GepTraceTargets); - void InjectTraceForSwitch(Function & F, + void InjectTraceForSwitch(Function &F, ArrayRef<Instruction *> SwitchTraceTargets); bool InjectCoverage(Function &F, ArrayRef<BasicBlock *> AllBlocks, bool IsLeafFunc = true); @@ -187,10 +187,10 @@ class ModuleSanitizerCoverageAFL GlobalVariable *SanCovLowestStack; Type *IntptrTy, *IntptrPtrTy, *Int64Ty, *Int64PtrTy, *Int32Ty, *Int32PtrTy, *Int16Ty, *Int8Ty, *Int8PtrTy, *Int1Ty, *Int1PtrTy; - Module * CurModule; + Module *CurModule; std::string CurModuleUniqueId; Triple TargetTriple; - LLVMContext * C; + LLVMContext *C; const DataLayout *DL; GlobalVariable *FunctionGuardArray; // for trace-pc-guard. @@ -204,8 +204,8 @@ class ModuleSanitizerCoverageAFL uint32_t instr = 0, selects = 0, unhandled = 0; GlobalVariable *AFLMapPtr = NULL; - ConstantInt * One = NULL; - ConstantInt * Zero = NULL; + ConstantInt *One = NULL; + ConstantInt *Zero = NULL; }; @@ -287,12 +287,12 @@ llvmGetPassPluginInfo() { #endif -PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module & M, +PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module &M, ModuleAnalysisManager &MAM) { ModuleSanitizerCoverageAFL ModuleSancov(Options); auto &FAM = MAM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager(); - auto DTCallback = [&FAM](Function &F) -> const DominatorTree * { + auto DTCallback = [&FAM](Function &F) -> const DominatorTree *{ return &FAM.getResult<DominatorTreeAnalysis>(F); @@ -433,7 +433,7 @@ bool ModuleSanitizerCoverageAFL::instrumentModule( FunctionPCsArray = nullptr; IntptrTy = Type::getIntNTy(*C, DL->getPointerSizeInBits()); IntptrPtrTy = PointerType::getUnqual(IntptrTy); - Type * VoidTy = Type::getVoidTy(*C); + Type *VoidTy = Type::getVoidTy(*C); IRBuilder<> IRB(*C); Int64PtrTy = PointerType::getUnqual(IRB.getInt64Ty()); Int32PtrTy = PointerType::getUnqual(IRB.getInt32Ty()); @@ -612,8 +612,8 @@ bool isFullPostDominator(const BasicBlock *BB, const PostDominatorTree *PDT) { } bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB, - const DominatorTree * DT, - const PostDominatorTree * PDT, + const DominatorTree *DT, + const PostDominatorTree *PDT, const SanitizerCoverageOptions &Options) { // Don't insert coverage for blocks containing nothing but unreachable: we @@ -704,7 +704,7 @@ void ModuleSanitizerCoverageAFL::instrumentFunction( SmallVector<BinaryOperator *, 8> DivTraceTargets; SmallVector<GetElementPtrInst *, 8> GepTraceTargets; - const DominatorTree * DT = DTCallback(F); + const DominatorTree *DT = DTCallback(F); const PostDominatorTree *PDT = PDTCallback(F); bool IsLeafFunc = true; @@ -761,8 +761,8 @@ GlobalVariable *ModuleSanitizerCoverageAFL::CreateFunctionLocalArrayInSection( ArrayType *ArrayTy = ArrayType::get(Ty, NumElements); auto Array = new GlobalVariable( - *CurModule, ArrayTy, false, GlobalVariable::PrivateLinkage, - Constant::getNullValue(ArrayTy), "__sancov_gen_"); + *CurModule, ArrayTy, false, GlobalVariable::PrivateLinkage, + Constant::getNullValue(ArrayTy), "__sancov_gen_"); #if LLVM_VERSION_MAJOR >= 13 if (TargetTriple.supportsCOMDAT() && @@ -971,8 +971,8 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage( if (!skip_next && (selectInst = dyn_cast<SelectInst>(&IN))) { uint32_t vector_cnt = 0; - Value * condition = selectInst->getCondition(); - Value * result; + Value *condition = selectInst->getCondition(); + Value *result; auto t = condition->getType(); IRBuilder<> IRB(selectInst->getNextNode()); @@ -1113,7 +1113,7 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage( /* Get CurLoc */ LoadInst *CurLoc = nullptr; - Value * MapPtrIdx = nullptr; + Value *MapPtrIdx = nullptr; /* Load counter for CurLoc */ if (!vector_cnt) { @@ -1212,8 +1212,8 @@ void ModuleSanitizerCoverageAFL::InjectCoverageForIndirectCalls( for (auto I : IndirCalls) { IRBuilder<> IRB(I); - CallBase & CB = cast<CallBase>(*I); - Value * Callee = CB.getCalledOperand(); + CallBase &CB = cast<CallBase>(*I); + Value *Callee = CB.getCalledOperand(); if (isa<InlineAsm>(Callee)) continue; IRB.CreateCall(SanCovTracePCIndir, IRB.CreatePointerCast(Callee, IntptrTy)); @@ -1234,7 +1234,7 @@ void ModuleSanitizerCoverageAFL::InjectTraceForSwitch( IRBuilder<> IRB(I); SmallVector<Constant *, 16> Initializers; - Value * Cond = SI->getCondition(); + Value *Cond = SI->getCondition(); if (Cond->getType()->getScalarSizeInBits() > Int64Ty->getScalarSizeInBits()) continue; @@ -1282,7 +1282,7 @@ void ModuleSanitizerCoverageAFL::InjectTraceForDiv( for (auto BO : DivTraceTargets) { IRBuilder<> IRB(BO); - Value * A1 = BO->getOperand(1); + Value *A1 = BO->getOperand(1); if (isa<ConstantInt>(A1)) continue; if (!A1->getType()->isIntegerTy()) continue; uint64_t TypeSize = DL->getTypeStoreSizeInBits(A1->getType()); @@ -1319,8 +1319,8 @@ void ModuleSanitizerCoverageAFL::InjectTraceForCmp( if (ICmpInst *ICMP = dyn_cast<ICmpInst>(I)) { IRBuilder<> IRB(ICMP); - Value * A0 = ICMP->getOperand(0); - Value * A1 = ICMP->getOperand(1); + Value *A0 = ICMP->getOperand(0); + Value *A1 = ICMP->getOperand(1); if (!A0->getType()->isIntegerTy()) continue; uint64_t TypeSize = DL->getTypeStoreSizeInBits(A0->getType()); int CallbackIdx = TypeSize == 8 ? 0 @@ -1353,7 +1353,7 @@ void ModuleSanitizerCoverageAFL::InjectTraceForCmp( } -void ModuleSanitizerCoverageAFL::InjectCoverageAtBlock(Function & F, +void ModuleSanitizerCoverageAFL::InjectCoverageAtBlock(Function &F, BasicBlock &BB, size_t Idx, bool IsLeafFunc) { @@ -1472,7 +1472,7 @@ void ModuleSanitizerCoverageAFL::InjectCoverageAtBlock(Function & F, if (Options.StackDepth && IsEntryBB && !IsLeafFunc) { // Check stack depth. If it's the deepest so far, record it. - Module * M = F.getParent(); + Module *M = F.getParent(); Function *GetFrameAddr = Intrinsic::getDeclaration( M, Intrinsic::frameaddress, IRB.getInt8PtrTy(M->getDataLayout().getAllocaAddrSpace())); diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index f3a16e95..97974c4a 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -92,11 +92,11 @@ static u8 __afl_area_initial[MAP_INITIAL_SIZE]; static u8 *__afl_area_ptr_dummy = __afl_area_initial; static u8 *__afl_area_ptr_backup = __afl_area_initial; -u8 * __afl_area_ptr = __afl_area_initial; -u8 * __afl_dictionary; -u8 * __afl_fuzz_ptr; +u8 *__afl_area_ptr = __afl_area_initial; +u8 *__afl_dictionary; +u8 *__afl_fuzz_ptr; static u32 __afl_fuzz_len_dummy; -u32 * __afl_fuzz_len = &__afl_fuzz_len_dummy; +u32 *__afl_fuzz_len = &__afl_fuzz_len_dummy; u32 __afl_final_loc; u32 __afl_map_size = MAP_SIZE; @@ -399,7 +399,7 @@ static void __afl_map_shm(void) { } #ifdef USEMMAP - const char * shm_file_path = id_str; + const char *shm_file_path = id_str; int shm_fd = -1; unsigned char *shm_base = NULL; @@ -450,11 +450,11 @@ static void __afl_map_shm(void) { if (__afl_map_size && __afl_map_size > MAP_SIZE) { - u8 *map_env = (u8 *)getenv("AFL_MAP_SIZE"); - if (!map_env || atoi((char *)map_env) < MAP_SIZE) { + u8 *map_env = (u8 *)getenv("AFL_MAP_SIZE"); + if (!map_env || atoi((char *)map_env) < MAP_SIZE) { - send_forkserver_error(FS_ERROR_MAP_SIZE); - _exit(1); + send_forkserver_error(FS_ERROR_MAP_SIZE); + _exit(1); } @@ -466,13 +466,13 @@ static void __afl_map_shm(void) { if (!__afl_area_ptr || __afl_area_ptr == (void *)-1) { - if (__afl_map_addr) + if (__afl_map_addr) send_forkserver_error(FS_ERROR_MAP_ADDR); else send_forkserver_error(FS_ERROR_SHMAT); perror("shmat for map"); - _exit(1); + _exit(1); } @@ -583,7 +583,7 @@ static void __afl_map_shm(void) { } #ifdef USEMMAP - const char * shm_file_path = id_str; + const char *shm_file_path = id_str; int shm_fd = -1; struct cmp_map *shm_base = NULL; @@ -689,7 +689,7 @@ static void __afl_unmap_shm(void) { void write_error_with_location(char *text, char *filename, int linenumber) { - u8 * o = getenv("__AFL_OUT_DIR"); + u8 *o = getenv("__AFL_OUT_DIR"); char *e = strerror(errno); if (o) { diff --git a/instrumentation/afl-gcc-cmplog-pass.so.cc b/instrumentation/afl-gcc-cmplog-pass.so.cc index c2910498..5e5792c3 100644 --- a/instrumentation/afl-gcc-cmplog-pass.so.cc +++ b/instrumentation/afl-gcc-cmplog-pass.so.cc @@ -367,7 +367,7 @@ Set AFL_QUIET in the environment to silence it.\n\ /* This is the function GCC calls when loading a plugin. Initialize and register further callbacks. */ -int plugin_init(struct plugin_name_args * info, +int plugin_init(struct plugin_name_args *info, struct plugin_gcc_version *version) { if (!plugin_default_version_check(version, &gcc_version)) @@ -386,7 +386,7 @@ int plugin_init(struct plugin_name_args * info, const char *name = info->base_name; register_callback(name, PLUGIN_INFO, NULL, &afl_cmplog_plugin); - afl_cmplog_pass * aflp = new afl_cmplog_pass(quiet); + afl_cmplog_pass *aflp = new afl_cmplog_pass(quiet); struct register_pass_info pass_info = { .pass = aflp, diff --git a/instrumentation/afl-gcc-cmptrs-pass.so.cc b/instrumentation/afl-gcc-cmptrs-pass.so.cc index 31679b9b..e9e2fe0d 100644 --- a/instrumentation/afl-gcc-cmptrs-pass.so.cc +++ b/instrumentation/afl-gcc-cmptrs-pass.so.cc @@ -329,7 +329,7 @@ Set AFL_QUIET in the environment to silence it.\n\ /* This is the function GCC calls when loading a plugin. Initialize and register further callbacks. */ -int plugin_init(struct plugin_name_args * info, +int plugin_init(struct plugin_name_args *info, struct plugin_gcc_version *version) { if (!plugin_default_version_check(version, &gcc_version)) @@ -348,7 +348,7 @@ int plugin_init(struct plugin_name_args * info, const char *name = info->base_name; register_callback(name, PLUGIN_INFO, NULL, &afl_cmptrs_plugin); - afl_cmptrs_pass * aflp = new afl_cmptrs_pass(quiet); + afl_cmptrs_pass *aflp = new afl_cmptrs_pass(quiet); struct register_pass_info pass_info = { .pass = aflp, diff --git a/instrumentation/afl-gcc-common.h b/instrumentation/afl-gcc-common.h index 806e7ac3..2b71bd22 100644 --- a/instrumentation/afl-gcc-common.h +++ b/instrumentation/afl-gcc-common.h @@ -72,7 +72,7 @@ namespace { struct afl_base_pass : gimple_opt_pass { afl_base_pass(bool quiet, bool debug, struct pass_data const &pd) - : gimple_opt_pass(pd, g), be_quiet(quiet), debug(debug) { + : gimple_opt_pass(pd, g), be_quiet(quiet), debug(debug) { initInstrumentList(); @@ -493,6 +493,8 @@ struct afl_base_pass : gimple_opt_pass { return return_default; } + }; -} +} // namespace + diff --git a/instrumentation/afl-gcc-pass.so.cc b/instrumentation/afl-gcc-pass.so.cc index 795bbd8a..052b3159 100644 --- a/instrumentation/afl-gcc-pass.so.cc +++ b/instrumentation/afl-gcc-pass.so.cc @@ -472,7 +472,7 @@ Specify -frandom-seed for reproducible instrumentation.\n\ /* This is the function GCC calls when loading a plugin. Initialize and register further callbacks. */ -int plugin_init(struct plugin_name_args * info, +int plugin_init(struct plugin_name_args *info, struct plugin_gcc_version *version) { if (!plugin_default_version_check(version, &gcc_version)) @@ -502,7 +502,7 @@ int plugin_init(struct plugin_name_args * info, const char *name = info->base_name; register_callback(name, PLUGIN_INFO, NULL, &afl_plugin); - afl_pass * aflp = new afl_pass(quiet, inst_ratio); + afl_pass *aflp = new afl_pass(quiet, inst_ratio); struct register_pass_info pass_info = { .pass = aflp, diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc index 31aaab07..fd8baea2 100644 --- a/instrumentation/afl-llvm-dict2file.so.cc +++ b/instrumentation/afl-llvm-dict2file.so.cc @@ -181,7 +181,7 @@ bool AFLdict2filePass::runOnModule(Module &M) { #endif DenseMap<Value *, std::string *> valueMap; - char * ptr; + char *ptr; int found = 0; /* Show a banner */ @@ -246,11 +246,11 @@ bool AFLdict2filePass::runOnModule(Module &M) { for (auto &IN : BB) { CallInst *callInst = nullptr; - CmpInst * cmpInst = nullptr; + CmpInst *cmpInst = nullptr; if ((cmpInst = dyn_cast<CmpInst>(&IN))) { - Value * op = cmpInst->getOperand(1); + Value *op = cmpInst->getOperand(1); ConstantInt *ilen = dyn_cast<ConstantInt>(op); /* We skip > 64 bit integers. why? first because their value is @@ -518,7 +518,7 @@ bool AFLdict2filePass::runOnModule(Module &M) { if (HasStr2 == true) { - Value * op2 = callInst->getArgOperand(2); + Value *op2 = callInst->getArgOperand(2); ConstantInt *ilen = dyn_cast<ConstantInt>(op2); if (ilen) { @@ -631,7 +631,7 @@ bool AFLdict2filePass::runOnModule(Module &M) { if (isMemcmp || isStrncmp || isStrncasecmp) { - Value * op2 = callInst->getArgOperand(2); + Value *op2 = callInst->getArgOperand(2); ConstantInt *ilen = dyn_cast<ConstantInt>(op2); if (ilen) { diff --git a/instrumentation/afl-llvm-lto-instrumentlist.so.cc b/instrumentation/afl-llvm-lto-instrumentlist.so.cc index 70c6b10d..32b1798a 100644 --- a/instrumentation/afl-llvm-lto-instrumentlist.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentlist.so.cc @@ -101,7 +101,7 @@ llvmGetPassPluginInfo() { } -PreservedAnalyses AFLcheckIfInstrument::run(Module & M, +PreservedAnalyses AFLcheckIfInstrument::run(Module &M, ModuleAnalysisManager &MAM) { /* Show a banner */ @@ -135,7 +135,7 @@ PreservedAnalyses AFLcheckIfInstrument::run(Module & M, DEBUGF("function %s is NOT in the instrument file list\n", F.getName().str().c_str()); - auto & Ctx = F.getContext(); + auto &Ctx = F.getContext(); AttributeList Attrs = F.getAttributes(); #if LLVM_VERSION_MAJOR >= 14 AttributeList NewAttrs = Attrs.addFnAttribute(Ctx, "skipinstrument"); diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index fde785bd..df1ccc4f 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -251,7 +251,7 @@ bool AFLCoverage::runOnModule(Module &M) { /* Decide instrumentation ratio */ - char * inst_ratio_str = getenv("AFL_INST_RATIO"); + char *inst_ratio_str = getenv("AFL_INST_RATIO"); unsigned int inst_ratio = 100; if (inst_ratio_str) { @@ -486,7 +486,7 @@ bool AFLCoverage::runOnModule(Module &M) { Constant *PrevLocShuffleMask = ConstantVector::get(PrevLocShuffle); - Constant * PrevCallerShuffleMask = NULL; + Constant *PrevCallerShuffleMask = NULL; SmallVector<Constant *, 32> PrevCallerShuffle = {UndefValue::get(Int32Ty)}; if (ctx_k) { @@ -506,7 +506,7 @@ bool AFLCoverage::runOnModule(Module &M) { // other constants we need ConstantInt *One = ConstantInt::get(Int8Ty, 1); - Value * PrevCtx = NULL; // CTX sensitive coverage + Value *PrevCtx = NULL; // CTX sensitive coverage LoadInst *PrevCaller = NULL; // K-CTX coverage /* Instrument all the things! */ diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc index 4d37bcb2..084ad8c9 100644 --- a/instrumentation/cmplog-instructions-pass.cc +++ b/instrumentation/cmplog-instructions-pass.cc @@ -156,9 +156,9 @@ Iterator Unique(Iterator first, Iterator last) { bool CmpLogInstructions::hookInstrs(Module &M) { std::vector<Instruction *> icomps; - LLVMContext & C = M.getContext(); + LLVMContext &C = M.getContext(); - Type * VoidTy = Type::getVoidTy(C); + Type *VoidTy = Type::getVoidTy(C); IntegerType *Int8Ty = IntegerType::getInt8Ty(C); IntegerType *Int16Ty = IntegerType::getInt16Ty(C); IntegerType *Int32Ty = IntegerType::getInt32Ty(C); @@ -338,7 +338,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) { IntegerType *intTyOp1 = NULL; unsigned max_size = 0, cast_size = 0; unsigned attr = 0, vector_cnt = 0, is_fp = 0; - CmpInst * cmpInst = dyn_cast<CmpInst>(selectcmpInst); + CmpInst *cmpInst = dyn_cast<CmpInst>(selectcmpInst); if (!cmpInst) { continue; } @@ -666,7 +666,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) { } #if LLVM_MAJOR >= 11 /* use new pass manager */ -PreservedAnalyses CmpLogInstructions::run(Module & M, +PreservedAnalyses CmpLogInstructions::run(Module &M, ModuleAnalysisManager &MAM) { #else diff --git a/instrumentation/cmplog-routines-pass.cc b/instrumentation/cmplog-routines-pass.cc index 8205cfb0..9733f86e 100644 --- a/instrumentation/cmplog-routines-pass.cc +++ b/instrumentation/cmplog-routines-pass.cc @@ -506,8 +506,8 @@ bool CmpLogRoutines::hookRtns(Module &M) { IRBuilder<> IRB(ThenTerm); std::vector<Value *> args; - Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); - Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); + Value *v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); + Value *v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); args.push_back(v1Pcasted); args.push_back(v2Pcasted); @@ -537,10 +537,10 @@ bool CmpLogRoutines::hookRtns(Module &M) { IRBuilder<> IRB(ThenTerm); std::vector<Value *> args; - Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); - Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); - Value * v3Pbitcast = IRB.CreateBitCast( - v3P, IntegerType::get(C, v3P->getType()->getPrimitiveSizeInBits())); + Value *v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); + Value *v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); + Value *v3Pbitcast = IRB.CreateBitCast( + v3P, IntegerType::get(C, v3P->getType()->getPrimitiveSizeInBits())); Value *v3Pcasted = IRB.CreateIntCast(v3Pbitcast, IntegerType::get(C, 64), false); args.push_back(v1Pcasted); @@ -572,8 +572,8 @@ bool CmpLogRoutines::hookRtns(Module &M) { IRBuilder<> IRB(ThenTerm); std::vector<Value *> args; - Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); - Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); + Value *v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); + Value *v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); args.push_back(v1Pcasted); args.push_back(v2Pcasted); @@ -603,10 +603,10 @@ bool CmpLogRoutines::hookRtns(Module &M) { IRBuilder<> IRB(ThenTerm); std::vector<Value *> args; - Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); - Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); - Value * v3Pbitcast = IRB.CreateBitCast( - v3P, IntegerType::get(C, v3P->getType()->getPrimitiveSizeInBits())); + Value *v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); + Value *v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); + Value *v3Pbitcast = IRB.CreateBitCast( + v3P, IntegerType::get(C, v3P->getType()->getPrimitiveSizeInBits())); Value *v3Pcasted = IRB.CreateIntCast(v3Pbitcast, IntegerType::get(C, 64), false); args.push_back(v1Pcasted); @@ -638,8 +638,8 @@ bool CmpLogRoutines::hookRtns(Module &M) { IRBuilder<> IRB(ThenTerm); std::vector<Value *> args; - Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); - Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); + Value *v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); + Value *v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); args.push_back(v1Pcasted); args.push_back(v2Pcasted); @@ -668,8 +668,8 @@ bool CmpLogRoutines::hookRtns(Module &M) { IRBuilder<> IRB(ThenTerm); std::vector<Value *> args; - Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); - Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); + Value *v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); + Value *v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); args.push_back(v1Pcasted); args.push_back(v2Pcasted); @@ -698,8 +698,8 @@ bool CmpLogRoutines::hookRtns(Module &M) { IRBuilder<> IRB(ThenTerm); std::vector<Value *> args; - Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); - Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); + Value *v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); + Value *v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); args.push_back(v1Pcasted); args.push_back(v2Pcasted); @@ -728,8 +728,8 @@ bool CmpLogRoutines::hookRtns(Module &M) { IRBuilder<> IRB(ThenTerm); std::vector<Value *> args; - Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); - Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); + Value *v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); + Value *v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy); args.push_back(v1Pcasted); args.push_back(v2Pcasted); diff --git a/instrumentation/cmplog-switches-pass.cc b/instrumentation/cmplog-switches-pass.cc index 37bf3889..563a4481 100644 --- a/instrumentation/cmplog-switches-pass.cc +++ b/instrumentation/cmplog-switches-pass.cc @@ -149,9 +149,9 @@ Iterator Unique(Iterator first, Iterator last) { bool CmplogSwitches::hookInstrs(Module &M) { std::vector<SwitchInst *> switches; - LLVMContext & C = M.getContext(); + LLVMContext &C = M.getContext(); - Type * VoidTy = Type::getVoidTy(C); + Type *VoidTy = Type::getVoidTy(C); IntegerType *Int8Ty = IntegerType::getInt8Ty(C); IntegerType *Int16Ty = IntegerType::getInt16Ty(C); IntegerType *Int32Ty = IntegerType::getInt32Ty(C); @@ -270,7 +270,7 @@ bool CmplogSwitches::hookInstrs(Module &M) { for (auto &SI : switches) { - Value * Val = SI->getCondition(); + Value *Val = SI->getCondition(); unsigned int max_size = Val->getType()->getIntegerBitWidth(), cast_size; unsigned char do_cast = 0; diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc index 34c88735..39bff510 100644 --- a/instrumentation/compare-transform-pass.so.cc +++ b/instrumentation/compare-transform-pass.so.cc @@ -168,10 +168,10 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, DenseMap<Value *, std::string *> valueMap; std::vector<CallInst *> calls; - LLVMContext & C = M.getContext(); - IntegerType * Int8Ty = IntegerType::getInt8Ty(C); - IntegerType * Int32Ty = IntegerType::getInt32Ty(C); - IntegerType * Int64Ty = IntegerType::getInt64Ty(C); + LLVMContext &C = M.getContext(); + IntegerType *Int8Ty = IntegerType::getInt8Ty(C); + IntegerType *Int32Ty = IntegerType::getInt32Ty(C); + IntegerType *Int64Ty = IntegerType::getInt64Ty(C); #if LLVM_VERSION_MAJOR >= 9 FunctionCallee tolowerFn; @@ -409,7 +409,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, /* check if third operand is a constant integer * strlen("constStr") and sizeof() are treated as constant */ - Value * op2 = callInst->getArgOperand(2); + Value *op2 = callInst->getArgOperand(2); ConstantInt *ilen = dyn_cast<ConstantInt>(op2); if (ilen) { @@ -449,7 +449,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, *Str2P = callInst->getArgOperand(1); StringRef Str1, Str2, ConstStr; std::string TmpConstStr; - Value * VarStr; + Value *VarStr; bool HasStr1 = getConstantStringInfo(Str1P, Str1); bool HasStr2 = getConstantStringInfo(Str2P, Str2); uint64_t constStrLen, unrollLen, constSizedLen = 0; @@ -457,7 +457,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, bool isSizedcmp = false; bool isCaseInsensitive = false; bool needs_null = false; - Function * Callee = callInst->getCalledFunction(); + Function *Callee = callInst->getCalledFunction(); if (Callee) { @@ -616,14 +616,14 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, for (uint64_t i = 0; i < unrollLen; i++) { - BasicBlock * cur_cmp_bb = next_cmp_bb, *cur_lenchk_bb = next_lenchk_bb; + BasicBlock *cur_cmp_bb = next_cmp_bb, *cur_lenchk_bb = next_lenchk_bb; unsigned char c; if (cur_lenchk_bb) { IRBuilder<> cur_lenchk_IRB(&*(cur_lenchk_bb->getFirstInsertionPt())); - Value * icmp = cur_lenchk_IRB.CreateICmpEQ( - sizedValue, ConstantInt::get(sizedValue->getType(), i)); + Value *icmp = cur_lenchk_IRB.CreateICmpEQ( + sizedValue, ConstantInt::get(sizedValue->getType(), i)); cur_lenchk_IRB.CreateCondBr(icmp, end_bb, cur_cmp_bb); cur_lenchk_bb->getTerminator()->eraseFromParent(); diff --git a/instrumentation/split-compares-pass.so.cc b/instrumentation/split-compares-pass.so.cc index 375de065..95eca0cb 100644 --- a/instrumentation/split-compares-pass.so.cc +++ b/instrumentation/split-compares-pass.so.cc @@ -230,9 +230,9 @@ char SplitComparesTransform::ID = 0; /// FCMP instructions with predicate xGT or xLT and EQ bool SplitComparesTransform::simplifyFPCompares(Module &M) { - LLVMContext & C = M.getContext(); + LLVMContext &C = M.getContext(); std::vector<Instruction *> fcomps; - IntegerType * Int1Ty = IntegerType::getInt1Ty(C); + IntegerType *Int1Ty = IntegerType::getInt1Ty(C); /* iterate over all functions, bbs and instruction and add * all integer comparisons with >= and <= predicates to the icomps vector */ @@ -362,8 +362,8 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { /// This function splits ICMP instructions with xGE or xLE predicates into two /// ICMP instructions with predicate xGT or xLT and EQ -bool SplitComparesTransform::simplifyOrEqualsCompare(CmpInst * IcmpInst, - Module & M, +bool SplitComparesTransform::simplifyOrEqualsCompare(CmpInst *IcmpInst, + Module &M, CmpWorklist &worklist) { LLVMContext &C = M.getContext(); @@ -498,7 +498,7 @@ bool SplitComparesTransform::simplifySignedCompare(CmpInst *IcmpInst, Module &M, /* create a new basic block which is executed if the signedness bit is * different */ - CmpInst * icmp_inv_sig_cmp; + CmpInst *icmp_inv_sig_cmp; BasicBlock *sign_bb = BasicBlock::Create(C, "sign", end_bb->getParent(), end_bb); if (pred == CmpInst::ICMP_SGT) { @@ -522,7 +522,7 @@ bool SplitComparesTransform::simplifySignedCompare(CmpInst *IcmpInst, Module &M, BranchInst::Create(end_bb, sign_bb); /* create a new bb which is executed if signedness is equal */ - CmpInst * icmp_usign_cmp; + CmpInst *icmp_usign_cmp; BasicBlock *middle_bb = BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); /* we can do a normal unsigned compare now */ @@ -590,7 +590,8 @@ bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M, if (!intTyOp0) { // not an integer type - fprintf(stderr, "Error: split-compare: not an integer type\n"); + if (!be_quiet) + fprintf(stderr, "Error: split-compare: not an integer type\n"); return false; } @@ -605,11 +606,11 @@ bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M, LLVMContext &C = M.getContext(); IntegerType *Int1Ty = IntegerType::getInt1Ty(C); - BasicBlock * bb = cmp_inst->getParent(); + BasicBlock *bb = cmp_inst->getParent(); IntegerType *OldIntType = IntegerType::get(C, bitw); IntegerType *NewIntType = IntegerType::get(C, bitw / 2); - BasicBlock * end_bb = bb->splitBasicBlock(BasicBlock::iterator(cmp_inst)); - CmpInst * icmp_high, *icmp_low; + BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(cmp_inst)); + CmpInst *icmp_high, *icmp_low; /* create the comparison of the top halves of the original operands */ Value *s_op0, *op0_high, *s_op1, *op1_high; @@ -639,7 +640,7 @@ bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M, BasicBlock *cmp_low_bb = BasicBlock::Create(C, "" /*"injected"*/, end_bb->getParent(), end_bb); - Value * op0_low, *op1_low; + Value *op0_low, *op1_low; IRBuilder<> Builder(cmp_low_bb); op0_low = Builder.CreateTrunc(op0, NewIntType); @@ -700,8 +701,8 @@ bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M, * if this is true we can go to the end if not we have to go to the * bb which checks the lower half of the operands */ Instruction *op0_low, *op1_low; - CmpInst * icmp_inv_cmp = nullptr; - BasicBlock * inv_cmp_bb = + CmpInst *icmp_inv_cmp = nullptr; + BasicBlock *inv_cmp_bb = BasicBlock::Create(C, "inv_cmp", end_bb->getParent(), end_bb); if (pred == CmpInst::ICMP_UGT || pred == CmpInst::ICMP_SGT || pred == CmpInst::ICMP_UGE || pred == CmpInst::ICMP_SGE) { @@ -963,7 +964,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { // BUG FIXME TODO: u64 does not work for > 64 bit ... e.g. 80 and 128 bit if (sizeInBits > 64) { continue; } - IntegerType * intType = IntegerType::get(C, op_size); + IntegerType *intType = IntegerType::get(C, op_size); const unsigned int precision = sizeInBits == 32 ? 24 : sizeInBits == 64 ? 53 : sizeInBits == 128 ? 113 @@ -1071,8 +1072,8 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { /*** now working in nonan_bb ***/ /* Treat -0.0 as equal to +0.0, that is for -0.0 make it +0.0 */ - Instruction * b_op0, *b_op1; - Instruction * isMzero_op0, *isMzero_op1; + Instruction *b_op0, *b_op1; + Instruction *isMzero_op0, *isMzero_op1; const unsigned long long MinusZero = 1UL << (sizeInBits - 1U); const unsigned long long PlusZero = 0; @@ -1191,7 +1192,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { /* compare the exponents of the operands */ Instruction *icmp_exponents_equal; Instruction *icmp_exponent_result; - BasicBlock * signequal2_bb = signequal_bb; + BasicBlock *signequal2_bb = signequal_bb; switch (FcmpInst->getPredicate()) { case CmpInst::FCMP_UEQ: @@ -1361,8 +1362,8 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { /* compare the fractions of the operands */ Instruction *icmp_fraction_result; - BasicBlock * middle2_bb = middle_bb; - PHINode * PN2 = nullptr; + BasicBlock *middle2_bb = middle_bb; + PHINode *PN2 = nullptr; switch (FcmpInst->getPredicate()) { case CmpInst::FCMP_UEQ: @@ -1503,7 +1504,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { } #if LLVM_MAJOR >= 11 -PreservedAnalyses SplitComparesTransform::run(Module & M, +PreservedAnalyses SplitComparesTransform::run(Module &M, ModuleAnalysisManager &MAM) { #else diff --git a/instrumentation/split-switches-pass.so.cc b/instrumentation/split-switches-pass.so.cc index 96e01a8b..79ba12d2 100644 --- a/instrumentation/split-switches-pass.so.cc +++ b/instrumentation/split-switches-pass.so.cc @@ -102,7 +102,7 @@ class SplitSwitchesTransform : public ModulePass { struct CaseExpr { ConstantInt *Val; - BasicBlock * BB; + BasicBlock *BB; CaseExpr(ConstantInt *val = nullptr, BasicBlock *bb = nullptr) : Val(val), BB(bb) { @@ -182,7 +182,7 @@ BasicBlock *SplitSwitchesTransform::switchConvert( unsigned ValTypeBitWidth = Cases[0].Val->getBitWidth(); IntegerType *ValType = IntegerType::get(OrigBlock->getContext(), ValTypeBitWidth); - IntegerType * ByteType = IntegerType::get(OrigBlock->getContext(), 8); + IntegerType *ByteType = IntegerType::get(OrigBlock->getContext(), 8); unsigned BytesInValue = bytesChecked.size(); std::vector<uint8_t> setSizes; std::vector<std::set<uint8_t> > byteSets(BytesInValue, std::set<uint8_t>()); @@ -221,8 +221,8 @@ BasicBlock *SplitSwitchesTransform::switchConvert( /* there are only smallestSize different bytes at index smallestIndex */ Instruction *Shift, *Trunc; - Function * F = OrigBlock->getParent(); - BasicBlock * NewNode = BasicBlock::Create(Val->getContext(), "NodeBlock", F); + Function *F = OrigBlock->getParent(); + BasicBlock *NewNode = BasicBlock::Create(Val->getContext(), "NodeBlock", F); Shift = BinaryOperator::Create(Instruction::LShr, Val, ConstantInt::get(ValType, smallestIndex * 8)); NewNode->getInstList().push_back(Shift); @@ -403,9 +403,9 @@ bool SplitSwitchesTransform::splitSwitches(Module &M) { BasicBlock *CurBlock = SI->getParent(); BasicBlock *OrigBlock = CurBlock; - Function * F = CurBlock->getParent(); + Function *F = CurBlock->getParent(); /* this is the value we are switching on */ - Value * Val = SI->getCondition(); + Value *Val = SI->getCondition(); BasicBlock *Default = SI->getDefaultDest(); unsigned bitw = Val->getType()->getIntegerBitWidth(); @@ -445,7 +445,7 @@ bool SplitSwitchesTransform::splitSwitches(Module &M) { * round up bytesChecked (in case getBitWidth() % 8 != 0) */ std::vector<bool> bytesChecked((7 + Cases[0].Val->getBitWidth()) / 8, false); - BasicBlock * SwitchBlock = + BasicBlock *SwitchBlock = switchConvert(Cases, bytesChecked, OrigBlock, NewDefault, Val, 0); /* Branch to our shiny new if-then stuff... */ @@ -483,7 +483,7 @@ bool SplitSwitchesTransform::splitSwitches(Module &M) { } #if LLVM_VERSION_MAJOR >= 11 /* use new pass manager */ -PreservedAnalyses SplitSwitchesTransform::run(Module & M, +PreservedAnalyses SplitSwitchesTransform::run(Module &M, ModuleAnalysisManager &MAM) { #else diff --git a/qemu_mode/libcompcov/libcompcov.so.c b/qemu_mode/libcompcov/libcompcov.so.c index 309bf5f3..c4107b8c 100644 --- a/qemu_mode/libcompcov/libcompcov.so.c +++ b/qemu_mode/libcompcov/libcompcov.so.c @@ -139,7 +139,7 @@ static void __compcov_load(void) { char *bin_name = getenv("AFL_COMPCOV_BINNAME"); procmaps_iterator *maps = pmparser_parse(-1); - procmaps_struct * maps_tmp = NULL; + procmaps_struct *maps_tmp = NULL; while ((maps_tmp = pmparser_next(maps)) != NULL) { diff --git a/qemu_mode/libcompcov/pmparser.h b/qemu_mode/libcompcov/pmparser.h index 0eb4fb1d..db8efa30 100644 --- a/qemu_mode/libcompcov/pmparser.h +++ b/qemu_mode/libcompcov/pmparser.h @@ -32,8 +32,8 @@ implied warranty. */ typedef struct procmaps_struct { - void * addr_start; //< start address of the area - void * addr_end; //< end address + void *addr_start; //< start address of the area + void *addr_end; //< end address unsigned long length; //< size of the range char perm[5]; //< permissions rwxp diff --git a/qemu_mode/libqasan/dlmalloc.c b/qemu_mode/libqasan/dlmalloc.c index aff58ad5..5d0b65ce 100644 --- a/qemu_mode/libqasan/dlmalloc.c +++ b/qemu_mode/libqasan/dlmalloc.c @@ -1390,7 +1390,7 @@ DLMALLOC_EXPORT void *mspace_memalign(mspace msp, size_t alignment, */ DLMALLOC_EXPORT void **mspace_independent_calloc(mspace msp, size_t n_elements, size_t elem_size, - void * chunks[]); + void *chunks[]); /* mspace_independent_comalloc behaves as independent_comalloc, but @@ -1399,7 +1399,7 @@ DLMALLOC_EXPORT void **mspace_independent_calloc(mspace msp, size_t n_elements, DLMALLOC_EXPORT void **mspace_independent_comalloc(mspace msp, size_t n_elements, size_t sizes[], - void * chunks[]); + void *chunks[]); /* mspace_footprint() returns the number of bytes obtained from the @@ -2607,7 +2607,7 @@ typedef struct malloc_tree_chunk *tbinptr; /* The type of bins of trees */ struct malloc_segment { - char * base; /* base address */ + char *base; /* base address */ size_t size; /* allocated size */ struct malloc_segment *next; /* ptr to next segment */ flag_t sflags; /* mmap and extern flag */ @@ -2723,7 +2723,7 @@ struct malloc_state { binmap_t treemap; size_t dvsize; size_t topsize; - char * least_addr; + char *least_addr; mchunkptr dv; mchunkptr top; size_t trim_check; @@ -2739,7 +2739,7 @@ struct malloc_state { MLOCK_T mutex; /* locate lock among fields that rarely change */ #endif /* USE_LOCKS */ msegment seg; - void * extp; /* Unused but available for extensions */ + void *extp; /* Unused but available for extensions */ size_t exts; }; @@ -3593,7 +3593,7 @@ static void do_check_tree(mstate m, tchunkptr t) { /* Check all the chunks in a treebin. */ static void do_check_treebin(mstate m, bindex_t i) { - tbinptr * tb = treebin_at(m, i); + tbinptr *tb = treebin_at(m, i); tchunkptr t = *tb; int empty = (m->treemap & (1U << i)) == 0; if (t == 0) assert(empty); @@ -3886,11 +3886,7 @@ static void internal_malloc_stats(mstate m) { mark_smallmap(M, I); \ else if (RTCHECK(ok_address(M, B->fd))) \ F = B->fd; \ - else { \ - \ - CORRUPTION_ERROR_ACTION(M); \ - \ - } \ + else { CORRUPTION_ERROR_ACTION(M); } \ B->fd = P; \ F->bk = P; \ P->fd = F; \ @@ -4104,11 +4100,7 @@ static void internal_malloc_stats(mstate m) { } \ if (RTCHECK(ok_address(M, RP))) \ *RP = 0; \ - else { \ - \ - CORRUPTION_ERROR_ACTION(M); \ - \ - } \ + else { CORRUPTION_ERROR_ACTION(M); } \ \ } \ \ @@ -4278,7 +4270,7 @@ static mchunkptr mmap_resize(mstate m, mchunkptr oldp, size_t nb, int flags) { size_t offset = oldp->prev_foot; size_t oldmmsize = oldsize + offset + MMAP_FOOT_PAD; size_t newmmsize = mmap_align(nb + SIX_SIZE_T_SIZES + CHUNK_ALIGN_MASK); - char * cp = + char *cp = (char *)CALL_MREMAP((char *)oldp - offset, oldmmsize, newmmsize, flags); if (cp != CMFAIL) { @@ -4412,14 +4404,14 @@ static void *prepend_alloc(mstate m, char *newbase, char *oldbase, size_t nb) { static void add_segment(mstate m, char *tbase, size_t tsize, flag_t mmapped) { /* Determine locations and sizes of segment, fenceposts, old top */ - char * old_top = (char *)m->top; + char *old_top = (char *)m->top; msegmentptr oldsp = segment_holding(m, old_top); - char * old_end = oldsp->base + oldsp->size; + char *old_end = oldsp->base + oldsp->size; size_t ssize = pad_request(sizeof(struct malloc_segment)); - char * rawsp = old_end - (ssize + FOUR_SIZE_T_SIZES + CHUNK_ALIGN_MASK); + char *rawsp = old_end - (ssize + FOUR_SIZE_T_SIZES + CHUNK_ALIGN_MASK); size_t offset = align_offset(chunk2mem(rawsp)); - char * asp = rawsp + offset; - char * csp = (asp < (old_top + MIN_CHUNK_SIZE)) ? old_top : asp; + char *asp = rawsp + offset; + char *csp = (asp < (old_top + MIN_CHUNK_SIZE)) ? old_top : asp; mchunkptr sp = (mchunkptr)csp; msegmentptr ss = (msegmentptr)(chunk2mem(sp)); mchunkptr tnext = chunk_plus_offset(sp, ssize); @@ -4473,7 +4465,7 @@ static void add_segment(mstate m, char *tbase, size_t tsize, flag_t mmapped) { /* Get memory from system using MORECORE or MMAP */ static void *sys_alloc(mstate m, size_t nb) { - char * tbase = CMFAIL; + char *tbase = CMFAIL; size_t tsize = 0; flag_t mmap_flag = 0; size_t asize; /* allocation size */ @@ -4521,7 +4513,7 @@ static void *sys_alloc(mstate m, size_t nb) { if (MORECORE_CONTIGUOUS && !use_noncontiguous(m)) { - char * br = CMFAIL; + char *br = CMFAIL; size_t ssize = asize; /* sbrk call size */ msegmentptr ss = (m->top == 0) ? 0 : segment_holding(m, (char *)m->top); ACQUIRE_MALLOC_GLOBAL_LOCK(); @@ -4728,7 +4720,7 @@ static size_t release_unused_segments(mstate m) { msegmentptr sp = pred->next; while (sp != 0) { - char * base = sp->base; + char *base = sp->base; size_t size = sp->size; msegmentptr next = sp->next; ++nsegs; @@ -5151,7 +5143,7 @@ void *dlmalloc(size_t bytes) { if (!PREACTION(gm)) { - void * mem; + void *mem; size_t nb; if (bytes <= MAX_SMALL_REQUEST) { @@ -5430,7 +5422,7 @@ void dlfree(void *mem) { void *dlcalloc(size_t n_elements, size_t elem_size) { - void * mem; + void *mem; size_t req = 0; if (n_elements != 0) { @@ -5598,9 +5590,10 @@ static void *internal_memalign(mstate m, size_t alignment, size_t bytes) { We've allocated enough total room so that this is always possible. */ - char * br = (char *)mem2chunk((size_t)( - ((size_t)((char *)mem + alignment - SIZE_T_ONE)) & -alignment)); - char * pos = ((size_t)(br - (char *)(p)) >= MIN_CHUNK_SIZE) + char *br = (char *)mem2chunk( + (size_t)(((size_t)((char *)mem + alignment - SIZE_T_ONE)) & + -alignment)); + char *pos = ((size_t)(br - (char *)(p)) >= MIN_CHUNK_SIZE) ? br : br + alignment; mchunkptr newp = (mchunkptr)pos; @@ -5666,10 +5659,10 @@ static void **ialloc(mstate m, size_t n_elements, size_t *sizes, int opts, size_t element_size; /* chunksize of each element, if all same */ size_t contents_size; /* total size of elements */ size_t array_size; /* request size of pointer array */ - void * mem; /* malloced aggregate space */ + void *mem; /* malloced aggregate space */ mchunkptr p; /* corresponding chunk */ size_t remainder_size; /* remaining bytes while splitting */ - void ** marray; /* either "chunks" or malloced ptr array */ + void **marray; /* either "chunks" or malloced ptr array */ mchunkptr array_chunk; /* chunk for malloced ptr array */ flag_t was_enabled; /* to disable mmap */ size_t size; @@ -5828,7 +5821,7 @@ static size_t internal_bulk_free(mstate m, void *array[], size_t nelem) { *a = 0; if (RTCHECK(ok_address(m, p) && ok_inuse(p))) { - void ** b = a + 1; /* try to merge with next chunk */ + void **b = a + 1; /* try to merge with next chunk */ mchunkptr next = next_chunk(p); if (b != fence && *b == chunk2mem(next)) { @@ -5865,7 +5858,7 @@ static size_t internal_bulk_free(mstate m, void *array[], size_t nelem) { static void internal_inspect_all(mstate m, void (*handler)(void *start, void *end, size_t used_bytes, - void * callback_arg), + void *callback_arg), void *arg) { if (is_initialized(m)) { @@ -5880,7 +5873,7 @@ static void internal_inspect_all(mstate m, mchunkptr next = next_chunk(q); size_t sz = chunksize(q); size_t used; - void * start; + void *start; if (is_inuse(q)) { used = sz - CHUNK_OVERHEAD; /* must not be mmapped */ @@ -6113,7 +6106,7 @@ size_t dlbulk_free(void *array[], size_t nelem) { #if MALLOC_INSPECT_ALL void dlmalloc_inspect_all(void (*handler)(void *start, void *end, size_t used_bytes, - void * callback_arg), + void *callback_arg), void *arg) { ensure_initialization(); @@ -6253,7 +6246,7 @@ mspace create_mspace(size_t capacity, int locked) { size_t rs = ((capacity == 0) ? mparams.granularity : (capacity + TOP_FOOT_SIZE + msize)); size_t tsize = granularity_align(rs); - char * tbase = (char *)(CALL_MMAP(tsize)); + char *tbase = (char *)(CALL_MMAP(tsize)); if (tbase != CMFAIL) { m = init_user_mstate(tbase, tsize); @@ -6322,7 +6315,7 @@ size_t destroy_mspace(mspace msp) { (void)DESTROY_LOCK(&ms->mutex); /* destroy before unmapped */ while (sp != 0) { - char * base = sp->base; + char *base = sp->base; size_t size = sp->size; flag_t flag = sp->sflags; (void)base; /* placate people compiling -Wunused-variable */ @@ -6360,7 +6353,7 @@ void *mspace_malloc(mspace msp, size_t bytes) { if (!PREACTION(ms)) { - void * mem; + void *mem; size_t nb; if (bytes <= MAX_SMALL_REQUEST) { @@ -6628,7 +6621,7 @@ void mspace_free(mspace msp, void *mem) { void *mspace_calloc(mspace msp, size_t n_elements, size_t elem_size) { - void * mem; + void *mem; size_t req = 0; mstate ms = (mstate)msp; if (!ok_magic(ms)) { diff --git a/qemu_mode/libqasan/libqasan.h b/qemu_mode/libqasan/libqasan.h index a1ed946e..676f34b0 100644 --- a/qemu_mode/libqasan/libqasan.h +++ b/qemu_mode/libqasan/libqasan.h @@ -97,19 +97,19 @@ void __libqasan_init_malloc(void); void __libqasan_hotpatch(void); size_t __libqasan_malloc_usable_size(void *ptr); -void * __libqasan_malloc(size_t size); +void *__libqasan_malloc(size_t size); void __libqasan_free(void *ptr); -void * __libqasan_calloc(size_t nmemb, size_t size); -void * __libqasan_realloc(void *ptr, size_t size); +void *__libqasan_calloc(size_t nmemb, size_t size); +void *__libqasan_realloc(void *ptr, size_t size); int __libqasan_posix_memalign(void **ptr, size_t align, size_t len); -void * __libqasan_memalign(size_t align, size_t len); -void * __libqasan_aligned_alloc(size_t align, size_t len); - -void * __libqasan_memcpy(void *dest, const void *src, size_t n); -void * __libqasan_memmove(void *dest, const void *src, size_t n); -void * __libqasan_memset(void *s, int c, size_t n); -void * __libqasan_memchr(const void *s, int c, size_t n); -void * __libqasan_memrchr(const void *s, int c, size_t n); +void *__libqasan_memalign(size_t align, size_t len); +void *__libqasan_aligned_alloc(size_t align, size_t len); + +void *__libqasan_memcpy(void *dest, const void *src, size_t n); +void *__libqasan_memmove(void *dest, const void *src, size_t n); +void *__libqasan_memset(void *s, int c, size_t n); +void *__libqasan_memchr(const void *s, int c, size_t n); +void *__libqasan_memrchr(const void *s, int c, size_t n); size_t __libqasan_strlen(const char *s); size_t __libqasan_strnlen(const char *s, size_t len); int __libqasan_strcmp(const char *str1, const char *str2); @@ -118,12 +118,12 @@ int __libqasan_strcasecmp(const char *str1, const char *str2); int __libqasan_strncasecmp(const char *str1, const char *str2, size_t len); int __libqasan_memcmp(const void *mem1, const void *mem2, size_t len); int __libqasan_bcmp(const void *mem1, const void *mem2, size_t len); -char * __libqasan_strstr(const char *haystack, const char *needle); -char * __libqasan_strcasestr(const char *haystack, const char *needle); -void * __libqasan_memmem(const void *haystack, size_t haystack_len, +char *__libqasan_strstr(const char *haystack, const char *needle); +char *__libqasan_strcasestr(const char *haystack, const char *needle); +void *__libqasan_memmem(const void *haystack, size_t haystack_len, const void *needle, size_t needle_len); -char * __libqasan_strchr(const char *s, int c); -char * __libqasan_strrchr(const char *s, int c); +char *__libqasan_strchr(const char *s, int c); +char *__libqasan_strrchr(const char *s, int c); size_t __libqasan_wcslen(const wchar_t *s); wchar_t *__libqasan_wcscpy(wchar_t *d, const wchar_t *s); int __libqasan_wcscmp(const wchar_t *s1, const wchar_t *s2); diff --git a/qemu_mode/libqasan/malloc.c b/qemu_mode/libqasan/malloc.c index ad42d03b..c83b5eb2 100644 --- a/qemu_mode/libqasan/malloc.c +++ b/qemu_mode/libqasan/malloc.c @@ -51,7 +51,7 @@ typedef struct { struct chunk_begin { size_t requested_size; - void * aligned_orig; // NULL if not aligned + void *aligned_orig; // NULL if not aligned struct chunk_begin *next; struct chunk_begin *prev; char redzone[REDZONE_SIZE]; @@ -80,7 +80,7 @@ static unsigned char __tmp_alloc_zone[TMP_ZONE_SIZE]; #else // From dlmalloc.c -void * dlmalloc(size_t); +void *dlmalloc(size_t); void dlfree(void *); #define backend_malloc dlmalloc #define backend_free dlfree diff --git a/qemu_mode/libqasan/patch.c b/qemu_mode/libqasan/patch.c index 8c5553c0..15c4df15 100644 --- a/qemu_mode/libqasan/patch.c +++ b/qemu_mode/libqasan/patch.c @@ -130,8 +130,8 @@ int libc_perms; static void find_libc(void) { - FILE * fp; - char * line = NULL; + FILE *fp; + char *line = NULL; size_t len = 0; ssize_t read; diff --git a/qemu_mode/libqasan/string.c b/qemu_mode/libqasan/string.c index 4704c204..fc2de1f2 100644 --- a/qemu_mode/libqasan/string.c +++ b/qemu_mode/libqasan/string.c @@ -28,7 +28,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. void *__libqasan_memcpy(void *dest, const void *src, size_t n) { - unsigned char * d = dest; + unsigned char *d = dest; const unsigned char *s = src; if (!n) return dest; @@ -47,7 +47,7 @@ void *__libqasan_memcpy(void *dest, const void *src, size_t n) { void *__libqasan_memmove(void *dest, const void *src, size_t n) { - unsigned char * d = dest; + unsigned char *d = dest; const unsigned char *s = src; if (!n) return dest; diff --git a/src/afl-analyze.c b/src/afl-analyze.c index fc868603..d4822341 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -626,7 +626,7 @@ static void handle_stop_sig(int sig) { static void set_up_environment(char **argv) { - u8 * x; + u8 *x; char *afl_preload; char *frida_afl_preload = NULL; diff --git a/src/afl-cc.c b/src/afl-cc.c index 246e01cd..6def3ee7 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -45,7 +45,7 @@ #define LLVM_MINOR 0 #endif -static u8 * obj_path; /* Path to runtime libraries */ +static u8 *obj_path; /* Path to runtime libraries */ static u8 **cc_params; /* Parameters passed to the real CC */ static u32 cc_par_cnt = 1; /* Param count, including argv0 */ static u8 clang_mode; /* Invoked as afl-clang*? */ @@ -53,7 +53,7 @@ static u8 llvm_fullpath[PATH_MAX]; static u8 instrument_mode, instrument_opt_mode, ngram_size, ctx_k, lto_mode; static u8 compiler_mode, plusplus_mode, have_instr_env = 0; static u8 have_gcc, have_llvm, have_gcc_plugin, have_lto, have_instr_list = 0; -static u8 * lto_flag = AFL_CLANG_FLTO, *argvnull; +static u8 *lto_flag = AFL_CLANG_FLTO, *argvnull; static u8 debug; static u8 cwd[4096]; static u8 cmplog_mode; diff --git a/src/afl-common.c b/src/afl-common.c index 7f482e7d..f3e78ac5 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -558,9 +558,9 @@ void print_suggested_envs(char *mispelled_env) { for (j = 0; afl_environment_variables[j] != NULL; ++j) { - char * afl_env = afl_environment_variables[j] + 4; + char *afl_env = afl_environment_variables[j] + 4; size_t afl_env_len = strlen(afl_env); - char * reduced = ck_alloc(afl_env_len + 1); + char *reduced = ck_alloc(afl_env_len + 1); size_t start = 0; while (start < afl_env_len) { @@ -598,7 +598,7 @@ void print_suggested_envs(char *mispelled_env) { if (found) goto cleanup; - char * reduced = ck_alloc(env_name_len + 1); + char *reduced = ck_alloc(env_name_len + 1); size_t start = 0; while (start < env_name_len) { @@ -1197,7 +1197,7 @@ u8 *u_stringify_time_diff(u8 *buf, u64 cur_ms, u64 event_ms) { u32 get_map_size(void) { uint32_t map_size = DEFAULT_SHMEM_SIZE; - char * ptr; + char *ptr; if ((ptr = getenv("AFL_MAP_SIZE")) || (ptr = getenv("AFL_MAPSIZE"))) { diff --git a/src/afl-fuzz-extras.c b/src/afl-fuzz-extras.c index 535ffdc3..884bb569 100644 --- a/src/afl-fuzz-extras.c +++ b/src/afl-fuzz-extras.c @@ -57,7 +57,7 @@ void load_extras_file(afl_state_t *afl, u8 *fname, u32 *min_len, u32 *max_len, FILE *f; u8 buf[MAX_LINE]; - u8 * lptr; + u8 *lptr; u32 cur_line = 0; u8 val_bufs[2][STRINGIFY_VAL_SIZE_MAX]; @@ -291,10 +291,10 @@ static void extras_check_and_sort(afl_state_t *afl, u32 min_len, u32 max_len, void load_extras(afl_state_t *afl, u8 *dir) { - DIR * d; + DIR *d; struct dirent *de; u32 min_len = MAX_DICT_FILE, max_len = 0, dict_level = 0; - u8 * x; + u8 *x; u8 val_bufs[2][STRINGIFY_VAL_SIZE_MAX]; @@ -330,7 +330,7 @@ void load_extras(afl_state_t *afl, u8 *dir) { while ((de = readdir(d))) { struct stat st; - u8 * fn = alloc_printf("%s/%s", dir, de->d_name); + u8 *fn = alloc_printf("%s/%s", dir, de->d_name); s32 fd; if (lstat(fn, &st) || access(fn, R_OK)) { diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index f4b2d908..4ffcfd2b 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -189,7 +189,7 @@ void bind_to_free_cpu(afl_state_t *afl) { #if defined(__linux__) - DIR * d; + DIR *d; struct dirent *de; d = opendir("/proc"); @@ -340,8 +340,8 @@ void bind_to_free_cpu(afl_state_t *afl) { #elif defined(__sun) kstat_named_t *n; - kstat_ctl_t * m; - kstat_t * k; + kstat_ctl_t *m; + kstat_t *k; cpu_stat_t cs; u32 ncpus; @@ -657,7 +657,7 @@ void read_testcases(afl_state_t *afl, u8 *directory) { struct dirent **nl; s32 nl_cnt, subdirs = 1; u32 i; - u8 * fn1, *dir = directory; + u8 *fn1, *dir = directory; u8 val_buf[2][STRINGIFY_VAL_SIZE_MAX]; /* Auto-detect non-in-place resumption attempts. */ @@ -857,7 +857,7 @@ void perform_dry_run(afl_state_t *afl) { struct queue_entry *q; u32 cal_failures = 0, idx; - u8 * use_mem; + u8 *use_mem; for (idx = 0; idx < afl->queued_items; idx++) { @@ -1461,7 +1461,7 @@ void find_timeout(afl_state_t *afl) { static u8 delete_files(u8 *path, u8 *prefix) { - DIR * d; + DIR *d; struct dirent *d_ent; d = opendir(path); @@ -1589,7 +1589,7 @@ dir_cleanup_failed: static void handle_existing_out_dir(afl_state_t *afl) { FILE *f; - u8 * fn = alloc_printf("%s/fuzzer_stats", afl->out_dir); + u8 *fn = alloc_printf("%s/fuzzer_stats", afl->out_dir); /* See if the output directory is locked. If yes, bail out. If not, create a lock that will persist for the lifetime of the process @@ -1882,9 +1882,9 @@ dir_cleanup_failed: int check_main_node_exists(afl_state_t *afl) { - DIR * sd; + DIR *sd; struct dirent *sd_ent; - u8 * fn; + u8 *fn; sd = opendir(afl->sync_dir); if (!sd) { return 0; } @@ -2585,7 +2585,7 @@ void check_binary(afl_state_t *afl, u8 *fname) { if (unlikely(!fname)) { FATAL("BUG: Binary name is NULL"); } - u8 * env_path = 0; + u8 *env_path = 0; struct stat st; s32 fd; diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index 9407adfb..dd97a7d3 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -74,7 +74,7 @@ void setup_custom_mutators(afl_state_t *afl) { /* Try mutator library first */ struct custom_mutator *mutator; - u8 * fn = afl->afl_env.afl_custom_mutator_library; + u8 *fn = afl->afl_env.afl_custom_mutator_library; u32 prev_mutator_count = 0; if (fn) { @@ -176,7 +176,7 @@ void destroy_custom_mutators(afl_state_t *afl) { struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) { - void * dh; + void *dh; struct custom_mutator *mutator = ck_alloc(sizeof(struct custom_mutator)); mutator->name = fn; diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index ef80524f..ed9e7a81 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -1901,7 +1901,7 @@ custom_mutator_stage: struct queue_entry *target = NULL; u32 tid; - u8 * new_buf = NULL; + u8 *new_buf = NULL; u32 target_len = 0; /* check if splicing makes sense yet (enough entries) */ @@ -2110,7 +2110,7 @@ havoc_stage: if (el->stacked_custom && rand_below(afl, 100) < el->stacked_custom_prob) { - u8 * custom_havoc_buf = NULL; + u8 *custom_havoc_buf = NULL; size_t new_len = el->afl_custom_havoc_mutation( el->data, out_buf, temp_len, &custom_havoc_buf, MAX_FILE); if (unlikely(!custom_havoc_buf)) { @@ -2823,7 +2823,7 @@ havoc_stage: /* Get the testcase for splicing. */ struct queue_entry *target = afl->queue_buf[tid]; u32 new_len = target->len; - u8 * new_buf = queue_testcase_get(afl, target); + u8 *new_buf = queue_testcase_get(afl, target); if ((temp_len >= 2 && r % 2) || temp_len + HAVOC_BLK_XL >= MAX_FILE) { @@ -2951,7 +2951,7 @@ retry_splicing: struct queue_entry *target; u32 tid, split_at; - u8 * new_buf; + u8 *new_buf; s32 f_diff, l_diff; /* First of all, if we've modified in_buf for havoc, let's clean that @@ -5164,7 +5164,7 @@ pacemaker_fuzzing: /* Get the testcase for splicing. */ struct queue_entry *target = afl->queue_buf[tid]; u32 new_len = target->len; - u8 * new_buf = queue_testcase_get(afl, target); + u8 *new_buf = queue_testcase_get(afl, target); if ((temp_len >= 2 && rand_below(afl, 2)) || temp_len + HAVOC_BLK_XL >= MAX_FILE) { @@ -5340,7 +5340,7 @@ pacemaker_fuzzing: struct queue_entry *target; u32 tid, split_at; - u8 * new_buf; + u8 *new_buf; s32 f_diff, l_diff; /* First of all, if we've modified in_buf for havoc, let's clean that diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index 0231d2cd..a3d864c3 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -151,7 +151,7 @@ static size_t fuzz_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf, } -static const char *custom_describe_py(void * py_mutator, +static const char *custom_describe_py(void *py_mutator, size_t max_description_len) { PyObject *py_args, *py_value; @@ -202,7 +202,7 @@ static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) { py->py_module = PyImport_Import(py_name); Py_DECREF(py_name); - PyObject * py_module = py->py_module; + PyObject *py_module = py->py_module; PyObject **py_functions = py->py_functions; // initialize the post process buffer; ensures it's always valid @@ -393,7 +393,7 @@ void deinit_py(void *py_mutator) { } struct custom_mutator *load_custom_mutator_py(afl_state_t *afl, - char * module_name) { + char *module_name) { struct custom_mutator *mutator; @@ -497,7 +497,7 @@ struct custom_mutator *load_custom_mutator_py(afl_state_t *afl, size_t post_process_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf) { - PyObject * py_args, *py_value; + PyObject *py_args, *py_value; py_mutator_t *py = (py_mutator_t *)py_mutator; // buffer returned previously must be released; initialized during init @@ -819,7 +819,7 @@ const char *introspection_py(void *py_mutator) { } else { - char * ret; + char *ret; size_t len; if (!py_bytes(py_value, &ret, &len)) { diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 713c7447..02d697ab 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -77,8 +77,8 @@ void create_alias_table(afl_state_t *afl) { afl->alias_probability = (double *)afl_realloc( (void **)&afl->alias_probability, n * sizeof(double)); double *P = (double *)afl_realloc(AFL_BUF_PARAM(out), n * sizeof(double)); - int * S = (u32 *)afl_realloc(AFL_BUF_PARAM(out_scratch), n * sizeof(u32)); - int * L = (u32 *)afl_realloc(AFL_BUF_PARAM(in_scratch), n * sizeof(u32)); + int *S = (u32 *)afl_realloc(AFL_BUF_PARAM(out_scratch), n * sizeof(u32)); + int *L = (u32 *)afl_realloc(AFL_BUF_PARAM(in_scratch), n * sizeof(u32)); if (!P || !S || !L || !afl->alias_table || !afl->alias_probability) { @@ -410,7 +410,7 @@ static u8 check_if_text(afl_state_t *afl, struct queue_entry *q) { if (q->len < AFL_TXT_MIN_LEN) return 0; - u8 * buf; + u8 *buf; int fd; u32 len = q->len, offset = 0, ascii = 0, utf8 = 0; ssize_t comp; diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 2dbad5cf..337f124d 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -266,10 +266,10 @@ static void type_replace(afl_state_t *afl, u8 *buf, u32 len) { static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, struct tainted **taints) { - struct range * ranges = add_range(NULL, 0, len - 1), *rng; + struct range *ranges = add_range(NULL, 0, len - 1), *rng; struct tainted *taint = NULL; - u8 * backup = ck_alloc_nozero(len); - u8 * changed = ck_alloc_nozero(len); + u8 *backup = ck_alloc_nozero(len); + u8 *changed = ck_alloc_nozero(len); #if defined(_DEBUG) || defined(CMPLOG_INTROSPECTION) u64 start_time = get_cur_time(); @@ -575,7 +575,7 @@ static int strntoull(const char *str, size_t sz, char **end, int base, char buf[64]; unsigned long long ret; - const char * beg = str; + const char *beg = str; if (!str || !sz) { return 1; } @@ -755,11 +755,11 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, u64 *buf_64 = (u64 *)&buf[idx]; u32 *buf_32 = (u32 *)&buf[idx]; u16 *buf_16 = (u16 *)&buf[idx]; - u8 * buf_8 = &buf[idx]; + u8 *buf_8 = &buf[idx]; u64 *o_buf_64 = (u64 *)&orig_buf[idx]; u32 *o_buf_32 = (u32 *)&orig_buf[idx]; u16 *o_buf_16 = (u16 *)&orig_buf[idx]; - u8 * o_buf_8 = &orig_buf[idx]; + u8 *o_buf_8 = &orig_buf[idx]; u32 its_len = MIN(len - idx, taint_len); @@ -780,7 +780,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, // reverse atoi()/strnu?toll() is expensive, so we only to it in lvl 3 if (afl->cmplog_enable_transform && (lvl & LVL3)) { - u8 * endptr; + u8 *endptr; u8 use_num = 0, use_unum = 0; unsigned long long unum; long long num; @@ -1613,7 +1613,7 @@ static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, u32 len, u32 lvl, struct tainted *taint) { struct cmp_header *h = &afl->shm.cmp_map->headers[key]; - struct tainted * t; + struct tainted *t; u32 i, j, idx, taint_len, loggeds; u32 have_taint = 1; u8 status = 0, found_one = 0; @@ -2398,7 +2398,7 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, u32 len, u8 lvl, struct tainted *taint) { - struct tainted * t; + struct tainted *t; struct cmp_header *h = &afl->shm.cmp_map->headers[key]; u32 i, j, idx, have_taint = 1, taint_len, loggeds; u8 status = 0, found_one = 0; diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 5703a66a..0f3be1a7 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -97,8 +97,8 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { if (unlikely(afl->custom_mutators_count)) { ssize_t new_size = len; - u8 * new_mem = *mem; - u8 * new_buf = NULL; + u8 *new_mem = *mem; + u8 *new_buf = NULL; LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { @@ -173,7 +173,7 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at, if (unlikely(!mem_trimmed)) { PFATAL("alloc"); } ssize_t new_size = len - skip_len; - u8 * new_mem = mem; + u8 *new_mem = mem; bool post_process_skipped = true; @@ -573,7 +573,7 @@ abort_calibration: void sync_fuzzers(afl_state_t *afl) { - DIR * sd; + DIR *sd; struct dirent *sd_ent; u32 sync_cnt = 0, synced = 0, entries = 0; u8 path[PATH_MAX + 1 + NAME_MAX]; diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 3e034b83..51e292d8 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -94,7 +94,7 @@ void load_stats_file(afl_state_t *afl) { FILE *f; u8 buf[MAX_LINE]; - u8 * lptr; + u8 *lptr; u8 fn[PATH_MAX]; u32 lineno = 0; snprintf(fn, PATH_MAX, "%s/fuzzer_stats", afl->out_dir); @@ -761,26 +761,26 @@ void show_stats_normal(afl_state_t *afl) { } else - /* Subsequent cycles, but we're still making finds. */ - if (afl->cycles_wo_finds < 25 || min_wo_finds < 30) { + /* Subsequent cycles, but we're still making finds. */ + if (afl->cycles_wo_finds < 25 || min_wo_finds < 30) { - strcpy(tmp, cYEL); + strcpy(tmp, cYEL); - } else + } else /* No finds for a long time and no test cases to try. */ if (afl->cycles_wo_finds > 100 && !afl->pending_not_fuzzed && min_wo_finds > 120) { - strcpy(tmp, cLGN); + strcpy(tmp, cLGN); - /* Default: cautiously OK to stop? */ + /* Default: cautiously OK to stop? */ - } else { + } else { - strcpy(tmp, cLBL); + strcpy(tmp, cLBL); - } + } } @@ -1548,26 +1548,26 @@ void show_stats_pizza(afl_state_t *afl) { } else - /* Subsequent cycles, but we're still making finds. */ - if (afl->cycles_wo_finds < 25 || min_wo_finds < 30) { + /* Subsequent cycles, but we're still making finds. */ + if (afl->cycles_wo_finds < 25 || min_wo_finds < 30) { - strcpy(tmp, cYEL); + strcpy(tmp, cYEL); - } else + } else /* No finds for a long time and no test cases to try. */ if (afl->cycles_wo_finds > 100 && !afl->pending_not_fuzzed && min_wo_finds > 120) { - strcpy(tmp, cLGN); + strcpy(tmp, cLGN); - /* Default: cautiously OK to stop? */ + /* Default: cautiously OK to stop? */ - } else { + } else { - strcpy(tmp, cLBL); + strcpy(tmp, cLBL); - } + } } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 18367cf2..287f09df 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -383,9 +383,9 @@ static int stricmp(char const *a, char const *b) { static void fasan_check_afl_preload(char *afl_preload) { char first_preload[PATH_MAX + 1] = {0}; - char * separator = strchr(afl_preload, ':'); + char *separator = strchr(afl_preload, ':'); size_t first_preload_len = PATH_MAX; - char * basename; + char *basename; char clang_runtime_prefix[] = "libclang_rt.asan"; if (separator != NULL && (separator - afl_preload) < PATH_MAX) { @@ -429,7 +429,7 @@ static void fasan_check_afl_preload(char *afl_preload) { nyx_plugin_handler_t *afl_load_libnyx_plugin(u8 *libnyx_binary) { - void * handle; + void *handle; nyx_plugin_handler_t *plugin = calloc(1, sizeof(nyx_plugin_handler_t)); ACTF("Trying to load libnyx.so plugin..."); @@ -498,8 +498,8 @@ int main(int argc, char **argv_orig, char **envp) { u8 *extras_dir[4]; u8 mem_limit_given = 0, exit_1 = 0, debug = 0, extras_dir_cnt = 0 /*, have_p = 0*/; - char * afl_preload; - char * frida_afl_preload = NULL; + char *afl_preload; + char *frida_afl_preload = NULL; char **use_argv; struct timeval tv; diff --git a/src/afl-showmap.c b/src/afl-showmap.c index ab159a92..4bcd1d59 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -98,7 +98,7 @@ static volatile u8 stop_soon, /* Ctrl-C pressed? */ static sharedmem_t shm; static afl_forkserver_t *fsrv; -static sharedmem_t * shm_fuzz; +static sharedmem_t *shm_fuzz; /* Classify tuple counts. Instead of mapping to individual bits, as in afl-fuzz.c, we map to more user-friendly numbers between 1 and 8. */ @@ -138,7 +138,7 @@ static void kill_child() { static void classify_counts(afl_forkserver_t *fsrv) { - u8 * mem = fsrv->trace_bits; + u8 *mem = fsrv->trace_bits; const u8 *map = binary_mode ? count_class_binary : count_class_human; u32 i = map_size; @@ -166,7 +166,7 @@ static void classify_counts(afl_forkserver_t *fsrv) { } static sharedmem_t *deinit_shmem(afl_forkserver_t *fsrv, - sharedmem_t * shm_fuzz) { + sharedmem_t *shm_fuzz) { afl_shm_deinit(shm_fuzz); fsrv->support_shmem_fuzz = 0; diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 1bf4af38..78537f9f 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -86,7 +86,7 @@ static volatile u8 stop_soon; /* Ctrl-C pressed? */ static afl_forkserver_t *fsrv; static sharedmem_t shm; -static sharedmem_t * shm_fuzz; +static sharedmem_t *shm_fuzz; /* * forkserver section @@ -121,7 +121,7 @@ static void kill_child() { } static sharedmem_t *deinit_shmem(afl_forkserver_t *fsrv, - sharedmem_t * shm_fuzz) { + sharedmem_t *shm_fuzz) { afl_shm_deinit(shm_fuzz); fsrv->support_shmem_fuzz = 0; @@ -642,7 +642,7 @@ static void handle_stop_sig(int sig) { static void set_up_environment(afl_forkserver_t *fsrv, char **argv) { - u8 * x; + u8 *x; char *afl_preload; char *frida_afl_preload = NULL; diff --git a/utils/afl_network_proxy/afl-network-client.c b/utils/afl_network_proxy/afl-network-client.c index 7d04a89a..89ca6c4e 100644 --- a/utils/afl_network_proxy/afl-network-client.c +++ b/utils/afl_network_proxy/afl-network-client.c @@ -109,7 +109,7 @@ static void __afl_map_shm(void) { if (id_str) { #ifdef USEMMAP - const char * shm_file_path = id_str; + const char *shm_file_path = id_str; int shm_fd = -1; unsigned char *shm_base = NULL; @@ -209,13 +209,13 @@ static void __afl_end_testcase(int status) { int main(int argc, char *argv[]) { - u8 * interface, *buf, *ptr; + u8 *interface, *buf, *ptr; s32 s = -1; struct addrinfo hints, *hres, *aip; - u32 * lenptr, max_len = 65536; + u32 *lenptr, max_len = 65536; #ifdef USE_DEFLATE - u8 * buf2; - u32 * lenptr1, *lenptr2, buf2_len, compress_len; + u8 *buf2; + u32 *lenptr1, *lenptr2, buf2_len, compress_len; size_t decompress_len; #endif diff --git a/utils/afl_network_proxy/afl-network-server.c b/utils/afl_network_proxy/afl-network-server.c index 3e5e275d..8f0e9df9 100644 --- a/utils/afl_network_proxy/afl-network-server.c +++ b/utils/afl_network_proxy/afl-network-server.c @@ -60,7 +60,7 @@ #ifdef USE_DEFLATE #include <libdeflate.h> -struct libdeflate_compressor * compressor; +struct libdeflate_compressor *compressor; struct libdeflate_decompressor *decompressor; #endif @@ -387,8 +387,8 @@ int main(int argc, char **argv_orig, char **envp) { struct sockaddr_in6 serveraddr, clientaddr; int addrlen = sizeof(clientaddr); char str[INET6_ADDRSTRLEN]; - char ** argv = argv_cpy_dup(argc, argv_orig); - u8 * send_buf; + char **argv = argv_cpy_dup(argc, argv_orig); + u8 *send_buf; #ifdef USE_DEFLATE u32 *lenptr; #endif diff --git a/utils/afl_proxy/afl-proxy.c b/utils/afl_proxy/afl-proxy.c index 05247c60..afd0e5d2 100644 --- a/utils/afl_proxy/afl-proxy.c +++ b/utils/afl_proxy/afl-proxy.c @@ -112,7 +112,7 @@ static void __afl_map_shm(void) { if (id_str) { #ifdef USEMMAP - const char * shm_file_path = id_str; + const char *shm_file_path = id_str; int shm_fd = -1; unsigned char *shm_base = NULL; diff --git a/utils/afl_untracer/afl-untracer.c b/utils/afl_untracer/afl-untracer.c index fd4c3b8c..ed7047a4 100644 --- a/utils/afl_untracer/afl-untracer.c +++ b/utils/afl_untracer/afl-untracer.c @@ -108,8 +108,8 @@ __thread u32 do_exit; static pid_t pid = 65537; static pthread_t __afl_thread; static u8 __afl_dummy[MAP_SIZE]; -static u8 * __afl_area_ptr = __afl_dummy; -static u8 * inputfile; // this will point to argv[1] +static u8 *__afl_area_ptr = __afl_dummy; +static u8 *inputfile; // this will point to argv[1] static u32 len; static library_list_t liblist[MAX_LIB_COUNT]; @@ -177,7 +177,7 @@ void read_library_information(void) { #elif defined(__FreeBSD__) int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_VMMAP, getpid()}; - char * buf, *start, *end; + char *buf, *start, *end; size_t miblen = sizeof(mib) / sizeof(mib[0]); size_t len; @@ -261,7 +261,7 @@ library_list_t *find_library(char *name) { for (size_t i = 0; i < all_image_infos->infoArrayCount; i++) { - const char * image_name = image_infos[i].imageFilePath; + const char *image_name = image_infos[i].imageFilePath; mach_vm_address_t image_load_address = (mach_vm_address_t)image_infos[i].imageLoadAddress; if (strstr(image_name, name)) { @@ -287,7 +287,7 @@ library_list_t *find_library(char *name) { #pragma GCC optimize("O0") void breakpoint(void) { - if (debug) fprintf(stderr, "Breakpoint function \"breakpoint\" reached.\n"); + if (debug) fprintf(stderr, "Breakpoint function \"breakpoint\" reached.\n"); } @@ -347,7 +347,7 @@ static void __afl_map_shm(void) { if (id_str) { #ifdef USEMMAP - const char * shm_file_path = id_str; + const char *shm_file_path = id_str; int shm_fd = -1; unsigned char *shm_base = NULL; @@ -468,10 +468,10 @@ void setup_trap_instrumentation(void) { library_list_t *lib_base = NULL; size_t lib_size = 0; - u8 * lib_addr; - char * line = NULL; + u8 *lib_addr; + char *line = NULL; size_t nread, len = 0; - char * filename = getenv("AFL_UNTRACER_FILE"); + char *filename = getenv("AFL_UNTRACER_FILE"); if (!filename) filename = getenv("TRAPFUZZ_FILE"); if (!filename) FATAL("AFL_UNTRACER_FILE environment variable not set"); diff --git a/utils/aflpp_driver/aflpp_driver.c b/utils/aflpp_driver/aflpp_driver.c index 7289c845..4e4ea129 100644 --- a/utils/aflpp_driver/aflpp_driver.c +++ b/utils/aflpp_driver/aflpp_driver.c @@ -58,7 +58,7 @@ $AFL_HOME/afl-fuzz -i IN -o OUT ./a.out #endif int __afl_sharedmem_fuzzing = 1; -extern unsigned int * __afl_fuzz_len; +extern unsigned int *__afl_fuzz_len; extern unsigned char *__afl_fuzz_ptr; // libFuzzer interface is thin, so we don't include any libFuzzer headers. diff --git a/utils/libdislocator/libdislocator.so.c b/utils/libdislocator/libdislocator.so.c index c821a8f7..149b910e 100644 --- a/utils/libdislocator/libdislocator.so.c +++ b/utils/libdislocator/libdislocator.so.c @@ -171,7 +171,7 @@ static u32 alloc_canary; static void *__dislocator_alloc(size_t len) { - u8 * ret, *base; + u8 *ret, *base; size_t tlen; int flags, protflags, fd, sp; @@ -488,7 +488,7 @@ void *reallocarray(void *ptr, size_t elem_len, size_t elem_cnt) { const size_t elem_lim = 1UL << (sizeof(size_t) * 4); const size_t elem_tot = elem_len * elem_cnt; - void * ret = NULL; + void *ret = NULL; if ((elem_len >= elem_lim || elem_cnt >= elem_lim) && elem_len > 0 && elem_cnt > (SIZE_MAX / elem_len)) { @@ -535,7 +535,7 @@ __attribute__((constructor)) void __dislocator_init(void) { if (tmp) { - char * tok; + char *tok; unsigned long long mmem = strtoull(tmp, &tok, 10); if (*tok != '\0' || errno == ERANGE || mmem > SIZE_MAX / 1024 / 1024) FATAL("Bad value for AFL_LD_LIMIT_MB"); diff --git a/utils/libtokencap/libtokencap.so.c b/utils/libtokencap/libtokencap.so.c index 71c30eed..c69812a7 100644 --- a/utils/libtokencap/libtokencap.so.c +++ b/utils/libtokencap/libtokencap.so.c @@ -171,7 +171,7 @@ static void __tokencap_load_mappings(void) { int mib[] = {CTL_VM, VM_PROC, VM_PROC_MAP, __tokencap_pid, sizeof(struct kinfo_vmentry)}; #endif - char * buf, *low, *high; + char *buf, *low, *high; size_t miblen = sizeof(mib) / sizeof(mib[0]); size_t len; diff --git a/utils/qbdi_mode/template.cpp b/utils/qbdi_mode/template.cpp index 182a014b..3630ae3f 100755 --- a/utils/qbdi_mode/template.cpp +++ b/utils/qbdi_mode/template.cpp @@ -123,7 +123,7 @@ void afl_maybe_log(unsigned long cur_loc) { char *read_file(char *path, unsigned long *length) { unsigned long len; - char * buf; + char *buf; FILE *fp = fopen(path, "rb"); fseek(fp, 0, SEEK_END); @@ -142,7 +142,7 @@ QBDI_NOINLINE int fuzz_func() { if (afl_setup()) { afl_forkserver(); } unsigned long len = 0; - char * data = read_file(input_pathname, &len); + char *data = read_file(input_pathname, &len); // printf("In fuzz_func\n"); p_target_func(data, len); @@ -152,7 +152,7 @@ QBDI_NOINLINE int fuzz_func() { static QBDI::VMAction bbcallback(QBDI::VMInstanceRef vm, const QBDI::VMState *state, - QBDI::GPRState * gprState, + QBDI::GPRState *gprState, QBDI::FPRState *fprState, void *data) { // errno = SAVED_ERRNO; |