diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-04-22 13:51:40 +0200 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-04-22 13:51:40 +0200 |
| commit | df8a0e84184a408a463c29443cfa3ee9fa556896 (patch) | |
| tree | 0257c84abe8b4f9859caf2f35244adc7146ee994 /src/afl-sharedmem.c | |
| parent | b8a25063f678c8afe3c1390d6a6ba130b0500e26 (diff) | |
| parent | 6df21f3489ea482362983eda7e51c040d06e56f1 (diff) | |
| download | afl++-df8a0e84184a408a463c29443cfa3ee9fa556896.tar.gz | |
Merge branch 'dev' of github.com:vanhauser-thc/AFLplusplus into dev
Diffstat (limited to 'src/afl-sharedmem.c')
| -rw-r--r-- | src/afl-sharedmem.c | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index b5b443cf..e46c6f50 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -66,13 +66,12 @@ static list_t shm_list = {.element_prealloc_count = 0}; void afl_shm_deinit(sharedmem_t *shm) { - // TODO: clang reports a potential UAF in this function/makro(?) list_remove(&shm_list, shm); #ifdef USEMMAP if (shm->map != NULL) { - munmap(shm->map, shm->size_alloc); + munmap(shm->map, shm->map_size); shm->map = NULL; } @@ -86,7 +85,7 @@ void afl_shm_deinit(sharedmem_t *shm) { #else shmctl(shm->shm_id, IPC_RMID, NULL); - if (shm->cmplog_mode) shmctl(shm->cmplog_shm_id, IPC_RMID, NULL); + if (shm->cmplog_mode) { shmctl(shm->cmplog_shm_id, IPC_RMID, NULL); } #endif shm->map = NULL; @@ -99,7 +98,7 @@ void afl_shm_deinit(sharedmem_t *shm) { u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, unsigned char dumb_mode) { - shm->size_alloc = shm->size_used = map_size; + shm->map_size = map_size; shm->map = NULL; @@ -152,14 +151,14 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, unsigned char dumb_mode) { shm->shm_id = shmget(IPC_PRIVATE, map_size, IPC_CREAT | IPC_EXCL | 0600); - if (shm->shm_id < 0) PFATAL("shmget() failed"); + if (shm->shm_id < 0) { PFATAL("shmget() failed"); } if (shm->cmplog_mode) { shm->cmplog_shm_id = shmget(IPC_PRIVATE, sizeof(struct cmp_map), IPC_CREAT | IPC_EXCL | 0600); - if (shm->cmplog_shm_id < 0) PFATAL("shmget() failed"); + if (shm->cmplog_shm_id < 0) { PFATAL("shmget() failed"); } } @@ -170,7 +169,7 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, unsigned char dumb_mode) { fork server commands. This should be replaced with better auto-detection later on, perhaps? */ - if (!dumb_mode) setenv(SHM_ENV_VAR, shm_str, 1); + if (!dumb_mode) { setenv(SHM_ENV_VAR, shm_str, 1); } ck_free(shm_str); @@ -178,7 +177,7 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, unsigned char dumb_mode) { shm_str = alloc_printf("%d", shm->cmplog_shm_id); - if (!dumb_mode) setenv(CMPLOG_SHM_ENV_VAR, shm_str, 1); + if (!dumb_mode) { setenv(CMPLOG_SHM_ENV_VAR, shm_str, 1); } ck_free(shm_str); @@ -186,13 +185,17 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, unsigned char dumb_mode) { shm->map = shmat(shm->shm_id, NULL, 0); - if (shm->map == (void *)-1 || !shm->map) PFATAL("shmat() failed"); + if (shm->map == (void *)-1 || !shm->map) { PFATAL("shmat() failed"); } if (shm->cmplog_mode) { shm->cmp_map = shmat(shm->cmplog_shm_id, NULL, 0); - if (shm->cmp_map == (void *)-1 || !shm->cmp_map) PFATAL("shmat() failed"); + if (shm->cmp_map == (void *)-1 || !shm->cmp_map) { + + PFATAL("shmat() failed"); + + } } |