aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorDominik Maier <domenukk@gmail.com>2020-03-10 22:04:05 +0100
committerDominik Maier <domenukk@gmail.com>2020-03-10 22:04:05 +0100
commitcc1d6b33b1524d52b21a6e9794ee6b0d6a2a9d50 (patch)
tree717c62b52076b37cb9d4e4efc9f33cf09dea723b /src
parent2832cb643d90ff6bad7a6ba4ff139988f10b171a (diff)
downloadafl++-cc1d6b33b1524d52b21a6e9794ee6b0d6a2a9d50.tar.gz
unified pointer placement
Diffstat (limited to 'src')
-rw-r--r--src/afl-analyze.c50
-rw-r--r--src/afl-as.c24
-rw-r--r--src/afl-common.c44
-rw-r--r--src/afl-forkserver.c1
-rw-r--r--src/afl-fuzz-bitmap.c76
-rw-r--r--src/afl-fuzz-cmplog.c4
-rw-r--r--src/afl-fuzz-extras.c58
-rw-r--r--src/afl-fuzz-init.c156
-rw-r--r--src/afl-fuzz-misc.c8
-rw-r--r--src/afl-fuzz-mutators.c24
-rw-r--r--src/afl-fuzz-one.c218
-rw-r--r--src/afl-fuzz-python.c2
-rw-r--r--src/afl-fuzz-queue.c28
-rw-r--r--src/afl-fuzz-redqueen.c78
-rw-r--r--src/afl-fuzz-run.c74
-rw-r--r--src/afl-fuzz-stats.c14
-rw-r--r--src/afl-fuzz.c34
-rw-r--r--src/afl-gcc.c48
-rw-r--r--src/afl-gotcpu.c4
-rw-r--r--src/afl-showmap.c60
-rw-r--r--src/afl-tmin.c54
21 files changed, 528 insertions, 531 deletions
diff --git a/src/afl-analyze.c b/src/afl-analyze.c
index 7d78ffc8..3a392da4 100644
--- a/src/afl-analyze.c
+++ b/src/afl-analyze.c
@@ -57,13 +57,13 @@
static s32 child_pid; /* PID of the tested program */
-u8* trace_bits; /* SHM with instrumentation bitmap */
+u8 *trace_bits; /* SHM with instrumentation bitmap */
static u8 *in_file, /* Analyzer input test case */
*prog_in, /* Targeted program input file */
*doc_path; /* Path to docs */
-static u8* in_data; /* Input data for analysis */
+static u8 *in_data; /* Input data for analysis */
static u32 in_len, /* Input data length */
orig_cksum, /* Original checksum */
@@ -84,7 +84,7 @@ static volatile u8 stop_soon, /* Ctrl-C pressed? */
static u8 qemu_mode;
-static u8* target_path;
+static u8 *target_path;
/* Constants used for describing byte behavior. */
@@ -114,7 +114,7 @@ static u8 count_class_lookup[256] = {
};
-static void classify_counts(u8* mem) {
+static void classify_counts(u8 *mem) {
u32 i = MAP_SIZE;
@@ -144,7 +144,7 @@ static void classify_counts(u8* mem) {
static inline u8 anything_set(void) {
- u32* ptr = (u32*)trace_bits;
+ u32 *ptr = (u32 *)trace_bits;
u32 i = (MAP_SIZE >> 2);
while (i--)
@@ -189,7 +189,7 @@ static void read_initial_file(void) {
/* Write output file. */
-static s32 write_to_file(u8* path, u8* mem, u32 len) {
+static s32 write_to_file(u8 *path, u8 *mem, u32 len) {
s32 ret;
@@ -219,7 +219,7 @@ static void handle_timeout(int sig) {
/* Execute target application. Returns exec checksum, or 0 if program
times out. */
-static u32 run_target(char** argv, u8* mem, u32 len, u8 first_run) {
+static u32 run_target(char **argv, u8 *mem, u32 len, u8 first_run) {
static struct itimerval it;
int status = 0;
@@ -243,7 +243,7 @@ static u32 run_target(char** argv, u8* mem, u32 len, u8 first_run) {
if (dup2(use_stdin ? prog_in_fd : dev_null_fd, 0) < 0 ||
dup2(dev_null_fd, 1) < 0 || dup2(dev_null_fd, 2) < 0) {
- *(u32*)trace_bits = EXEC_FAIL_SIG;
+ *(u32 *)trace_bits = EXEC_FAIL_SIG;
PFATAL("dup2() failed");
}
@@ -272,7 +272,7 @@ static u32 run_target(char** argv, u8* mem, u32 len, u8 first_run) {
execv(target_path, argv);
- *(u32*)trace_bits = EXEC_FAIL_SIG;
+ *(u32 *)trace_bits = EXEC_FAIL_SIG;
exit(0);
}
@@ -299,7 +299,7 @@ static u32 run_target(char** argv, u8* mem, u32 len, u8 first_run) {
/* Clean up bitmap, analyze exit condition, etc. */
- if (*(u32*)trace_bits == EXEC_FAIL_SIG)
+ if (*(u32 *)trace_bits == EXEC_FAIL_SIG)
FATAL("Unable to execute '%s'", argv[0]);
classify_counts(trace_bits);
@@ -378,7 +378,7 @@ static void show_legend(void) {
/* Interpret and report a pattern in the input file. */
-static void dump_hex(u8* buf, u32 len, u8* b_data) {
+static void dump_hex(u8 *buf, u32 len, u8 *b_data) {
u32 i;
@@ -409,7 +409,7 @@ static void dump_hex(u8* buf, u32 len, u8* b_data) {
case 2: {
- u16 val = *(u16*)(in_data + i);
+ u16 val = *(u16 *)(in_data + i);
/* Small integers may be length fields. */
@@ -435,7 +435,7 @@ static void dump_hex(u8* buf, u32 len, u8* b_data) {
case 4: {
- u32 val = *(u32*)(in_data + i);
+ u32 val = *(u32 *)(in_data + i);
/* Small integers may be length fields. */
@@ -544,12 +544,12 @@ static void dump_hex(u8* buf, u32 len, u8* b_data) {
/* Actually analyze! */
-static void analyze(char** argv) {
+static void analyze(char **argv) {
u32 i;
u32 boring_len = 0, prev_xff = 0, prev_x01 = 0, prev_s10 = 0, prev_a10 = 0;
- u8* b_data = ck_alloc(in_len + 1);
+ u8 *b_data = ck_alloc(in_len + 1);
u8 seq_byte = 0;
b_data[in_len] = 0xff; /* Intentional terminator. */
@@ -651,14 +651,14 @@ static void handle_stop_sig(int sig) {
static void set_up_environment(void) {
- u8* x;
+ u8 *x;
dev_null_fd = open("/dev/null", O_RDWR);
if (dev_null_fd < 0) PFATAL("Unable to open /dev/null");
if (!prog_in) {
- u8* use_dir = ".";
+ u8 *use_dir = ".";
if (access(use_dir, R_OK | W_OK | X_OK)) {
@@ -715,9 +715,9 @@ static void set_up_environment(void) {
if (qemu_mode) {
- u8* qemu_preload = getenv("QEMU_SET_ENV");
- u8* afl_preload = getenv("AFL_PRELOAD");
- u8* buf;
+ u8 *qemu_preload = getenv("QEMU_SET_ENV");
+ u8 *afl_preload = getenv("AFL_PRELOAD");
+ u8 *buf;
s32 i, afl_preload_size = strlen(afl_preload);
for (i = 0; i < afl_preload_size; ++i) {
@@ -779,7 +779,7 @@ static void setup_signal_handlers(void) {
/* Display usage hints. */
-static void usage(u8* argv0) {
+static void usage(u8 *argv0) {
SAYF(
"\n%s [ options ] -- /path/to/target_app [ ... ]\n\n"
@@ -822,9 +822,9 @@ static void usage(u8* argv0) {
/* Find binary. */
-static void find_binary(u8* fname) {
+static void find_binary(u8 *fname) {
- u8* env_path = 0;
+ u8 *env_path = 0;
struct stat st;
if (strchr(fname, '/') || !(env_path = getenv("PATH"))) {
@@ -877,11 +877,11 @@ static void find_binary(u8* fname) {
/* Main entry point */
-int main(int argc, char** argv, char** envp) {
+int main(int argc, char **argv, char **envp) {
s32 opt;
u8 mem_limit_given = 0, timeout_given = 0, unicorn_mode = 0, use_wine = 0;
- char** use_argv;
+ char **use_argv;
doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH;
diff --git a/src/afl-as.c b/src/afl-as.c
index a89b8636..d0b61ac1 100644
--- a/src/afl-as.c
+++ b/src/afl-as.c
@@ -53,10 +53,10 @@
#include <sys/wait.h>
#include <sys/time.h>
-static u8** as_params; /* Parameters passed to the real 'as' */
+static u8 **as_params; /* Parameters passed to the real 'as' */
-static u8* input_file; /* Originally specified input file */
-static u8* modified_file; /* Instrumented file for the real 'as' */
+static u8 *input_file; /* Originally specified input file */
+static u8 *modified_file; /* Instrumented file for the real 'as' */
static u8 be_quiet, /* Quiet mode (no stderr output) */
clang_mode, /* Running in clang mode? */
@@ -89,7 +89,7 @@ static u8 use_64bit = 0;
is always the last parameter passed by GCC, so we exploit this property
to keep the code simple. */
-static void edit_params(int argc, char** argv) {
+static void edit_params(int argc, char **argv) {
u8 *tmp_dir = getenv("TMPDIR"), *afl_as = getenv("AFL_AS");
u32 i;
@@ -130,9 +130,9 @@ static void edit_params(int argc, char** argv) {
if (!tmp_dir) tmp_dir = getenv("TMP");
if (!tmp_dir) tmp_dir = "/tmp";
- as_params = ck_alloc((argc + 32) * sizeof(u8*));
+ as_params = ck_alloc((argc + 32) * sizeof(u8 *));
- as_params[0] = afl_as ? afl_as : (u8*)"as";
+ as_params[0] = afl_as ? afl_as : (u8 *)"as";
as_params[argc] = 0;
@@ -234,8 +234,8 @@ static void add_instrumentation(void) {
static u8 line[MAX_LINE];
- FILE* inf;
- FILE* outf;
+ FILE *inf;
+ FILE *outf;
s32 outfd;
u32 ins_lines = 0;
@@ -244,7 +244,7 @@ static void add_instrumentation(void) {
#ifdef __APPLE__
- u8* colon_pos;
+ u8 *colon_pos;
#endif /* __APPLE__ */
@@ -498,12 +498,12 @@ static void add_instrumentation(void) {
/* Main entry point */
-int main(int argc, char** argv) {
+int main(int argc, char **argv) {
s32 pid;
u32 rand_seed;
int status;
- u8* inst_ratio_str = getenv("AFL_INST_RATIO");
+ u8 *inst_ratio_str = getenv("AFL_INST_RATIO");
struct timeval tv;
struct timezone tz;
@@ -590,7 +590,7 @@ int main(int argc, char** argv) {
if (!(pid = fork())) {
- execvp(as_params[0], (char**)as_params);
+ execvp(as_params[0], (char **)as_params);
FATAL("Oops, failed to execute '%s' - check your PATH", as_params[0]);
}
diff --git a/src/afl-common.c b/src/afl-common.c
index e25162c2..71041875 100644
--- a/src/afl-common.c
+++ b/src/afl-common.c
@@ -38,16 +38,16 @@
extern u8 be_quiet;
-void detect_file_args(char** argv, u8* prog_in, u8* use_stdin) {
+void detect_file_args(char **argv, u8 *prog_in, u8 *use_stdin) {
u32 i = 0;
#ifdef __GLIBC__
- u8* cwd = getcwd(NULL, 0); /* non portable glibc extension */
+ u8 *cwd = getcwd(NULL, 0); /* non portable glibc extension */
#else
- u8* cwd;
- char* buf;
+ u8 *cwd;
+ char *buf;
long size = pathconf(".", _PC_PATH_MAX);
- if ((buf = (char*)malloc((size_t)size)) != NULL) {
+ if ((buf = (char *)malloc((size_t)size)) != NULL) {
cwd = getcwd(buf, (size_t)size); /* portable version */
ck_free(buf);
@@ -67,7 +67,7 @@ void detect_file_args(char** argv, u8* prog_in, u8* use_stdin) {
while (argv[i]) {
- u8* aa_loc = strstr(argv[i], "@@");
+ u8 *aa_loc = strstr(argv[i], "@@");
if (aa_loc) {
@@ -111,11 +111,11 @@ void detect_file_args(char** argv, u8* prog_in, u8* use_stdin) {
/* duplicate the system argv so that
we can edit (and free!) it later */
-char** argv_cpy_dup(int argc, char** argv) {
+char **argv_cpy_dup(int argc, char **argv) {
u32 i = 0;
- char** ret = ck_alloc((argc + 1) * sizeof(char*));
+ char **ret = ck_alloc((argc + 1) * sizeof(char *));
for (i = 0; i < argc; i++) {
@@ -132,7 +132,7 @@ char** argv_cpy_dup(int argc, char** argv) {
/* frees all args in the given argv,
previously created by argv_cpy_dup */
-void argv_cpy_free(char** argv) {
+void argv_cpy_free(char **argv) {
u32 i = 0;
while (argv[i]) {
@@ -148,12 +148,12 @@ void argv_cpy_free(char** argv) {
/* Rewrite argv for QEMU. */
-char** get_qemu_argv(u8* own_loc, u8** target_path_p, int argc, char** argv) {
+char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
- char** new_argv = ck_alloc(sizeof(char*) * (argc + 4));
- u8 * tmp, *cp = NULL, *rsl, *own_copy;
+ char **new_argv = ck_alloc(sizeof(char *) * (argc + 4));
+ u8 *tmp, *cp = NULL, *rsl, *own_copy;
- memcpy(new_argv + 3, argv + 1, (int)(sizeof(char*)) * argc);
+ memcpy(new_argv + 3, argv + 1, (int)(sizeof(char *)) * argc);
new_argv[2] = *target_path_p;
new_argv[1] = "--";
@@ -226,12 +226,12 @@ char** get_qemu_argv(u8* own_loc, u8** target_path_p, int argc, char** argv) {
/* Rewrite argv for Wine+QEMU. */
-char** get_wine_argv(u8* own_loc, u8** target_path_p, int argc, char** argv) {
+char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
- char** new_argv = ck_alloc(sizeof(char*) * (argc + 3));
- u8 * tmp, *cp = NULL, *rsl, *own_copy;
+ char **new_argv = ck_alloc(sizeof(char *) * (argc + 3));
+ u8 *tmp, *cp = NULL, *rsl, *own_copy;
- memcpy(new_argv + 2, argv + 1, (int)(sizeof(char*)) * argc);
+ memcpy(new_argv + 2, argv + 1, (int)(sizeof(char *)) * argc);
new_argv[1] = *target_path_p;
@@ -285,7 +285,7 @@ char** get_wine_argv(u8* own_loc, u8** target_path_p, int argc, char** argv) {
ck_free(own_copy);
- u8* ncp = BIN_PATH "/afl-qemu-trace";
+ u8 *ncp = BIN_PATH "/afl-qemu-trace";
if (!access(ncp, X_OK)) {
@@ -322,10 +322,10 @@ char** get_wine_argv(u8* own_loc, u8** target_path_p, int argc, char** argv) {
}
-void check_environment_vars(char** envp) {
+void check_environment_vars(char **envp) {
int index = 0, found = 0;
- char* env;
+ char *env;
while ((env = envp[index++]) != NULL) {
if (strncmp(env, "ALF_", 4) == 0) {
@@ -358,9 +358,9 @@ void check_environment_vars(char** envp) {
}
-char* get_afl_env(char* env) {
+char *get_afl_env(char *env) {
- char* val;
+ char *val;
if ((val = getenv(env)) != NULL)
if (!be_quiet)
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 70bb4cfd..083f1966 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -331,6 +331,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv) {
rlen = read(fsrv->fsrv_st_fd, &status, 4);
}
+
} else {
rlen = read(fsrv->fsrv_st_fd, &status, 4);
diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c
index 47040fb8..96772032 100644
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@@ -29,9 +29,9 @@
-B option, to focus a separate fuzzing session on a particular
interesting input without rediscovering all the others. */
-void write_bitmap(afl_state_t* afl) {
+void write_bitmap(afl_state_t *afl) {
- u8* fname;
+ u8 *fname;
s32 fd;
if (!afl->bitmap_changed) return;
@@ -51,7 +51,7 @@ void write_bitmap(afl_state_t* afl) {
/* Read bitmap from file. This is for the -B option again. */
-void read_bitmap(afl_state_t* afl, u8* fname) {
+void read_bitmap(afl_state_t *afl, u8 *fname) {
s32 fd = open(fname, O_RDONLY);
@@ -71,19 +71,19 @@ void read_bitmap(afl_state_t* afl, u8* fname) {
This function is called after every exec() on a fairly large buffer, so
it needs to be fast. We do this in 32-bit and 64-bit flavors. */
-u8 has_new_bits(afl_state_t* afl, u8* virgin_map) {
+u8 has_new_bits(afl_state_t *afl, u8 *virgin_map) {
#ifdef WORD_SIZE_64
- u64* current = (u64*)afl->fsrv.trace_bits;
- u64* virgin = (u64*)virgin_map;
+ u64 *current = (u64 *)afl->fsrv.trace_bits;
+ u64 *virgin = (u64 *)virgin_map;
u32 i = (MAP_SIZE >> 3);
#else
- u32* current = (u32*)afl->fsrv.trace_bits;
- u32* virgin = (u32*)virgin_map;
+ u32 *current = (u32 *)afl->fsrv.trace_bits;
+ u32 *virgin = (u32 *)virgin_map;
u32 i = (MAP_SIZE >> 2);
@@ -101,8 +101,8 @@ u8 has_new_bits(afl_state_t* afl, u8* virgin_map) {
if (likely(ret < 2)) {
- u8* cur = (u8*)current;
- u8* vir = (u8*)virgin;
+ u8 *cur = (u8 *)current;
+ u8 *vir = (u8 *)virgin;
/* Looks like we have not found any new bytes yet; see if any non-zero
bytes in current[] are pristine in virgin[]. */
@@ -147,9 +147,9 @@ u8 has_new_bits(afl_state_t* afl, u8* virgin_map) {
/* Count the number of bits set in the provided bitmap. Used for the status
screen several times every second, does not have to be fast. */
-u32 count_bits(u8* mem) {
+u32 count_bits(u8 *mem) {
- u32* ptr = (u32*)mem;
+ u32 *ptr = (u32 *)mem;
u32 i = (MAP_SIZE >> 2);
u32 ret = 0;
@@ -183,9 +183,9 @@ u32 count_bits(u8* mem) {
mostly to update the status screen or calibrate and examine confirmed
new paths. */
-u32 count_bytes(u8* mem) {
+u32 count_bytes(u8 *mem) {
- u32* ptr = (u32*)mem;
+ u32 *ptr = (u32 *)mem;
u32 i = (MAP_SIZE >> 2);
u32 ret = 0;
@@ -208,9 +208,9 @@ u32 count_bytes(u8* mem) {
/* Count the number of non-255 bytes set in the bitmap. Used strictly for the
status screen, several calls per second or so. */
-u32 count_non_255_bytes(u8* mem) {
+u32 count_non_255_bytes(u8 *mem) {
- u32* ptr = (u32*)mem;
+ u32 *ptr = (u32 *)mem;
u32 i = (MAP_SIZE >> 2);
u32 ret = 0;
@@ -246,7 +246,7 @@ const u8 simplify_lookup[256] = {
#ifdef WORD_SIZE_64
-void simplify_trace(u64* mem) {
+void simplify_trace(u64 *mem) {
u32 i = MAP_SIZE >> 3;
@@ -256,7 +256,7 @@ void simplify_trace(u64* mem) {
if (unlikely(*mem)) {
- u8* mem8 = (u8*)mem;
+ u8 *mem8 = (u8 *)mem;
mem8[0] = simplify_lookup[mem8[0]];
mem8[1] = simplify_lookup[mem8[1]];
@@ -279,7 +279,7 @@ void simplify_trace(u64* mem) {
#else
-void simplify_trace(u32* mem) {
+void simplify_trace(u32 *mem) {
u32 i = MAP_SIZE >> 2;
@@ -289,7 +289,7 @@ void simplify_trace(u32* mem) {
if (unlikely(*mem)) {
- u8* mem8 = (u8*)mem;
+ u8 *mem8 = (u8 *)mem;
mem8[0] = simplify_lookup[mem8[0]];
mem8[1] = simplify_lookup[mem8[1]];
@@ -341,7 +341,7 @@ void init_count_class16(void) {
#ifdef WORD_SIZE_64
-void classify_counts(u64* mem) {
+void classify_counts(u64 *mem) {
u32 i = MAP_SIZE >> 3;
@@ -351,7 +351,7 @@ void classify_counts(u64* mem) {
if (unlikely(*mem)) {
- u16* mem16 = (u16*)mem;
+ u16 *mem16 = (u16 *)mem;
mem16[0] = count_class_lookup16[mem16[0]];
mem16[1] = count_class_lookup16[mem16[1]];
@@ -368,7 +368,7 @@ void classify_counts(u64* mem) {
#else
-void classify_counts(u32* mem) {
+void classify_counts(u32 *mem) {
u32 i = MAP_SIZE >> 2;
@@ -378,7 +378,7 @@ void classify_counts(u32* mem) {
if (unlikely(*mem)) {
- u16* mem16 = (u16*)mem;
+ u16 *mem16 = (u16 *)mem;
mem16[0] = count_class_lookup16[mem16[0]];
mem16[1] = count_class_lookup16[mem16[1]];
@@ -397,7 +397,7 @@ void classify_counts(u32* mem) {
count information here. This is called only sporadically, for some
new paths. */
-void minimize_bits(u8* dst, u8* src) {
+void minimize_bits(u8 *dst, u8 *src) {
u32 i = 0;
@@ -415,9 +415,9 @@ void minimize_bits(u8* dst, u8* src) {
/* Construct a file name for a new test case, capturing the operation
that led to its discovery. Uses a static buffer. */
-u8* describe_op(afl_state_t* afl, u8 hnb) {
+u8 *describe_op(afl_state_t *afl, u8 hnb) {
- u8* ret = afl->describe_op_buf_256;
+ u8 *ret = afl->describe_op_buf_256;
if (afl->syncing_party) {
@@ -459,11 +459,11 @@ u8* describe_op(afl_state_t* afl, u8 hnb) {
/* Write a message accompanying the crash directory :-) */
-static void write_crash_readme(afl_state_t* afl) {
+static void write_crash_readme(afl_state_t *afl) {
- u8* fn = alloc_printf("%s/crashes/README.txt", afl->out_dir);
- s32 fd;
- FILE* f;
+ u8 *fn = alloc_printf("%s/crashes/README.txt", afl->out_dir);
+ s32 fd;
+ FILE *f;
fd = open(fn, O_WRONLY | O_CREAT | O_EXCL, 0600);
ck_free(fn);
@@ -511,11 +511,11 @@ static void write_crash_readme(afl_state_t* afl) {
save or queue the input test case for further analysis if so. Returns 1 if
entry is saved, 0 otherwise. */
-u8 save_if_interesting(afl_state_t* afl, void* mem, u32 len, u8 fault) {
+u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
if (len == 0) return 0;
- u8* fn = "";
+ u8 *fn = "";
u8 hnb;
s32 fd;
u8 keeping = 0, res;
@@ -523,7 +523,7 @@ u8 save_if_interesting(afl_state_t* afl, void* mem, u32 len, u8 fault) {
/* Update path frequency. */
u32 cksum = hash32(afl->fsrv.trace_bits, MAP_SIZE, HASH_CONST);
- struct queue_entry* q = afl->queue;
+ struct queue_entry *q = afl->queue;
while (q) {
if (q->exec_cksum == cksum) {
@@ -603,9 +603,9 @@ u8 save_if_interesting(afl_state_t* afl, void* mem, u32 len, u8 fault) {
if (!afl->dumb_mode) {
#ifdef WORD_SIZE_64
- simplify_trace((u64*)afl->fsrv.trace_bits);
+ simplify_trace((u64 *)afl->fsrv.trace_bits);
#else
- simplify_trace((u32*)afl->fsrv.trace_bits);
+ simplify_trace((u32 *)afl->fsrv.trace_bits);
#endif /* ^WORD_SIZE_64 */
if (!has_new_bits(afl, afl->virgin_tmout)) return keeping;
@@ -666,9 +666,9 @@ u8 save_if_interesting(afl_state_t* afl, void* mem, u32 len, u8 fault) {
if (!afl->dumb_mode) {
#ifdef WORD_SIZE_64
- simplify_trace((u64*)afl->fsrv.trace_bits);
+ simplify_trace((u64 *)afl->fsrv.trace_bits);
#else
- simplify_trace((u32*)afl->fsrv.trace_bits);
+ simplify_trace((u32 *)afl->fsrv.trace_bits);
#endif /* ^WORD_SIZE_64 */
if (!has_new_bits(afl, afl->virgin_crash)) return keeping;
diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c
index 6e9f603b..d74f4536 100644
--- a/src/afl-fuzz-cmplog.c
+++ b/src/afl-fuzz-cmplog.c
@@ -190,7 +190,8 @@ void init_cmplog_forkserver(afl_state_t *afl) {
timeout.tv_sec = ((afl->fsrv.exec_tmout * FORK_WAIT_MULT) / 1000);
timeout.tv_usec = ((afl->fsrv.exec_tmout * FORK_WAIT_MULT) % 1000) * 1000;
- int sret = select(afl->cmplog_fsrv_st_fd + 1, &readfds, NULL, NULL, &timeout);
+ int sret =
+ select(afl->cmplog_fsrv_st_fd + 1, &readfds, NULL, NULL, &timeout);
if (sret == 0) {
@@ -201,6 +202,7 @@ void init_cmplog_forkserver(afl_state_t *afl) {
rlen = read(afl->cmplog_fsrv_st_fd, &status, 4);
}
+
} else {
rlen = read(afl->cmplog_fsrv_st_fd, &status, 4);
diff --git a/src/afl-fuzz-extras.c b/src/afl-fuzz-extras.c
index ce7e5780..5cad29ec 100644
--- a/src/afl-fuzz-extras.c
+++ b/src/afl-fuzz-extras.c
@@ -27,17 +27,19 @@
/* Helper function for load_extras. */
-static int compare_extras_len(const void* p1, const void* p2) {
+static int compare_extras_len(const void *p1, const void *p2) {
- struct extra_data *e1 = (struct extra_data*)p1, *e2 = (struct extra_data*)p2;
+ struct extra_data *e1 = (struct extra_data *)p1,
+ *e2 = (struct extra_data *)p2;
return e1->len - e2->len;
}
-static int compare_extras_use_d(const void* p1, const void* p2) {
+static int compare_extras_use_d(const void *p1, const void *p2) {
- struct extra_data *e1 = (struct extra_data*)p1, *e2 = (struct extra_data*)p2;
+ struct extra_data *e1 = (struct extra_data *)p1,
+ *e2 = (struct extra_data *)p2;
return e2->hit_cnt - e1->hit_cnt;
@@ -45,13 +47,13 @@ static int compare_extras_use_d(const void* p1, const void* p2) {
/* Read extras from a file, sort by size. */
-void load_extras_file(afl_state_t* afl, u8* fname, u32* min_len, u32* max_len,
+void load_extras_file(afl_state_t *afl, u8 *fname, u32 *min_len, u32 *max_len,
u32 dict_level) {
- FILE* f;
- u8 buf[MAX_LINE];
- u8* lptr;
- u32 cur_line = 0;
+ FILE *f;
+ u8 buf[MAX_LINE];
+ u8 *lptr;
+ u32 cur_line = 0;
f = fopen(fname, "r");
@@ -128,7 +130,7 @@ void load_extras_file(afl_state_t* afl, u8* fname, u32* min_len, u32* max_len,
while (*lptr) {
- char* hexdigits = "0123456789abcdef";
+ char *hexdigits = "0123456789abcdef";
switch (*lptr) {
@@ -184,12 +186,12 @@ void load_extras_file(afl_state_t* afl, u8* fname, u32* min_len, u32* max_len,
/* Read extras from the extras directory and sort them by size. */
-void load_extras(afl_state_t* afl, u8* dir) {
+void load_extras(afl_state_t *afl, u8 *dir) {
- DIR* d;
- struct dirent* de;
- u32 min_len = MAX_DICT_FILE, max_len = 0, dict_level = 0;
- u8* x;
+ DIR *d;
+ struct dirent *de;
+ u32 min_len = MAX_DICT_FILE, max_len = 0, dict_level = 0;
+ u8 *x;
/* If the name ends with @, extract level and continue. */
@@ -222,8 +224,8 @@ void load_extras(afl_state_t* afl, u8* dir) {
while ((de = readdir(d))) {
struct stat st;
- u8* fn = alloc_printf("%s/%s", dir, de->d_name);
- s32 fd;
+ u8 *fn = alloc_printf("%s/%s", dir, de->d_name);
+ s32 fd;
if (lstat(fn, &st) || access(fn, R_OK)) PFATAL("Unable to access '%s'", fn);
@@ -285,7 +287,7 @@ check_and_sort:
/* Helper function for maybe_add_auto(afl, ) */
-static inline u8 memcmp_nocase(u8* m1, u8* m2, u32 len) {
+static inline u8 memcmp_nocase(u8 *m1, u8 *m2, u32 len) {
while (len--)
if (tolower(*(m1++)) ^ tolower(*(m2++))) return 1;
@@ -295,7 +297,7 @@ static inline u8 memcmp_nocase(u8* m1, u8* m2, u32 len) {
/* Maybe add automatic extra. */
-void maybe_add_auto(afl_state_t* afl, u8* mem, u32 len) {
+void maybe_add_auto(afl_state_t *afl, u8 *mem, u32 len) {
u32 i;
@@ -317,8 +319,8 @@ void maybe_add_auto(afl_state_t* afl, u8* mem, u32 len) {
i = sizeof(interesting_16) >> 1;
while (i--)
- if (*((u16*)mem) == interesting_16[i] ||
- *((u16*)mem) == SWAP16(interesting_16[i]))
+ if (*((u16 *)mem) == interesting_16[i] ||
+ *((u16 *)mem) == SWAP16(interesting_16[i]))
return;
}
@@ -328,8 +330,8 @@ void maybe_add_auto(afl_state_t* afl, u8* mem, u32 len) {
i = sizeof(interesting_32) >> 2;
while (i--)
- if (*((u32*)mem) == interesting_32[i] ||
- *((u32*)mem) == SWAP32(interesting_32[i]))
+ if (*((u32 *)mem) == interesting_32[i] ||
+ *((u32 *)mem) == SWAP32(interesting_32[i]))
return;
}
@@ -402,7 +404,7 @@ sort_a_extras:
/* Save automatically generated extras. */
-void save_auto(afl_state_t* afl) {
+void save_auto(afl_state_t *afl) {
u32 i;
@@ -411,7 +413,7 @@ void save_auto(afl_state_t* afl) {
for (i = 0; i < MIN(USE_AUTO_EXTRAS, afl->a_extras_cnt); ++i) {
- u8* fn =
+ u8 *fn =
alloc_printf("%s/queue/.state/auto_extras/auto_%06u", afl->out_dir, i);
s32 fd;
@@ -430,14 +432,14 @@ void save_auto(afl_state_t* afl) {
/* Load automatically generated extras. */
-void load_auto(afl_state_t* afl) {
+void load_auto(afl_state_t *afl) {
u32 i;
for (i = 0; i < USE_AUTO_EXTRAS; ++i) {
u8 tmp[MAX_AUTO_EXTRA + 1];
- u8* fn = alloc_printf("%s/.state/auto_extras/auto_%06u", afl->in_dir, i);
+ u8 *fn = alloc_printf("%s/.state/auto_extras/auto_%06u", afl->in_dir, i);
s32 fd, len;
fd = open(fn, O_RDONLY, 0600);
@@ -474,7 +476,7 @@ void load_auto(afl_state_t* afl) {
/* Destroy extras. */
-void destroy_extras(afl_state_t* afl) {
+void destroy_extras(afl_state_t *afl) {
u32 i;
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index e7652e87..16049bb5 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -30,12 +30,12 @@
/* Build a list of processes bound to specific cores. Returns -1 if nothing
can be found. Assumes an upper bound of 4k CPUs. */
-void bind_to_free_cpu(afl_state_t* afl) {
+void bind_to_free_cpu(afl_state_t *afl) {
#if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__)
cpu_set_t c;
#elif defined(__NetBSD__)
- cpuset_t* c;
+ cpuset_t *c;
#endif
u8 cpu_used[4096] = {0};
@@ -51,8 +51,8 @@ void bind_to_free_cpu(afl_state_t* afl) {
}
#if defined(__linux__)
- DIR* d;
- struct dirent* de;
+ DIR *d;
+ struct dirent *de;
d = opendir("/proc");
if (!d) {
@@ -76,8 +76,8 @@ void bind_to_free_cpu(afl_state_t* afl) {
while ((de = readdir(d))) {
- u8* fn;
- FILE* f;
+ u8 *fn;
+ FILE *f;
u8 tmp[MAX_LINE];
u8 has_vmsize = 0;
@@ -118,7 +118,7 @@ void bind_to_free_cpu(afl_state_t* afl) {
closedir(d);
#elif defined(__FreeBSD__) || defined(__DragonFly__)
- struct kinfo_proc* procs;
+ struct kinfo_proc *procs;
size_t nprocs;
size_t proccount;
int s_name[] = {CTL_KERN, KERN_PROC, KERN_PROC_ALL};
@@ -151,7 +151,7 @@ void bind_to_free_cpu(afl_state_t* afl) {
ck_free(procs);
#elif defined(__NetBSD__)
- struct kinfo_proc2* procs;
+ struct kinfo_proc2 *procs;
size_t nprocs;
size_t proccount;
int s_name[] = {
@@ -272,11 +272,11 @@ cpuset_destroy(c);
/* Load postprocessor, if available. */
-void setup_post(afl_state_t* afl) {
+void setup_post(afl_state_t *afl) {
- void* dh;
- u8* fn = get_afl_env("AFL_POST_LIBRARY");
- u32 tlen = 6;
+ void *dh;
+ u8 *fn = get_afl_env("AFL_POST_LIBRARY");
+ u32 tlen = 6;
if (!fn) return;
@@ -298,14 +298,14 @@ void setup_post(afl_state_t* afl) {
/* Shuffle an array of pointers. Might be slightly biased. */
-static void shuffle_ptrs(afl_state_t* afl, void** ptrs, u32 cnt) {
+static void shuffle_ptrs(afl_state_t *afl, void **ptrs, u32 cnt) {
u32 i;
for (i = 0; i < cnt - 2; ++i) {
u32 j = i + UR(afl, cnt - i);
- void* s = ptrs[i];
+ void *s = ptrs[i];
ptrs[i] = ptrs[j];
ptrs[j] = s;
@@ -316,12 +316,12 @@ static void shuffle_ptrs(afl_state_t* afl, void** ptrs, u32 cnt) {
/* Read all testcases from the input directory, then queue them for testing.
Called at startup. */
-void read_testcases(afl_state_t* afl) {
+void read_testcases(afl_state_t *afl) {
- struct dirent** nl;
- s32 nl_cnt;
- u32 i;
- u8* fn1;
+ struct dirent **nl;
+ s32 nl_cnt;
+ u32 i;
+ u8 *fn1;
/* Auto-detect non-in-place resumption attempts. */
@@ -359,7 +359,7 @@ void read_testcases(afl_state_t* afl) {
if (afl->shuffle_queue && nl_cnt > 1) {
ACTF("Shuffling queue...");
- shuffle_ptrs(afl, (void**)nl, nl_cnt);
+ shuffle_ptrs(afl, (void **)nl, nl_cnt);
}
@@ -367,8 +367,8 @@ void read_testcases(afl_state_t* afl) {
struct stat st;
- u8* fn2 = alloc_printf("%s/%s", afl->in_dir, nl[i]->d_name);
- u8* dfn = alloc_printf("%s/.state/deterministic_done/%s", afl->in_dir,
+ u8 *fn2 = alloc_printf("%s/%s", afl->in_dir, nl[i]->d_name);
+ u8 *dfn = alloc_printf("%s/.state/deterministic_done/%s", afl->in_dir,
nl[i]->d_name);
u8 passed_det = 0;
@@ -428,7 +428,7 @@ void read_testcases(afl_state_t* afl) {
/* Examine map coverage. Called once, for first test case. */
-static void check_map_coverage(afl_state_t* afl) {
+static void check_map_coverage(afl_state_t *afl) {
u32 i;
@@ -444,19 +444,19 @@ static void check_map_coverage(afl_state_t* afl) {
/* Perform dry run of all test cases to confirm that the app is working as
expected. This is done only for the initial inputs, and only once. */
-void perform_dry_run(afl_state_t* afl) {
+void perform_dry_run(afl_state_t *afl) {
- struct queue_entry* q = afl->queue;
- u32 cal_failures = 0;
- u8* skip_crashes = get_afl_env("AFL_SKIP_CRASHES");
+ struct queue_entry *q = afl->queue;
+ u32 cal_failures = 0;
+ u8 *skip_crashes = get_afl_env("AFL_SKIP_CRASHES");
while (q) {
- u8* use_mem;
+ u8 *use_mem;
u8 res;
s32 fd;
- u8* fn = strrchr(q->fname, '/') + 1;
+ u8 *fn = strrchr(q->fname, '/') + 1;
ACTF("Attempting dry run with '%s'...", fn);
@@ -673,11 +673,11 @@ void perform_dry_run(afl_state_t* afl) {
/* Helper function: link() if possible, copy otherwise. */
-static void link_or_copy(u8* old_path, u8* new_path) {
+static void link_or_copy(u8 *old_path, u8 *new_path) {
s32 i = link(old_path, new_path);
s32 sfd, dfd;
- u8* tmp;
+ u8 *tmp;
if (!i) return;
@@ -703,9 +703,9 @@ static void link_or_copy(u8* old_path, u8* new_path) {
/* Create hard links for input test cases in the output directory, choosing
good names and pivoting accordingly. */
-void pivot_inputs(afl_state_t* afl) {
+void pivot_inputs(afl_state_t *afl) {
- struct queue_entry* q = afl->queue;
+ struct queue_entry *q = afl->queue;
u32 id = 0;
ACTF("Creating hard links for all input files...");
@@ -727,7 +727,7 @@ void pivot_inputs(afl_state_t* afl) {
if (!strncmp(rsl, CASE_PREFIX, 3) &&
sscanf(rsl + 3, "%06u", &orig_id) == 1 && orig_id == id) {
- u8* src_str;
+ u8 *src_str;
u32 src_id;
afl->resuming_fuzz = 1;
@@ -740,7 +740,7 @@ void pivot_inputs(afl_state_t* afl) {
if (src_str && sscanf(src_str + 1, "%06u", &src_id) == 1) {
- struct queue_entry* s = afl->queue;
+ struct queue_entry *s = afl->queue;
while (src_id-- && s)
s = s->next;
if (s) q->depth = s->depth + 1;
@@ -756,7 +756,7 @@ void pivot_inputs(afl_state_t* afl) {
#ifndef SIMPLE_FILES
- u8* use_name = strstr(rsl, ",orig:");
+ u8 *use_name = strstr(rsl, ",orig:");
if (use_name)
use_name += 6;
@@ -795,7 +795,7 @@ void pivot_inputs(afl_state_t* afl) {
/* When resuming, try to find the queue position to start from. This makes sense
only when resuming, and when we can find the original fuzzer_stats. */
-u32 find_start_position(afl_state_t* afl) {
+u32 find_start_position(afl_state_t *afl) {
static u8 tmp[4096]; /* Ought to be enough for anybody. */
@@ -832,7 +832,7 @@ u32 find_start_position(afl_state_t* afl) {
-t given, we don't want to keep auto-scaling the timeout over and over
again to prevent it from growing due to random flukes. */
-void find_timeout(afl_state_t* afl) {
+void find_timeout(afl_state_t *afl) {
static u8 tmp[4096]; /* Ought to be enough for anybody. */
@@ -870,10 +870,10 @@ void find_timeout(afl_state_t* afl) {
/* A helper function for handle_existing_out_dir(), deleting all prefixed
files in a directory. */
-static u8 delete_files(u8* path, u8* prefix) {
+static u8 delete_files(u8 *path, u8 *prefix) {
- DIR* d;
- struct dirent* d_ent;
+ DIR *d;
+ struct dirent *d_ent;
d = opendir(path);
@@ -884,7 +884,7 @@ static u8 delete_files(u8* path, u8* prefix) {
if (d_ent->d_name[0] != '.' &&
(!prefix || !strncmp(d_ent->d_name, prefix, strlen(prefix)))) {
- u8* fname = alloc_printf("%s/%s", path, d_ent->d_name);
+ u8 *fname = alloc_printf("%s/%s", path, d_ent->d_name);
if (unlink(fname)) PFATAL("Unable to delete '%s'", fname);
ck_free(fname);
@@ -919,7 +919,7 @@ double get_runnable_processes(void) {
computed in funny ways and sometimes don't reflect extremely short-lived
processes well. */
- FILE* f = fopen("/proc/stat", "r");
+ FILE *f = fopen("/proc/stat", "r");
u8 tmp[1024];
u32 val = 0;
@@ -954,9 +954,9 @@ double get_runnable_processes(void) {
/* Delete the temporary directory used for in-place session resume. */
-void nuke_resume_dir(afl_state_t* afl) {
+void nuke_resume_dir(afl_state_t *afl) {
- u8* fn;
+ u8 *fn;
fn = alloc_printf("%s/_resume/.state/deterministic_done", afl->out_dir);
if (delete_files(fn, CASE_PREFIX)) goto dir_cleanup_failed;
@@ -994,10 +994,10 @@ dir_cleanup_failed:
is not currently running, and if the last run time isn't too great.
Resume fuzzing if `-` is set as in_dir or if AFL_AUTORESUME is set */
-static void handle_existing_out_dir(afl_state_t* afl) {
+static void handle_existing_out_dir(afl_state_t *afl) {
- FILE* f;
- u8* fn = alloc_printf("%s/fuzzer_stats", afl->out_dir);
+ FILE *f;
+ u8 *fn = alloc_printf("%s/fuzzer_stats", afl->out_dir);
/* See if the output directory is locked. If yes, bail out. If not,
create a lock that will persist for the lifetime of the process
@@ -1084,7 +1084,7 @@ static void handle_existing_out_dir(afl_state_t* afl) {
if (afl->in_place_resume) {
- u8* orig_q = alloc_printf("%s/queue", afl->out_dir);
+ u8 *orig_q = alloc_printf("%s/queue", afl->out_dir);
afl->in_dir = alloc_printf("%s/_resume", afl->out_dir);
@@ -1161,17 +1161,17 @@ static void handle_existing_out_dir(afl_state_t* afl) {
if (afl->in_place_resume && rmdir(fn)) {
time_t cur_t = time(0);
- struct tm* t = localtime(&cur_t);
+ struct tm *t = localtime(&cur_t);
#ifndef SIMPLE_FILES
- u8* nfn = alloc_printf("%s.%04d-%02d-%02d-%02d:%02d:%02d", fn,
+ u8 *nfn = alloc_printf("%s.%04d-%02d-%02d-%02d:%02d:%02d", fn,
t->tm_year + 1900, t->tm_mon + 1, t->tm_mday,
t->tm_hour, t->tm_min, t->tm_sec);
#else
- u8* nfn = alloc_printf("%s_%04d%02d%02d%02d%02d%02d", fn, t->tm_year + 1900,
+ u8 *nfn = alloc_printf("%s_%04d%02d%02d%02d%02d%02d", fn, t->tm_year + 1900,
t->tm_mon + 1, t->tm_mday, t->tm_hour, t->tm_min,
t->tm_sec);
@@ -1192,17 +1192,17 @@ static void handle_existing_out_dir(afl_state_t* afl) {
if (afl->in_place_resume && rmdir(fn)) {
time_t cur_t = time(0);
- struct tm* t = localtime(&cur_t);
+ struct tm *t = localtime(&cur_t);
#ifndef SIMPLE_FILES
- u8* nfn = alloc_printf("%s.%04d-%02d-%02d-%02d:%02d:%02d", fn,
+ u8 *nfn = alloc_printf("%s.%04d-%02d-%02d-%02d:%02d:%02d", fn,
t->tm_year + 1900, t->tm_mon + 1, t->tm_mday,
t->tm_hour, t->tm_min, t->tm_sec);
#else
- u8* nfn = alloc_printf("%s_%04d%02d%02d%02d%02d%02d", fn, t->tm_year + 1900,
+ u8 *nfn = alloc_printf("%s_%04d%02d%02d%02d%02d%02d", fn, t->tm_year + 1900,
t->tm_mon + 1, t->tm_mday, t->tm_hour, t->tm_min,
t->tm_sec);
@@ -1278,9 +1278,9 @@ dir_cleanup_failed:
/* Prepare output directories and fds. */
-void setup_dirs_fds(afl_state_t* afl) {
+void setup_dirs_fds(afl_state_t *afl) {
- u8* tmp;
+ u8 *tmp;
s32 fd;
ACTF("Setting up output directories...");
@@ -1402,13 +1402,13 @@ void setup_dirs_fds(afl_state_t* afl) {
}
-void setup_cmdline_file(afl_state_t* afl, char** argv) {
+void setup_cmdline_file(afl_state_t *afl, char **argv) {
- u8* tmp;
+ u8 *tmp;
s32 fd;
u32 i = 0;
- FILE* cmdline_file = NULL;
+ FILE *cmdline_file = NULL;
/* Store the command line to reproduce our findings */
tmp = alloc_printf("%s/cmdline", afl->out_dir);
@@ -1432,9 +1432,9 @@ void setup_cmdline_file(afl_state_t* afl, char** argv) {
/* Setup the output file for fuzzed data, if not using -f. */
-void setup_stdio_file(afl_state_t* afl) {
+void setup_stdio_file(afl_state_t *afl) {
- u8* fn;
+ u8 *fn;
if (afl->file_extension) {
fn = alloc_printf("%s/.cur_input.%s", afl->tmp_dir, afl->file_extension);
@@ -1531,10 +1531,10 @@ void check_crash_handling(void) {
/* Check CPU governor. */
-void check_cpu_governor(afl_state_t* afl) {
+void check_cpu_governor(afl_state_t *afl) {
#ifdef __linux__
- FILE* f;
+ FILE *f;
u8 tmp[128];
u64 min = 0, max = 0;
@@ -1654,7 +1654,7 @@ void check_cpu_governor(afl_state_t* afl) {
/* Count the number of logical CPU cores. */
-void get_core_count(afl_state_t* afl) {
+void get_core_count(afl_state_t *afl) {
#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || \
defined(__DragonFly__)
@@ -1684,7 +1684,7 @@ void get_core_count(afl_state_t* afl) {
#else
- FILE* f = fopen("/proc/stat", "r");
+ FILE *f = fopen("/proc/stat", "r");
u8 tmp[1024];
if (!f) return;
@@ -1742,9 +1742,9 @@ void get_core_count(afl_state_t* afl) {
/* Validate and fix up afl->out_dir and sync_dir when using -S. */
-void fix_up_sync(afl_state_t* afl) {
+void fix_up_sync(afl_state_t *afl) {
- u8* x = afl->sync_id;
+ u8 *x = afl->sync_id;
if (afl->dumb_mode) FATAL("-S / -M and -n are mutually exclusive");
@@ -1793,7 +1793,7 @@ static void handle_resize(int sig) {
void check_asan_opts(void) {
- u8* x = get_afl_env("ASAN_OPTIONS");
+ u8 *x = get_afl_env("ASAN_OPTIONS");
if (x) {
@@ -1849,13 +1849,13 @@ static void handle_skipreq(int sig) {
isn't a shell script - a common and painful mistake. We also check for
a valid ELF header and for evidence of AFL instrumentation. */
-void check_binary(afl_state_t* afl, u8* fname) {
+void check_binary(afl_state_t *afl, u8 *fname) {
- u8* env_path = 0;
+ u8 *env_path = 0;
struct stat st;
s32 fd;
- u8* f_data;
+ u8 *f_data;
u32 f_len = 0;
ACTF("Validating target binary...");
@@ -2042,7 +2042,7 @@ void check_binary(afl_state_t* afl, u8* fname) {
/* Trim and possibly create a banner for the run. */
-void fix_up_banner(afl_state_t* afl, u8* name) {
+void fix_up_banner(afl_state_t *afl, u8 *name) {
if (!afl->use_banner) {
@@ -2052,7 +2052,7 @@ void fix_up_banner(afl_state_t* afl, u8* name) {
} else {
- u8* trim = strrchr(name, '/');
+ u8 *trim = strrchr(name, '/');
if (!trim)
afl->use_banner = name;
else
@@ -2064,7 +2064,7 @@ void fix_up_banner(afl_state_t* afl, u8* name) {
if (strlen(afl->use_banner) > 32) {
- u8* tmp = ck_alloc(36);
+ u8 *tmp = ck_alloc(36);
sprintf(tmp, "%.32s...", afl->use_banner);
afl->use_banner = tmp;
@@ -2074,7 +2074,7 @@ void fix_up_banner(afl_state_t* afl, u8* name) {
/* Check if we're on TTY. */
-void check_if_tty(afl_state_t* afl) {
+void check_if_tty(afl_state_t *afl) {
struct winsize ws;
@@ -2148,10 +2148,10 @@ void setup_signal_handlers(void) {
/* Make a copy of the current command line. */
-void save_cmdline(afl_state_t* afl, u32 argc, char** argv) {
+void save_cmdline(afl_state_t *afl, u32 argc, char **argv) {
u32 len = 1, i;
- u8* buf;
+ u8 *buf;
for (i = 0; i < argc; ++i)
len += strlen(argv[i]) + 1;
diff --git a/src/afl-fuzz-misc.c b/src/afl-fuzz-misc.c
index 0da0cb0a..29e8bd82 100644
--- a/src/afl-fuzz-misc.c
+++ b/src/afl-fuzz-misc.c
@@ -29,7 +29,7 @@
returned should be five characters or less for all the integers we reasonably
expect to see. */
-u8* DI(u64 val) {
+u8 *DI(u64 val) {
static u8 tmp[12][16];
static u8 cur;
@@ -90,7 +90,7 @@ u8* DI(u64 val) {
/* Describe float. Similar to the above, except with a single
static buffer. */
-u8* DF(double val) {
+u8 *DF(double val) {
static u8 tmp[16];
@@ -114,7 +114,7 @@ u8* DF(double val) {
/* Describe integer as memory size. */
-u8* DMS(u64 val) {
+u8 *DMS(u64 val) {
static u8 tmp[12][16];
static u8 cur;
@@ -164,7 +164,7 @@ u8* DMS(u64 val) {
/* Describe time delta. Returns one static buffer, 34 chars of less. */
-u8* DTD(u64 cur_ms, u64 event_ms) {
+u8 *DTD(u64 cur_ms, u64 event_ms) {
static u8 tmp[64];
u64 delta;
diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c
index 02d7661e..159b40c3 100644
--- a/src/afl-fuzz-mutators.c
+++ b/src/afl-fuzz-mutators.c
@@ -25,15 +25,15 @@
#include "afl-fuzz.h"
-void load_custom_mutator(afl_state_t*, const char*);
+void load_custom_mutator(afl_state_t *, const char *);
#ifdef USE_PYTHON
-void load_custom_mutator_py(afl_state_t*, const char*);
+void load_custom_mutator_py(afl_state_t *, const char *);
#endif
-void setup_custom_mutator(afl_state_t* afl) {
+void setup_custom_mutator(afl_state_t *afl) {
/* Try mutator library first */
- u8* fn = getenv("AFL_CUSTOM_MUTATOR_LIBRARY");
+ u8 *fn = getenv("AFL_CUSTOM_MUTATOR_LIBRARY");
if (fn) {
@@ -51,7 +51,7 @@ void setup_custom_mutator(afl_state_t* afl) {
/* Try Python module */
#ifdef USE_PYTHON
- u8* module_name = getenv("AFL_PYTHON_MODULE");
+ u8 *module_name = getenv("AFL_PYTHON_MODULE");
if (module_name) {
@@ -75,7 +75,7 @@ void setup_custom_mutator(afl_state_t* afl) {
}
-void destroy_custom_mutator(afl_state_t* afl) {
+void destroy_custom_mutator(afl_state_t *afl) {
if (afl->mutator) {
@@ -96,9 +96,9 @@ void destroy_custom_mutator(afl_state_t* afl) {
}
-void load_custom_mutator(afl_state_t* afl, const char* fn) {
+void load_custom_mutator(afl_state_t *afl, const char *fn) {
- void* dh;
+ void *dh;
afl->mutator = ck_alloc(sizeof(struct custom_mutator));
afl->mutator->name = fn;
@@ -190,7 +190,7 @@ void load_custom_mutator(afl_state_t* afl, const char* fn) {
}
-u8 trim_case_custom(afl_state_t* afl, struct queue_entry* q, u8* in_buf) {
+u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
static u8 tmp[64];
static u8 clean_trace[MAP_SIZE];
@@ -216,7 +216,7 @@ u8 trim_case_custom(afl_state_t* afl, struct queue_entry* q, u8* in_buf) {
u32 cksum;
- u8* retbuf = NULL;
+ u8 *retbuf = NULL;
size_t retlen = 0;
afl->mutator->afl_custom_trim(afl, &retbuf, &retlen);
@@ -312,9 +312,9 @@ abort_trimming:
}
#ifdef USE_PYTHON
-void load_custom_mutator_py(afl_state_t* afl, const char* module_name) {
+void load_custom_mutator_py(afl_state_t *afl, const char *module_name) {
- PyObject** py_functions = afl->py_functions;
+ PyObject **py_functions = afl->py_functions;
afl->mutator = ck_alloc(sizeof(struct custom_mutator));
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index aefcb231..8e88693c 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -27,7 +27,7 @@
/* MOpt */
-int select_algorithm(afl_state_t* afl) {
+int select_algorithm(afl_state_t *afl) {
int i_puppet, j_puppet;
@@ -62,7 +62,7 @@ int select_algorithm(afl_state_t* afl) {
/* Helper to choose random block len for block operations in fuzz_one().
Doesn't return zero, provided that max_len is > 0. */
-static u32 choose_block_len(afl_state_t* afl, u32 limit) {
+static u32 choose_block_len(afl_state_t *afl, u32 limit) {
u32 min_value, max_value;
u32 rlim = MIN(afl->queue_cycle, 3);
@@ -305,7 +305,7 @@ static u8 could_be_interest(u32 old_val, u32 new_val, u8 blen, u8 check_le) {
/* Helper function to compare buffers; returns first and last differing offset.
We use this to find reasonable locations for splicing two files. */
-static void locate_diffs(u8* ptr1, u8* ptr2, u32 len, s32* first, s32* last) {
+static void locate_diffs(u8 *ptr1, u8 *ptr2, u32 len, s32 *first, s32 *last) {
s32 f_loc = -1;
s32 l_loc = -1;
@@ -335,7 +335,7 @@ static void locate_diffs(u8* ptr1, u8* ptr2, u32 len, s32* first, s32* last) {
function is a tad too long... returns 0 if fuzzed successfully, 1 if
skipped or bailed out. */
-u8 fuzz_one_original(afl_state_t* afl) {
+u8 fuzz_one_original(afl_state_t *afl) {
s32 len, fd, temp_len, i, j;
u8 *in_buf, *out_buf, *orig_in, *ex_tmp, *eff_map = 0;
@@ -538,7 +538,7 @@ u8 fuzz_one_original(afl_state_t* afl) {
#define FLIP_BIT(_ar, _b) \
do { \
\
- u8* _arf = (u8*)(_ar); \
+ u8 *_arf = (u8 *)(_ar); \
u32 _bf = (_b); \
_arf[(_bf) >> 3] ^= (128 >> ((_bf)&7)); \
\
@@ -820,12 +820,12 @@ u8 fuzz_one_original(afl_state_t* afl) {
afl->stage_cur_byte = i;
- *(u16*)(out_buf + i) ^= 0xFFFF;
+ *(u16 *)(out_buf + i) ^= 0xFFFF;
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
- *(u16*)(out_buf + i) ^= 0xFFFF;
+ *(u16 *)(out_buf + i) ^= 0xFFFF;
}
@@ -858,12 +858,12 @@ u8 fuzz_one_original(afl_state_t* afl) {
afl->stage_cur_byte = i;
- *(u32*)(out_buf + i) ^= 0xFFFFFFFF;
+ *(u32 *)(out_buf + i) ^= 0xFFFFFFFF;
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
- *(u32*)(out_buf + i) ^= 0xFFFFFFFF;
+ *(u32 *)(out_buf + i) ^= 0xFFFFFFFF;
}
@@ -963,7 +963,7 @@ skip_bitflip:
for (i = 0; i < len - 1; ++i) {
- u16 orig = *(u16*)(out_buf + i);
+ u16 orig = *(u16 *)(out_buf + i);
/* Let's consult the effector map... */
@@ -992,7 +992,7 @@ skip_bitflip:
if ((orig & 0xff) + j > 0xff && !could_be_bitflip(r1)) {
afl->stage_cur_val = j;
- *(u16*)(out_buf + i) = orig + j;
+ *(u16 *)(out_buf + i) = orig + j;
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -1004,7 +1004,7 @@ skip_bitflip:
if ((orig & 0xff) < j && !could_be_bitflip(r2)) {
afl->stage_cur_val = -j;
- *(u16*)(out_buf + i) = orig - j;
+ *(u16 *)(out_buf + i) = orig - j;
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -1020,7 +1020,7 @@ skip_bitflip:
if ((orig >> 8) + j > 0xff && !could_be_bitflip(r3)) {
afl->stage_cur_val = j;
- *(u16*)(out_buf + i) = SWAP16(SWAP16(orig) + j);
+ *(u16 *)(out_buf + i) = SWAP16(SWAP16(orig) + j);
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -1032,7 +1032,7 @@ skip_bitflip:
if ((orig >> 8) < j && !could_be_bitflip(r4)) {
afl->stage_cur_val = -j;
- *(u16*)(out_buf + i) = SWAP16(SWAP16(orig) - j);
+ *(u16 *)(out_buf + i) = SWAP16(SWAP16(orig) - j);
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -1041,7 +1041,7 @@ skip_bitflip:
--afl->stage_max;
- *(u16*)(out_buf + i) = orig;
+ *(u16 *)(out_buf + i) = orig;
}
@@ -1065,7 +1065,7 @@ skip_bitflip:
for (i = 0; i < len - 3; ++i) {
- u32 orig = *(u32*)(out_buf + i);
+ u32 orig = *(u32 *)(out_buf + i);
/* Let's consult the effector map... */
@@ -1093,7 +1093,7 @@ skip_bitflip:
if ((orig & 0xffff) + j > 0xffff && !could_be_bitflip(r1)) {
afl->stage_cur_val = j;
- *(u32*)(out_buf + i) = orig + j;
+ *(u32 *)(out_buf + i) = orig + j;
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -1105,7 +1105,7 @@ skip_bitflip:
if ((orig & 0xffff) < j && !could_be_bitflip(r2)) {
afl->stage_cur_val = -j;
- *(u32*)(out_buf + i) = orig - j;
+ *(u32 *)(out_buf + i) = orig - j;
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -1121,7 +1121,7 @@ skip_bitflip:
if ((SWAP32(orig) & 0xffff) + j > 0xffff && !could_be_bitflip(r3)) {
afl->stage_cur_val = j;
- *(u32*)(out_buf + i) = SWAP32(SWAP32(orig) + j);
+ *(u32 *)(out_buf + i) = SWAP32(SWAP32(orig) + j);
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -1133,7 +1133,7 @@ skip_bitflip:
if ((SWAP32(orig) & 0xffff) < j && !could_be_bitflip(r4)) {
afl->stage_cur_val = -j;
- *(u32*)(out_buf + i) = SWAP32(SWAP32(orig) - j);
+ *(u32 *)(out_buf + i) = SWAP32(SWAP32(orig) - j);
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -1142,7 +1142,7 @@ skip_bitflip:
--afl->stage_max;
- *(u32*)(out_buf + i) = orig;
+ *(u32 *)(out_buf + i) = orig;
}
@@ -1227,7 +1227,7 @@ skip_arith:
for (i = 0; i < len - 1; ++i) {
- u16 orig = *(u16*)(out_buf + i);
+ u16 orig = *(u16 *)(out_buf + i);
/* Let's consult the effector map... */
@@ -1253,7 +1253,7 @@ skip_arith:
afl->stage_val_type = STAGE_VAL_LE;
- *(u16*)(out_buf + i) = interesting_16[j];
+ *(u16 *)(out_buf + i) = interesting_16[j];
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -1269,7 +1269,7 @@ skip_arith:
afl->stage_val_type = STAGE_VAL_BE;
- *(u16*)(out_buf + i) = SWAP16(interesting_16[j]);
+ *(u16 *)(out_buf + i) = SWAP16(interesting_16[j]);
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -1279,7 +1279,7 @@ skip_arith:
}
- *(u16*)(out_buf + i) = orig;
+ *(u16 *)(out_buf + i) = orig;
}
@@ -1301,7 +1301,7 @@ skip_arith:
for (i = 0; i < len - 3; i++) {
- u32 orig = *(u32*)(out_buf + i);
+ u32 orig = *(u32 *)(out_buf + i);
/* Let's consult the effector map... */
@@ -1328,7 +1328,7 @@ skip_arith:
afl->stage_val_type = STAGE_VAL_LE;
- *(u32*)(out_buf + i) = interesting_32[j];
+ *(u32 *)(out_buf + i) = interesting_32[j];
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -1344,7 +1344,7 @@ skip_arith:
afl->stage_val_type = STAGE_VAL_BE;
- *(u32*)(out_buf + i) = SWAP32(interesting_32[j]);
+ *(u32 *)(out_buf + i) = SWAP32(interesting_32[j]);
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -1354,7 +1354,7 @@ skip_arith:
}
- *(u32*)(out_buf + i) = orig;
+ *(u32 *)(out_buf + i) = orig;
}
@@ -1565,9 +1565,9 @@ custom_mutator_stage:
for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) {
- struct queue_entry* target;
- u32 tid;
- u8* new_buf;
+ struct queue_entry *target;
+ u32 tid;
+ u8 *new_buf;
retry_external_pick:
/* Pick a random other queue entry for passing to external API */
@@ -1751,12 +1751,12 @@ havoc_stage:
if (UR(afl, 2)) {
- *(u16*)(out_buf + UR(afl, temp_len - 1)) =
+ *(u16 *)(out_buf + UR(afl, temp_len - 1)) =
interesting_16[UR(afl, sizeof(interesting_16) >> 1)];
} else {
- *(u16*)(out_buf + UR(afl, temp_len - 1)) =
+ *(u16 *)(out_buf + UR(afl, temp_len - 1)) =
SWAP16(interesting_16[UR(afl, sizeof(interesting_16) >> 1)]);
}
@@ -1771,12 +1771,12 @@ havoc_stage:
if (UR(afl, 2)) {
- *(u32*)(out_buf + UR(afl, temp_len - 3)) =
+ *(u32 *)(out_buf + UR(afl, temp_len - 3)) =
interesting_32[UR(afl, sizeof(interesting_32) >> 2)];
} else {
- *(u32*)(out_buf + UR(afl, temp_len - 3)) =
+ *(u32 *)(out_buf + UR(afl, temp_len - 3)) =
SWAP32(interesting_32[UR(afl, sizeof(interesting_32) >> 2)]);
}
@@ -1807,15 +1807,15 @@ havoc_stage:
u32 pos = UR(afl, temp_len - 1);
- *(u16*)(out_buf + pos) -= 1 + UR(afl, ARITH_MAX);
+ *(u16 *)(out_buf + pos) -= 1 + UR(afl, ARITH_MAX);
} else {
u32 pos = UR(afl, temp_len - 1);
u16 num = 1 + UR(afl, ARITH_MAX);
- *(u16*)(out_buf + pos) =
- SWAP16(SWAP16(*(u16*)(out_buf + pos)) - num);
+ *(u16 *)(out_buf + pos) =
+ SWAP16(SWAP16(*(u16 *)(out_buf + pos)) - num);
}
@@ -1831,15 +1831,15 @@ havoc_stage:
u32 pos = UR(afl, temp_len - 1);
- *(u16*)(out_buf + pos) += 1 + UR(afl, ARITH_MAX);
+ *(u16 *)(out_buf + pos) += 1 + UR(afl, ARITH_MAX);
} else {
u32 pos = UR(afl, temp_len - 1);
u16 num = 1 + UR(afl, ARITH_MAX);
- *(u16*)(out_buf + pos) =
- SWAP16(SWAP16(*(u16*)(out_buf + pos)) + num);
+ *(u16 *)(out_buf + pos) =
+ SWAP16(SWAP16(*(u16 *)(out_buf + pos)) + num);
}
@@ -1855,15 +1855,15 @@ havoc_stage:
u32 pos = UR(afl, temp_len - 3);
- *(u32*)(out_buf + pos) -= 1 + UR(afl, ARITH_MAX);
+ *(u32 *)(out_buf + pos) -= 1 + UR(afl, ARITH_MAX);
} else {
u32 pos = UR(afl, temp_len - 3);
u32 num = 1 + UR(afl, ARITH_MAX);
- *(u32*)(out_buf + pos) =
- SWAP32(SWAP32(*(u32*)(out_buf + pos)) - num);
+ *(u32 *)(out_buf + pos) =
+ SWAP32(SWAP32(*(u32 *)(out_buf + pos)) - num);
}
@@ -1879,15 +1879,15 @@ havoc_stage:
u32 pos = UR(afl, temp_len - 3);
- *(u32*)(out_buf + pos) += 1 + UR(afl, ARITH_MAX);
+ *(u32 *)(out_buf + pos) += 1 + UR(afl, ARITH_MAX);
} else {
u32 pos = UR(afl, temp_len - 3);
u32 num = 1 + UR(afl, ARITH_MAX);
- *(u32*)(out_buf + pos) =
- SWAP32(SWAP32(*(u32*)(out_buf + pos)) + num);
+ *(u32 *)(out_buf + pos) =
+ SWAP32(SWAP32(*(u32 *)(out_buf + pos)) + num);
}
@@ -1935,7 +1935,7 @@ havoc_stage:
u8 actually_clone = UR(afl, 4);
u32 clone_from, clone_to, clone_len;
- u8* new_buf;
+ u8 *new_buf;
if (actually_clone) {
@@ -2051,7 +2051,7 @@ havoc_stage:
case 16: {
u32 use_extra, extra_len, insert_at = UR(afl, temp_len + 1);
- u8* new_buf;
+ u8 *new_buf;
/* Insert an extra. Do the same dice-rolling stuff as for the
previous case. */
@@ -2162,10 +2162,10 @@ retry_splicing:
if (afl->use_splicing && splice_cycle++ < SPLICE_CYCLES &&
afl->queued_paths > 1 && afl->queue_cur->len > 1) {
- struct queue_entry* target;
- u32 tid, split_at;
- u8* new_buf;
- s32 f_diff, l_diff;
+ struct queue_entry *target;
+ u32 tid, split_at;
+ u8 *new_buf;
+ s32 f_diff, l_diff;
/* First of all, if we've modified in_buf for havoc, let's clean that
up... */
@@ -2275,12 +2275,12 @@ radamsa_stage:
orig_hit_cnt = afl->queued_paths + afl->unique_crashes;
/* Read the additional testcase into a new buffer. */
- u8* save_buf = ck_alloc_nozero(len);
+ u8 *save_buf = ck_alloc_nozero(len);
memcpy(save_buf, out_buf, len);
u32 max_len = len + choose_block_len(afl, HAVOC_BLK_XL);
- u8* new_buf = ck_alloc_nozero(max_len);
- u8* tmp_buf;
+ u8 *new_buf = ck_alloc_nozero(max_len);
+ u8 *tmp_buf;
for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) {
@@ -2352,7 +2352,7 @@ abandon_entry:
}
/* MOpt mode */
-u8 mopt_common_fuzzing(afl_state_t* afl, MOpt_globals_t MOpt_globals) {
+u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
if (!MOpt_globals.is_pilot_mode) {
@@ -2544,7 +2544,7 @@ u8 mopt_common_fuzzing(afl_state_t* afl, MOpt_globals_t MOpt_globals) {
#define FLIP_BIT(_ar, _b) \
do { \
\
- u8* _arf = (u8*)(_ar); \
+ u8 *_arf = (u8 *)(_ar); \
u32 _bf = (_b); \
_arf[(_bf) >> 3] ^= (128 >> ((_bf)&7)); \
\
@@ -2826,12 +2826,12 @@ u8 mopt_common_fuzzing(afl_state_t* afl, MOpt_globals_t MOpt_globals) {
afl->stage_cur_byte = i;
- *(u16*)(out_buf + i) ^= 0xFFFF;
+ *(u16 *)(out_buf + i) ^= 0xFFFF;
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
- *(u16*)(out_buf + i) ^= 0xFFFF;
+ *(u16 *)(out_buf + i) ^= 0xFFFF;
} /* for i = 0; i < len */
@@ -2864,12 +2864,12 @@ u8 mopt_common_fuzzing(afl_state_t* afl, MOpt_globals_t MOpt_globals) {
afl->stage_cur_byte = i;
- *(u32*)(out_buf + i) ^= 0xFFFFFFFF;
+ *(u32 *)(out_buf + i) ^= 0xFFFFFFFF;
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
- *(u32*)(out_buf + i) ^= 0xFFFFFFFF;
+ *(u32 *)(out_buf + i) ^= 0xFFFFFFFF;
} /* for i = 0; i < len - 3 */
@@ -2969,7 +2969,7 @@ skip_bitflip:
for (i = 0; i < len - 1; ++i) {
- u16 orig = *(u16*)(out_buf + i);
+ u16 orig = *(u16 *)(out_buf + i);
/* Let's consult the effector map... */
@@ -2998,7 +2998,7 @@ skip_bitflip:
if ((orig & 0xff) + j > 0xff && !could_be_bitflip(r1)) {
afl->stage_cur_val = j;
- *(u16*)(out_buf + i) = orig + j;
+ *(u16 *)(out_buf + i) = orig + j;
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -3010,7 +3010,7 @@ skip_bitflip:
if ((orig & 0xff) < j && !could_be_bitflip(r2)) {
afl->stage_cur_val = -j;
- *(u16*)(out_buf + i) = orig - j;
+ *(u16 *)(out_buf + i) = orig - j;
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -3026,7 +3026,7 @@ skip_bitflip:
if ((orig >> 8) + j > 0xff && !could_be_bitflip(r3)) {
afl->stage_cur_val = j;
- *(u16*)(out_buf + i) = SWAP16(SWAP16(orig) + j);
+ *(u16 *)(out_buf + i) = SWAP16(SWAP16(orig) + j);
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -3038,7 +3038,7 @@ skip_bitflip:
if ((orig >> 8) < j && !could_be_bitflip(r4)) {
afl->stage_cur_val = -j;
- *(u16*)(out_buf + i) = SWAP16(SWAP16(orig) - j);
+ *(u16 *)(out_buf + i) = SWAP16(SWAP16(orig) - j);
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -3047,7 +3047,7 @@ skip_bitflip:
--afl->stage_max;
- *(u16*)(out_buf + i) = orig;
+ *(u16 *)(out_buf + i) = orig;
}
@@ -3071,7 +3071,7 @@ skip_bitflip:
for (i = 0; i < len - 3; ++i) {
- u32 orig = *(u32*)(out_buf + i);
+ u32 orig = *(u32 *)(out_buf + i);
/* Let's consult the effector map... */
@@ -3099,7 +3099,7 @@ skip_bitflip:
if ((orig & 0xffff) + j > 0xffff && !could_be_bitflip(r1)) {
afl->stage_cur_val = j;
- *(u32*)(out_buf + i) = orig + j;
+ *(u32 *)(out_buf + i) = orig + j;
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -3111,7 +3111,7 @@ skip_bitflip:
if ((orig & 0xffff) < j && !could_be_bitflip(r2)) {
afl->stage_cur_val = -j;
- *(u32*)(out_buf + i) = orig - j;
+ *(u32 *)(out_buf + i) = orig - j;
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -3127,7 +3127,7 @@ skip_bitflip:
if ((SWAP32(orig) & 0xffff) + j > 0xffff && !could_be_bitflip(r3)) {
afl->stage_cur_val = j;
- *(u32*)(out_buf + i) = SWAP32(SWAP32(orig) + j);
+ *(u32 *)(out_buf + i) = SWAP32(SWAP32(orig) + j);
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -3139,7 +3139,7 @@ skip_bitflip:
if ((SWAP32(orig) & 0xffff) < j && !could_be_bitflip(r4)) {
afl->stage_cur_val = -j;
- *(u32*)(out_buf + i) = SWAP32(SWAP32(orig) - j);
+ *(u32 *)(out_buf + i) = SWAP32(SWAP32(orig) - j);
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -3148,7 +3148,7 @@ skip_bitflip:
--afl->stage_max;
- *(u32*)(out_buf + i) = orig;
+ *(u32 *)(out_buf + i) = orig;
}
@@ -3233,7 +3233,7 @@ skip_arith:
for (i = 0; i < len - 1; ++i) {
- u16 orig = *(u16*)(out_buf + i);
+ u16 orig = *(u16 *)(out_buf + i);
/* Let's consult the effector map... */
@@ -3259,7 +3259,7 @@ skip_arith:
afl->stage_val_type = STAGE_VAL_LE;
- *(u16*)(out_buf + i) = interesting_16[j];
+ *(u16 *)(out_buf + i) = interesting_16[j];
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -3275,7 +3275,7 @@ skip_arith:
afl->stage_val_type = STAGE_VAL_BE;
- *(u16*)(out_buf + i) = SWAP16(interesting_16[j]);
+ *(u16 *)(out_buf + i) = SWAP16(interesting_16[j]);
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -3285,7 +3285,7 @@ skip_arith:
}
- *(u16*)(out_buf + i) = orig;
+ *(u16 *)(out_buf + i) = orig;
} /* for i = 0; i < len - 1 */
@@ -3307,7 +3307,7 @@ skip_arith:
for (i = 0; i < len - 3; ++i) {
- u32 orig = *(u32*)(out_buf + i);
+ u32 orig = *(u32 *)(out_buf + i);
/* Let's consult the effector map... */
@@ -3334,7 +3334,7 @@ skip_arith:
afl->stage_val_type = STAGE_VAL_LE;
- *(u32*)(out_buf + i) = interesting_32[j];
+ *(u32 *)(out_buf + i) = interesting_32[j];
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -3350,7 +3350,7 @@ skip_arith:
afl->stage_val_type = STAGE_VAL_BE;
- *(u32*)(out_buf + i) = SWAP32(interesting_32[j]);
+ *(u32 *)(out_buf + i) = SWAP32(interesting_32[j]);
if (common_fuzz_stuff(afl, out_buf, len)) goto abandon_entry;
++afl->stage_cur;
@@ -3360,7 +3360,7 @@ skip_arith:
}
- *(u32*)(out_buf + i) = orig;
+ *(u32 *)(out_buf + i) = orig;
} /* for i = 0; i < len - 3 */
@@ -3688,13 +3688,13 @@ pacemaker_fuzzing:
case 4:
if (temp_len < 8) break;
- *(u16*)(out_buf + UR(afl, temp_len - 1)) ^= 0xFFFF;
+ *(u16 *)(out_buf + UR(afl, temp_len - 1)) ^= 0xFFFF;
MOpt_globals.cycles_v2[STAGE_FLIP16] += 1;
break;
case 5:
if (temp_len < 8) break;
- *(u32*)(out_buf + UR(afl, temp_len - 3)) ^= 0xFFFFFFFF;
+ *(u32 *)(out_buf + UR(afl, temp_len - 3)) ^= 0xFFFFFFFF;
MOpt_globals.cycles_v2[STAGE_FLIP32] += 1;
break;
@@ -3710,14 +3710,14 @@ pacemaker_fuzzing:
if (UR(afl, 2)) {
u32 pos = UR(afl, temp_len - 1);
- *(u16*)(out_buf + pos) -= 1 + UR(afl, ARITH_MAX);
+ *(u16 *)(out_buf + pos) -= 1 + UR(afl, ARITH_MAX);
} else {
u32 pos = UR(afl, temp_len - 1);
u16 num = 1 + UR(afl, ARITH_MAX);
- *(u16*)(out_buf + pos) =
- SWAP16(SWAP16(*(u16*)(out_buf + pos)) - num);
+ *(u16 *)(out_buf + pos) =
+ SWAP16(SWAP16(*(u16 *)(out_buf + pos)) - num);
}
@@ -3725,14 +3725,14 @@ pacemaker_fuzzing:
if (UR(afl, 2)) {
u32 pos = UR(afl, temp_len - 1);
- *(u16*)(out_buf + pos) += 1 + UR(afl, ARITH_MAX);
+ *(u16 *)(out_buf + pos) += 1 + UR(afl, ARITH_MAX);
} else {
u32 pos = UR(afl, temp_len - 1);
u16 num = 1 + UR(afl, ARITH_MAX);
- *(u16*)(out_buf + pos) =
- SWAP16(SWAP16(*(u16*)(out_buf + pos)) + num);
+ *(u16 *)(out_buf + pos) =
+ SWAP16(SWAP16(*(u16 *)(out_buf + pos)) + num);
}
@@ -3745,14 +3745,14 @@ pacemaker_fuzzing:
if (UR(afl, 2)) {
u32 pos = UR(afl, temp_len - 3);
- *(u32*)(out_buf + pos) -= 1 + UR(afl, ARITH_MAX);
+ *(u32 *)(out_buf + pos) -= 1 + UR(afl, ARITH_MAX);
} else {
u32 pos = UR(afl, temp_len - 3);
u32 num = 1 + UR(afl, ARITH_MAX);
- *(u32*)(out_buf + pos) =
- SWAP32(SWAP32(*(u32*)(out_buf + pos)) - num);
+ *(u32 *)(out_buf + pos) =
+ SWAP32(SWAP32(*(u32 *)(out_buf + pos)) - num);
}
@@ -3761,14 +3761,14 @@ pacemaker_fuzzing:
if (UR(afl, 2)) {
u32 pos = UR(afl, temp_len - 3);
- *(u32*)(out_buf + pos) += 1 + UR(afl, ARITH_MAX);
+ *(u32 *)(out_buf + pos) += 1 + UR(afl, ARITH_MAX);
} else {
u32 pos = UR(afl, temp_len - 3);
u32 num = 1 + UR(afl, ARITH_MAX);
- *(u32*)(out_buf + pos) =
- SWAP32(SWAP32(*(u32*)(out_buf + pos)) + num);
+ *(u32 *)(out_buf + pos) =
+ SWAP32(SWAP32(*(u32 *)(out_buf + pos)) + num);
}
@@ -3788,12 +3788,12 @@ pacemaker_fuzzing:
if (temp_len < 8) break;
if (UR(afl, 2)) {
- *(u16*)(out_buf + UR(afl, temp_len - 1)) =
+ *(u16 *)(out_buf + UR(afl, temp_len - 1)) =
interesting_16[UR(afl, sizeof(interesting_16) >> 1)];
} else {
- *(u16*)(out_buf + UR(afl, temp_len - 1)) = SWAP16(
+ *(u16 *)(out_buf + UR(afl, temp_len - 1)) = SWAP16(
interesting_16[UR(afl, sizeof(interesting_16) >> 1)]);
}
@@ -3808,12 +3808,12 @@ pacemaker_fuzzing:
if (UR(afl, 2)) {
- *(u32*)(out_buf + UR(afl, temp_len - 3)) =
+ *(u32 *)(out_buf + UR(afl, temp_len - 3)) =
interesting_32[UR(afl, sizeof(interesting_32) >> 2)];
} else {
- *(u32*)(out_buf + UR(afl, temp_len - 3)) = SWAP32(
+ *(u32 *)(out_buf + UR(afl, temp_len - 3)) = SWAP32(
interesting_32[UR(afl, sizeof(interesting_32) >> 2)]);
}
@@ -3865,7 +3865,7 @@ pacemaker_fuzzing:
u8 actually_clone = UR(afl, 4);
u32 clone_from, clone_to, clone_len;
- u8* new_buf;
+ u8 *new_buf;
if (actually_clone) {
@@ -4020,9 +4020,9 @@ pacemaker_fuzzing:
if (afl->use_splicing && splice_cycle++ < afl->SPLICE_CYCLES_puppet &&
afl->queued_paths > 1 && afl->queue_cur->len > 1) {
- struct queue_entry* target;
+ struct queue_entry *target;
u32 tid, split_at;
- u8* new_buf;
+ u8 * new_buf;
s32 f_diff, l_diff;
/* First of all, if we've modified in_buf for havoc, let's clean that
@@ -4268,19 +4268,19 @@ pacemaker_fuzzing:
#undef FLIP_BIT
-u8 core_fuzzing(afl_state_t* afl) {
+u8 core_fuzzing(afl_state_t *afl) {
return mopt_common_fuzzing(afl, afl->mopt_globals_core);
}
-u8 pilot_fuzzing(afl_state_t* afl) {
+u8 pilot_fuzzing(afl_state_t *afl) {
return mopt_common_fuzzing(afl, afl->mopt_globals_pilot);
}
-void pso_updating(afl_state_t* afl) {
+void pso_updating(afl_state_t *afl) {
afl->g_now += 1;
if (afl->g_now > afl->g_max) afl->g_now = 0;
@@ -4358,14 +4358,14 @@ void pso_updating(afl_state_t* afl) {
to fuzz_one_original. All documentation references to fuzz_one therefore
mean fuzz_one_original */
-u8 fuzz_one(afl_state_t* afl) {
+u8 fuzz_one(afl_state_t *afl) {
int key_val_lv = 0;
#ifdef _AFL_DOCUMENT_MUTATIONS
if (afl->do_document == 0) {
- char* fn = alloc_printf("%s/mutations", afl->out_dir);
+ char *fn = alloc_printf("%s/mutations", afl->out_dir);
if (fn) {
afl->do_document = mkdir(fn, 0700); // if it exists we do not care
diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c
index 595c1ed0..cc565860 100644
--- a/src/afl-fuzz-python.c
+++ b/src/afl-fuzz-python.c
@@ -43,7 +43,7 @@ int init_py_module(afl_state_t *afl, u8 *module_name) {
afl->py_module = PyImport_Import(py_name);
Py_DECREF(py_name);
- PyObject * py_module = afl->py_module;
+ PyObject *py_module = afl->py_module;
PyObject **py_functions = afl->py_functions;
if (afl->py_module != NULL) {
diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c
index 988f1ace..37d18a2d 100644
--- a/src/afl-fuzz-queue.c
+++ b/src/afl-fuzz-queue.c
@@ -28,9 +28,9 @@
.state file to avoid repeating deterministic fuzzing when resuming aborted
scans. */
-void mark_as_det_done(afl_state_t* afl, struct queue_entry* q) {
+void mark_as_det_done(afl_state_t *afl, struct queue_entry *q) {
- u8* fn = strrchr(q->fname, '/');
+ u8 *fn = strrchr(q->fname, '/');
s32 fd;
fn = alloc_printf("%s/queue/.state/deterministic_done/%s", afl->out_dir,
@@ -49,7 +49,7 @@ void mark_as_det_done(afl_state_t* afl, struct queue_entry* q) {
/* Mark as variable. Create symlinks if possible to make it easier to examine
the files. */
-void mark_as_variable(afl_state_t* afl, struct queue_entry* q) {
+void mark_as_variable(afl_state_t *afl, struct queue_entry *q) {
u8 *fn = strrchr(q->fname, '/') + 1, *ldest;
@@ -74,9 +74,9 @@ void mark_as_variable(afl_state_t* afl, struct queue_entry* q) {
/* Mark / unmark as redundant (edge-only). This is not used for restoring state,
but may be useful for post-processing datasets. */
-void mark_as_redundant(afl_state_t* afl, struct queue_entry* q, u8 state) {
+void mark_as_redundant(afl_state_t *afl, struct queue_entry *q, u8 state) {
- u8* fn;
+ u8 *fn;
if (state == q->fs_redundant) return;
@@ -105,9 +105,9 @@ void mark_as_redundant(afl_state_t* afl, struct queue_entry* q, u8 state) {
/* Append new test case to the queue. */
-void add_to_queue(afl_state_t* afl, u8* fname, u32 len, u8 passed_det) {
+void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) {
- struct queue_entry* q = ck_alloc(sizeof(struct queue_entry));
+ struct queue_entry *q = ck_alloc(sizeof(struct queue_entry));
q->fname = fname;
q->len = len;
@@ -142,7 +142,7 @@ void add_to_queue(afl_state_t* afl, u8* fname, u32 len, u8 passed_det) {
if (afl->mutator && afl->mutator->afl_custom_queue_new_entry) {
- u8* fname_orig = NULL;
+ u8 *fname_orig = NULL;
/* At the initialization stage, queue_cur is NULL */
if (afl->queue_cur) fname_orig = afl->queue_cur->fname;
@@ -155,7 +155,7 @@ void add_to_queue(afl_state_t* afl, u8* fname, u32 len, u8 passed_det) {
/* Destroy the entire queue. */
-void destroy_queue(afl_state_t* afl) {
+void destroy_queue(afl_state_t *afl) {
struct queue_entry *q = afl->queue, *n;
@@ -182,7 +182,7 @@ void destroy_queue(afl_state_t* afl) {
previous contender, or if the contender has a more favorable speed x size
factor. */
-void update_bitmap_score(afl_state_t* afl, struct queue_entry* q) {
+void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) {
u32 i;
u64 fav_factor = q->exec_us * q->len;
@@ -251,9 +251,9 @@ void update_bitmap_score(afl_state_t* afl, struct queue_entry* q) {
until the next run. The favored entries are given more air time during
all fuzzing steps. */
-void cull_queue(afl_state_t* afl) {
+void cull_queue(afl_state_t *afl) {
- struct queue_entry* q;
+ struct queue_entry *q;
static u8 temp_v[MAP_SIZE >> 3];
u32 i;
@@ -312,7 +312,7 @@ void cull_queue(afl_state_t* afl) {
A helper function for fuzz_one(). Maybe some of these constants should
go into config.h. */
-u32 calculate_score(afl_state_t* afl, struct queue_entry* q) {
+u32 calculate_score(afl_state_t *afl, struct queue_entry *q) {
u32 avg_exec_us = afl->total_cal_us / afl->total_cal_cycles;
u32 avg_bitmap_size = afl->total_bitmap_size / afl->total_bitmap_entries;
@@ -405,7 +405,7 @@ u32 calculate_score(afl_state_t* afl, struct queue_entry* q) {
fuzz_total = 0;
n_paths = 0;
- struct queue_entry* queue_it = afl->queue;
+ struct queue_entry *queue_it = afl->queue;
while (queue_it) {
fuzz_total += queue_it->n_fuzz;
diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c
index e012c4c3..c910e75e 100644
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@@ -33,13 +33,13 @@ struct range {
u32 start;
u32 end;
- struct range* next;
+ struct range *next;
};
-struct range* add_range(struct range* ranges, u32 start, u32 end) {
+struct range *add_range(struct range *ranges, u32 start, u32 end) {
- struct range* r = ck_alloc_nozero(sizeof(struct range));
+ struct range *r = ck_alloc_nozero(sizeof(struct range));
r->start = start;
r->end = end;
r->next = ranges;
@@ -47,12 +47,12 @@ struct range* add_range(struct range* ranges, u32 start, u32 end) {
}
-struct range* pop_biggest_range(struct range** ranges) {
+struct range *pop_biggest_range(struct range **ranges) {
- struct range* r = *ranges;
- struct range* prev = NULL;
- struct range* rmax = NULL;
- struct range* prev_rmax = NULL;
+ struct range *r = *ranges;
+ struct range *prev = NULL;
+ struct range *rmax = NULL;
+ struct range *prev_rmax = NULL;
u32 max_size = 0;
while (r) {
@@ -84,7 +84,7 @@ struct range* pop_biggest_range(struct range** ranges) {
}
-static u8 get_exec_checksum(afl_state_t* afl, u8* buf, u32 len, u32* cksum) {
+static u8 get_exec_checksum(afl_state_t *afl, u8 *buf, u32 len, u32 *cksum) {
if (unlikely(common_fuzz_stuff(afl, buf, len))) return 1;
@@ -93,7 +93,7 @@ static u8 get_exec_checksum(afl_state_t* afl, u8* buf, u32 len, u32* cksum) {
}
-static void rand_replace(afl_state_t* afl, u8* buf, u32 len) {
+static void rand_replace(afl_state_t *afl, u8 *buf, u32 len) {
u32 i;
for (i = 0; i < len; ++i)
@@ -101,10 +101,10 @@ static void rand_replace(afl_state_t* afl, u8* buf, u32 len) {
}
-static u8 colorization(afl_state_t* afl, u8* buf, u32 len, u32 exec_cksum) {
+static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, u32 exec_cksum) {
- struct range* ranges = add_range(NULL, 0, len);
- u8* backup = ck_alloc_nozero(len);
+ struct range *ranges = add_range(NULL, 0, len);
+ u8 * backup = ck_alloc_nozero(len);
u8 needs_write = 0;
@@ -115,7 +115,7 @@ static u8 colorization(afl_state_t* afl, u8* buf, u32 len, u32 exec_cksum) {
afl->stage_short = "colorization";
afl->stage_max = 1000;
- struct range* rng;
+ struct range *rng;
afl->stage_cur = 0;
while ((rng = pop_biggest_range(&ranges)) != NULL &&
afl->stage_cur < afl->stage_max) {
@@ -205,7 +205,7 @@ checksum_fail:
///// Input to State replacement
-static u8 its_fuzz(afl_state_t* afl, u8* buf, u32 len, u8* status) {
+static u8 its_fuzz(afl_state_t *afl, u8 *buf, u32 len, u8 *status) {
u64 orig_hit_cnt, new_hit_cnt;
@@ -224,13 +224,13 @@ static u8 its_fuzz(afl_state_t* afl, u8* buf, u32 len, u8* status) {
}
-static u8 cmp_extend_encoding(afl_state_t* afl, struct cmp_header* h,
- u64 pattern, u64 repl, u32 idx, u8* orig_buf,
- u8* buf, u32 len, u8 do_reverse, u8* status) {
+static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h,
+ u64 pattern, u64 repl, u32 idx, u8 *orig_buf,
+ u8 *buf, u32 len, u8 do_reverse, u8 *status) {
- u64* buf_64 = (u64*)&buf[idx];
- u32* buf_32 = (u32*)&buf[idx];
- u16* buf_16 = (u16*)&buf[idx];
+ u64 *buf_64 = (u64 *)&buf[idx];
+ u32 *buf_32 = (u32 *)&buf[idx];
+ u16 *buf_16 = (u16 *)&buf[idx];
// u8* buf_8 = &buf[idx];
// u64* o_buf_64 = (u64*)&orig_buf[idx];
// u32* o_buf_32 = (u32*)&orig_buf[idx];
@@ -313,9 +313,9 @@ static u8 cmp_extend_encoding(afl_state_t* afl, struct cmp_header* h,
}
-static void try_to_add_to_dict(afl_state_t* afl, u64 v, u8 shape) {
+static void try_to_add_to_dict(afl_state_t *afl, u64 v, u8 shape) {
- u8* b = (u8*)&v;
+ u8 *b = (u8 *)&v;
u32 k;
u8 cons_ff = 0, cons_0 = 0;
@@ -332,7 +332,7 @@ static void try_to_add_to_dict(afl_state_t* afl, u64 v, u8 shape) {
}
- maybe_add_auto(afl, (u8*)&v, shape);
+ maybe_add_auto(afl, (u8 *)&v, shape);
u64 rev;
switch (shape) {
@@ -340,24 +340,24 @@ static void try_to_add_to_dict(afl_state_t* afl, u64 v, u8 shape) {
case 1: break;
case 2:
rev = SWAP16((u16)v);
- maybe_add_auto(afl, (u8*)&rev, shape);
+ maybe_add_auto(afl, (u8 *)&rev, shape);
break;
case 4:
rev = SWAP32((u32)v);
- maybe_add_auto(afl, (u8*)&rev, shape);
+ maybe_add_auto(afl, (u8 *)&rev, shape);
break;
case 8:
rev = SWAP64(v);
- maybe_add_auto(afl, (u8*)&rev, shape);
+ maybe_add_auto(afl, (u8 *)&rev, shape);
break;
}
}
-static u8 cmp_fuzz(afl_state_t* afl, u32 key, u8* orig_buf, u8* buf, u32 len) {
+static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u32 len) {
- struct cmp_header* h = &afl->shm.cmp_map->headers[key];
+ struct cmp_header *h = &afl->shm.cmp_map->headers[key];
u32 i, j, idx;
u32 loggeds = h->hits;
@@ -369,7 +369,7 @@ static u8 cmp_fuzz(afl_state_t* afl, u32 key, u8* orig_buf, u8* buf, u32 len) {
for (i = 0; i < loggeds; ++i) {
- struct cmp_operands* o = &afl->shm.cmp_map->log[key][i];
+ struct cmp_operands *o = &afl->shm.cmp_map->log[key][i];
// opt not in the paper
for (j = 0; j < i; ++j)
@@ -414,9 +414,9 @@ static u8 cmp_fuzz(afl_state_t* afl, u32 key, u8* orig_buf, u8* buf, u32 len) {
}
-static u8 rtn_extend_encoding(afl_state_t* afl, struct cmp_header* h,
- u8* pattern, u8* repl, u32 idx, u8* orig_buf,
- u8* buf, u32 len, u8* status) {
+static u8 rtn_extend_encoding(afl_state_t *afl, struct cmp_header *h,
+ u8 *pattern, u8 *repl, u32 idx, u8 *orig_buf,
+ u8 *buf, u32 len, u8 *status) {
u32 i;
u32 its_len = MIN(32, len - idx);
@@ -440,9 +440,9 @@ static u8 rtn_extend_encoding(afl_state_t* afl, struct cmp_header* h,
}
-static u8 rtn_fuzz(afl_state_t* afl, u32 key, u8* orig_buf, u8* buf, u32 len) {
+static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u32 len) {
- struct cmp_header* h = &afl->shm.cmp_map->headers[key];
+ struct cmp_header *h = &afl->shm.cmp_map->headers[key];
u32 i, j, idx;
u32 loggeds = h->hits;
@@ -454,12 +454,12 @@ static u8 rtn_fuzz(afl_state_t* afl, u32 key, u8* orig_buf, u8* buf, u32 len) {
for (i = 0; i < loggeds; ++i) {
- struct cmpfn_operands* o =
- &((struct cmpfn_operands*)afl->shm.cmp_map->log[key])[i];
+ struct cmpfn_operands *o =
+ &((struct cmpfn_operands *)afl->shm.cmp_map->log[key])[i];
// opt not in the paper
for (j = 0; j < i; ++j)
- if (!memcmp(&((struct cmpfn_operands*)afl->shm.cmp_map->log[key])[j], o,
+ if (!memcmp(&((struct cmpfn_operands *)afl->shm.cmp_map->log[key])[j], o,
sizeof(struct cmpfn_operands)))
goto rtn_fuzz_next_iter;
@@ -503,7 +503,7 @@ static u8 rtn_fuzz(afl_state_t* afl, u32 key, u8* orig_buf, u8* buf, u32 len) {
///// Input to State stage
// afl->queue_cur->exec_cksum
-u8 input_to_state_stage(afl_state_t* afl, u8* orig_buf, u8* buf, u32 len,
+u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len,
u32 exec_cksum) {
u8 r = 1;
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index 28abad65..527782e4 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -32,12 +32,12 @@
void timeout_handle(union sigval timer_data) {
- pid_t child_pid = timer_data.sival_int;
+ pid_t child_pid = timer_data.sival_int;
if (child_pid > 0) kill(child_pid, SIGKILL);
}
-u8 run_target(afl_state_t* afl, u32 timeout) {
+u8 run_target(afl_state_t *afl, u32 timeout) {
// static struct itimerval it;
struct sigevent timer_signal_event;
@@ -146,7 +146,7 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
/* Use a distinctive bitmap value to tell the parent about execv()
falling through. */
- *(u32*)afl->fsrv.trace_bits = EXEC_FAIL_SIG;
+ *(u32 *)afl->fsrv.trace_bits = EXEC_FAIL_SIG;
exit(0);
}
@@ -181,11 +181,7 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
timer_signal_event.sigev_value.sival_int = afl->fsrv.child_pid;
timer_status = timer_create(CLOCK_MONOTONIC, &timer_signal_event, &timer);
- if (timer_status == -1) {
-
- FATAL("Failed to create Timer");
-
- }
+ if (timer_status == -1) { FATAL("Failed to create Timer"); }
timer_period.it_value.tv_sec = (timeout / 1000);
timer_period.it_value.tv_nsec = (timeout % 1000) * 1000000;
@@ -203,13 +199,12 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
} else {
- FATAL("Failed to set the timer to the given timeout");
+ FATAL("Failed to set the timer to the given timeout");
}
}
-
/* The SIGALRM handler simply kills the afl->fsrv.child_pid and sets
* afl->fsrv.child_timed_out. */
@@ -221,6 +216,7 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
PFATAL("waitpid() failed");
}
+
} else {
s32 res;
@@ -261,11 +257,7 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
timer_period.it_value.tv_nsec / 1000000);
if (afl->slowest_exec_ms < exec_ms) afl->slowest_exec_ms = exec_ms;
- if (exec_ms >= timeout) {
-
- afl->fsrv.child_timed_out = 1;
-
- }
+ if (exec_ms >= timeout) { afl->fsrv.child_timed_out = 1; }
timer_period.it_value.tv_sec = 0;
timer_period.it_value.tv_nsec = 0;
@@ -289,12 +281,12 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
MEM_BARRIER();
- tb4 = *(u32*)afl->fsrv.trace_bits;
+ tb4 = *(u32 *)afl->fsrv.trace_bits;
#ifdef WORD_SIZE_64
- classify_counts((u64*)afl->fsrv.trace_bits);
+ classify_counts((u64 *)afl->fsrv.trace_bits);
#else
- classify_counts((u32*)afl->fsrv.trace_bits);
+ classify_counts((u32 *)afl->fsrv.trace_bits);
#endif /* ^WORD_SIZE_64 */
prev_timed_out = afl->fsrv.child_timed_out;
@@ -327,9 +319,9 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
return FAULT_NONE;
- handle_stop_soon:
- timer_delete(timer);
- return 0;
+handle_stop_soon:
+ timer_delete(timer);
+ return 0;
}
@@ -337,13 +329,13 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
old file is unlinked and a new one is created. Otherwise, afl->fsrv.out_fd is
rewound and truncated. */
-void write_to_testcase(afl_state_t* afl, void* mem, u32 len) {
+void write_to_testcase(afl_state_t *afl, void *mem, u32 len) {
s32 fd = afl->fsrv.out_fd;
#ifdef _AFL_DOCUMENT_MUTATIONS
s32 doc_fd;
- char* fn = alloc_printf("%s/mutations/%09u:%s", afl->out_dir,
+ char *fn = alloc_printf("%s/mutations/%09u:%s", afl->out_dir,
afl->document_counter++, describe_op(0));
if (fn != NULL) {
@@ -382,7 +374,7 @@ void write_to_testcase(afl_state_t* afl, void* mem, u32 len) {
if (afl->mutator && afl->mutator->afl_custom_pre_save) {
- u8* new_data;
+ u8 *new_data;
size_t new_size =
afl->mutator->afl_custom_pre_save(afl, mem, len, &new_data);
ck_write(fd, new_data, new_size, afl->fsrv.out_file);
@@ -407,7 +399,7 @@ void write_to_testcase(afl_state_t* afl, void* mem, u32 len) {
/* The same, but with an adjustable gap. Used for trimming. */
-static void write_with_gap(afl_state_t* afl, void* mem, u32 len, u32 skip_at,
+static void write_with_gap(afl_state_t *afl, void *mem, u32 len, u32 skip_at,
u32 skip_len) {
s32 fd = afl->fsrv.out_fd;
@@ -434,7 +426,7 @@ static void write_with_gap(afl_state_t* afl, void* mem, u32 len, u32 skip_at,
if (skip_at) ck_write(fd, mem, skip_at, afl->fsrv.out_file);
- u8* memu8 = mem;
+ u8 *memu8 = mem;
if (tail_len)
ck_write(fd, memu8 + skip_at + skip_len, tail_len, afl->fsrv.out_file);
@@ -453,7 +445,7 @@ static void write_with_gap(afl_state_t* afl, void* mem, u32 len, u32 skip_at,
to warn about flaky or otherwise problematic test cases early on; and when
new paths are discovered to detect variable behavior and so on. */
-u8 calibrate_case(afl_state_t* afl, struct queue_entry* q, u8* use_mem,
+u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
u32 handicap, u8 from_queue) {
static u8 first_trace[MAP_SIZE];
@@ -465,7 +457,7 @@ u8 calibrate_case(afl_state_t* afl, struct queue_entry* q, u8* use_mem,
s32 old_sc = afl->stage_cur, old_sm = afl->stage_max;
u32 use_tmout = afl->fsrv.exec_tmout;
- u8* old_sn = afl->stage_name;
+ u8 *old_sn = afl->stage_name;
/* Be a bit more generous about timeouts when resuming sessions, or when
trying to calibrate already-added finds. This helps avoid trouble due
@@ -612,11 +604,11 @@ abort_calibration:
/* Grab interesting test cases from other fuzzers. */
-void sync_fuzzers(afl_state_t* afl) {
+void sync_fuzzers(afl_state_t *afl) {
- DIR* sd;
- struct dirent* sd_ent;
- u32 sync_cnt = 0;
+ DIR *sd;
+ struct dirent *sd_ent;
+ u32 sync_cnt = 0;
sd = opendir(afl->sync_dir);
if (!sd) PFATAL("Unable to open '%s'", afl->sync_dir);
@@ -631,10 +623,10 @@ void sync_fuzzers(afl_state_t* afl) {
static u8 stage_tmp[128];
- DIR* qd;
- struct dirent* qd_ent;
- u8 * qd_path, *qd_synced_path;
- u32 min_accept = 0, next_min_accept;
+ DIR *qd;
+ struct dirent *qd_ent;
+ u8 *qd_path, *qd_synced_path;
+ u32 min_accept = 0, next_min_accept;
s32 id_fd;
@@ -679,8 +671,8 @@ void sync_fuzzers(afl_state_t* afl) {
while ((qd_ent = readdir(qd))) {
- u8* path;
- s32 fd;
+ u8 *path;
+ s32 fd;
struct stat st;
if (qd_ent->d_name[0] == '.' ||
@@ -713,7 +705,7 @@ void sync_fuzzers(afl_state_t* afl) {
if (st.st_size && st.st_size <= MAX_FILE) {
u8 fault;
- u8* mem = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
+ u8 *mem = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
if (mem == MAP_FAILED) PFATAL("Unable to mmap '%s'", path);
@@ -760,7 +752,7 @@ void sync_fuzzers(afl_state_t* afl) {
trimmer uses power-of-two increments somewhere between 1/16 and 1/1024 of
file size, to keep the stage short and sweet. */
-u8 trim_case(afl_state_t* afl, struct queue_entry* q, u8* in_buf) {
+u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
/* Custom mutator trimmer */
if (afl->mutator && afl->mutator->afl_custom_trim)
@@ -896,7 +888,7 @@ abort_trimming:
error conditions, returning 1 if it's time to bail out. This is
a helper function for fuzz_one(). */
-u8 common_fuzz_stuff(afl_state_t* afl, u8* out_buf, u32 len) {
+u8 common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) {
u8 fault;
diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c
index f2f6efb9..e03018a1 100644
--- a/src/afl-fuzz-stats.c
+++ b/src/afl-fuzz-stats.c
@@ -347,9 +347,9 @@ void show_stats(afl_state_t *afl) {
/* Lord, forgive me this. */
- SAYF(SET_G1 bSTG bLT bH bSTOP cCYA
+ SAYF(SET_G1 bSTG bLT bH bSTOP cCYA
" process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA
- " overall results " bSTG bH2 bH2 bRT "\n");
+ " overall results " bSTG bH2 bH2 bRT "\n");
if (afl->dumb_mode) {
@@ -429,9 +429,9 @@ void show_stats(afl_state_t *afl) {
" uniq hangs : " cRST "%-6s" bSTG bV "\n",
DTD(cur_ms, afl->last_hang_time), tmp);
- SAYF(bVR bH bSTOP cCYA
+ SAYF(bVR bH bSTOP cCYA
" cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA
- " map coverage " bSTG bH bHT bH20 bH2 bVL "\n");
+ " map coverage " bSTG bH bHT bH20 bH2 bVL "\n");
/* This gets funny because we want to print several variable-length variables
together, but then cram them into a fixed-width field - so we need to
@@ -460,9 +460,9 @@ void show_stats(afl_state_t *afl) {
SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp);
- SAYF(bVR bH bSTOP cCYA
+ SAYF(bVR bH bSTOP cCYA
" stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA
- " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n");
+ " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n");
sprintf(tmp, "%s (%0.02f%%)", DI(afl->queued_favored),
((double)afl->queued_favored) * 100 / afl->queued_paths);
@@ -533,7 +533,7 @@ void show_stats(afl_state_t *afl) {
/* Aaaalmost there... hold on! */
- SAYF(bVR bH cCYA bSTOP
+ SAYF(bVR bH cCYA bSTOP
" fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA
" path geometry " bSTG bH5 bH2 bVL "\n");
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 3483f02c..2082633f 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -27,7 +27,7 @@
u8 be_quiet = 0;
-static u8* get_libradamsa_path(u8* own_loc) {
+static u8 *get_libradamsa_path(u8 *own_loc) {
u8 *tmp, *cp, *rsl, *own_copy;
@@ -84,7 +84,7 @@ static u8* get_libradamsa_path(u8* own_loc) {
/* Display usage hints. */
-static void usage(afl_state_t* afl, u8* argv0, int more_help) {
+static void usage(afl_state_t *afl, u8 *argv0, int more_help) {
SAYF(
"\n%s [ options ] -- /path/to/fuzzed_app [ ... ]\n\n"
@@ -198,7 +198,7 @@ static void usage(afl_state_t* afl, u8* argv0, int more_help) {
#ifdef USE_PYTHON
SAYF("Compiled with %s module support, see docs/custom_mutator.md\n",
- (char*)PYTHON_VERSION);
+ (char *)PYTHON_VERSION);
#endif
SAYF("For additional help please consult %s/README.md\n\n", doc_path);
@@ -210,7 +210,7 @@ static void usage(afl_state_t* afl, u8* argv0, int more_help) {
#ifndef AFL_LIB
-static int stricmp(char const* a, char const* b) {
+static int stricmp(char const *a, char const *b) {
for (;; ++a, ++b) {
@@ -224,22 +224,22 @@ static int stricmp(char const* a, char const* b) {
/* Main entry point */
-int main(int argc, char** argv_orig, char** envp) {
+int main(int argc, char **argv_orig, char **envp) {
s32 opt;
u64 prev_queued = 0;
u32 sync_interval_cnt = 0, seek_to, show_help = 0;
- u8* extras_dir = 0;
+ u8 * extras_dir = 0;
u8 mem_limit_given = 0;
u8 exit_1 = !!get_afl_env("AFL_BENCH_JUST_ONE");
- char** use_argv;
+ char **use_argv;
struct timeval tv;
struct timezone tz;
- char** argv = argv_cpy_dup(argc, argv_orig);
+ char **argv = argv_cpy_dup(argc, argv_orig);
- afl_state_t* afl = calloc(1, sizeof(afl_state_t));
+ afl_state_t *afl = calloc(1, sizeof(afl_state_t));
if (!afl) { FATAL("Could not create afl state"); }
afl_state_init(afl);
@@ -248,7 +248,7 @@ int main(int argc, char** argv_orig, char** envp) {
SAYF(cCYA "afl-fuzz" VERSION cRST
" based on afl by Michal Zalewski and a big online community\n");
- doc_path = access(DOC_PATH, F_OK) ? (u8*)"docs" : doc_path;
+ doc_path = access(DOC_PATH, F_OK) ? (u8 *)"docs" : doc_path;
gettimeofday(&tv, &tz);
afl->init_seed = tv.tv_sec ^ tv.tv_usec ^ getpid();
@@ -337,7 +337,7 @@ int main(int argc, char** argv_orig, char** envp) {
case 'M': { /* master sync ID */
- u8* c;
+ u8 *c;
if (afl->sync_id) FATAL("Multiple -S or -M options not supported");
afl->sync_id = ck_strdup(optarg);
@@ -696,8 +696,8 @@ int main(int argc, char** argv_orig, char** envp) {
OKF("Using Radamsa add-on");
- u8* libradamsa_path = get_libradamsa_path(argv[0]);
- void* handle = dlopen(libradamsa_path, RTLD_NOW);
+ u8 * libradamsa_path = get_libradamsa_path(argv[0]);
+ void *handle = dlopen(libradamsa_path, RTLD_NOW);
ck_free(libradamsa_path);
if (!handle) FATAL("Failed to dlopen() libradamsa");
@@ -794,9 +794,9 @@ int main(int argc, char** argv_orig, char** envp) {
if (afl->qemu_mode) {
- u8* qemu_preload = getenv("QEMU_SET_ENV");
- u8* afl_preload = getenv("AFL_PRELOAD");
- u8* buf;
+ u8 *qemu_preload = getenv("QEMU_SET_ENV");
+ u8 *afl_preload = getenv("AFL_PRELOAD");
+ u8 *buf;
s32 i, afl_preload_size = strlen(afl_preload);
for (i = 0; i < afl_preload_size; ++i) {
@@ -926,7 +926,7 @@ int main(int argc, char** argv_orig, char** envp) {
u32 i = optind + 1;
while (argv[i]) {
- u8* aa_loc = strstr(argv[i], "@@");
+ u8 *aa_loc = strstr(argv[i], "@@");
if (aa_loc && !afl->fsrv.out_file) {
diff --git a/src/afl-gcc.c b/src/afl-gcc.c
index 033c1eea..bb3baf56 100644
--- a/src/afl-gcc.c
+++ b/src/afl-gcc.c
@@ -48,18 +48,18 @@
#include <stdlib.h>
#include <string.h>
-static u8* as_path; /* Path to the AFL 'as' wrapper */
-static u8** cc_params; /* Parameters passed to the real CC */
-static u32 cc_par_cnt = 1; /* Param count, including argv0 */
-static u8 be_quiet, /* Quiet mode */
+static u8 *as_path; /* Path to the AFL 'as' wrapper */
+static u8 **cc_params; /* Parameters passed to the real CC */
+static u32 cc_par_cnt = 1; /* Param count, including argv0 */
+static u8 be_quiet, /* Quiet mode */
clang_mode; /* Invoked as afl-clang*? */
/* Try to find our "fake" GNU assembler in AFL_PATH or at the location derived
from argv[0]. If that fails, abort. */
-static void find_as(u8* argv0) {
+static void find_as(u8 *argv0) {
- u8* afl_path = getenv("AFL_PATH");
+ u8 *afl_path = getenv("AFL_PATH");
u8 *slash, *tmp;
if (afl_path) {
@@ -82,7 +82,7 @@ static void find_as(u8* argv0) {
if (slash) {
- u8* dir;
+ u8 *dir;
*slash = 0;
dir = ck_strdup(argv0);
@@ -116,16 +116,16 @@ static void find_as(u8* argv0) {
/* Copy argv to cc_params, making the necessary edits. */
-static void edit_params(u32 argc, char** argv) {
+static void edit_params(u32 argc, char **argv) {
u8 fortify_set = 0, asan_set = 0;
- u8* name;
+ u8 *name;
#if defined(__FreeBSD__) && defined(WORD_SIZE_64)
u8 m32_set = 0;
#endif
- cc_params = ck_alloc((argc + 128) * sizeof(u8*));
+ cc_params = ck_alloc((argc + 128) * sizeof(u8 *));
name = strrchr(argv[0], '/');
if (!name)
@@ -141,13 +141,13 @@ static void edit_params(u32 argc, char** argv) {
if (!strcmp(name, "afl-clang++")) {
- u8* alt_cxx = getenv("AFL_CXX");
- cc_params[0] = alt_cxx ? alt_cxx : (u8*)"clang++";
+ u8 *alt_cxx = getenv("AFL_CXX");
+ cc_params[0] = alt_cxx ? alt_cxx : (u8 *)"clang++";
} else {
- u8* alt_cc = getenv("AFL_CC");
- cc_params[0] = alt_cc ? alt_cc : (u8*)"clang";
+ u8 *alt_cc = getenv("AFL_CC");
+ cc_params[0] = alt_cc ? alt_cc : (u8 *)"clang";
}
@@ -186,18 +186,18 @@ static void edit_params(u32 argc, char** argv) {
if (!strcmp(name, "afl-g++")) {
- u8* alt_cxx = getenv("AFL_CXX");
- cc_params[0] = alt_cxx ? alt_cxx : (u8*)"g++";
+ u8 *alt_cxx = getenv("AFL_CXX");
+ cc_params[0] = alt_cxx ? alt_cxx : (u8 *)"g++";
} else if (!strcmp(name, "afl-gcj")) {
- u8* alt_cc = getenv("AFL_GCJ");
- cc_params[0] = alt_cc ? alt_cc : (u8*)"gcj";
+ u8 *alt_cc = getenv("AFL_GCJ");
+ cc_params[0] = alt_cc ? alt_cc : (u8 *)"gcj";
} else {
- u8* alt_cc = getenv("AFL_CC");
- cc_params[0] = alt_cc ? alt_cc : (u8*)"gcc";
+ u8 *alt_cc = getenv("AFL_CC");
+ cc_params[0] = alt_cc ? alt_cc : (u8 *)"gcc";
}
@@ -207,7 +207,7 @@ static void edit_params(u32 argc, char** argv) {
while (--argc) {
- u8* cur = *(++argv);
+ u8 *cur = *(++argv);
if (!strncmp(cur, "-B", 2)) {
@@ -340,9 +340,9 @@ static void edit_params(u32 argc, char** argv) {
/* Main entry point */
-int main(int argc, char** argv) {
+int main(int argc, char **argv) {
- char* env_info =
+ char *env_info =
"Environment variables used by afl-gcc:\n"
"AFL_CC: path to the C compiler to use\n"
"AFL_CXX: path to the C++ compiler to use\n"
@@ -415,7 +415,7 @@ int main(int argc, char** argv) {
edit_params(argc, argv);
- execvp(cc_params[0], (char**)cc_params);
+ execvp(cc_params[0], (char **)cc_params);
FATAL("Oops, failed to execute '%s' - check your PATH", cc_params[0]);
diff --git a/src/afl-gotcpu.c b/src/afl-gotcpu.c
index 31455b66..70ed4dbc 100644
--- a/src/afl-gotcpu.c
+++ b/src/afl-gotcpu.c
@@ -129,7 +129,7 @@ repeat_loop:
/* Do the benchmark thing. */
-int main(int argc, char** argv) {
+int main(int argc, char **argv) {
if (argc > 1) {
@@ -165,7 +165,7 @@ int main(int argc, char** argv) {
CPU_ZERO(&c);
CPU_SET(i, &c);
#elif defined(__NetBSD__)
- cpuset_t* c;
+ cpuset_t *c;
c = cpuset_create();
if (c == NULL) PFATAL("cpuset_create failed");
diff --git a/src/afl-showmap.c b/src/afl-showmap.c
index 3122ab04..acddbbc7 100644
--- a/src/afl-showmap.c
+++ b/src/afl-showmap.c
@@ -61,13 +61,13 @@
u8 be_quiet;
-char* stdin_file; /* stdin file */
+char *stdin_file; /* stdin file */
u8 *in_dir, /* input folder */
*doc_path, /* Path to docs */
*at_file = NULL; /* Substitution string for @@ */
-static u8* in_data; /* Input data */
+static u8 *in_data; /* Input data */
static u32 total, highest; /* tuple content information */
@@ -111,7 +111,7 @@ static const u8 count_class_binary[256] = {
};
-static void classify_counts(u8* mem, const u8* map) {
+static void classify_counts(u8 *mem, const u8 *map) {
u32 i = MAP_SIZE;
@@ -147,7 +147,7 @@ static void at_exit_handler(void) {
/* Write results. */
-static u32 write_results_to_file(afl_forkserver_t* fsrv, u8* outfile) {
+static u32 write_results_to_file(afl_forkserver_t *fsrv, u8 *outfile) {
s32 fd;
u32 i, ret = 0;
@@ -183,7 +183,7 @@ static u32 write_results_to_file(afl_forkserver_t* fsrv, u8* outfile) {
} else {
- FILE* f = fdopen(fd, "w");
+ FILE *f = fdopen(fd, "w");
if (!f) PFATAL("fdopen() failed");
@@ -218,7 +218,7 @@ static u32 write_results_to_file(afl_forkserver_t* fsrv, u8* outfile) {
/* Write results. */
-static u32 write_results(afl_forkserver_t* fsrv) {
+static u32 write_results(afl_forkserver_t *fsrv) {
return write_results_to_file(fsrv, fsrv->out_file);
@@ -226,7 +226,7 @@ static u32 write_results(afl_forkserver_t* fsrv) {
/* Write output file. */
-static s32 write_to_file(u8* path, u8* mem, u32 len) {
+static s32 write_to_file(u8 *path, u8 *mem, u32 len) {
s32 ret;
@@ -248,7 +248,7 @@ static s32 write_to_file(u8* path, u8* mem, u32 len) {
is unlinked and a new one is created. Otherwise, out_fd is rewound and
truncated. */
-static void write_to_testcase(afl_forkserver_t* fsrv, void* mem, u32 len) {
+static void write_to_testcase(afl_forkserver_t *fsrv, void *mem, u32 len) {
lseek(fsrv->out_fd, 0, SEEK_SET);
ck_write(fsrv->out_fd, mem, len, fsrv->out_file);
@@ -260,7 +260,7 @@ static void write_to_testcase(afl_forkserver_t* fsrv, void* mem, u32 len) {
/* Execute target application. Returns 0 if the changes are a dud, or
1 if they should be kept. */
-static u8 run_target_forkserver(afl_forkserver_t* fsrv, char** argv, u8* mem,
+static u8 run_target_forkserver(afl_forkserver_t *fsrv, char **argv, u8 *mem,
u32 len) {
static struct itimerval it;
@@ -321,7 +321,7 @@ static u8 run_target_forkserver(afl_forkserver_t* fsrv, char** argv, u8* mem,
/* Clean up bitmap, analyze exit condition, etc. */
- if (*(u32*)fsrv->trace_bits == EXEC_FAIL_SIG)
+ if (*(u32 *)fsrv->trace_bits == EXEC_FAIL_SIG)
FATAL("Unable to execute '%s'", argv[0]);
classify_counts(fsrv->trace_bits,
@@ -356,7 +356,7 @@ static u8 run_target_forkserver(afl_forkserver_t* fsrv, char** argv, u8* mem,
/* Read initial file. */
-u32 read_file(u8* in_file) {
+u32 read_file(u8 *in_file) {
struct stat st;
s32 fd = open(in_file, O_RDONLY);
@@ -381,7 +381,7 @@ u32 read_file(u8* in_file) {
/* Execute target application. */
-static void run_target(afl_forkserver_t* fsrv, char** argv) {
+static void run_target(afl_forkserver_t *fsrv, char **argv) {
static struct itimerval it;
int status = 0;
@@ -404,7 +404,7 @@ static void run_target(afl_forkserver_t* fsrv, char** argv) {
if (fd < 0 || dup2(fd, 1) < 0 || dup2(fd, 2) < 0) {
- *(u32*)fsrv->trace_bits = EXEC_FAIL_SIG;
+ *(u32 *)fsrv->trace_bits = EXEC_FAIL_SIG;
PFATAL("Descriptor initialization failed");
}
@@ -442,7 +442,7 @@ static void run_target(afl_forkserver_t* fsrv, char** argv) {
execv(fsrv->target_path, argv);
- *(u32*)fsrv->trace_bits = EXEC_FAIL_SIG;
+ *(u32 *)fsrv->trace_bits = EXEC_FAIL_SIG;
exit(0);
}
@@ -470,7 +470,7 @@ static void run_target(afl_forkserver_t* fsrv, char** argv) {
/* Clean up bitmap, analyze exit condition, etc. */
- if (*(u32*)fsrv->trace_bits == EXEC_FAIL_SIG)
+ if (*(u32 *)fsrv->trace_bits == EXEC_FAIL_SIG)
FATAL("Unable to execute '%s'", argv[0]);
classify_counts(fsrv->trace_bits,
@@ -525,9 +525,9 @@ static void set_up_environment(void) {
if (qemu_mode) {
- u8* qemu_preload = getenv("QEMU_SET_ENV");
- u8* afl_preload = getenv("AFL_PRELOAD");
- u8* buf;
+ u8 *qemu_preload = getenv("QEMU_SET_ENV");
+ u8 *afl_preload = getenv("AFL_PRELOAD");
+ u8 *buf;
s32 i, afl_preload_size = strlen(afl_preload);
for (i = 0; i < afl_preload_size; ++i) {
@@ -597,7 +597,7 @@ static void show_banner(void) {
/* Display usage hints. */
-static void usage(u8* argv0) {
+static void usage(u8 *argv0) {
show_banner();
@@ -647,9 +647,9 @@ static void usage(u8* argv0) {
/* Find binary. */
-static void find_binary(afl_forkserver_t* fsrv, u8* fname) {
+static void find_binary(afl_forkserver_t *fsrv, u8 *fname) {
- u8* env_path = 0;
+ u8 *env_path = 0;
struct stat st;
if (strchr(fname, '/') || !(env_path = getenv("PATH"))) {
@@ -703,19 +703,19 @@ static void find_binary(afl_forkserver_t* fsrv, u8* fname) {
/* Main entry point */
-int main(int argc, char** argv_orig, char** envp) {
+int main(int argc, char **argv_orig, char **envp) {
// TODO: u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */
s32 opt, i;
u8 mem_limit_given = 0, timeout_given = 0, unicorn_mode = 0, use_wine = 0;
u32 tcnt = 0;
- char** use_argv;
+ char **use_argv;
- char** argv = argv_cpy_dup(argc, argv_orig);
+ char **argv = argv_cpy_dup(argc, argv_orig);
afl_forkserver_t fsrv_var = {0};
- afl_forkserver_t* fsrv = &fsrv_var;
+ afl_forkserver_t *fsrv = &fsrv_var;
afl_fsrv_init(fsrv);
doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH;
@@ -929,10 +929,10 @@ int main(int argc, char** argv_orig, char** envp) {
if (in_dir) {
- DIR * dir_in, *dir_out;
- struct dirent* dir_ent;
- int done = 0;
- u8 infile[4096], outfile[4096];
+ DIR *dir_in, *dir_out;
+ struct dirent *dir_ent;
+ int done = 0;
+ u8 infile[4096], outfile[4096];
#if !defined(DT_REG)
struct stat statbuf;
#endif
@@ -946,7 +946,7 @@ int main(int argc, char** argv_orig, char** envp) {
if (mkdir(fsrv->out_file, 0700))
PFATAL("cannot create output directory %s", fsrv->out_file);
- u8* use_dir = ".";
+ u8 *use_dir = ".";
if (access(use_dir, R_OK | W_OK | X_OK)) {
diff --git a/src/afl-tmin.c b/src/afl-tmin.c
index 65cc00ce..17e9af5a 100644
--- a/src/afl-tmin.c
+++ b/src/afl-tmin.c
@@ -58,13 +58,13 @@
#include <sys/types.h>
#include <sys/resource.h>
-static u8* mask_bitmap; /* Mask for trace bits (-B) */
+static u8 *mask_bitmap; /* Mask for trace bits (-B) */
u8 *in_file, /* Minimizer input test case */
*output_file, /* Minimizer output file */
*doc_path; /* Path to docs */
-static u8* in_data; /* Input data for trimming */
+static u8 *in_data; /* Input data for trimming */
static u32 in_len, /* Input data length */
orig_cksum, /* Original checksum */
@@ -105,7 +105,7 @@ static const u8 count_class_lookup[256] = {
};
-static void classify_counts(u8* mem) {
+static void classify_counts(u8 *mem) {
u32 i = MAP_SIZE;
@@ -133,7 +133,7 @@ static void classify_counts(u8* mem) {
/* Apply mask to classified bitmap (if set). */
-static void apply_mask(u32* mem, u32* mask) {
+static void apply_mask(u32 *mem, u32 *mask) {
u32 i = (MAP_SIZE >> 2);
@@ -151,9 +151,9 @@ static void apply_mask(u32* mem, u32* mask) {
/* See if any bytes are set in the bitmap. */
-static inline u8 anything_set(afl_forkserver_t* fsrv) {
+static inline u8 anything_set(afl_forkserver_t *fsrv) {
- u32* ptr = (u32*)fsrv->trace_bits;
+ u32 *ptr = (u32 *)fsrv->trace_bits;
u32 i = (MAP_SIZE >> 2);
while (i--)
@@ -196,7 +196,7 @@ static void read_initial_file(void) {
/* Write output file. */
-static s32 write_to_file(u8* path, u8* mem, u32 len) {
+static s32 write_to_file(u8 *path, u8 *mem, u32 len) {
s32 ret;
@@ -218,7 +218,7 @@ static s32 write_to_file(u8* path, u8* mem, u32 len) {
is unlinked and a new one is created. Otherwise, out_fd is rewound and
truncated. */
-static void write_to_testcase(afl_forkserver_t* fsrv, void* mem, u32 len) {
+static void write_to_testcase(afl_forkserver_t *fsrv, void *mem, u32 len) {
s32 fd = fsrv->out_fd;
@@ -395,7 +395,7 @@ static void init_forkserver(char **argv) {
/* Execute target application. Returns 0 if the changes are a dud, or
1 if they should be kept. */
-static u8 run_target(afl_forkserver_t* fsrv, char** argv, u8* mem, u32 len,
+static u8 run_target(afl_forkserver_t *fsrv, char **argv, u8 *mem, u32 len,
u8 first_run) {
static struct itimerval it;
@@ -460,13 +460,13 @@ static u8 run_target(afl_forkserver_t* fsrv, char** argv, u8* mem, u32 len,
/* Clean up bitmap, analyze exit condition, etc. */
- if (*(u32*)fsrv->trace_bits == EXEC_FAIL_SIG)
+ if (*(u32 *)fsrv->trace_bits == EXEC_FAIL_SIG)
FATAL("Unable to execute '%s'", argv[0]);
if (!hang_mode) {
classify_counts(fsrv->trace_bits);
- apply_mask((u32*)fsrv->trace_bits, (u32*)mask_bitmap);
+ apply_mask((u32 *)fsrv->trace_bits, (u32 *)mask_bitmap);
}
@@ -565,11 +565,11 @@ static u32 next_p2(u32 val) {
/* Actually minimize! */
-static void minimize(afl_forkserver_t* fsrv, char** argv) {
+static void minimize(afl_forkserver_t *fsrv, char **argv) {
static u32 alpha_map[256];
- u8* tmp_buf = ck_alloc_nozero(in_len);
+ u8 *tmp_buf = ck_alloc_nozero(in_len);
u32 orig_len = in_len, stage_o_len;
u32 del_len, set_len, del_pos, set_pos, i, alpha_size, cur_pass = 0;
@@ -835,16 +835,16 @@ static void handle_stop_sig(int sig) {
/* Do basic preparations - persistent fds, filenames, etc. */
-static void set_up_environment(afl_forkserver_t* fsrv) {
+static void set_up_environment(afl_forkserver_t *fsrv) {
- u8* x;
+ u8 *x;
fsrv->dev_null_fd = open("/dev/null", O_RDWR);
if (fsrv->dev_null_fd < 0) PFATAL("Unable to open /dev/null");
if (!fsrv->out_file) {
- u8* use_dir = ".";
+ u8 *use_dir = ".";
if (access(use_dir, R_OK | W_OK | X_OK)) {
@@ -907,9 +907,9 @@ static void set_up_environment(afl_forkserver_t* fsrv) {
if (qemu_mode) {
- u8* qemu_preload = getenv("QEMU_SET_ENV");
- u8* afl_preload = getenv("AFL_PRELOAD");
- u8* buf;
+ u8 *qemu_preload = getenv("QEMU_SET_ENV");
+ u8 *afl_preload = getenv("AFL_PRELOAD");
+ u8 *buf;
s32 i, afl_preload_size = strlen(afl_preload);
for (i = 0; i < afl_preload_size; ++i) {
@@ -971,7 +971,7 @@ static void setup_signal_handlers(void) {
/* Display usage hints. */
-static void usage(u8* argv0) {
+static void usage(u8 *argv0) {
SAYF(
"\n%s [ options ] -- /path/to/target_app [ ... ]\n\n"
@@ -1018,9 +1018,9 @@ static void usage(u8* argv0) {
/* Find binary. */
-static void find_binary(afl_forkserver_t* fsrv, u8* fname) {
+static void find_binary(afl_forkserver_t *fsrv, u8 *fname) {
- u8* env_path = 0;
+ u8 * env_path = 0;
struct stat st;
if (strchr(fname, '/') || !(env_path = getenv("PATH"))) {
@@ -1074,7 +1074,7 @@ static void find_binary(afl_forkserver_t* fsrv, u8* fname) {
/* Read mask bitmap from file. This is for the -B option. */
-static void read_bitmap(u8* fname) {
+static void read_bitmap(u8 *fname) {
s32 fd = open(fname, O_RDONLY);
@@ -1088,16 +1088,16 @@ static void read_bitmap(u8* fname) {
/* Main entry point */
-int main(int argc, char** argv_orig, char** envp) {
+int main(int argc, char **argv_orig, char **envp) {
s32 opt;
u8 mem_limit_given = 0, timeout_given = 0, unicorn_mode = 0, use_wine = 0;
- char** use_argv;
+ char **use_argv;
- char** argv = argv_cpy_dup(argc, argv_orig);
+ char **argv = argv_cpy_dup(argc, argv_orig);
afl_forkserver_t fsrv_var = {0};
- afl_forkserver_t* fsrv = &fsrv_var;
+ afl_forkserver_t *fsrv = &fsrv_var;
afl_fsrv_init(fsrv);
doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH;
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-25 05:02:19 +0000