diff options
| author | van Hauser <vh@thc.org> | 2022-07-15 10:12:35 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-07-15 10:12:35 +0200 |
| commit | c57988e672634ee98048eba6432cc1f4e377e07c (patch) | |
| tree | 1ea5ebbb0b47e8d55b1950e9b787ec9f254655af /src | |
| parent | 40947508037b874020c8dd1251359fecaab04b9d (diff) | |
| parent | b847e0f414e7b310e1a68bc501d4e2453bfce70e (diff) | |
| download | afl++-c57988e672634ee98048eba6432cc1f4e377e07c.tar.gz | |
Merge pull request #1469 from AFLplusplus/dev
push to stable
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-analyze.c | 2 | ||||
| -rw-r--r-- | src/afl-cc.c | 30 | ||||
| -rw-r--r-- | src/afl-common.c | 8 | ||||
| -rw-r--r-- | src/afl-fuzz-extras.c | 8 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 24 | ||||
| -rw-r--r-- | src/afl-fuzz-mutators.c | 4 | ||||
| -rw-r--r-- | src/afl-fuzz-one.c | 12 | ||||
| -rw-r--r-- | src/afl-fuzz-python.c | 10 | ||||
| -rw-r--r-- | src/afl-fuzz-queue.c | 6 | ||||
| -rw-r--r-- | src/afl-fuzz-redqueen.c | 18 | ||||
| -rw-r--r-- | src/afl-fuzz-run.c | 8 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 38 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 12 | ||||
| -rw-r--r-- | src/afl-showmap.c | 8 | ||||
| -rw-r--r-- | src/afl-tmin.c | 6 |
15 files changed, 108 insertions, 86 deletions
diff --git a/src/afl-analyze.c b/src/afl-analyze.c index fc868603..d4822341 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -626,7 +626,7 @@ static void handle_stop_sig(int sig) { static void set_up_environment(char **argv) { - u8 * x; + u8 *x; char *afl_preload; char *frida_afl_preload = NULL; diff --git a/src/afl-cc.c b/src/afl-cc.c index 4a56169f..6def3ee7 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -45,7 +45,7 @@ #define LLVM_MINOR 0 #endif -static u8 * obj_path; /* Path to runtime libraries */ +static u8 *obj_path; /* Path to runtime libraries */ static u8 **cc_params; /* Parameters passed to the real CC */ static u32 cc_par_cnt = 1; /* Param count, including argv0 */ static u8 clang_mode; /* Invoked as afl-clang*? */ @@ -53,7 +53,7 @@ static u8 llvm_fullpath[PATH_MAX]; static u8 instrument_mode, instrument_opt_mode, ngram_size, ctx_k, lto_mode; static u8 compiler_mode, plusplus_mode, have_instr_env = 0; static u8 have_gcc, have_llvm, have_gcc_plugin, have_lto, have_instr_list = 0; -static u8 * lto_flag = AFL_CLANG_FLTO, *argvnull; +static u8 *lto_flag = AFL_CLANG_FLTO, *argvnull; static u8 debug; static u8 cwd[4096]; static u8 cmplog_mode; @@ -422,8 +422,24 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (compiler_mode == GCC_PLUGIN) { - char *fplugin_arg = alloc_printf("-fplugin=%s/afl-gcc-pass.so", obj_path); - cc_params[cc_par_cnt++] = fplugin_arg; + char *fplugin_arg; + + if (cmplog_mode) { + + fplugin_arg = + alloc_printf("-fplugin=%s/afl-gcc-cmplog-pass.so", obj_path); + cc_params[cc_par_cnt++] = fplugin_arg; + fplugin_arg = + alloc_printf("-fplugin=%s/afl-gcc-cmptrs-pass.so", obj_path); + cc_params[cc_par_cnt++] = fplugin_arg; + + } else { + + fplugin_arg = alloc_printf("-fplugin=%s/afl-gcc-pass.so", obj_path); + cc_params[cc_par_cnt++] = fplugin_arg; + + } + cc_params[cc_par_cnt++] = "-fno-if-conversion"; cc_params[cc_par_cnt++] = "-fno-if-conversion2"; @@ -1879,6 +1895,7 @@ int main(int argc, char **argv, char **envp) { if (have_gcc_plugin) SAYF( "\nGCC Plugin-specific environment variables:\n" + " AFL_GCC_CMPLOG: log operands of comparisons (RedQueen mutator)\n" " AFL_GCC_OUT_OF_LINE: disable inlined instrumentation\n" " AFL_GCC_SKIP_NEVERZERO: do not skip zero on trace counters\n" " AFL_GCC_INSTRUMENT_FILE: enable selective instrumentation by " @@ -2149,9 +2166,8 @@ int main(int argc, char **argv, char **envp) { } - cmplog_mode = getenv("AFL_CMPLOG") || getenv("AFL_LLVM_CMPLOG"); - if (!be_quiet && cmplog_mode) - printf("CmpLog mode by <andreafioraldi@gmail.com>\n"); + cmplog_mode = getenv("AFL_CMPLOG") || getenv("AFL_LLVM_CMPLOG") || + getenv("AFL_GCC_CMPLOG"); #if !defined(__ANDROID__) && !defined(ANDROID) ptr = find_object("afl-compiler-rt.o", argv[0]); diff --git a/src/afl-common.c b/src/afl-common.c index 7f482e7d..f3e78ac5 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -558,9 +558,9 @@ void print_suggested_envs(char *mispelled_env) { for (j = 0; afl_environment_variables[j] != NULL; ++j) { - char * afl_env = afl_environment_variables[j] + 4; + char *afl_env = afl_environment_variables[j] + 4; size_t afl_env_len = strlen(afl_env); - char * reduced = ck_alloc(afl_env_len + 1); + char *reduced = ck_alloc(afl_env_len + 1); size_t start = 0; while (start < afl_env_len) { @@ -598,7 +598,7 @@ void print_suggested_envs(char *mispelled_env) { if (found) goto cleanup; - char * reduced = ck_alloc(env_name_len + 1); + char *reduced = ck_alloc(env_name_len + 1); size_t start = 0; while (start < env_name_len) { @@ -1197,7 +1197,7 @@ u8 *u_stringify_time_diff(u8 *buf, u64 cur_ms, u64 event_ms) { u32 get_map_size(void) { uint32_t map_size = DEFAULT_SHMEM_SIZE; - char * ptr; + char *ptr; if ((ptr = getenv("AFL_MAP_SIZE")) || (ptr = getenv("AFL_MAPSIZE"))) { diff --git a/src/afl-fuzz-extras.c b/src/afl-fuzz-extras.c index 535ffdc3..884bb569 100644 --- a/src/afl-fuzz-extras.c +++ b/src/afl-fuzz-extras.c @@ -57,7 +57,7 @@ void load_extras_file(afl_state_t *afl, u8 *fname, u32 *min_len, u32 *max_len, FILE *f; u8 buf[MAX_LINE]; - u8 * lptr; + u8 *lptr; u32 cur_line = 0; u8 val_bufs[2][STRINGIFY_VAL_SIZE_MAX]; @@ -291,10 +291,10 @@ static void extras_check_and_sort(afl_state_t *afl, u32 min_len, u32 max_len, void load_extras(afl_state_t *afl, u8 *dir) { - DIR * d; + DIR *d; struct dirent *de; u32 min_len = MAX_DICT_FILE, max_len = 0, dict_level = 0; - u8 * x; + u8 *x; u8 val_bufs[2][STRINGIFY_VAL_SIZE_MAX]; @@ -330,7 +330,7 @@ void load_extras(afl_state_t *afl, u8 *dir) { while ((de = readdir(d))) { struct stat st; - u8 * fn = alloc_printf("%s/%s", dir, de->d_name); + u8 *fn = alloc_printf("%s/%s", dir, de->d_name); s32 fd; if (lstat(fn, &st) || access(fn, R_OK)) { diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 6a653a00..4ffcfd2b 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -146,6 +146,10 @@ void bind_to_free_cpu(afl_state_t *afl) { } + } else { + + OKF("CPU binding request using -b %d successful.", afl->cpu_to_bind); + } return; @@ -185,7 +189,7 @@ void bind_to_free_cpu(afl_state_t *afl) { #if defined(__linux__) - DIR * d; + DIR *d; struct dirent *de; d = opendir("/proc"); @@ -336,8 +340,8 @@ void bind_to_free_cpu(afl_state_t *afl) { #elif defined(__sun) kstat_named_t *n; - kstat_ctl_t * m; - kstat_t * k; + kstat_ctl_t *m; + kstat_t *k; cpu_stat_t cs; u32 ncpus; @@ -653,7 +657,7 @@ void read_testcases(afl_state_t *afl, u8 *directory) { struct dirent **nl; s32 nl_cnt, subdirs = 1; u32 i; - u8 * fn1, *dir = directory; + u8 *fn1, *dir = directory; u8 val_buf[2][STRINGIFY_VAL_SIZE_MAX]; /* Auto-detect non-in-place resumption attempts. */ @@ -853,7 +857,7 @@ void perform_dry_run(afl_state_t *afl) { struct queue_entry *q; u32 cal_failures = 0, idx; - u8 * use_mem; + u8 *use_mem; for (idx = 0; idx < afl->queued_items; idx++) { @@ -1457,7 +1461,7 @@ void find_timeout(afl_state_t *afl) { static u8 delete_files(u8 *path, u8 *prefix) { - DIR * d; + DIR *d; struct dirent *d_ent; d = opendir(path); @@ -1585,7 +1589,7 @@ dir_cleanup_failed: static void handle_existing_out_dir(afl_state_t *afl) { FILE *f; - u8 * fn = alloc_printf("%s/fuzzer_stats", afl->out_dir); + u8 *fn = alloc_printf("%s/fuzzer_stats", afl->out_dir); /* See if the output directory is locked. If yes, bail out. If not, create a lock that will persist for the lifetime of the process @@ -1878,9 +1882,9 @@ dir_cleanup_failed: int check_main_node_exists(afl_state_t *afl) { - DIR * sd; + DIR *sd; struct dirent *sd_ent; - u8 * fn; + u8 *fn; sd = opendir(afl->sync_dir); if (!sd) { return 0; } @@ -2581,7 +2585,7 @@ void check_binary(afl_state_t *afl, u8 *fname) { if (unlikely(!fname)) { FATAL("BUG: Binary name is NULL"); } - u8 * env_path = 0; + u8 *env_path = 0; struct stat st; s32 fd; diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index 9407adfb..dd97a7d3 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -74,7 +74,7 @@ void setup_custom_mutators(afl_state_t *afl) { /* Try mutator library first */ struct custom_mutator *mutator; - u8 * fn = afl->afl_env.afl_custom_mutator_library; + u8 *fn = afl->afl_env.afl_custom_mutator_library; u32 prev_mutator_count = 0; if (fn) { @@ -176,7 +176,7 @@ void destroy_custom_mutators(afl_state_t *afl) { struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) { - void * dh; + void *dh; struct custom_mutator *mutator = ck_alloc(sizeof(struct custom_mutator)); mutator->name = fn; diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index ef80524f..ed9e7a81 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -1901,7 +1901,7 @@ custom_mutator_stage: struct queue_entry *target = NULL; u32 tid; - u8 * new_buf = NULL; + u8 *new_buf = NULL; u32 target_len = 0; /* check if splicing makes sense yet (enough entries) */ @@ -2110,7 +2110,7 @@ havoc_stage: if (el->stacked_custom && rand_below(afl, 100) < el->stacked_custom_prob) { - u8 * custom_havoc_buf = NULL; + u8 *custom_havoc_buf = NULL; size_t new_len = el->afl_custom_havoc_mutation( el->data, out_buf, temp_len, &custom_havoc_buf, MAX_FILE); if (unlikely(!custom_havoc_buf)) { @@ -2823,7 +2823,7 @@ havoc_stage: /* Get the testcase for splicing. */ struct queue_entry *target = afl->queue_buf[tid]; u32 new_len = target->len; - u8 * new_buf = queue_testcase_get(afl, target); + u8 *new_buf = queue_testcase_get(afl, target); if ((temp_len >= 2 && r % 2) || temp_len + HAVOC_BLK_XL >= MAX_FILE) { @@ -2951,7 +2951,7 @@ retry_splicing: struct queue_entry *target; u32 tid, split_at; - u8 * new_buf; + u8 *new_buf; s32 f_diff, l_diff; /* First of all, if we've modified in_buf for havoc, let's clean that @@ -5164,7 +5164,7 @@ pacemaker_fuzzing: /* Get the testcase for splicing. */ struct queue_entry *target = afl->queue_buf[tid]; u32 new_len = target->len; - u8 * new_buf = queue_testcase_get(afl, target); + u8 *new_buf = queue_testcase_get(afl, target); if ((temp_len >= 2 && rand_below(afl, 2)) || temp_len + HAVOC_BLK_XL >= MAX_FILE) { @@ -5340,7 +5340,7 @@ pacemaker_fuzzing: struct queue_entry *target; u32 tid, split_at; - u8 * new_buf; + u8 *new_buf; s32 f_diff, l_diff; /* First of all, if we've modified in_buf for havoc, let's clean that diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index 0231d2cd..a3d864c3 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -151,7 +151,7 @@ static size_t fuzz_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf, } -static const char *custom_describe_py(void * py_mutator, +static const char *custom_describe_py(void *py_mutator, size_t max_description_len) { PyObject *py_args, *py_value; @@ -202,7 +202,7 @@ static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) { py->py_module = PyImport_Import(py_name); Py_DECREF(py_name); - PyObject * py_module = py->py_module; + PyObject *py_module = py->py_module; PyObject **py_functions = py->py_functions; // initialize the post process buffer; ensures it's always valid @@ -393,7 +393,7 @@ void deinit_py(void *py_mutator) { } struct custom_mutator *load_custom_mutator_py(afl_state_t *afl, - char * module_name) { + char *module_name) { struct custom_mutator *mutator; @@ -497,7 +497,7 @@ struct custom_mutator *load_custom_mutator_py(afl_state_t *afl, size_t post_process_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf) { - PyObject * py_args, *py_value; + PyObject *py_args, *py_value; py_mutator_t *py = (py_mutator_t *)py_mutator; // buffer returned previously must be released; initialized during init @@ -819,7 +819,7 @@ const char *introspection_py(void *py_mutator) { } else { - char * ret; + char *ret; size_t len; if (!py_bytes(py_value, &ret, &len)) { diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 713c7447..02d697ab 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -77,8 +77,8 @@ void create_alias_table(afl_state_t *afl) { afl->alias_probability = (double *)afl_realloc( (void **)&afl->alias_probability, n * sizeof(double)); double *P = (double *)afl_realloc(AFL_BUF_PARAM(out), n * sizeof(double)); - int * S = (u32 *)afl_realloc(AFL_BUF_PARAM(out_scratch), n * sizeof(u32)); - int * L = (u32 *)afl_realloc(AFL_BUF_PARAM(in_scratch), n * sizeof(u32)); + int *S = (u32 *)afl_realloc(AFL_BUF_PARAM(out_scratch), n * sizeof(u32)); + int *L = (u32 *)afl_realloc(AFL_BUF_PARAM(in_scratch), n * sizeof(u32)); if (!P || !S || !L || !afl->alias_table || !afl->alias_probability) { @@ -410,7 +410,7 @@ static u8 check_if_text(afl_state_t *afl, struct queue_entry *q) { if (q->len < AFL_TXT_MIN_LEN) return 0; - u8 * buf; + u8 *buf; int fd; u32 len = q->len, offset = 0, ascii = 0, utf8 = 0; ssize_t comp; diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 2dbad5cf..337f124d 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -266,10 +266,10 @@ static void type_replace(afl_state_t *afl, u8 *buf, u32 len) { static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, struct tainted **taints) { - struct range * ranges = add_range(NULL, 0, len - 1), *rng; + struct range *ranges = add_range(NULL, 0, len - 1), *rng; struct tainted *taint = NULL; - u8 * backup = ck_alloc_nozero(len); - u8 * changed = ck_alloc_nozero(len); + u8 *backup = ck_alloc_nozero(len); + u8 *changed = ck_alloc_nozero(len); #if defined(_DEBUG) || defined(CMPLOG_INTROSPECTION) u64 start_time = get_cur_time(); @@ -575,7 +575,7 @@ static int strntoull(const char *str, size_t sz, char **end, int base, char buf[64]; unsigned long long ret; - const char * beg = str; + const char *beg = str; if (!str || !sz) { return 1; } @@ -755,11 +755,11 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, u64 *buf_64 = (u64 *)&buf[idx]; u32 *buf_32 = (u32 *)&buf[idx]; u16 *buf_16 = (u16 *)&buf[idx]; - u8 * buf_8 = &buf[idx]; + u8 *buf_8 = &buf[idx]; u64 *o_buf_64 = (u64 *)&orig_buf[idx]; u32 *o_buf_32 = (u32 *)&orig_buf[idx]; u16 *o_buf_16 = (u16 *)&orig_buf[idx]; - u8 * o_buf_8 = &orig_buf[idx]; + u8 *o_buf_8 = &orig_buf[idx]; u32 its_len = MIN(len - idx, taint_len); @@ -780,7 +780,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, // reverse atoi()/strnu?toll() is expensive, so we only to it in lvl 3 if (afl->cmplog_enable_transform && (lvl & LVL3)) { - u8 * endptr; + u8 *endptr; u8 use_num = 0, use_unum = 0; unsigned long long unum; long long num; @@ -1613,7 +1613,7 @@ static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, u32 len, u32 lvl, struct tainted *taint) { struct cmp_header *h = &afl->shm.cmp_map->headers[key]; - struct tainted * t; + struct tainted *t; u32 i, j, idx, taint_len, loggeds; u32 have_taint = 1; u8 status = 0, found_one = 0; @@ -2398,7 +2398,7 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, u32 len, u8 lvl, struct tainted *taint) { - struct tainted * t; + struct tainted *t; struct cmp_header *h = &afl->shm.cmp_map->headers[key]; u32 i, j, idx, have_taint = 1, taint_len, loggeds; u8 status = 0, found_one = 0; diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 5703a66a..0f3be1a7 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -97,8 +97,8 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { if (unlikely(afl->custom_mutators_count)) { ssize_t new_size = len; - u8 * new_mem = *mem; - u8 * new_buf = NULL; + u8 *new_mem = *mem; + u8 *new_buf = NULL; LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { @@ -173,7 +173,7 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at, if (unlikely(!mem_trimmed)) { PFATAL("alloc"); } ssize_t new_size = len - skip_len; - u8 * new_mem = mem; + u8 *new_mem = mem; bool post_process_skipped = true; @@ -573,7 +573,7 @@ abort_calibration: void sync_fuzzers(afl_state_t *afl) { - DIR * sd; + DIR *sd; struct dirent *sd_ent; u32 sync_cnt = 0, synced = 0, entries = 0; u8 path[PATH_MAX + 1 + NAME_MAX]; diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 3e034b83..51e292d8 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -94,7 +94,7 @@ void load_stats_file(afl_state_t *afl) { FILE *f; u8 buf[MAX_LINE]; - u8 * lptr; + u8 *lptr; u8 fn[PATH_MAX]; u32 lineno = 0; snprintf(fn, PATH_MAX, "%s/fuzzer_stats", afl->out_dir); @@ -761,26 +761,26 @@ void show_stats_normal(afl_state_t *afl) { } else - /* Subsequent cycles, but we're still making finds. */ - if (afl->cycles_wo_finds < 25 || min_wo_finds < 30) { + /* Subsequent cycles, but we're still making finds. */ + if (afl->cycles_wo_finds < 25 || min_wo_finds < 30) { - strcpy(tmp, cYEL); + strcpy(tmp, cYEL); - } else + } else /* No finds for a long time and no test cases to try. */ if (afl->cycles_wo_finds > 100 && !afl->pending_not_fuzzed && min_wo_finds > 120) { - strcpy(tmp, cLGN); + strcpy(tmp, cLGN); - /* Default: cautiously OK to stop? */ + /* Default: cautiously OK to stop? */ - } else { + } else { - strcpy(tmp, cLBL); + strcpy(tmp, cLBL); - } + } } @@ -1548,26 +1548,26 @@ void show_stats_pizza(afl_state_t *afl) { } else - /* Subsequent cycles, but we're still making finds. */ - if (afl->cycles_wo_finds < 25 || min_wo_finds < 30) { + /* Subsequent cycles, but we're still making finds. */ + if (afl->cycles_wo_finds < 25 || min_wo_finds < 30) { - strcpy(tmp, cYEL); + strcpy(tmp, cYEL); - } else + } else /* No finds for a long time and no test cases to try. */ if (afl->cycles_wo_finds > 100 && !afl->pending_not_fuzzed && min_wo_finds > 120) { - strcpy(tmp, cLGN); + strcpy(tmp, cLGN); - /* Default: cautiously OK to stop? */ + /* Default: cautiously OK to stop? */ - } else { + } else { - strcpy(tmp, cLBL); + strcpy(tmp, cLBL); - } + } } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index b23cef37..287f09df 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -383,9 +383,9 @@ static int stricmp(char const *a, char const *b) { static void fasan_check_afl_preload(char *afl_preload) { char first_preload[PATH_MAX + 1] = {0}; - char * separator = strchr(afl_preload, ':'); + char *separator = strchr(afl_preload, ':'); size_t first_preload_len = PATH_MAX; - char * basename; + char *basename; char clang_runtime_prefix[] = "libclang_rt.asan"; if (separator != NULL && (separator - afl_preload) < PATH_MAX) { @@ -429,7 +429,7 @@ static void fasan_check_afl_preload(char *afl_preload) { nyx_plugin_handler_t *afl_load_libnyx_plugin(u8 *libnyx_binary) { - void * handle; + void *handle; nyx_plugin_handler_t *plugin = calloc(1, sizeof(nyx_plugin_handler_t)); ACTF("Trying to load libnyx.so plugin..."); @@ -498,8 +498,8 @@ int main(int argc, char **argv_orig, char **envp) { u8 *extras_dir[4]; u8 mem_limit_given = 0, exit_1 = 0, debug = 0, extras_dir_cnt = 0 /*, have_p = 0*/; - char * afl_preload; - char * frida_afl_preload = NULL; + char *afl_preload; + char *frida_afl_preload = NULL; char **use_argv; struct timeval tv; @@ -1469,7 +1469,7 @@ int main(int argc, char **argv_orig, char **envp) { if (afl->shm.cmplog_mode && (!strcmp("-", afl->cmplog_binary) || !strcmp("0", afl->cmplog_binary))) { - afl->cmplog_binary = argv[optind]; + afl->cmplog_binary = strdup(argv[optind]); } diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 3fdbe8fe..4bcd1d59 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -98,7 +98,7 @@ static volatile u8 stop_soon, /* Ctrl-C pressed? */ static sharedmem_t shm; static afl_forkserver_t *fsrv; -static sharedmem_t * shm_fuzz; +static sharedmem_t *shm_fuzz; /* Classify tuple counts. Instead of mapping to individual bits, as in afl-fuzz.c, we map to more user-friendly numbers between 1 and 8. */ @@ -138,7 +138,7 @@ static void kill_child() { static void classify_counts(afl_forkserver_t *fsrv) { - u8 * mem = fsrv->trace_bits; + u8 *mem = fsrv->trace_bits; const u8 *map = binary_mode ? count_class_binary : count_class_human; u32 i = map_size; @@ -166,7 +166,7 @@ static void classify_counts(afl_forkserver_t *fsrv) { } static sharedmem_t *deinit_shmem(afl_forkserver_t *fsrv, - sharedmem_t * shm_fuzz) { + sharedmem_t *shm_fuzz) { afl_shm_deinit(shm_fuzz); fsrv->support_shmem_fuzz = 0; @@ -785,6 +785,8 @@ u32 execute_testcases(u8 *dir) { ck_free(in_data); ++done; + if (child_crashed && debug) { WARNF("crashed: %s", fn2); } + if (collect_coverage) analyze_results(fsrv); else diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 1bf4af38..78537f9f 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -86,7 +86,7 @@ static volatile u8 stop_soon; /* Ctrl-C pressed? */ static afl_forkserver_t *fsrv; static sharedmem_t shm; -static sharedmem_t * shm_fuzz; +static sharedmem_t *shm_fuzz; /* * forkserver section @@ -121,7 +121,7 @@ static void kill_child() { } static sharedmem_t *deinit_shmem(afl_forkserver_t *fsrv, - sharedmem_t * shm_fuzz) { + sharedmem_t *shm_fuzz) { afl_shm_deinit(shm_fuzz); fsrv->support_shmem_fuzz = 0; @@ -642,7 +642,7 @@ static void handle_stop_sig(int sig) { static void set_up_environment(afl_forkserver_t *fsrv, char **argv) { - u8 * x; + u8 *x; char *afl_preload; char *frida_afl_preload = NULL; |