cleaned up maybe_add_auto calls

author: Dominik Maier <domenukk@gmail.com> 2020-08-14 00:46:15 +0200
committer: Dominik Maier <domenukk@gmail.com> 2020-08-14 00:46:15 +0200
commit: 83df65a66b8df37d0759bf9b31a61f50234d6c40 (patch)
tree: baf604a830afd72b8fcae28d94fbca57a657add2 /src
parent: c3a6e7e87053f904214484f4887afc576e016d18 (diff)
download: afl++-83df65a66b8df37d0759bf9b31a61f50234d6c40.tar.gz
5 files changed, 34 insertions, 27 deletions
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 8684bcc0..01fc829a 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -324,8 +324,7 @@ static void report_error_and_exit(int error) {
    cloning a stopped child. So, we just execute once, and then send commands
    through a pipe. The other part of this logic is in afl-as.h / llvm_mode */
 
-void __attribute__((hot))
-afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, volatile u8 *stop_soon_p,
+void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, volatile u8 *stop_soon_p,
                u8 debug_child_output) {
 
   int st_pipe[2], ctl_pipe[2];
@@ -631,13 +630,18 @@ afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, volatile u8 *stop_soon_p,
 
       if ((status & FS_OPT_AUTODICT) == FS_OPT_AUTODICT) {
 
-        if (fsrv->function_ptr == NULL || fsrv->function_opt == NULL) {
+        if (fsrv->autodict_func == NULL || fsrv->afl_ptr == NULL) {
 
           // this is not afl-fuzz - we deny and return
-          if (fsrv->use_shmem_fuzz)
+          if (fsrv->use_shmem_fuzz) {
+
             status = (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ);
-          else
+
+          } else {
+
             status = (FS_OPT_ENABLED);
+
+          }
           if (write(fsrv->fsrv_ctl_fd, &status, 4) != 4) {
 
             FATAL("Writing to forkserver failed.");
@@ -650,11 +654,16 @@ afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, volatile u8 *stop_soon_p,
 
         if (!be_quiet) { ACTF("Using AUTODICT feature."); }
 
-        if (fsrv->use_shmem_fuzz)
+        if (fsrv->use_shmem_fuzz) {
+
           status = (FS_OPT_ENABLED | FS_OPT_AUTODICT | FS_OPT_SHDMEM_FUZZ);
-        else
+
+        } else { 
+
           status = (FS_OPT_ENABLED | FS_OPT_AUTODICT);
 
+        }
+
         if (write(fsrv->fsrv_ctl_fd, &status, 4) != 4) {
 
           FATAL("Writing to forkserver failed.");
@@ -673,7 +682,8 @@ afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, volatile u8 *stop_soon_p,
 
         }
 
-        u32 len = status, offset = 0, count = 0;
+        u32 offset = 0, count = 0;
+        u32 len = status;
         u8 *dict = ck_alloc(len);
         if (dict == NULL) {
 
@@ -704,7 +714,7 @@ afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, volatile u8 *stop_soon_p,
         while (offset < (u32)status &&
                (u8)dict[offset] + offset < (u32)status) {
 
-          fsrv->function_ptr(fsrv->function_opt, dict + offset + 1,
+          fsrv->autodict_func(fsrv->afl_ptr, dict + offset + 1,
                              (u8)dict[offset]);
           offset += (1 + dict[offset]);
           count++;
diff --git a/src/afl-fuzz-extras.c b/src/afl-fuzz-extras.c
index 097871c8..2f3a2d53 100644
--- a/src/afl-fuzz-extras.c
+++ b/src/afl-fuzz-extras.c
@@ -354,13 +354,9 @@ static inline u8 memcmp_nocase(u8 *m1, u8 *m2, u32 len) {
 }
 
 /* Maybe add automatic extra. */
-/* Ugly hack: afl state is transfered as u8* because we import data via
-   afl-forkserver.c - which is shared with other afl tools that do not
-   have the afl state struct */
 
-void maybe_add_auto(void *afl_tmp, u8 *mem, u32 len) {
+void maybe_add_auto(afl_state_t *afl, u8 *mem, u32 len) {
 
-  afl_state_t *afl = (afl_state_t *)afl_tmp;
   u32          i;
 
   /* Allow users to specify that they don't want auto dictionaries. */
@@ -544,7 +540,7 @@ void load_auto(afl_state_t *afl) {
 
     if (len >= MIN_AUTO_EXTRA && len <= MAX_AUTO_EXTRA) {
 
-      maybe_add_auto((u8 *)afl, tmp, len);
+      maybe_add_auto(afl, tmp, len);
 
     }
 
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index 452c5298..57b53c9f 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -681,7 +681,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
 
         if (a_len >= MIN_AUTO_EXTRA && a_len <= MAX_AUTO_EXTRA) {
 
-          maybe_add_auto((u8 *)afl, a_collect, a_len);
+          maybe_add_auto(afl, a_collect, a_len);
 
         }
 
@@ -692,7 +692,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
 
         if (a_len >= MIN_AUTO_EXTRA && a_len <= MAX_AUTO_EXTRA) {
 
-          maybe_add_auto((u8 *)afl, a_collect, a_len);
+          maybe_add_auto(afl, a_collect, a_len);
 
         }
 
@@ -2882,7 +2882,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
 
         if (a_len >= MIN_AUTO_EXTRA && a_len <= MAX_AUTO_EXTRA) {
 
-          maybe_add_auto((u8 *)afl, a_collect, a_len);
+          maybe_add_auto(afl, a_collect, a_len);
 
         }
 
@@ -2893,7 +2893,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
 
         if (a_len >= MIN_AUTO_EXTRA && a_len <= MAX_AUTO_EXTRA) {
 
-          maybe_add_auto((u8 *)afl, a_collect, a_len);
+          maybe_add_auto(afl, a_collect, a_len);
 
         }
 
diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c
index 4c0c9155..f21dd0b0 100644
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@@ -500,7 +500,7 @@ static void try_to_add_to_dict(afl_state_t *afl, u64 v, u8 shape) {
 
   }
 
-  maybe_add_auto((u8 *)afl, (u8 *)&v, shape);
+  maybe_add_auto(afl, (u8 *)&v, shape);
 
   u64 rev;
   switch (shape) {
@@ -509,15 +509,15 @@ static void try_to_add_to_dict(afl_state_t *afl, u64 v, u8 shape) {
       break;
     case 2:
       rev = SWAP16((u16)v);
-      maybe_add_auto((u8 *)afl, (u8 *)&rev, shape);
+      maybe_add_auto(afl, (u8 *)&rev, shape);
       break;
     case 4:
       rev = SWAP32((u32)v);
-      maybe_add_auto((u8 *)afl, (u8 *)&rev, shape);
+      maybe_add_auto(afl, (u8 *)&rev, shape);
       break;
     case 8:
       rev = SWAP64(v);
-      maybe_add_auto((u8 *)afl, (u8 *)&rev, shape);
+      maybe_add_auto(afl, (u8 *)&rev, shape);
       break;
 
   }
@@ -772,8 +772,8 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u32 len) {
 
       if (afl->pass_stats[key].total == 0) {
 
-        maybe_add_auto((u8 *)afl, o->v0, SHAPE_BYTES(h->shape));
-        maybe_add_auto((u8 *)afl, o->v1, SHAPE_BYTES(h->shape));
+        maybe_add_auto(afl, o->v0, SHAPE_BYTES(h->shape));
+        maybe_add_auto(afl, o->v1, SHAPE_BYTES(h->shape));
 
       }
 
diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c
index e2d62bc6..97e4ee93 100644
--- a/src/afl-fuzz-state.c
+++ b/src/afl-fuzz-state.c
@@ -112,8 +112,9 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) {
 
   afl->fsrv.use_stdin = 1;
   afl->fsrv.map_size = map_size;
-  afl->fsrv.function_opt = (u8 *)afl;
-  afl->fsrv.function_ptr = &maybe_add_auto;
+  // afl_state_t is not available in forkserver.c
+  afl->fsrv.afl_ptr = (void *)afl;
+  afl->fsrv.autodict_func = (void (*)(void *, u8 *, u32))&maybe_add_auto;
 
   afl->cal_cycles = CAL_CYCLES;
   afl->cal_cycles_long = CAL_CYCLES_LONG;
author	Dominik Maier <domenukk@gmail.com>	2020-08-14 00:46:15 +0200
committer	Dominik Maier <domenukk@gmail.com>	2020-08-14 00:46:15 +0200
commit	83df65a66b8df37d0759bf9b31a61f50234d6c40 (patch)
tree	baf604a830afd72b8fcae28d94fbca57a657add2 /src
parent	c3a6e7e87053f904214484f4887afc576e016d18 (diff)
download	afl++-83df65a66b8df37d0759bf9b31a61f50234d6c40.tar.gz