diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-02-07 20:44:36 +0100 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-02-07 20:44:36 +0100 |
| commit | aa2cb66ea23884eb03cb0220dcfafbdd7343f54d (patch) | |
| tree | 94567a29d95d97000d4b420407ef58eb9a418b32 /src | |
| parent | 420b1aa85934b59ccf0b58fb9b2740418a379241 (diff) | |
| download | afl++-aa2cb66ea23884eb03cb0220dcfafbdd7343f54d.tar.gz | |
code format
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-fuzz-cmplog.c | 2 | ||||
| -rw-r--r-- | src/afl-fuzz-redqueen.c | 55 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 14 |
3 files changed, 38 insertions, 33 deletions
diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c index 709abefe..3d34bf71 100644 --- a/src/afl-fuzz-cmplog.c +++ b/src/afl-fuzz-cmplog.c @@ -442,7 +442,7 @@ u8 run_cmplog_target(char** argv, u32 timeout) { setenv("MSAN_OPTIONS", "exit_code=" STRINGIFY(MSAN_ERROR) ":" "symbolize=0:" "msan_track_origins=0", 0); - + setenv("___AFL_EINS_ZWEI_POLIZEI___", "1", 1); if (!qemu_mode) argv[0] = cmplog_binary; diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index bac7357e..296fcd98 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -122,9 +122,8 @@ u8 colorization(u8* buf, u32 len, u32 exec_cksum) { while ((rng = pop_biggest_range(&ranges)) != NULL && stage_cur) { u32 s = rng->end - rng->start; - if (s == 0) - goto empty_range; - + if (s == 0) goto empty_range; + memcpy(backup, buf + rng->start, s); rand_replace(buf + rng->start, s); @@ -137,9 +136,11 @@ u8 colorization(u8* buf, u32 len, u32 exec_cksum) { ranges = add_range(ranges, rng->start + s / 2 + 1, rng->end); memcpy(buf + rng->start, backup, s); - } else needs_write = 1; + } else + + needs_write = 1; -empty_range: + empty_range: ck_free(rng); --stage_cur; @@ -156,9 +157,9 @@ empty_range: ck_free(rng); } - + // save the input with the high entropy - + if (needs_write) { s32 fd; @@ -169,7 +170,7 @@ empty_range: } else { - unlink(queue_cur->fname); /* ignore errors */ + unlink(queue_cur->fname); /* ignore errors */ fd = open(queue_cur->fname, O_WRONLY | O_CREAT | O_EXCL, 0600); } @@ -177,10 +178,10 @@ empty_range: if (fd < 0) PFATAL("Unable to create '%s'", queue_cur->fname); ck_write(fd, buf, len, queue_cur->fname); - queue_cur->len = len; // no-op, just to be 100% safe - + queue_cur->len = len; // no-op, just to be 100% safe + close(fd); - + } return 0; @@ -305,24 +306,27 @@ u8 cmp_extend_encoding(struct cmp_header* h, u64 pattern, u64 repl, u32 idx, void try_to_add_to_dict(u64 v, u8 shape) { u8* b = (u8*)&v; - + u32 k; - u8 cons_ff = 0, cons_0 = 0; + u8 cons_ff = 0, cons_0 = 0; for (k = 0; k < shape; ++k) { - if (b[k] == 0) ++cons_0; - else if (b[k] == 0xff) ++cons_0; - else cons_0 = cons_ff = 0; - - if (cons_0 > 1 || cons_ff > 1) - return; + if (b[k] == 0) + ++cons_0; + else if (b[k] == 0xff) + ++cons_0; + else + cons_0 = cons_ff = 0; + + if (cons_0 > 1 || cons_ff > 1) return; } - + maybe_add_auto((u8*)&v, shape); - + u64 rev; switch (shape) { + case 1: break; case 2: rev = SWAP16((u16)v); @@ -336,8 +340,9 @@ void try_to_add_to_dict(u64 v, u8 shape) { rev = SWAP64(v); maybe_add_auto((u8*)&rev, shape); break; + } - + } u8 cmp_fuzz(u32 key, u8* orig_buf, u8* buf, u32 len) { @@ -380,13 +385,13 @@ u8 cmp_fuzz(u32 key, u8* orig_buf, u8* buf, u32 len) { break; } - + // If failed, add to dictionary if (fails == 8) { - + try_to_add_to_dict(o->v0, SHAPE_BYTES(h->shape)); try_to_add_to_dict(o->v1, SHAPE_BYTES(h->shape)); - + } cmp_fuzz_next_iter: diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 1b7e5226..d09b4fe6 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -334,9 +334,9 @@ void show_stats(void) { /* Lord, forgive me this. */ - SAYF(SET_G1 bSTG bLT bH bSTOP cCYA + SAYF(SET_G1 bSTG bLT bH bSTOP cCYA " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA - " overall results " bSTG bH2 bH2 bRT "\n"); + " overall results " bSTG bH2 bH2 bRT "\n"); if (dumb_mode) { @@ -413,9 +413,9 @@ void show_stats(void) { " uniq hangs : " cRST "%-6s" bSTG bV "\n", DTD(cur_ms, last_hang_time), tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA - " map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); + " map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); /* This gets funny because we want to print several variable-length variables together, but then cram them into a fixed-width field - so we need to @@ -443,9 +443,9 @@ void show_stats(void) { SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA - " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); + " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); sprintf(tmp, "%s (%0.02f%%)", DI(queued_favored), ((double)queued_favored) * 100 / queued_paths); @@ -514,7 +514,7 @@ void show_stats(void) { /* Aaaalmost there... hold on! */ - SAYF(bVR bH cCYA bSTOP + SAYF(bVR bH cCYA bSTOP " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA " path geometry " bSTG bH5 bH2 bVL "\n"); |