about summary refs log tree commit diff
path: root/include/afl-fuzz.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/afl-fuzz.h')
-rw-r--r--include/afl-fuzz.h30
1 files changed, 19 insertions, 11 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 363776cb..428bfa8e 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -443,11 +443,11 @@ typedef struct afl_state {
       fast_cal,                         /* Try to calibrate faster?         */
       disable_trim;                     /* Never trim in fuzz_one           */
 
-  u8 virgin_bits[MAP_SIZE],             /* Regions yet untouched by fuzzing */
-      virgin_tmout[MAP_SIZE],           /* Bits we haven't seen in tmouts   */
-      virgin_crash[MAP_SIZE];           /* Bits we haven't seen in crashes  */
+  u8 *virgin_bits,                      /* Regions yet untouched by fuzzing */
+      *virgin_tmout,                    /* Bits we haven't seen in tmouts   */
+      *virgin_crash;                    /* Bits we haven't seen in crashes  */
 
-  u8 var_bytes[MAP_SIZE];               /* Bytes that appear to be variable */
+  u8 *var_bytes;                        /* Bytes that appear to be variable */
 
   volatile u8 stop_soon,                /* Ctrl-C pressed?                  */
       clear_screen;                     /* Window resized?                  */
@@ -535,7 +535,7 @@ typedef struct afl_state {
       *queue_top,                       /* Top of the list                  */
       *q_prev100;                       /* Previous 100 marker              */
 
-  struct queue_entry *top_rated[MAP_SIZE];  /* Top entries for bitmap bytes */
+  struct queue_entry **top_rated;           /* Top entries for bitmap bytes */
 
   struct extra_data *extras;            /* Extra tokens to fuzz with        */
   u32                extras_cnt;        /* Total number of tokens read      */
@@ -584,9 +584,9 @@ typedef struct afl_state {
   u64 stats_last_stats_ms, stats_last_plot_ms, stats_last_ms, stats_last_execs;
   double stats_avg_exec;
 
-  u8 clean_trace[MAP_SIZE];
-  u8 clean_trace_custom[MAP_SIZE];
-  u8 first_trace[MAP_SIZE];
+  u8 *clean_trace;
+  u8 *clean_trace_custom;
+  u8 *first_trace;
 
   /*needed for afl_fuzz_one */
   // TODO: see which we can reuse
@@ -608,6 +608,10 @@ typedef struct afl_state {
   u8 *   ex_buf;
   size_t ex_size;
 
+  /* this is a fixed buffer of size map_size that can be used by any function if
+   * they do not call another function */
+  u8 *map_tmp_buf;
+
 } afl_state_t;
 
 /* A global pointer to all instances is needed (for now) for signals to arrive
@@ -794,7 +798,7 @@ struct custom_mutator {
 
 };
 
-void afl_state_init(afl_state_t *);
+void afl_state_init(afl_state_t *, uint32_t map_size);
 void afl_state_deinit(afl_state_t *);
 void read_afl_environment(afl_state_t *, char **);
 
@@ -953,7 +957,7 @@ static inline u32 rand_below(afl_state_t *afl, u32 limit) {
 
 static inline u32 get_rand_seed(afl_state_t *afl) {
 
-  if (unlikely(afl->fixed_seed)) return (u32)afl->init_seed;
+  if (unlikely(afl->fixed_seed)) { return (u32)afl->init_seed; }
   return afl->rand_seed[0];
 
 }
@@ -964,8 +968,12 @@ static inline u32 get_rand_seed(afl_state_t *afl) {
 static inline u64 next_p2(u64 val) {
 
   u64 ret = 1;
-  while (val > ret)
+  while (val > ret) {
+
     ret <<= 1;
+
+  }
+
   return ret;
 
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-17 19:21:43 +0000