5 files changed, 18 insertions, 24 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 9907c245..32ae2a58 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -342,6 +342,7 @@ typedef struct afl_state {
 
   afl_forkserver_t fsrv;
   sharedmem_t      shm;
+  sharedmem_t *    shm_fuzz;
   afl_env_vars_t   afl_env;
 
   char **argv;                                            /* argv if needed */
@@ -547,8 +548,6 @@ typedef struct afl_state {
 
   /* afl_postprocess API - Now supported via custom mutators */
 
-  struct custom_mutator *post_library_mutator;
-
   /* CmpLog */
 
   char *           cmplog_binary;
@@ -913,6 +912,7 @@ u32    find_start_position(afl_state_t *);
 void   find_timeout(afl_state_t *);
 double get_runnable_processes(void);
 void   nuke_resume_dir(afl_state_t *);
+int    check_master_exists(afl_state_t *);
 void   setup_dirs_fds(afl_state_t *);
 void   setup_cmdline_file(afl_state_t *, char **);
 void   setup_stdio_file(afl_state_t *);
diff --git a/include/afl-prealloc.h b/include/afl-prealloc.h
index 66e6aadf..5e5d7b85 100644
--- a/include/afl-prealloc.h
+++ b/include/afl-prealloc.h
@@ -61,6 +61,7 @@ typedef enum prealloc_status {
     if ((prealloc_counter) >= (prealloc_size)) {                               \
                                                                                \
       el_ptr = malloc(sizeof(*el_ptr));                                        \
+      if (!el_ptr) { FATAL("error in list.h -> out of memory for element!"); } \
       el_ptr->pre_status = PRE_STATUS_MALLOC;                                  \
                                                                                \
     } else {                                                                   \
diff --git a/include/config.h b/include/config.h
index cd6ff641..57efd0f6 100644
--- a/include/config.h
+++ b/include/config.h
@@ -28,7 +28,7 @@
 /* Version string: */
 
 // c = release, d = volatile github dev, e = experimental branch
-#define VERSION "++2.65c"
+#define VERSION "++2.65d"
 
 /******************************************************
  *                                                    *
@@ -304,6 +304,10 @@
 
 #define SHM_ENV_VAR "__AFL_SHM_ID"
 
+/* Environment variable used to pass SHM FUZZ ID to the called program. */
+
+#define SHM_FUZZ_ENV_VAR "__AFL_SHM_FUZZ_ID"
+
 /* Other less interesting, internal-only variables. */
 
 #define CLANG_ENV_VAR "__AFL_CLANG_MODE"
diff --git a/include/forkserver.h b/include/forkserver.h
index e8ac2837..00555d7e 100644
--- a/include/forkserver.h
+++ b/include/forkserver.h
@@ -73,10 +73,18 @@ typedef struct afl_forkserver {
 
   u8 last_kill_signal;                  /* Signal that killed the child     */
 
+  u8 use_shdmen_fuzz;                   /* use shared mem for test cases    */
+
+  u8 support_shdmen_fuzz;               /* set by afl-fuzz                  */
+
   u8 use_fauxsrv;                       /* Fauxsrv for non-forking targets? */
 
   u8 qemu_mode;                         /* if running in qemu mode or not   */
 
+  u32 shdmem_fuzz_len;                   /* length of the fuzzing test case */
+
+  u8 *shdmem_fuzz;                      /* allocated memory for fuzzing     */
+
   char *cmplog_binary;                  /* the name of the cmplog binary    */
 
   /* Function to kick off the forkserver child */
diff --git a/include/types.h b/include/types.h
index f95c4be2..77b7ae74 100644
--- a/include/types.h
+++ b/include/types.h
@@ -43,37 +43,18 @@ typedef uint32_t u32;
 #define FS_ERROR_MMAP 16
 
 /* Reporting options */
-#define FS_OPT_ENABLED 0x8f000001
+#define FS_OPT_ENABLED 0x80000001
 #define FS_OPT_MAPSIZE 0x40000000
 #define FS_OPT_SNAPSHOT 0x20000000
 #define FS_OPT_AUTODICT 0x10000000
+#define FS_OPT_SHDMEM_FUZZ 0x01000000
 // FS_OPT_MAX_MAPSIZE is 8388608 = 0x800000 = 2^23 = 1 << 22
 #define FS_OPT_MAX_MAPSIZE ((0x00fffffe >> 1) + 1)
 #define FS_OPT_GET_MAPSIZE(x) (((x & 0x00fffffe) >> 1) + 1)
 #define FS_OPT_SET_MAPSIZE(x) \
   (x <= 1 || x > FS_OPT_MAX_MAPSIZE ? 0 : ((x - 1) << 1))
 
-/*
-
-   Ugh. There is an unintended compiler / glibc #include glitch caused by
-   combining the u64 type an %llu in format strings, necessitating a workaround.
-
-   In essence, the compiler is always looking for 'unsigned long long' for %llu.
-   On 32-bit systems, the u64 type (aliased to uint64_t) is expanded to
-   'unsigned long long' in <bits/types.h>, so everything checks out.
-
-   But on 64-bit systems, it is #ifdef'ed in the same file as 'unsigned long'.
-   Now, it only happens in circumstances where the type happens to have the
-   expected bit width, *but* the compiler does not know that... and complains
-   about 'unsigned long' being unsafe to pass to %llu.
-
- */
-
-#if defined(__x86_64__) || defined(__aarch64__)
 typedef unsigned long long u64;
-#else
-typedef uint64_t u64;
-#endif                                                       /* ^__x86_64__ */
 
 typedef int8_t  s8;
 typedef int16_t s16;