about summary refs log tree commit diff
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/afl-fuzz.h17
-rw-r--r--include/alloc-inl.h114
-rw-r--r--include/config.h10
-rw-r--r--include/forkserver.h4
4 files changed, 19 insertions, 126 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 51ab0e85..ca7d10fe 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -172,6 +172,14 @@ struct extra_data {
 
 };
 
+struct auto_extra_data {
+
+  u8  data[MAX_AUTO_EXTRA];             /* Dictionary token data            */
+  u32 len;                              /* Dictionary token length          */
+  u32 hit_cnt;                          /* Use count in the corpus          */
+
+};
+
 /* Fuzzing stages */
 
 enum {
@@ -571,8 +579,9 @@ typedef struct afl_state {
   struct extra_data *extras;            /* Extra tokens to fuzz with        */
   u32                extras_cnt;        /* Total number of tokens read      */
 
-  struct extra_data *a_extras;          /* Automatically selected extras    */
-  u32                a_extras_cnt;      /* Total number of tokens available */
+  struct auto_extra_data
+      a_extras[MAX_AUTO_EXTRAS];        /* Automatically selected extras    */
+  u32 a_extras_cnt;                     /* Total number of tokens available */
 
   /* afl_postprocess API - Now supported via custom mutators */
 
@@ -608,8 +617,6 @@ typedef struct afl_state {
   u32 document_counter;
 #endif
 
-  void *maybe_add_auto;
-
   /* statistics file */
   double last_bitmap_cvg, last_stability, last_eps;
 
@@ -911,7 +918,7 @@ u8 has_new_bits(afl_state_t *, u8 *);
 
 void load_extras_file(afl_state_t *, u8 *, u32 *, u32 *, u32);
 void load_extras(afl_state_t *, u8 *);
-void maybe_add_auto(void *, u8 *, u32);
+void maybe_add_auto(afl_state_t *, u8 *, u32);
 void save_auto(afl_state_t *);
 void load_auto(afl_state_t *);
 void destroy_extras(afl_state_t *);
diff --git a/include/alloc-inl.h b/include/alloc-inl.h
index 832b2de4..306cc622 100644
--- a/include/alloc-inl.h
+++ b/include/alloc-inl.h
@@ -177,43 +177,6 @@ static inline u8 *DFL_ck_strdup(u8 *str) {
 
 }
 
-/* Create a buffer with a copy of a memory block. Returns NULL for zero-sized
-   or NULL inputs. */
-
-static inline void *DFL_ck_memdup(void *mem, u32 size) {
-
-  void *ret;
-
-  if (!mem || !size) { return NULL; }
-
-  ALLOC_CHECK_SIZE(size);
-  ret = malloc(size);
-  ALLOC_CHECK_RESULT(ret, size);
-
-  return memcpy(ret, mem, size);
-
-}
-
-/* Create a buffer with a block of text, appending a NUL terminator at the end.
-   Returns NULL for zero-sized or NULL inputs. */
-
-static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) {
-
-  u8 *ret;
-
-  if (!mem || !size) { return NULL; }
-
-  ALLOC_CHECK_SIZE(size);
-  ret = (u8 *)malloc(size + 1);
-  ALLOC_CHECK_RESULT(ret, size);
-
-  memcpy(ret, mem, size);
-  ret[size] = 0;
-
-  return ret;
-
-}
-
   /* In non-debug mode, we just do straightforward aliasing of the above
      functions to user-visible names such as ck_alloc(). */
 
@@ -222,8 +185,6 @@ static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) {
   #define ck_realloc DFL_ck_realloc
   #define ck_realloc_block DFL_ck_realloc_block
   #define ck_strdup DFL_ck_strdup
-  #define ck_memdup DFL_ck_memdup
-  #define ck_memdup_str DFL_ck_memdup_str
   #define ck_free DFL_ck_free
 
   #define alloc_report()
@@ -489,55 +450,6 @@ static inline u8 *DFL_ck_strdup(u8 *str) {
 
 }
 
-/* Create a buffer with a copy of a memory block. Returns NULL for zero-sized
-   or NULL inputs. */
-
-static inline void *DFL_ck_memdup(void *mem, u32 size) {
-
-  void *ret;
-
-  if (!mem || !size) return NULL;
-
-  ALLOC_CHECK_SIZE(size);
-  ret = malloc(size + ALLOC_OFF_TOTAL);
-  ALLOC_CHECK_RESULT(ret, size);
-
-  ret += ALLOC_OFF_HEAD;
-
-  ALLOC_C1(ret) = ALLOC_MAGIC_C1;
-  ALLOC_S(ret) = size;
-  ALLOC_C2(ret) = ALLOC_MAGIC_C2;
-
-  return memcpy(ret, mem, size);
-
-}
-
-/* Create a buffer with a block of text, appending a NUL terminator at the end.
-   Returns NULL for zero-sized or NULL inputs. */
-
-static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) {
-
-  u8 *ret;
-
-  if (!mem || !size) return NULL;
-
-  ALLOC_CHECK_SIZE(size);
-  ret = malloc(size + ALLOC_OFF_TOTAL + 1);
-  ALLOC_CHECK_RESULT(ret, size);
-
-  ret += ALLOC_OFF_HEAD;
-
-  ALLOC_C1(ret) = ALLOC_MAGIC_C1;
-  ALLOC_S(ret) = size;
-  ALLOC_C2(ret) = ALLOC_MAGIC_C2;
-
-  memcpy(ret, mem, size);
-  ret[size] = 0;
-
-  return ret;
-
-}
-
   #ifndef DEBUG_BUILD
 
     /* In non-debug mode, we just do straightforward aliasing of the above
@@ -548,8 +460,6 @@ static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) {
     #define ck_realloc DFL_ck_realloc
     #define ck_realloc_block DFL_ck_realloc_block
     #define ck_strdup DFL_ck_strdup
-    #define ck_memdup DFL_ck_memdup
-    #define ck_memdup_str DFL_ck_memdup_str
     #define ck_free DFL_ck_free
 
     #define alloc_report()
@@ -713,24 +623,6 @@ static inline void *TRK_ck_strdup(u8 *str, const char *file, const char *func,
 
 }
 
-static inline void *TRK_ck_memdup(void *mem, u32 size, const char *file,
-                                  const char *func, u32 line) {
-
-  void *ret = DFL_ck_memdup(mem, size);
-  TRK_alloc_buf(ret, file, func, line);
-  return ret;
-
-}
-
-static inline void *TRK_ck_memdup_str(void *mem, u32 size, const char *file,
-                                      const char *func, u32 line) {
-
-  void *ret = DFL_ck_memdup_str(mem, size);
-  TRK_alloc_buf(ret, file, func, line);
-  return ret;
-
-}
-
 static inline void TRK_ck_free(void *ptr, const char *file, const char *func,
                                u32 line) {
 
@@ -754,12 +646,6 @@ static inline void TRK_ck_free(void *ptr, const char *file, const char *func,
 
     #define ck_strdup(_p1) TRK_ck_strdup(_p1, __FILE__, __FUNCTION__, __LINE__)
 
-    #define ck_memdup(_p1, _p2) \
-      TRK_ck_memdup(_p1, _p2, __FILE__, __FUNCTION__, __LINE__)
-
-    #define ck_memdup_str(_p1, _p2) \
-      TRK_ck_memdup_str(_p1, _p2, __FILE__, __FUNCTION__, __LINE__)
-
     #define ck_free(_p1) TRK_ck_free(_p1, __FILE__, __FUNCTION__, __LINE__)
 
   #endif                                                   /* ^!DEBUG_BUILD */
diff --git a/include/config.h b/include/config.h
index 344a368f..a978a27c 100644
--- a/include/config.h
+++ b/include/config.h
@@ -70,21 +70,21 @@
 
 #ifndef __NetBSD__
   #ifndef WORD_SIZE_64
-    #define MEM_LIMIT 25
-  #else
     #define MEM_LIMIT 50
+  #else
+    #define MEM_LIMIT 75
   #endif                                                  /* ^!WORD_SIZE_64 */
 #else /* NetBSD's kernel needs more space for stack, see discussion for issue \
          #165 */
-  #define MEM_LIMIT 200
+  #define MEM_LIMIT 250
 #endif
 /* Default memory limit when running in QEMU mode (MB): */
 
-#define MEM_LIMIT_QEMU 200
+#define MEM_LIMIT_QEMU 250
 
 /* Default memory limit when running in Unicorn mode (MB): */
 
-#define MEM_LIMIT_UNICORN 200
+#define MEM_LIMIT_UNICORN 250
 
 /* Number of calibration cycles per every new test case (and for test
    cases that show variable behavior): */
diff --git a/include/forkserver.h b/include/forkserver.h
index 717493db..0a7390ed 100644
--- a/include/forkserver.h
+++ b/include/forkserver.h
@@ -89,9 +89,9 @@ typedef struct afl_forkserver {
   /* Function to kick off the forkserver child */
   void (*init_child_func)(struct afl_forkserver *fsrv, char **argv);
 
-  u8 *function_opt;                     /* for autodictionary: afl ptr      */
+  u8 *afl_ptr;                          /* for autodictionary: afl ptr      */
 
-  void (*function_ptr)(void *afl_tmp, u8 *mem, u32 len);
+  void (*autodict_func)(void *afl_ptr, u8 *mem, u32 len);
 
 } afl_forkserver_t;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-21 17:05:44 +0000