diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/afl-as.h | 12 | ||||
| -rw-r--r-- | include/afl-fuzz.h | 122 | ||||
| -rw-r--r-- | include/alloc-inl.h | 347 | ||||
| -rw-r--r-- | include/android-ashmem.h | 42 | ||||
| -rw-r--r-- | include/config.h | 28 | ||||
| -rw-r--r-- | include/debug.h | 204 | ||||
| -rw-r--r-- | include/forkserver.h | 18 | ||||
| -rw-r--r-- | include/hash.h | 4 | ||||
| -rw-r--r-- | include/types.h | 86 |
9 files changed, 431 insertions, 432 deletions
diff --git a/include/afl-as.h b/include/afl-as.h index a2bf1f9c..e90289d4 100644 --- a/include/afl-as.h +++ b/include/afl-as.h @@ -404,9 +404,9 @@ static const u8 *main_payload_32 = recognize .string. */ #ifdef __APPLE__ -#define CALL_L64(str) "call _" str "\n" + #define CALL_L64(str) "call _" str "\n" #else -#define CALL_L64(str) "call " str "@PLT\n" + #define CALL_L64(str) "call " str "@PLT\n" #endif /* ^__APPLE__ */ static const u8 *main_payload_64 = @@ -744,9 +744,9 @@ static const u8 *main_payload_64 = #ifdef __APPLE__ " .comm __afl_area_ptr, 8\n" -#ifndef COVERAGE_ONLY + #ifndef COVERAGE_ONLY " .comm __afl_prev_loc, 8\n" -#endif /* !COVERAGE_ONLY */ + #endif /* !COVERAGE_ONLY */ " .comm __afl_fork_pid, 4\n" " .comm __afl_temp, 4\n" " .comm __afl_setup_failure, 1\n" @@ -754,9 +754,9 @@ static const u8 *main_payload_64 = #else " .lcomm __afl_area_ptr, 8\n" -#ifndef COVERAGE_ONLY + #ifndef COVERAGE_ONLY " .lcomm __afl_prev_loc, 8\n" -#endif /* !COVERAGE_ONLY */ + #endif /* !COVERAGE_ONLY */ " .lcomm __afl_fork_pid, 4\n" " .lcomm __afl_temp, 4\n" " .lcomm __afl_setup_failure, 1\n" diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 9f306b7e..9907c245 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -31,14 +31,14 @@ #define MESSAGES_TO_STDOUT #ifndef _GNU_SOURCE -#define _GNU_SOURCE 1 + #define _GNU_SOURCE 1 #endif #ifndef _FILE_OFFSET_BITS -#define _FILE_OFFSET_BITS 64 + #define _FILE_OFFSET_BITS 64 #endif #ifdef __ANDROID__ -#include "android-ashmem.h" + #include "android-ashmem.h" #endif #include "config.h" @@ -76,7 +76,7 @@ #if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || \ defined(__NetBSD__) || defined(__DragonFly__) -#include <sys/sysctl.h> + #include <sys/sysctl.h> #endif /* __APPLE__ || __FreeBSD__ || __OpenBSD__ */ /* For systems that have sched_setaffinity; right now just Linux, but one @@ -84,31 +84,31 @@ #if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__) || \ defined(__DragonFly__) -#define HAVE_AFFINITY 1 -#if defined(__FreeBSD__) || defined(__DragonFly__) -#include <sys/param.h> -#if defined(__FreeBSD__) -#include <sys/cpuset.h> -#endif -#include <sys/user.h> -#include <pthread.h> -#include <pthread_np.h> -#define cpu_set_t cpuset_t -#elif defined(__NetBSD__) -#include <pthread.h> -#endif + #define HAVE_AFFINITY 1 + #if defined(__FreeBSD__) || defined(__DragonFly__) + #include <sys/param.h> + #if defined(__FreeBSD__) + #include <sys/cpuset.h> + #endif + #include <sys/user.h> + #include <pthread.h> + #include <pthread_np.h> + #define cpu_set_t cpuset_t + #elif defined(__NetBSD__) + #include <pthread.h> + #endif #endif /* __linux__ */ #ifdef __APPLE__ -#include <TargetConditionals.h> + #include <TargetConditionals.h> #endif #undef LIST_FOREACH /* clashes with FreeBSD */ #include "list.h" #ifndef SIMPLE_FILES -#define CASE_PREFIX "id:" + #define CASE_PREFIX "id:" #else -#define CASE_PREFIX "id_" + #define CASE_PREFIX "id_" #endif /* ^!SIMPLE_FILES */ #define STAGE_BUF_SIZE (64) /* usable size for stage name buf in afl_state */ @@ -231,36 +231,36 @@ enum { /* Python stuff */ #ifdef USE_PYTHON -// because Python sets stuff it should not ... -#ifdef _POSIX_C_SOURCE -#define _SAVE_POSIX_C_SOURCE _POSIX_C_SOURCE -#undef _POSIX_C_SOURCE -#endif -#ifdef _XOPEN_SOURCE -#define _SAVE_XOPEN_SOURCE _XOPEN_SOURCE -#undef _XOPEN_SOURCE -#endif - -#include <Python.h> - -#ifdef _SAVE_POSIX_C_SOURCE -#ifdef _POSIX_C_SOURCE -#undef _POSIX_C_SOURCE -#endif -#define _POSIX_C_SOURCE _SAVE_POSIX_C_SOURCE -#endif -#ifdef _SAVE_XOPEN_SOURCE -#ifdef _XOPEN_SOURCE -#undef _XOPEN_SOURCE -#endif -#define _XOPEN_SOURCE _SAVE_XOPEN_SOURCE -#endif + // because Python sets stuff it should not ... + #ifdef _POSIX_C_SOURCE + #define _SAVE_POSIX_C_SOURCE _POSIX_C_SOURCE + #undef _POSIX_C_SOURCE + #endif + #ifdef _XOPEN_SOURCE + #define _SAVE_XOPEN_SOURCE _XOPEN_SOURCE + #undef _XOPEN_SOURCE + #endif + + #include <Python.h> + + #ifdef _SAVE_POSIX_C_SOURCE + #ifdef _POSIX_C_SOURCE + #undef _POSIX_C_SOURCE + #endif + #define _POSIX_C_SOURCE _SAVE_POSIX_C_SOURCE + #endif + #ifdef _SAVE_XOPEN_SOURCE + #ifdef _XOPEN_SOURCE + #undef _XOPEN_SOURCE + #endif + #define _XOPEN_SOURCE _SAVE_XOPEN_SOURCE + #endif enum { /* 00 */ PY_FUNC_INIT, /* 01 */ PY_FUNC_FUZZ, - /* 02 */ PY_FUNC_PRE_SAVE, + /* 02 */ PY_FUNC_POST_PROCESS, /* 03 */ PY_FUNC_INIT_TRIM, /* 04 */ PY_FUNC_POST_TRIM, /* 05 */ PY_FUNC_TRIM, @@ -283,8 +283,8 @@ typedef struct py_mutator { u8 * fuzz_buf; size_t fuzz_size; - u8 * pre_save_buf; - size_t pre_save_size; + u8 * post_process_buf; + size_t post_process_size; u8 * trim_buf; size_t trim_size; @@ -323,9 +323,8 @@ typedef struct afl_env_vars { afl_bench_until_crash, afl_debug_child_output, afl_autoresume, afl_cal_fast; - u8 *afl_tmpdir, *afl_post_library, *afl_custom_mutator_library, - *afl_python_module, *afl_path, *afl_hang_tmout, *afl_skip_crashes, - *afl_preload; + u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path, + *afl_hang_tmout, *afl_skip_crashes, *afl_preload; } afl_env_vars_t; @@ -407,7 +406,9 @@ typedef struct afl_state { no_unlink, /* do not unlink cur_input */ debug, /* Debug mode */ custom_only, /* Custom mutator only mode */ - python_only; /* Python-only mode */ + python_only, /* Python-only mode */ + is_master, /* if this is a master */ + is_slave; /* if this is a slave */ u32 stats_update_freq; /* Stats update frequency (execs) */ @@ -418,7 +419,6 @@ typedef struct afl_state { size_t (*radamsa_mutate_ptr)(u8 *, size_t, u8 *, size_t, u32); u8 skip_deterministic, /* Skip deterministic stages? */ - force_deterministic, /* Force deterministic stages? */ use_splicing, /* Recombine input files? */ dumb_mode, /* Run in non-instrumented mode? */ score_changed, /* Scoring for favorites changed? */ @@ -545,11 +545,9 @@ typedef struct afl_state { struct extra_data *a_extras; /* Automatically selected extras */ u32 a_extras_cnt; /* Total number of tokens available */ - /* afl_postprocess API */ - void *(*post_init)(struct afl_state *afl); - size_t (*post_handler)(void *data, u8 *buf, u32 len, u8 **out_buf); - void *(*post_deinit)(void *data); - void *post_data; + /* afl_postprocess API - Now supported via custom mutators */ + + struct custom_mutator *post_library_mutator; /* CmpLog */ @@ -623,8 +621,8 @@ struct custom_mutator { const char *name; void * dh; - u8 * pre_save_buf; - size_t pre_save_size; + u8 * post_process_buf; + size_t post_process_size; u8 stacked_custom_prob, stacked_custom; void *data; /* custom mutator data ptr */ @@ -675,8 +673,8 @@ struct custom_mutator { * It can chose to alter buf in-place, if the space is large enough. * @return Size of the output buffer. */ - size_t (*afl_custom_pre_save)(void *data, u8 *buf, size_t buf_size, - u8 **out_buf); + size_t (*afl_custom_post_process)(void *data, u8 *buf, size_t buf_size, + u8 **out_buf); /** * This method is called at the start of each trimming operation and receives @@ -825,7 +823,7 @@ u8 trim_case_custom(afl_state_t *, struct queue_entry *q, u8 *in_buf, struct custom_mutator *load_custom_mutator_py(afl_state_t *, char *); void finalize_py_module(void *); -size_t pre_save_py(void *, u8 *, size_t, u8 **); +size_t post_process_py(void *, u8 *, size_t, u8 **); s32 init_trim_py(void *, u8 *, size_t); s32 post_trim_py(void *, u8); size_t trim_py(void *, u8 **); diff --git a/include/alloc-inl.h b/include/alloc-inl.h index 485446de..ca593549 100644 --- a/include/alloc-inl.h +++ b/include/alloc-inl.h @@ -41,44 +41,44 @@ // Be careful! _WANT_ORIGINAL_AFL_ALLOC is not compatible with custom mutators #ifndef _WANT_ORIGINAL_AFL_ALLOC -// afl++ stuff without memory corruption checks - for speed + // afl++ stuff without memory corruption checks - for speed -/* User-facing macro to sprintf() to a dynamically allocated buffer. */ + /* User-facing macro to sprintf() to a dynamically allocated buffer. */ -#define alloc_printf(_str...) \ - ({ \ - \ - u8 *_tmp; \ - s32 _len = snprintf(NULL, 0, _str); \ - if (_len < 0) FATAL("Whoa, snprintf() fails?!"); \ - _tmp = ck_alloc(_len + 1); \ - snprintf((char *)_tmp, _len + 1, _str); \ - _tmp; \ - \ - }) + #define alloc_printf(_str...) \ + ({ \ + \ + u8 *_tmp; \ + s32 _len = snprintf(NULL, 0, _str); \ + if (_len < 0) FATAL("Whoa, snprintf() fails?!"); \ + _tmp = ck_alloc(_len + 1); \ + snprintf((char *)_tmp, _len + 1, _str); \ + _tmp; \ + \ + }) -/* Macro to enforce allocation limits as a last-resort defense against - integer overflows. */ + /* Macro to enforce allocation limits as a last-resort defense against + integer overflows. */ -#define ALLOC_CHECK_SIZE(_s) \ - do { \ - \ - if ((_s) > MAX_ALLOC) ABORT("Bad alloc request: %u bytes", (_s)); \ - \ - } while (0) + #define ALLOC_CHECK_SIZE(_s) \ + do { \ + \ + if ((_s) > MAX_ALLOC) ABORT("Bad alloc request: %u bytes", (_s)); \ + \ + } while (0) -/* Macro to check malloc() failures and the like. */ + /* Macro to check malloc() failures and the like. */ -#define ALLOC_CHECK_RESULT(_r, _s) \ - do { \ - \ - if (!(_r)) ABORT("Out of memory: can't allocate %u bytes", (_s)); \ - \ - } while (0) + #define ALLOC_CHECK_RESULT(_r, _s) \ + do { \ + \ + if (!(_r)) ABORT("Out of memory: can't allocate %u bytes", (_s)); \ + \ + } while (0) -/* Allocator increments for ck_realloc_block(). */ + /* Allocator increments for ck_realloc_block(). */ -#define ALLOC_BLK_INC 256 + #define ALLOC_BLK_INC 256 /* Allocate a buffer, explicitly not zeroing it. Returns NULL for zero-sized requests. */ @@ -214,104 +214,104 @@ static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) { } -/* In non-debug mode, we just do straightforward aliasing of the above - functions to user-visible names such as ck_alloc(). */ + /* In non-debug mode, we just do straightforward aliasing of the above + functions to user-visible names such as ck_alloc(). */ -#define ck_alloc DFL_ck_alloc -#define ck_alloc_nozero DFL_ck_alloc_nozero -#define ck_realloc DFL_ck_realloc -#define ck_realloc_block DFL_ck_realloc_block -#define ck_strdup DFL_ck_strdup -#define ck_memdup DFL_ck_memdup -#define ck_memdup_str DFL_ck_memdup_str -#define ck_free DFL_ck_free + #define ck_alloc DFL_ck_alloc + #define ck_alloc_nozero DFL_ck_alloc_nozero + #define ck_realloc DFL_ck_realloc + #define ck_realloc_block DFL_ck_realloc_block + #define ck_strdup DFL_ck_strdup + #define ck_memdup DFL_ck_memdup + #define ck_memdup_str DFL_ck_memdup_str + #define ck_free DFL_ck_free -#define alloc_report() + #define alloc_report() #else -// This is the original alloc-inl of stock afl - -/* User-facing macro to sprintf() to a dynamically allocated buffer. */ - -#define alloc_printf(_str...) \ - ({ \ - \ - u8 *_tmp; \ - s32 _len = snprintf(NULL, 0, _str); \ - if (_len < 0) FATAL("Whoa, snprintf() fails?!"); \ - _tmp = ck_alloc(_len + 1); \ - snprintf((char *)_tmp, _len + 1, _str); \ - _tmp; \ - \ - }) - -/* Macro to enforce allocation limits as a last-resort defense against - integer overflows. */ -#define ALLOC_CHECK_SIZE(_s) \ - do { \ - \ - if ((_s) > MAX_ALLOC) ABORT("Bad alloc request: %u bytes", (_s)); \ - \ - } while (0) - -/* Macro to check malloc() failures and the like. */ - -#define ALLOC_CHECK_RESULT(_r, _s) \ - do { \ - \ - if (!(_r)) ABORT("Out of memory: can't allocate %u bytes", (_s)); \ - \ - } while (0) - -/* Magic tokens used to mark used / freed chunks. */ - -#define ALLOC_MAGIC_C1 0xFF00FF00 /* Used head (dword) */ -#define ALLOC_MAGIC_F 0xFE00FE00 /* Freed head (dword) */ -#define ALLOC_MAGIC_C2 0xF0 /* Used tail (byte) */ - -/* Positions of guard tokens in relation to the user-visible pointer. */ - -#define ALLOC_C1(_ptr) (((u32 *)(_ptr))[-2]) -#define ALLOC_S(_ptr) (((u32 *)(_ptr))[-1]) -#define ALLOC_C2(_ptr) (((u8 *)(_ptr))[ALLOC_S(_ptr)]) - -#define ALLOC_OFF_HEAD 8 -#define ALLOC_OFF_TOTAL (ALLOC_OFF_HEAD + 1) - -/* Allocator increments for ck_realloc_block(). */ - -#define ALLOC_BLK_INC 256 - -/* Sanity-checking macros for pointers. */ - -#define CHECK_PTR(_p) \ - do { \ - \ - if (_p) { \ - \ - if (ALLOC_C1(_p) ^ ALLOC_MAGIC_C1) { \ - \ - if (ALLOC_C1(_p) == ALLOC_MAGIC_F) \ - ABORT("Use after free."); \ - else \ - ABORT("Corrupted head alloc canary."); \ - \ - } \ - if (ALLOC_C2(_p) ^ ALLOC_MAGIC_C2) \ - ABORT("Corrupted tail alloc canary."); \ - \ - } \ - \ - } while (0) - -#define CHECK_PTR_EXPR(_p) \ - ({ \ - \ - typeof(_p) _tmp = (_p); \ - CHECK_PTR(_tmp); \ - _tmp; \ - \ - }) + // This is the original alloc-inl of stock afl + + /* User-facing macro to sprintf() to a dynamically allocated buffer. */ + + #define alloc_printf(_str...) \ + ({ \ + \ + u8 *_tmp; \ + s32 _len = snprintf(NULL, 0, _str); \ + if (_len < 0) FATAL("Whoa, snprintf() fails?!"); \ + _tmp = ck_alloc(_len + 1); \ + snprintf((char *)_tmp, _len + 1, _str); \ + _tmp; \ + \ + }) + + /* Macro to enforce allocation limits as a last-resort defense against + integer overflows. */ + #define ALLOC_CHECK_SIZE(_s) \ + do { \ + \ + if ((_s) > MAX_ALLOC) ABORT("Bad alloc request: %u bytes", (_s)); \ + \ + } while (0) + + /* Macro to check malloc() failures and the like. */ + + #define ALLOC_CHECK_RESULT(_r, _s) \ + do { \ + \ + if (!(_r)) ABORT("Out of memory: can't allocate %u bytes", (_s)); \ + \ + } while (0) + + /* Magic tokens used to mark used / freed chunks. */ + + #define ALLOC_MAGIC_C1 0xFF00FF00 /* Used head (dword) */ + #define ALLOC_MAGIC_F 0xFE00FE00 /* Freed head (dword) */ + #define ALLOC_MAGIC_C2 0xF0 /* Used tail (byte) */ + + /* Positions of guard tokens in relation to the user-visible pointer. */ + + #define ALLOC_C1(_ptr) (((u32 *)(_ptr))[-2]) + #define ALLOC_S(_ptr) (((u32 *)(_ptr))[-1]) + #define ALLOC_C2(_ptr) (((u8 *)(_ptr))[ALLOC_S(_ptr)]) + + #define ALLOC_OFF_HEAD 8 + #define ALLOC_OFF_TOTAL (ALLOC_OFF_HEAD + 1) + + /* Allocator increments for ck_realloc_block(). */ + + #define ALLOC_BLK_INC 256 + + /* Sanity-checking macros for pointers. */ + + #define CHECK_PTR(_p) \ + do { \ + \ + if (_p) { \ + \ + if (ALLOC_C1(_p) ^ ALLOC_MAGIC_C1) { \ + \ + if (ALLOC_C1(_p) == ALLOC_MAGIC_F) \ + ABORT("Use after free."); \ + else \ + ABORT("Corrupted head alloc canary."); \ + \ + } \ + if (ALLOC_C2(_p) ^ ALLOC_MAGIC_C2) \ + ABORT("Corrupted tail alloc canary."); \ + \ + } \ + \ + } while (0) + + #define CHECK_PTR_EXPR(_p) \ + ({ \ + \ + typeof(_p) _tmp = (_p); \ + CHECK_PTR(_tmp); \ + _tmp; \ + \ + }) /* Allocate a buffer, explicitly not zeroing it. Returns NULL for zero-sized requests. */ @@ -357,12 +357,12 @@ static inline void DFL_ck_free(void *mem) { if (!mem) return; CHECK_PTR(mem); -#ifdef DEBUG_BUILD + #ifdef DEBUG_BUILD /* Catch pointer issues sooner. */ memset(mem, 0xFF, ALLOC_S(mem)); -#endif /* DEBUG_BUILD */ + #endif /* DEBUG_BUILD */ ALLOC_C1(mem) = ALLOC_MAGIC_F; @@ -377,7 +377,7 @@ static inline void DFL_ck_free(void *mem) { static inline void *DFL_ck_realloc(void *orig, u32 size) { void *ret; - u32 old_size = 0; + u32 old_size = 0; if (!size) { @@ -390,9 +390,9 @@ static inline void *DFL_ck_realloc(void *orig, u32 size) { CHECK_PTR(orig); -#ifndef DEBUG_BUILD + #ifndef DEBUG_BUILD ALLOC_C1(orig) = ALLOC_MAGIC_F; -#endif /* !DEBUG_BUILD */ + #endif /* !DEBUG_BUILD */ old_size = ALLOC_S(orig); orig -= ALLOC_OFF_HEAD; @@ -403,12 +403,12 @@ static inline void *DFL_ck_realloc(void *orig, u32 size) { ALLOC_CHECK_SIZE(size); -#ifndef DEBUG_BUILD + #ifndef DEBUG_BUILD ret = realloc(orig, size + ALLOC_OFF_TOTAL); ALLOC_CHECK_RESULT(ret, size); -#else + #else /* Catch pointer issues sooner: force relocation and make sure that the original buffer is wiped. */ @@ -427,7 +427,7 @@ static inline void *DFL_ck_realloc(void *orig, u32 size) { } -#endif /* ^!DEBUG_BUILD */ + #endif /* ^!DEBUG_BUILD */ ret += ALLOC_OFF_HEAD; @@ -446,7 +446,7 @@ static inline void *DFL_ck_realloc(void *orig, u32 size) { static inline void *DFL_ck_realloc_block(void *orig, u32 size) { -#ifndef DEBUG_BUILD + #ifndef DEBUG_BUILD if (orig) { @@ -458,7 +458,7 @@ static inline void *DFL_ck_realloc_block(void *orig, u32 size) { } -#endif /* !DEBUG_BUILD */ + #endif /* !DEBUG_BUILD */ return DFL_ck_realloc(orig, size); @@ -469,7 +469,7 @@ static inline void *DFL_ck_realloc_block(void *orig, u32 size) { static inline u8 *DFL_ck_strdup(u8 *str) { void *ret; - u32 size; + u32 size; if (!str) return NULL; @@ -538,30 +538,30 @@ static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) { } -#ifndef DEBUG_BUILD + #ifndef DEBUG_BUILD -/* In non-debug mode, we just do straightforward aliasing of the above - functions to user-visible names such as ck_alloc(). */ + /* In non-debug mode, we just do straightforward aliasing of the above + functions to user-visible names such as ck_alloc(). */ -#define ck_alloc DFL_ck_alloc -#define ck_alloc_nozero DFL_ck_alloc_nozero -#define ck_realloc DFL_ck_realloc -#define ck_realloc_block DFL_ck_realloc_block -#define ck_strdup DFL_ck_strdup -#define ck_memdup DFL_ck_memdup -#define ck_memdup_str DFL_ck_memdup_str -#define ck_free DFL_ck_free + #define ck_alloc DFL_ck_alloc + #define ck_alloc_nozero DFL_ck_alloc_nozero + #define ck_realloc DFL_ck_realloc + #define ck_realloc_block DFL_ck_realloc_block + #define ck_strdup DFL_ck_strdup + #define ck_memdup DFL_ck_memdup + #define ck_memdup_str DFL_ck_memdup_str + #define ck_free DFL_ck_free -#define alloc_report() + #define alloc_report() -#else + #else -/* In debugging mode, we also track allocations to detect memory leaks, and - the flow goes through one more layer of indirection. */ + /* In debugging mode, we also track allocations to detect memory leaks, and + the flow goes through one more layer of indirection. */ -/* Alloc tracking data structures: */ + /* Alloc tracking data structures: */ -#define ALLOC_BUCKETS 4096 + #define ALLOC_BUCKETS 4096 struct TRK_obj { @@ -571,25 +571,25 @@ struct TRK_obj { }; -#ifdef AFL_MAIN + #ifdef AFL_MAIN struct TRK_obj *TRK[ALLOC_BUCKETS]; u32 TRK_cnt[ALLOC_BUCKETS]; -#define alloc_report() TRK_report() + #define alloc_report() TRK_report() -#else + #else extern struct TRK_obj *TRK[ALLOC_BUCKETS]; extern u32 TRK_cnt[ALLOC_BUCKETS]; -#define alloc_report() + #define alloc_report() -#endif /* ^AFL_MAIN */ + #endif /* ^AFL_MAIN */ -/* Bucket-assigning function for a given pointer: */ + /* Bucket-assigning function for a given pointer: */ -#define TRKH(_ptr) (((((u32)(_ptr)) >> 16) ^ ((u32)(_ptr))) % ALLOC_BUCKETS) + #define TRKH(_ptr) (((((u32)(_ptr)) >> 16) ^ ((u32)(_ptr))) % ALLOC_BUCKETS) /* Add a new entry to the list of allocated objects. */ @@ -739,29 +739,30 @@ static inline void TRK_ck_free(void *ptr, const char *file, const char *func, } -/* Aliasing user-facing names to tracking functions: */ + /* Aliasing user-facing names to tracking functions: */ -#define ck_alloc(_p1) TRK_ck_alloc(_p1, __FILE__, __FUNCTION__, __LINE__) + #define ck_alloc(_p1) TRK_ck_alloc(_p1, __FILE__, __FUNCTION__, __LINE__) -#define ck_alloc_nozero(_p1) TRK_ck_alloc(_p1, __FILE__, __FUNCTION__, __LINE__) + #define ck_alloc_nozero(_p1) \ + TRK_ck_alloc(_p1, __FILE__, __FUNCTION__, __LINE__) -#define ck_realloc(_p1, _p2) \ - TRK_ck_realloc(_p1, _p2, __FILE__, __FUNCTION__, __LINE__) + #define ck_realloc(_p1, _p2) \ + TRK_ck_realloc(_p1, _p2, __FILE__, __FUNCTION__, __LINE__) -#define ck_realloc_block(_p1, _p2) \ - TRK_ck_realloc_block(_p1, _p2, __FILE__, __FUNCTION__, __LINE__) + #define ck_realloc_block(_p1, _p2) \ + TRK_ck_realloc_block(_p1, _p2, __FILE__, __FUNCTION__, __LINE__) -#define ck_strdup(_p1) TRK_ck_strdup(_p1, __FILE__, __FUNCTION__, __LINE__) + #define ck_strdup(_p1) TRK_ck_strdup(_p1, __FILE__, __FUNCTION__, __LINE__) -#define ck_memdup(_p1, _p2) \ - TRK_ck_memdup(_p1, _p2, __FILE__, __FUNCTION__, __LINE__) + #define ck_memdup(_p1, _p2) \ + TRK_ck_memdup(_p1, _p2, __FILE__, __FUNCTION__, __LINE__) -#define ck_memdup_str(_p1, _p2) \ - TRK_ck_memdup_str(_p1, _p2, __FILE__, __FUNCTION__, __LINE__) + #define ck_memdup_str(_p1, _p2) \ + TRK_ck_memdup_str(_p1, _p2, __FILE__, __FUNCTION__, __LINE__) -#define ck_free(_p1) TRK_ck_free(_p1, __FILE__, __FUNCTION__, __LINE__) + #define ck_free(_p1) TRK_ck_free(_p1, __FILE__, __FUNCTION__, __LINE__) -#endif /* ^!DEBUG_BUILD */ + #endif /* ^!DEBUG_BUILD */ #endif /* _WANT_ORIGINAL_AFL_ALLOC */ diff --git a/include/android-ashmem.h b/include/android-ashmem.h index 77914c35..41d4d2da 100644 --- a/include/android-ashmem.h +++ b/include/android-ashmem.h @@ -28,27 +28,27 @@ #ifdef __ANDROID__ -#include <fcntl.h> -#include <linux/shm.h> -#include <linux/ashmem.h> -#include <sys/ioctl.h> -#include <sys/mman.h> - -#if __ANDROID_API__ >= 26 -#define shmat bionic_shmat -#define shmctl bionic_shmctl -#define shmdt bionic_shmdt -#define shmget bionic_shmget -#endif - -#include <sys/shm.h> -#undef shmat -#undef shmctl -#undef shmdt -#undef shmget -#include <stdio.h> - -#define ASHMEM_DEVICE "/dev/ashmem" + #include <fcntl.h> + #include <linux/shm.h> + #include <linux/ashmem.h> + #include <sys/ioctl.h> + #include <sys/mman.h> + + #if __ANDROID_API__ >= 26 + #define shmat bionic_shmat + #define shmctl bionic_shmctl + #define shmdt bionic_shmdt + #define shmget bionic_shmget + #endif + + #include <sys/shm.h> + #undef shmat + #undef shmctl + #undef shmdt + #undef shmget + #include <stdio.h> + + #define ASHMEM_DEVICE "/dev/ashmem" static inline int shmctl(int __shmid, int __cmd, struct shmid_ds *__buf) { diff --git a/include/config.h b/include/config.h index c21d775a..cd6ff641 100644 --- a/include/config.h +++ b/include/config.h @@ -28,7 +28,7 @@ /* Version string: */ // c = release, d = volatile github dev, e = experimental branch -#define VERSION "++2.64d" +#define VERSION "++2.65c" /****************************************************** * * @@ -49,7 +49,7 @@ /* Comment out to disable fancy ANSI boxes and use poor man's 7-bit UI: */ #ifndef ANDROID_DISABLE_FANCY // Fancy boxes are ugly from adb -#define FANCY_BOXES + #define FANCY_BOXES #endif /* Default timeout for fuzzed code (milliseconds). This is the upper bound, @@ -63,20 +63,20 @@ /* 64bit arch MACRO */ #if (defined(__x86_64__) || defined(__arm64__) || defined(__aarch64__)) -#define WORD_SIZE_64 1 + #define WORD_SIZE_64 1 #endif /* Default memory limit for child process (MB): */ #ifndef __NetBSD__ -#ifndef WORD_SIZE_64 -#define MEM_LIMIT 25 -#else -#define MEM_LIMIT 50 -#endif /* ^!WORD_SIZE_64 */ -#else /* NetBSD's kernel needs more space for stack, see discussion for issue \ - #165 */ -#define MEM_LIMIT 200 + #ifndef WORD_SIZE_64 + #define MEM_LIMIT 25 + #else + #define MEM_LIMIT 50 + #endif /* ^!WORD_SIZE_64 */ +#else /* NetBSD's kernel needs more space for stack, see discussion for issue \ + #165 */ + #define MEM_LIMIT 200 #endif /* Default memory limit when running in QEMU mode (MB): */ @@ -395,9 +395,9 @@ /* for *BSD: use ARC4RANDOM and save a file descriptor */ #if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) -#ifndef HAVE_ARC4RANDOM -#define HAVE_ARC4RANDOM 1 -#endif + #ifndef HAVE_ARC4RANDOM + #define HAVE_ARC4RANDOM 1 + #endif #endif /* __APPLE__ || __FreeBSD__ || __OpenBSD__ */ #endif /* ! _HAVE_CONFIG_H */ diff --git a/include/debug.h b/include/debug.h index 4cce56b5..9dd21ace 100644 --- a/include/debug.h +++ b/include/debug.h @@ -30,7 +30,7 @@ /* __FUNCTION__ is non-iso */ #ifdef __func__ -#define __FUNCTION__ __func__ + #define __FUNCTION__ __func__ #endif /******************* @@ -38,82 +38,82 @@ *******************/ #ifndef MESSAGES_TO_STDOUT -#define MESSAGES_TO_STDOUT + #define MESSAGES_TO_STDOUT #endif #ifdef USE_COLOR -#define cBLK "\x1b[0;30m" -#define cRED "\x1b[0;31m" -#define cGRN "\x1b[0;32m" -#define cBRN "\x1b[0;33m" -#define cBLU "\x1b[0;34m" -#define cMGN "\x1b[0;35m" -#define cCYA "\x1b[0;36m" -#define cLGR "\x1b[0;37m" -#define cGRA "\x1b[1;90m" -#define cLRD "\x1b[1;91m" -#define cLGN "\x1b[1;92m" -#define cYEL "\x1b[1;93m" -#define cLBL "\x1b[1;94m" -#define cPIN "\x1b[1;95m" -#define cLCY "\x1b[1;96m" -#define cBRI "\x1b[1;97m" -#define cRST "\x1b[0m" - -#define bgBLK "\x1b[40m" -#define bgRED "\x1b[41m" -#define bgGRN "\x1b[42m" -#define bgBRN "\x1b[43m" -#define bgBLU "\x1b[44m" -#define bgMGN "\x1b[45m" -#define bgCYA "\x1b[46m" -#define bgLGR "\x1b[47m" -#define bgGRA "\x1b[100m" -#define bgLRD "\x1b[101m" -#define bgLGN "\x1b[102m" -#define bgYEL "\x1b[103m" -#define bgLBL "\x1b[104m" -#define bgPIN "\x1b[105m" -#define bgLCY "\x1b[106m" -#define bgBRI "\x1b[107m" + #define cBLK "\x1b[0;30m" + #define cRED "\x1b[0;31m" + #define cGRN "\x1b[0;32m" + #define cBRN "\x1b[0;33m" + #define cBLU "\x1b[0;34m" + #define cMGN "\x1b[0;35m" + #define cCYA "\x1b[0;36m" + #define cLGR "\x1b[0;37m" + #define cGRA "\x1b[1;90m" + #define cLRD "\x1b[1;91m" + #define cLGN "\x1b[1;92m" + #define cYEL "\x1b[1;93m" + #define cLBL "\x1b[1;94m" + #define cPIN "\x1b[1;95m" + #define cLCY "\x1b[1;96m" + #define cBRI "\x1b[1;97m" + #define cRST "\x1b[0m" + + #define bgBLK "\x1b[40m" + #define bgRED "\x1b[41m" + #define bgGRN "\x1b[42m" + #define bgBRN "\x1b[43m" + #define bgBLU "\x1b[44m" + #define bgMGN "\x1b[45m" + #define bgCYA "\x1b[46m" + #define bgLGR "\x1b[47m" + #define bgGRA "\x1b[100m" + #define bgLRD "\x1b[101m" + #define bgLGN "\x1b[102m" + #define bgYEL "\x1b[103m" + #define bgLBL "\x1b[104m" + #define bgPIN "\x1b[105m" + #define bgLCY "\x1b[106m" + #define bgBRI "\x1b[107m" #else -#define cBLK "" -#define cRED "" -#define cGRN "" -#define cBRN "" -#define cBLU "" -#define cMGN "" -#define cCYA "" -#define cLGR "" -#define cGRA "" -#define cLRD "" -#define cLGN "" -#define cYEL "" -#define cLBL "" -#define cPIN "" -#define cLCY "" -#define cBRI "" -#define cRST "" - -#define bgBLK "" -#define bgRED "" -#define bgGRN "" -#define bgBRN "" -#define bgBLU "" -#define bgMGN "" -#define bgCYA "" -#define bgLGR "" -#define bgGRA "" -#define bgLRD "" -#define bgLGN "" -#define bgYEL "" -#define bgLBL "" -#define bgPIN "" -#define bgLCY "" -#define bgBRI "" + #define cBLK "" + #define cRED "" + #define cGRN "" + #define cBRN "" + #define cBLU "" + #define cMGN "" + #define cCYA "" + #define cLGR "" + #define cGRA "" + #define cLRD "" + #define cLGN "" + #define cYEL "" + #define cLBL "" + #define cPIN "" + #define cLCY "" + #define cBRI "" + #define cRST "" + + #define bgBLK "" + #define bgRED "" + #define bgGRN "" + #define bgBRN "" + #define bgBLU "" + #define bgMGN "" + #define bgCYA "" + #define bgLGR "" + #define bgGRA "" + #define bgLRD "" + #define bgLGN "" + #define bgYEL "" + #define bgLBL "" + #define bgPIN "" + #define bgLCY "" + #define bgBRI "" #endif /* ^USE_COLOR */ @@ -123,39 +123,39 @@ #ifdef FANCY_BOXES -#define SET_G1 "\x1b)0" /* Set G1 for box drawing */ -#define RESET_G1 "\x1b)B" /* Reset G1 to ASCII */ -#define bSTART "\x0e" /* Enter G1 drawing mode */ -#define bSTOP "\x0f" /* Leave G1 drawing mode */ -#define bH "q" /* Horizontal line */ -#define bV "x" /* Vertical line */ -#define bLT "l" /* Left top corner */ -#define bRT "k" /* Right top corner */ -#define bLB "m" /* Left bottom corner */ -#define bRB "j" /* Right bottom corner */ -#define bX "n" /* Cross */ -#define bVR "t" /* Vertical, branch right */ -#define bVL "u" /* Vertical, branch left */ -#define bHT "v" /* Horizontal, branch top */ -#define bHB "w" /* Horizontal, branch bottom */ + #define SET_G1 "\x1b)0" /* Set G1 for box drawing */ + #define RESET_G1 "\x1b)B" /* Reset G1 to ASCII */ + #define bSTART "\x0e" /* Enter G1 drawing mode */ + #define bSTOP "\x0f" /* Leave G1 drawing mode */ + #define bH "q" /* Horizontal line */ + #define bV "x" /* Vertical line */ + #define bLT "l" /* Left top corner */ + #define bRT "k" /* Right top corner */ + #define bLB "m" /* Left bottom corner */ + #define bRB "j" /* Right bottom corner */ + #define bX "n" /* Cross */ + #define bVR "t" /* Vertical, branch right */ + #define bVL "u" /* Vertical, branch left */ + #define bHT "v" /* Horizontal, branch top */ + #define bHB "w" /* Horizontal, branch bottom */ #else -#define SET_G1 "" -#define RESET_G1 "" -#define bSTART "" -#define bSTOP "" -#define bH "-" -#define bV "|" -#define bLT "+" -#define bRT "+" -#define bLB "+" -#define bRB "+" -#define bX "+" -#define bVR "+" -#define bVL "+" -#define bHT "+" -#define bHB "+" + #define SET_G1 "" + #define RESET_G1 "" + #define bSTART "" + #define bSTOP "" + #define bH "-" + #define bV "|" + #define bLT "+" + #define bRT "+" + #define bLB "+" + #define bRB "+" + #define bX "+" + #define bVR "+" + #define bVL "+" + #define bHT "+" + #define bHB "+" #endif /* ^FANCY_BOXES */ @@ -176,9 +176,9 @@ /* Just print stuff to the appropriate stream. */ #ifdef MESSAGES_TO_STDOUT -#define SAYF(x...) printf(x) + #define SAYF(x...) printf(x) #else -#define SAYF(x...) fprintf(stderr, x) + #define SAYF(x...) fprintf(stderr, x) #endif /* ^MESSAGES_TO_STDOUT */ /* Show a prefixed warning. */ diff --git a/include/forkserver.h b/include/forkserver.h index 7e7784f5..e8ac2837 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -110,20 +110,20 @@ void afl_fsrv_killall(void); void afl_fsrv_deinit(afl_forkserver_t *fsrv); #ifdef __APPLE__ -#define MSG_FORK_ON_APPLE \ - " - On MacOS X, the semantics of fork() syscalls are non-standard and " \ - "may\n" \ - " break afl-fuzz performance optimizations when running " \ - "platform-specific\n" \ - " targets. To fix this, set AFL_NO_FORKSRV=1 in the environment.\n\n" + #define MSG_FORK_ON_APPLE \ + " - On MacOS X, the semantics of fork() syscalls are non-standard and " \ + "may\n" \ + " break afl-fuzz performance optimizations when running " \ + "platform-specific\n" \ + " targets. To fix this, set AFL_NO_FORKSRV=1 in the environment.\n\n" #else -#define MSG_FORK_ON_APPLE "" + #define MSG_FORK_ON_APPLE "" #endif #ifdef RLIMIT_AS -#define MSG_ULIMIT_USAGE " ( ulimit -Sv $[%llu << 10];" + #define MSG_ULIMIT_USAGE " ( ulimit -Sv $[%llu << 10];" #else -#define MSG_ULIMIT_USAGE " ( ulimit -Sd $[%llu << 10];" + #define MSG_ULIMIT_USAGE " ( ulimit -Sd $[%llu << 10];" #endif /* ^RLIMIT_AS */ #endif diff --git a/include/hash.h b/include/hash.h index 3751ac33..cec51eac 100644 --- a/include/hash.h +++ b/include/hash.h @@ -32,7 +32,7 @@ #ifdef __x86_64__ -#define ROL64(_x, _r) ((((u64)(_x)) << (_r)) | (((u64)(_x)) >> (64 - (_r)))) + #define ROL64(_x, _r) ((((u64)(_x)) << (_r)) | (((u64)(_x)) >> (64 - (_r)))) static inline u32 hash32(const void *key, u32 len, u32 seed) { @@ -67,7 +67,7 @@ static inline u32 hash32(const void *key, u32 len, u32 seed) { #else -#define ROL32(_x, _r) ((((u32)(_x)) << (_r)) | (((u32)(_x)) >> (32 - (_r)))) + #define ROL32(_x, _r) ((((u32)(_x)) << (_r)) | (((u32)(_x)) >> (32 - (_r)))) static inline u32 hash32(const void *key, u32 len, u32 seed) { diff --git a/include/types.h b/include/types.h index 72d2ba51..f95c4be2 100644 --- a/include/types.h +++ b/include/types.h @@ -81,23 +81,23 @@ typedef int32_t s32; typedef int64_t s64; #ifndef MIN -#define MIN(a, b) \ - ({ \ - \ - __typeof__(a) _a = (a); \ - __typeof__(b) _b = (b); \ - _a < _b ? _a : _b; \ - \ - }) - -#define MAX(a, b) \ - ({ \ - \ - __typeof__(a) _a = (a); \ - __typeof__(b) _b = (b); \ - _a > _b ? _a : _b; \ - \ - }) + #define MIN(a, b) \ + ({ \ + \ + __typeof__(a) _a = (a); \ + __typeof__(b) _b = (b); \ + _a < _b ? _a : _b; \ + \ + }) + + #define MAX(a, b) \ + ({ \ + \ + __typeof__(a) _a = (a); \ + __typeof__(b) _b = (b); \ + _a > _b ? _a : _b; \ + \ + }) #endif /* !MIN */ @@ -133,21 +133,21 @@ typedef int64_t s64; }) #ifdef AFL_LLVM_PASS -#if defined(__linux__) || !defined(__ANDROID__) -#define AFL_SR(s) (srandom(s)) -#define AFL_R(x) (random() % (x)) -#else -#define AFL_SR(s) ((void)s) -#define AFL_R(x) (arc4random_uniform(x)) -#endif -#else -#if defined(__linux__) || !defined(__ANDROID__) -#define SR(s) (srandom(s)) -#define R(x) (random() % (x)) + #if defined(__linux__) || !defined(__ANDROID__) + #define AFL_SR(s) (srandom(s)) + #define AFL_R(x) (random() % (x)) + #else + #define AFL_SR(s) ((void)s) + #define AFL_R(x) (arc4random_uniform(x)) + #endif #else -#define SR(s) ((void)s) -#define R(x) (arc4random_uniform(x)) -#endif + #if defined(__linux__) || !defined(__ANDROID__) + #define SR(s) (srandom(s)) + #define R(x) (random() % (x)) + #else + #define SR(s) ((void)s) + #define R(x) (arc4random_uniform(x)) + #endif #endif /* ^AFL_LLVM_PASS */ #define STRINGIFY_INTERNAL(x) #x @@ -156,19 +156,19 @@ typedef int64_t s64; #define MEM_BARRIER() __asm__ volatile("" ::: "memory") #if __GNUC__ < 6 -#ifndef likely -#define likely(_x) (_x) -#endif -#ifndef unlikely -#define unlikely(_x) (_x) -#endif + #ifndef likely + #define likely(_x) (_x) + #endif + #ifndef unlikely + #define unlikely(_x) (_x) + #endif #else -#ifndef likely -#define likely(_x) __builtin_expect(!!(_x), 1) -#endif -#ifndef unlikely -#define unlikely(_x) __builtin_expect(!!(_x), 0) -#endif + #ifndef likely + #define likely(_x) __builtin_expect(!!(_x), 1) + #endif + #ifndef unlikely + #define unlikely(_x) __builtin_expect(!!(_x), 0) + #endif #endif #endif /* ! _HAVE_TYPES_H */ |