about summary refs log tree commit diff
path: root/llvm_mode/afl-llvm-rt.o.c
diff options
context:
space:
mode:
Diffstat (limited to 'llvm_mode/afl-llvm-rt.o.c')
-rw-r--r--llvm_mode/afl-llvm-rt.o.c55
1 files changed, 31 insertions, 24 deletions
diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c
index e6d9b993..bc38f1ec 100644
--- a/llvm_mode/afl-llvm-rt.o.c
+++ b/llvm_mode/afl-llvm-rt.o.c
@@ -20,7 +20,7 @@
 */
 
 #ifdef __ANDROID__
-  #include "android-ashmem.h"
+#  include "android-ashmem.h"
 #endif
 #include "config.h"
 #include "types.h"
@@ -50,10 +50,9 @@
 #include <sys/mman.h>
 #include <fcntl.h>
 
-
 /* Globals needed by the injected instrumentation. The __afl_area_initial region
-   is used for instrumentation output before __afl_map_shm() has a chance to run.
-   It will end up as .comm, so it shouldn't be too wasteful. */
+   is used for instrumentation output before __afl_map_shm() has a chance to
+   run. It will end up as .comm, so it shouldn't be too wasteful. */
 
 u8  __afl_area_initial[MAP_SIZE];
 u8* __afl_area_ptr = __afl_area_initial;
@@ -64,43 +63,46 @@ u32 __afl_prev_loc;
 __thread u32 __afl_prev_loc;
 #endif
 
-
 /* Running in persistent mode? */
 
 static u8 is_persistent;
 
-
 /* SHM setup. */
 
 static void __afl_map_shm(void) {
 
-  u8 *id_str = getenv(SHM_ENV_VAR);
+  u8* id_str = getenv(SHM_ENV_VAR);
 
   /* If we're running under AFL, attach to the appropriate region, replacing the
      early-stage __afl_area_initial region that is needed to allow some really
      hacky .init code to work correctly in projects such as OpenSSL. */
 
   if (id_str) {
+
 #ifdef USEMMAP
-    const char *shm_file_path = id_str;
-    int shm_fd = -1;
-    unsigned char *shm_base = NULL;
+    const char*    shm_file_path = id_str;
+    int            shm_fd = -1;
+    unsigned char* shm_base = NULL;
 
     /* create the shared memory segment as if it was a file */
     shm_fd = shm_open(shm_file_path, O_RDWR, 0600);
     if (shm_fd == -1) {
+
       printf("shm_open() failed\n");
       exit(1);
+
     }
 
     /* map the shared memory segment to the address space of the process */
     shm_base = mmap(0, MAP_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED, shm_fd, 0);
     if (shm_base == MAP_FAILED) {
+
       close(shm_fd);
       shm_fd = -1;
 
       printf("mmap() failed\n");
       exit(2);
+
     }
 
     __afl_area_ptr = shm_base;
@@ -112,7 +114,7 @@ static void __afl_map_shm(void) {
 
     /* Whooooops. */
 
-    if (__afl_area_ptr == (void *)-1) _exit(1);
+    if (__afl_area_ptr == (void*)-1) _exit(1);
 
     /* Write something into the bitmap so that even with low AFL_INST_RATIO,
        our parent doesn't give up on us. */
@@ -123,16 +125,15 @@ static void __afl_map_shm(void) {
 
 }
 
-
 /* Fork server logic. */
 
 static void __afl_start_forkserver(void) {
 
   static u8 tmp[4];
-  s32 child_pid;
+  s32       child_pid;
+
+  u8 child_stopped = 0;
 
-  u8  child_stopped = 0;
-  
   void (*old_sigchld_handler)(int) = signal(SIGCHLD, SIG_DFL);
 
   /* Phone home and tell the parent that we're OK. If parent isn't there,
@@ -154,8 +155,10 @@ static void __afl_start_forkserver(void) {
        process. */
 
     if (child_stopped && was_killed) {
+
       child_stopped = 0;
       if (waitpid(child_pid, &status, 0) < 0) _exit(1);
+
     }
 
     if (!child_stopped) {
@@ -168,12 +171,13 @@ static void __afl_start_forkserver(void) {
       /* In child process: close fds, resume execution. */
 
       if (!child_pid) {
+
         signal(SIGCHLD, old_sigchld_handler);
 
         close(FORKSRV_FD);
         close(FORKSRV_FD + 1);
         return;
-  
+
       }
 
     } else {
@@ -207,7 +211,6 @@ static void __afl_start_forkserver(void) {
 
 }
 
-
 /* A simplified persistent mode handler, used as explained in README.llvm. */
 
 int __afl_persistent_loop(unsigned int max_cnt) {
@@ -227,9 +230,10 @@ int __afl_persistent_loop(unsigned int max_cnt) {
       memset(__afl_area_ptr, 0, MAP_SIZE);
       __afl_area_ptr[0] = 1;
       __afl_prev_loc = 0;
+
     }
 
-    cycle_cnt  = max_cnt;
+    cycle_cnt = max_cnt;
     first_pass = 0;
     return 1;
 
@@ -262,7 +266,6 @@ int __afl_persistent_loop(unsigned int max_cnt) {
 
 }
 
-
 /* This one can be called from user code when deferred forkserver mode
     is enabled. */
 
@@ -280,7 +283,6 @@ void __afl_manual_init(void) {
 
 }
 
-
 /* Proper initialization routine. */
 
 __attribute__((constructor(CONST_PRIO))) void __afl_auto_init(void) {
@@ -293,7 +295,6 @@ __attribute__((constructor(CONST_PRIO))) void __afl_auto_init(void) {
 
 }
 
-
 /* The following stuff deals with supporting -fsanitize-coverage=trace-pc-guard.
    It remains non-operational in the traditional, plugin-backed LLVM mode.
    For more info about 'trace-pc-guard', see README.llvm.
@@ -302,9 +303,10 @@ __attribute__((constructor(CONST_PRIO))) void __afl_auto_init(void) {
    edge (as opposed to every basic block). */
 
 void __sanitizer_cov_trace_pc_guard(uint32_t* guard) {
+
   __afl_area_ptr[*guard]++;
-}
 
+}
 
 /* Init callback. Populates instrumentation IDs. Note that we're using
    ID of 0 as a special value to indicate non-instrumented bits. That may
@@ -321,8 +323,10 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t* start, uint32_t* stop) {
   if (x) inst_ratio = atoi(x);
 
   if (!inst_ratio || inst_ratio > 100) {
+
     fprintf(stderr, "[-] ERROR: Invalid AFL_INST_RATIO (must be 1-100).\n");
     abort();
+
   }
 
   /* Make sure that the first element in the range is always set - we use that
@@ -333,11 +337,14 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t* start, uint32_t* stop) {
 
   while (start < stop) {
 
-    if (R(100) < inst_ratio) *start = R(MAP_SIZE - 1) + 1;
-    else *start = 0;
+    if (R(100) < inst_ratio)
+      *start = R(MAP_SIZE - 1) + 1;
+    else
+      *start = 0;
 
     start++;
 
   }
 
 }
+
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-14 06:14:07 +0000