about summary refs log tree commit diff
path: root/src/afl-fuzz-run.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/afl-fuzz-run.c')
-rw-r--r--src/afl-fuzz-run.c74
1 files changed, 33 insertions, 41 deletions
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index 28abad65..527782e4 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -32,12 +32,12 @@
 
 void timeout_handle(union sigval timer_data) {
 
-  pid_t        child_pid = timer_data.sival_int;
+  pid_t child_pid = timer_data.sival_int;
   if (child_pid > 0) kill(child_pid, SIGKILL);
 
 }
 
-u8 run_target(afl_state_t* afl, u32 timeout) {
+u8 run_target(afl_state_t *afl, u32 timeout) {
 
   // static struct itimerval it;
   struct sigevent          timer_signal_event;
@@ -146,7 +146,7 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
       /* Use a distinctive bitmap value to tell the parent about execv()
          falling through. */
 
-      *(u32*)afl->fsrv.trace_bits = EXEC_FAIL_SIG;
+      *(u32 *)afl->fsrv.trace_bits = EXEC_FAIL_SIG;
       exit(0);
 
     }
@@ -181,11 +181,7 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
   timer_signal_event.sigev_value.sival_int = afl->fsrv.child_pid;
   timer_status = timer_create(CLOCK_MONOTONIC, &timer_signal_event, &timer);
 
-  if (timer_status == -1) {
-
-    FATAL("Failed to create Timer");
-
-  }
+  if (timer_status == -1) { FATAL("Failed to create Timer"); }
 
   timer_period.it_value.tv_sec = (timeout / 1000);
   timer_period.it_value.tv_nsec = (timeout % 1000) * 1000000;
@@ -203,13 +199,12 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
 
     } else {
 
-    FATAL("Failed to set the timer to the given timeout");
+      FATAL("Failed to set the timer to the given timeout");
 
     }
 
   }
 
-
   /* The SIGALRM handler simply kills the afl->fsrv.child_pid and sets
    * afl->fsrv.child_timed_out. */
 
@@ -221,6 +216,7 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
       PFATAL("waitpid() failed");
 
     }
+
   } else {
 
     s32 res;
@@ -261,11 +257,7 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
                             timer_period.it_value.tv_nsec / 1000000);
   if (afl->slowest_exec_ms < exec_ms) afl->slowest_exec_ms = exec_ms;
 
-  if (exec_ms >= timeout) {
-
-    afl->fsrv.child_timed_out = 1;
-
-  }
+  if (exec_ms >= timeout) { afl->fsrv.child_timed_out = 1; }
 
   timer_period.it_value.tv_sec = 0;
   timer_period.it_value.tv_nsec = 0;
@@ -289,12 +281,12 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
 
   MEM_BARRIER();
 
-  tb4 = *(u32*)afl->fsrv.trace_bits;
+  tb4 = *(u32 *)afl->fsrv.trace_bits;
 
 #ifdef WORD_SIZE_64
-  classify_counts((u64*)afl->fsrv.trace_bits);
+  classify_counts((u64 *)afl->fsrv.trace_bits);
 #else
-  classify_counts((u32*)afl->fsrv.trace_bits);
+  classify_counts((u32 *)afl->fsrv.trace_bits);
 #endif                                                     /* ^WORD_SIZE_64 */
 
   prev_timed_out = afl->fsrv.child_timed_out;
@@ -327,9 +319,9 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
 
   return FAULT_NONE;
 
-  handle_stop_soon:
-    timer_delete(timer);
-    return 0;
+handle_stop_soon:
+  timer_delete(timer);
+  return 0;
 
 }
 
@@ -337,13 +329,13 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
    old file is unlinked and a new one is created. Otherwise, afl->fsrv.out_fd is
    rewound and truncated. */
 
-void write_to_testcase(afl_state_t* afl, void* mem, u32 len) {
+void write_to_testcase(afl_state_t *afl, void *mem, u32 len) {
 
   s32 fd = afl->fsrv.out_fd;
 
 #ifdef _AFL_DOCUMENT_MUTATIONS
   s32   doc_fd;
-  char* fn = alloc_printf("%s/mutations/%09u:%s", afl->out_dir,
+  char *fn = alloc_printf("%s/mutations/%09u:%s", afl->out_dir,
                           afl->document_counter++, describe_op(0));
   if (fn != NULL) {
 
@@ -382,7 +374,7 @@ void write_to_testcase(afl_state_t* afl, void* mem, u32 len) {
 
   if (afl->mutator && afl->mutator->afl_custom_pre_save) {
 
-    u8*    new_data;
+    u8 *new_data;
     size_t new_size =
         afl->mutator->afl_custom_pre_save(afl, mem, len, &new_data);
     ck_write(fd, new_data, new_size, afl->fsrv.out_file);
@@ -407,7 +399,7 @@ void write_to_testcase(afl_state_t* afl, void* mem, u32 len) {
 
 /* The same, but with an adjustable gap. Used for trimming. */
 
-static void write_with_gap(afl_state_t* afl, void* mem, u32 len, u32 skip_at,
+static void write_with_gap(afl_state_t *afl, void *mem, u32 len, u32 skip_at,
                            u32 skip_len) {
 
   s32 fd = afl->fsrv.out_fd;
@@ -434,7 +426,7 @@ static void write_with_gap(afl_state_t* afl, void* mem, u32 len, u32 skip_at,
 
   if (skip_at) ck_write(fd, mem, skip_at, afl->fsrv.out_file);
 
-  u8* memu8 = mem;
+  u8 *memu8 = mem;
   if (tail_len)
     ck_write(fd, memu8 + skip_at + skip_len, tail_len, afl->fsrv.out_file);
 
@@ -453,7 +445,7 @@ static void write_with_gap(afl_state_t* afl, void* mem, u32 len, u32 skip_at,
    to warn about flaky or otherwise problematic test cases early on; and when
    new paths are discovered to detect variable behavior and so on. */
 
-u8 calibrate_case(afl_state_t* afl, struct queue_entry* q, u8* use_mem,
+u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
                   u32 handicap, u8 from_queue) {
 
   static u8 first_trace[MAP_SIZE];
@@ -465,7 +457,7 @@ u8 calibrate_case(afl_state_t* afl, struct queue_entry* q, u8* use_mem,
 
   s32 old_sc = afl->stage_cur, old_sm = afl->stage_max;
   u32 use_tmout = afl->fsrv.exec_tmout;
-  u8* old_sn = afl->stage_name;
+  u8 *old_sn = afl->stage_name;
 
   /* Be a bit more generous about timeouts when resuming sessions, or when
      trying to calibrate already-added finds. This helps avoid trouble due
@@ -612,11 +604,11 @@ abort_calibration:
 
 /* Grab interesting test cases from other fuzzers. */
 
-void sync_fuzzers(afl_state_t* afl) {
+void sync_fuzzers(afl_state_t *afl) {
 
-  DIR*           sd;
-  struct dirent* sd_ent;
-  u32            sync_cnt = 0;
+  DIR *sd;
+  struct dirent *sd_ent;
+  u32 sync_cnt = 0;
 
   sd = opendir(afl->sync_dir);
   if (!sd) PFATAL("Unable to open '%s'", afl->sync_dir);
@@ -631,10 +623,10 @@ void sync_fuzzers(afl_state_t* afl) {
 
     static u8 stage_tmp[128];
 
-    DIR*           qd;
-    struct dirent* qd_ent;
-    u8 *           qd_path, *qd_synced_path;
-    u32            min_accept = 0, next_min_accept;
+    DIR *qd;
+    struct dirent *qd_ent;
+    u8 *qd_path, *qd_synced_path;
+    u32 min_accept = 0, next_min_accept;
 
     s32 id_fd;
 
@@ -679,8 +671,8 @@ void sync_fuzzers(afl_state_t* afl) {
 
     while ((qd_ent = readdir(qd))) {
 
-      u8*         path;
-      s32         fd;
+      u8 *path;
+      s32 fd;
       struct stat st;
 
       if (qd_ent->d_name[0] == '.' ||
@@ -713,7 +705,7 @@ void sync_fuzzers(afl_state_t* afl) {
       if (st.st_size && st.st_size <= MAX_FILE) {
 
         u8  fault;
-        u8* mem = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
+        u8 *mem = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
 
         if (mem == MAP_FAILED) PFATAL("Unable to mmap '%s'", path);
 
@@ -760,7 +752,7 @@ void sync_fuzzers(afl_state_t* afl) {
    trimmer uses power-of-two increments somewhere between 1/16 and 1/1024 of
    file size, to keep the stage short and sweet. */
 
-u8 trim_case(afl_state_t* afl, struct queue_entry* q, u8* in_buf) {
+u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
 
   /* Custom mutator trimmer */
   if (afl->mutator && afl->mutator->afl_custom_trim)
@@ -896,7 +888,7 @@ abort_trimming:
    error conditions, returning 1 if it's time to bail out. This is
    a helper function for fuzz_one(). */
 
-u8 common_fuzz_stuff(afl_state_t* afl, u8* out_buf, u32 len) {
+u8 common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) {
 
   u8 fault;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-14 07:20:44 +0000