aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/afl-common.c3
-rw-r--r--src/afl-forkserver.c26
-rw-r--r--src/afl-fuzz-bitmap.c4
-rw-r--r--src/afl-fuzz-one.c2
-rw-r--r--src/afl-fuzz-run.c13
-rw-r--r--src/afl-fuzz-stats.c82
-rw-r--r--src/afl-fuzz.c3
7 files changed, 69 insertions, 64 deletions
diff --git a/src/afl-common.c b/src/afl-common.c
index e5584e93..892745a7 100644
--- a/src/afl-common.c
+++ b/src/afl-common.c
@@ -108,7 +108,8 @@ void set_sanitizer_defaults() {
if (!have_san_options) { strcpy(buf, default_options); }
if (have_asan_options) {
- if (NULL != strstr(have_asan_options, "detect_leaks=0") || NULL != strstr(have_asan_options, "detect_leaks=false")) {
+ if (NULL != strstr(have_asan_options, "detect_leaks=0") ||
+ NULL != strstr(have_asan_options, "detect_leaks=false")) {
strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=0:malloc_context_size=0:");
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 5390b597..c7c493cf 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -307,8 +307,8 @@ void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from) {
Returns the time passed to read.
If the wait times out, returns timeout_ms + 1;
Returns 0 if an error occurred (fd closed, signal, ...); */
-static u32 __attribute__((hot))
-read_s32_timed(s32 fd, s32 *buf, u32 timeout_ms, volatile u8 *stop_soon_p) {
+static u32 __attribute__((hot)) read_s32_timed(s32 fd, s32 *buf, u32 timeout_ms,
+ volatile u8 *stop_soon_p) {
fd_set readfds;
FD_ZERO(&readfds);
@@ -1339,9 +1339,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
fsrv->map_size = tmp_map_size;
} else {
-
- fsrv->real_map_size = fsrv->map_size = MAP_SIZE;
-
+
+ fsrv->real_map_size = fsrv->map_size = MAP_SIZE;
+
}
if ((status & FS_OPT_AUTODICT) == FS_OPT_AUTODICT) {
@@ -1450,9 +1450,10 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
} else {
- // The binary is most likely instrumented using AFL's tool, and we will set map_size to MAP_SIZE.
- fsrv->real_map_size = fsrv->map_size = MAP_SIZE;
-
+ // The binary is most likely instrumented using AFL's tool, and we will
+ // set map_size to MAP_SIZE.
+ fsrv->real_map_size = fsrv->map_size = MAP_SIZE;
+
}
}
@@ -1704,8 +1705,8 @@ u32 afl_fsrv_get_mapsize(afl_forkserver_t *fsrv, char **argv,
/* Delete the current testcase and write the buf to the testcase file */
-void __attribute__((hot))
-afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) {
+void __attribute__((hot)) afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv,
+ u8 *buf, size_t len) {
#ifdef __linux__
if (unlikely(fsrv->nyx_mode)) {
@@ -1823,9 +1824,8 @@ afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) {
/* Execute target application, monitoring for timeouts. Return status
information. The called program will update afl->fsrv->trace_bits. */
-fsrv_run_result_t __attribute__((hot))
-afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
- volatile u8 *stop_soon_p) {
+fsrv_run_result_t __attribute__((hot)) afl_fsrv_run_target(
+ afl_forkserver_t *fsrv, u32 timeout, volatile u8 *stop_soon_p) {
s32 res;
u32 exec_ms;
diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c
index 97ccd3d3..fd75a822 100644
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@@ -456,8 +456,8 @@ void write_crash_readme(afl_state_t *afl) {
save or queue the input test case for further analysis if so. Returns 1 if
entry is saved, 0 otherwise. */
-u8 __attribute__((hot))
-save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
+u8 __attribute__((hot)) save_if_interesting(afl_state_t *afl, void *mem,
+ u32 len, u8 fault) {
if (unlikely(len == 0)) { return 0; }
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index 74bb8cbc..fd5ed87c 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -3914,7 +3914,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
#define EFF_APOS(_p) ((_p) >> EFF_MAP_SCALE2)
#define EFF_REM(_x) ((_x) & ((1 << EFF_MAP_SCALE2) - 1))
#define EFF_ALEN(_l) (EFF_APOS(_l) + !!EFF_REM(_l))
-#define EFF_SPAN_ALEN(_p, _l) (EFF_APOS((_p) + (_l)-1) - EFF_APOS(_p) + 1)
+#define EFF_SPAN_ALEN(_p, _l) (EFF_APOS((_p) + (_l) - 1) - EFF_APOS(_p) + 1)
/* Initialize effector map for the next step (see comments below). Always
flag first and last byte as doing something. */
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index 208d957a..4ce17eb2 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -41,8 +41,9 @@ u64 time_spent_working = 0;
/* Execute target application, monitoring for timeouts. Return status
information. The called program will update afl->fsrv->trace_bits. */
-fsrv_run_result_t __attribute__((hot))
-fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) {
+fsrv_run_result_t __attribute__((hot)) fuzz_run_target(afl_state_t *afl,
+ afl_forkserver_t *fsrv,
+ u32 timeout) {
#ifdef PROFILING
static u64 time_spent_start = 0;
@@ -111,8 +112,8 @@ fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) {
old file is unlinked and a new one is created. Otherwise, afl->fsrv.out_fd is
rewound and truncated. */
-u32 __attribute__((hot))
-write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) {
+u32 __attribute__((hot)) write_to_testcase(afl_state_t *afl, void **mem,
+ u32 len, u32 fix) {
u8 sent = 0;
@@ -1173,8 +1174,8 @@ abort_trimming:
error conditions, returning 1 if it's time to bail out. This is
a helper function for fuzz_one(). */
-u8 __attribute__((hot))
-common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) {
+u8 __attribute__((hot)) common_fuzz_stuff(afl_state_t *afl, u8 *out_buf,
+ u32 len) {
u8 fault;
diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c
index a20c46d0..9f5f59c0 100644
--- a/src/afl-fuzz-stats.c
+++ b/src/afl-fuzz-stats.c
@@ -963,9 +963,9 @@ void show_stats_normal(afl_state_t *afl) {
/* Lord, forgive me this. */
- SAYF(SET_G1 bSTG bLT bH bSTOP cCYA
+ SAYF(SET_G1 bSTG bLT bH bSTOP cCYA
" process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA
- " overall results " bSTG bH2 bH2 bRT "\n");
+ " overall results " bSTG bH2 bH2 bRT "\n");
if (afl->non_instrumented_mode) {
@@ -1007,7 +1007,7 @@ void show_stats_normal(afl_state_t *afl) {
u_stringify_time_diff(time_tmp, afl->prev_run_time + cur_ms, afl->start_time);
SAYF(bV bSTOP " run time : " cRST "%-33s " bSTG bV bSTOP
- " cycles done : %s%-5s " bSTG bV "\n",
+ " cycles done : %s%-5s " bSTG bV "\n",
time_tmp, tmp, u_stringify_int(IB(0), afl->queue_cycle - 1));
/* We want to warn people about not seeing new paths after a full cycle,
@@ -1047,7 +1047,7 @@ void show_stats_normal(afl_state_t *afl) {
u_stringify_time_diff(time_tmp, cur_ms, afl->last_crash_time);
SAYF(bV bSTOP "last saved crash : " cRST "%-33s " bSTG bV bSTOP
- "saved crashes : %s%-6s" bSTG bV "\n",
+ "saved crashes : %s%-6s" bSTG bV "\n",
time_tmp, crash_color, tmp);
sprintf(tmp, "%s%s", u_stringify_int(IB(0), afl->saved_hangs),
@@ -1055,12 +1055,12 @@ void show_stats_normal(afl_state_t *afl) {
u_stringify_time_diff(time_tmp, cur_ms, afl->last_hang_time);
SAYF(bV bSTOP " last saved hang : " cRST "%-33s " bSTG bV bSTOP
- " saved hangs : " cRST "%-6s" bSTG bV "\n",
+ " saved hangs : " cRST "%-6s" bSTG bV "\n",
time_tmp, tmp);
- SAYF(bVR bH bSTOP cCYA
+ SAYF(bVR bH bSTOP cCYA
" cycle progress " bSTG bH10 bH5 bH2 bH2 bH2 bHB bH bSTOP cCYA
- " map coverage" bSTG bHT bH20 bH2 bVL "\n");
+ " map coverage" bSTG bHT bH20 bH2 bVL "\n");
/* This gets funny because we want to print several variable-length variables
together, but then cram them into a fixed-width field - so we need to
@@ -1091,9 +1091,9 @@ void show_stats_normal(afl_state_t *afl) {
SAYF(bSTOP " count coverage : " cRST "%-19s" bSTG bV "\n", tmp);
- SAYF(bVR bH bSTOP cCYA
+ SAYF(bVR bH bSTOP cCYA
" stage progress " bSTG bH10 bH5 bH2 bH2 bH2 bX bH bSTOP cCYA
- " findings in depth " bSTG bH10 bH5 bH2 bVL "\n");
+ " findings in depth " bSTG bH10 bH5 bH2 bVL "\n");
sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored),
((double)afl->queued_favored) * 100 / afl->queued_items);
@@ -1101,7 +1101,7 @@ void show_stats_normal(afl_state_t *afl) {
/* Yeah... it's still going on... halp? */
SAYF(bV bSTOP " now trying : " cRST "%-22s " bSTG bV bSTOP
- " favored items : " cRST "%-20s" bSTG bV "\n",
+ " favored items : " cRST "%-20s" bSTG bV "\n",
afl->stage_name, tmp);
if (!afl->stage_max) {
@@ -1130,13 +1130,13 @@ void show_stats_normal(afl_state_t *afl) {
if (afl->crash_mode) {
SAYF(bV bSTOP " total execs : " cRST "%-22s " bSTG bV bSTOP
- " new crashes : %s%-20s" bSTG bV "\n",
+ " new crashes : %s%-20s" bSTG bV "\n",
u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp);
} else {
SAYF(bV bSTOP " total execs : " cRST "%-22s " bSTG bV bSTOP
- " total crashes : %s%-20s" bSTG bV "\n",
+ " total crashes : %s%-20s" bSTG bV "\n",
u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp);
}
@@ -1189,7 +1189,7 @@ void show_stats_normal(afl_state_t *afl) {
}
SAYF(bV bSTOP " bit flips : " cRST "%-36s " bSTG bV bSTOP
- " levels : " cRST "%-10s" bSTG bV "\n",
+ " levels : " cRST "%-10s" bSTG bV "\n",
tmp, u_stringify_int(IB(0), afl->max_depth));
if (unlikely(!afl->skip_deterministic)) {
@@ -1205,7 +1205,7 @@ void show_stats_normal(afl_state_t *afl) {
}
SAYF(bV bSTOP " byte flips : " cRST "%-36s " bSTG bV bSTOP
- " pending : " cRST "%-10s" bSTG bV "\n",
+ " pending : " cRST "%-10s" bSTG bV "\n",
tmp, u_stringify_int(IB(0), afl->pending_not_fuzzed));
if (unlikely(!afl->skip_deterministic)) {
@@ -1221,7 +1221,7 @@ void show_stats_normal(afl_state_t *afl) {
}
SAYF(bV bSTOP " arithmetics : " cRST "%-36s " bSTG bV bSTOP
- " pend fav : " cRST "%-10s" bSTG bV "\n",
+ " pend fav : " cRST "%-10s" bSTG bV "\n",
tmp, u_stringify_int(IB(0), afl->pending_favored));
if (unlikely(!afl->skip_deterministic)) {
@@ -1237,7 +1237,7 @@ void show_stats_normal(afl_state_t *afl) {
}
SAYF(bV bSTOP " known ints : " cRST "%-36s " bSTG bV bSTOP
- " own finds : " cRST "%-10s" bSTG bV "\n",
+ " own finds : " cRST "%-10s" bSTG bV "\n",
tmp, u_stringify_int(IB(0), afl->queued_discovered));
if (unlikely(!afl->skip_deterministic)) {
@@ -1263,7 +1263,7 @@ void show_stats_normal(afl_state_t *afl) {
}
SAYF(bV bSTOP " dictionary : " cRST "%-36s " bSTG bV bSTOP
- " imported : " cRST "%-10s" bSTG bV "\n",
+ " imported : " cRST "%-10s" bSTG bV "\n",
tmp,
afl->sync_id ? u_stringify_int(IB(0), afl->queued_imported)
: (u8 *)"n/a");
@@ -1451,8 +1451,8 @@ void show_stats_normal(afl_state_t *afl) {
/* Last line */
- SAYF(SET_G1 "\n" bSTG bLB bH cCYA bSTOP " strategy:" cPIN
- " %s " bSTG bH10 cCYA bSTOP " state:" cPIN
+ SAYF(SET_G1 "\n" bSTG bLB bH cCYA bSTOP " strategy:" cPIN
+ " %s " bSTG bH10 cCYA bSTOP " state:" cPIN
" %s " bSTG bH2 bRB bSTOP cRST RESET_G1,
afl->fuzz_mode == 0 ? "explore" : "exploit", get_fuzzing_state(afl));
@@ -1821,8 +1821,8 @@ void show_stats_pizza(afl_state_t *afl) {
}
u_stringify_time_diff(time_tmp, afl->prev_run_time + cur_ms, afl->start_time);
- SAYF(bV bSTOP
- " open time : " cRST "%-37s " bSTG bV bSTOP
+ SAYF(bV bSTOP
+ " open time : " cRST "%-37s " bSTG bV bSTOP
" seasons done : %s%-5s " bSTG bV "\n",
time_tmp, tmp, u_stringify_int(IB(0), afl->queue_cycle - 1));
@@ -1865,7 +1865,7 @@ void show_stats_pizza(afl_state_t *afl) {
(afl->saved_crashes >= KEEP_UNIQUE_CRASH) ? "+" : "");
u_stringify_time_diff(time_tmp, cur_ms, afl->last_crash_time);
- SAYF(bV bSTOP
+ SAYF(bV bSTOP
" last ordered pizza : " cRST "%-33s " bSTG bV bSTOP
" at table : %s%-6s " bSTG bV "\n",
time_tmp, crash_color, tmp);
@@ -1874,15 +1874,15 @@ void show_stats_pizza(afl_state_t *afl) {
(afl->saved_hangs >= KEEP_UNIQUE_HANG) ? "+" : "");
u_stringify_time_diff(time_tmp, cur_ms, afl->last_hang_time);
- SAYF(bV bSTOP
+ SAYF(bV bSTOP
" last conversation with customers : " cRST "%-33s " bSTG bV bSTOP
" number of Peroni : " cRST "%-6s " bSTG bV
"\n",
time_tmp, tmp);
- SAYF(bVR bH bSTOP cCYA
+ SAYF(bVR bH bSTOP cCYA
" Baking progress " bSTG bH30 bH20 bH5 bH bX bH bSTOP cCYA
- " Pizzeria busyness" bSTG bH30 bH5 bH bH bVL "\n");
+ " Pizzeria busyness" bSTG bH30 bH5 bH bH bVL "\n");
/* This gets funny because we want to print several variable-length variables
together, but then cram them into a fixed-width field - so we need to
@@ -1918,8 +1918,8 @@ void show_stats_pizza(afl_state_t *afl) {
SAYF(bSTOP " count coverage : " cRST "%-19s " bSTG bV "\n",
tmp);
- SAYF(bVR bH bSTOP cCYA
- " Pizzas almost ready " bSTG bH30 bH20 bH2 bH bX bH bSTOP cCYA
+ SAYF(bVR bH bSTOP cCYA
+ " Pizzas almost ready " bSTG bH30 bH20 bH2 bH bX bH bSTOP cCYA
" Types of pizzas cooking " bSTG bH10 bH5 bH2 bH10 bH2 bH bVL "\n");
sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored),
@@ -1928,7 +1928,7 @@ void show_stats_pizza(afl_state_t *afl) {
/* Yeah... it's still going on... halp? */
SAYF(bV bSTOP " now preparing : " cRST
- "%-22s " bSTG bV bSTOP
+ "%-22s " bSTG bV bSTOP
" favourite topping : " cRST "%-20s" bSTG bV
"\n",
afl->stage_name, tmp);
@@ -1961,14 +1961,14 @@ void show_stats_pizza(afl_state_t *afl) {
if (afl->crash_mode) {
SAYF(bV bSTOP " total pizzas : " cRST
- "%-22s " bSTG bV bSTOP
+ "%-22s " bSTG bV bSTOP
" pizzas with pineapple : %s%-20s" bSTG bV "\n",
u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp);
} else {
SAYF(bV bSTOP " total pizzas : " cRST
- "%-22s " bSTG bV bSTOP
+ "%-22s " bSTG bV bSTOP
" total pizzas with pineapple : %s%-20s" bSTG bV "\n",
u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp);
@@ -2005,7 +2005,7 @@ void show_stats_pizza(afl_state_t *afl) {
/* Aaaalmost there... hold on! */
SAYF(bVR bH cCYA bSTOP " Promotional campaign on TikTok yields " bSTG bH30 bH2
- bH bH2 bX bH bSTOP cCYA
+ bH bH2 bX bH bSTOP cCYA
" Customer type " bSTG bH5 bH2 bH30 bH2 bH bVL "\n");
if (unlikely(afl->custom_only)) {
@@ -2028,8 +2028,8 @@ void show_stats_pizza(afl_state_t *afl) {
}
- SAYF(bV bSTOP
- " pizzas for celiac : " cRST "%-36s " bSTG bV bSTOP
+ SAYF(bV bSTOP
+ " pizzas for celiac : " cRST "%-36s " bSTG bV bSTOP
" levels : " cRST "%-10s " bSTG bV
"\n",
tmp, u_stringify_int(IB(0), afl->max_depth));
@@ -2046,8 +2046,8 @@ void show_stats_pizza(afl_state_t *afl) {
}
- SAYF(bV bSTOP
- " pizzas for kids : " cRST "%-36s " bSTG bV bSTOP
+ SAYF(bV bSTOP
+ " pizzas for kids : " cRST "%-36s " bSTG bV bSTOP
" pizzas to make : " cRST "%-10s " bSTG bV
"\n",
tmp, u_stringify_int(IB(0), afl->pending_not_fuzzed));
@@ -2064,8 +2064,8 @@ void show_stats_pizza(afl_state_t *afl) {
}
- SAYF(bV bSTOP
- " pizza bianca : " cRST "%-36s " bSTG bV bSTOP
+ SAYF(bV bSTOP
+ " pizza bianca : " cRST "%-36s " bSTG bV bSTOP
" nice table : " cRST "%-10s " bSTG bV
"\n",
tmp, u_stringify_int(IB(0), afl->pending_favored));
@@ -2082,8 +2082,8 @@ void show_stats_pizza(afl_state_t *afl) {
}
- SAYF(bV bSTOP
- " recurring customers : " cRST "%-36s " bSTG bV bSTOP
+ SAYF(bV bSTOP
+ " recurring customers : " cRST "%-36s " bSTG bV bSTOP
" new customers : " cRST "%-10s " bSTG bV
"\n",
tmp, u_stringify_int(IB(0), afl->queued_discovered));
@@ -2110,8 +2110,8 @@ void show_stats_pizza(afl_state_t *afl) {
}
- SAYF(bV bSTOP
- " dictionary : " cRST "%-36s " bSTG bV bSTOP
+ SAYF(bV bSTOP
+ " dictionary : " cRST "%-36s " bSTG bV bSTOP
" patrons from old resturant : " cRST "%-10s " bSTG bV
"\n",
tmp,
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 1546597e..726a2260 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -2237,6 +2237,7 @@ int main(int argc, char **argv_orig, char **envp) {
snprintf(fn, PATH_MAX, "%s/fastresume.bin", afl->out_dir);
#ifdef HAVE_ZLIB
if ((fr_fd = ZLIBOPEN(fn, "rb")) != NULL) {
+
#else
if ((fr_fd = open(fn, O_RDONLY)) >= 0) {
@@ -3340,9 +3341,11 @@ stop_fuzzing:
ACTF("Writing %s ...", fr);
#ifdef HAVE_ZLIB
if ((fr_fd = ZLIBOPEN(fr, "wb9")) != NULL) {
+
#else
if ((fr_fd = open(fr, O_WRONLY | O_TRUNC | O_CREAT, DEFAULT_PERMISSION)) >=
0) {
+
#endif
u8 ver_string[8];
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-22 20:48:28 +0000