diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-cc.c | 5 | ||||
| -rw-r--r-- | src/afl-fuzz-bitmap.c | 7 | ||||
| -rw-r--r-- | src/afl-fuzz-one.c | 27 | ||||
| -rw-r--r-- | src/afl-fuzz-queue.c | 11 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 4 |
5 files changed, 21 insertions, 33 deletions
diff --git a/src/afl-cc.c b/src/afl-cc.c index 49000877..974b1d2a 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -876,11 +876,12 @@ static void edit_params(u32 argc, char **argv, char **envp) { cc_params[cc_par_cnt++] = "-fsanitize=leak"; cc_params[cc_par_cnt++] = "-includesanitizer/lsan_interface.h"; - cc_params[cc_par_cnt++] = "-D__AFL_LEAK_CHECK()={if(__lsan_do_recoverable_leak_check() > 0) _exit(23); }"; + cc_params[cc_par_cnt++] = + "-D__AFL_LEAK_CHECK()={if(__lsan_do_recoverable_leak_check() > 0) " + "_exit(23); }"; cc_params[cc_par_cnt++] = "-D__AFL_LSAN_OFF()=__lsan_disable();"; cc_params[cc_par_cnt++] = "-D__AFL_LSAN_ON()=__lsan_enable();"; - } if (getenv("AFL_USE_CFISAN")) { diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 8d044959..98a705a5 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -250,20 +250,21 @@ inline u8 has_new_bits(afl_state_t *afl, u8 *virgin_map) { inline u8 has_new_bits_unclassified(afl_state_t *afl, u8 *virgin_map) { /* Handle the hot path first: no new coverage */ + u32 off; u8 *end = afl->fsrv.trace_bits + afl->fsrv.map_size; #ifdef WORD_SIZE_64 - if (!skim((u64 *)virgin_map, (u64 *)afl->fsrv.trace_bits, (u64 *)end)) + if (!(off = skim((u64 *)virgin_map, (u64 *)afl->fsrv.trace_bits, (u64 *)end))) return 0; #else - if (!skim((u32 *)virgin_map, (u32 *)afl->fsrv.trace_bits, (u32 *)end)) + if (!(off = skim((u32 *)virgin_map, (u32 *)afl->fsrv.trace_bits, (u32 *)end))) return 0; #endif /* ^WORD_SIZE_64 */ - classify_counts(&afl->fsrv); + classify_counts_off(&afl->fsrv, off); return has_new_bits(afl, virgin_map); } diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 26a01948..b28ee80a 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -413,8 +413,7 @@ u8 fuzz_one_original(afl_state_t *afl) { possibly skip to them at the expense of already-fuzzed or non-favored cases. */ - if (((afl->queue_cur->was_fuzzed > 0 || afl->queue_cur->fuzz_level > 0) || - !afl->queue_cur->favored) && + if ((afl->queue_cur->fuzz_level || !afl->queue_cur->favored) && likely(rand_below(afl, 100) < SKIP_TO_NEW_PROB)) { return 1; @@ -429,8 +428,7 @@ u8 fuzz_one_original(afl_state_t *afl) { The odds of skipping stuff are higher for already-fuzzed inputs and lower for never-fuzzed entries. */ - if (afl->queue_cycle > 1 && - (afl->queue_cur->fuzz_level == 0 || afl->queue_cur->was_fuzzed)) { + if (afl->queue_cycle > 1 && !afl->queue_cur->fuzz_level) { if (likely(rand_below(afl, 100) < SKIP_NFAV_NEW_PROB)) { return 1; } @@ -2961,17 +2959,12 @@ abandon_entry: cycle and have not seen this entry before. */ if (!afl->stop_soon && !afl->queue_cur->cal_failed && - (afl->queue_cur->was_fuzzed == 0 || afl->queue_cur->fuzz_level == 0) && - !afl->queue_cur->disabled) { + !afl->queue_cur->was_fuzzed && !afl->queue_cur->disabled) { - if (!afl->queue_cur->was_fuzzed) { - - --afl->pending_not_fuzzed; - afl->queue_cur->was_fuzzed = 1; - afl->reinit_table = 1; - if (afl->queue_cur->favored) { --afl->pending_favored; } - - } + --afl->pending_not_fuzzed; + afl->queue_cur->was_fuzzed = 1; + afl->reinit_table = 1; + if (afl->queue_cur->favored) { --afl->pending_favored; } } @@ -3024,8 +3017,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { possibly skip to them at the expense of already-fuzzed or non-favored cases. */ - if (((afl->queue_cur->was_fuzzed > 0 || afl->queue_cur->fuzz_level > 0) || - !afl->queue_cur->favored) && + if ((afl->queue_cur->fuzz_level || !afl->queue_cur->favored) && rand_below(afl, 100) < SKIP_TO_NEW_PROB) { return 1; @@ -3040,8 +3032,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { The odds of skipping stuff are higher for already-fuzzed inputs and lower for never-fuzzed entries. */ - if (afl->queue_cycle > 1 && - (afl->queue_cur->fuzz_level == 0 || afl->queue_cur->was_fuzzed)) { + if (afl->queue_cycle > 1 && !afl->queue_cur->fuzz_level) { if (likely(rand_below(afl, 100) < SKIP_NFAV_NEW_PROB)) { return 1; } diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 9ca89944..713c7447 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -769,12 +769,7 @@ void cull_queue(afl_state_t *afl) { afl->top_rated[i]->favored = 1; ++afl->queued_favored; - if (afl->top_rated[i]->fuzz_level == 0 || - !afl->top_rated[i]->was_fuzzed) { - - ++afl->pending_favored; - - } + if (!afl->top_rated[i]->was_fuzzed) { ++afl->pending_favored; } } @@ -936,7 +931,7 @@ u32 calculate_score(afl_state_t *afl, struct queue_entry *q) { n_items = 0; // Don't modify perf_score for unfuzzed seeds - if (q->fuzz_level == 0) break; + if (!q->fuzz_level) break; u32 i; for (i = 0; i < afl->queued_items; i++) { @@ -967,7 +962,7 @@ u32 calculate_score(afl_state_t *afl, struct queue_entry *q) { case FAST: // Don't modify unfuzzed seeds - if (q->fuzz_level == 0) break; + if (!q->fuzz_level) break; switch ((u32)log2(afl->n_fuzz[q->n_fuzz_entry])) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 1030dfdf..207a46af 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1322,7 +1322,7 @@ int main(int argc, char **argv_orig, char **envp) { if (afl->fsrv.nyx_mode) { if (afl->fsrv.nyx_standalone && - strncmp(afl->sync_id, "default", strlen("default")) != 0) { + strcmp(afl->sync_id, "default") != 0) { FATAL( "distributed fuzzing is not supported in this Nyx mode (use -Y " @@ -1334,7 +1334,7 @@ int main(int argc, char **argv_orig, char **envp) { if (afl->is_main_node) { - if (strncmp("0", afl->sync_id, strlen("0") != 0)) { + if (strcmp("0", afl->sync_id) != 0) { FATAL( "for Nyx -Y mode, the Main (-M) parameter has to be set to 0 (-M " |