9 files changed, 47 insertions, 26 deletions

diff --git a/src/afl-analyze.c b/src/afl-analyze.c
index 6816f6c8..2f9b0550 100644
--- a/src/afl-analyze.c
+++ b/src/afl-analyze.c
@@ -798,9 +798,19 @@ static void usage(u8* argv0) {
 
       "  -e            - look for edge coverage only, ignore hit counts\n\n"
 
-      "For additional tips, please consult %s/README.\n\n",
-
-      argv0, EXEC_TIMEOUT, MEM_LIMIT, doc_path);
+      "For additional tips, please consult %s/README.md.\n\n"
+
+      "Environment variables used:\n"
+      "TMPDIR: directory to use for temporary input files\n"
+      "ASAN_OPTIONS: custom settings for ASAN\n"
+      "              (must contain abort_on_error=1 and symbolize=0)\n"
+      "MSAN_OPTIONS: custom settings for MSAN\n"
+      "              (must contain exitcode="STRINGIFY(MSAN_ERROR)" and symbolize=0)\n"
+      "AFL_PRELOAD: LD_PRELOAD settings for target\n"
+      "AFL_ANALYZE_HEX: print file offsets in hexadecimal instead of decimal\n"
+      "AFL_SKIP_BIN_CHECK: skip checking the location of and the target\n"
+
+      , argv0, EXEC_TIMEOUT, MEM_LIMIT, doc_path);
 
   exit(1);
 
diff --git a/src/afl-as.c b/src/afl-as.c
index 72a27cd2..98bd3ff5 100644
--- a/src/afl-as.c
+++ b/src/afl-as.c
@@ -529,10 +529,10 @@ int main(int argc, char** argv) {
         "don't want to run this program directly.\n\n"
 
         "Rarely, when dealing with extremely complex projects, it may be "
-        "advisable to\n"
-        "set AFL_INST_RATIO to a value less than 100 in order to reduce the "
-        "odds of\n"
-        "instrumenting every discovered branch.\n\n"
+        "advisable\n"
+        "to set AFL_INST_RATIO to a value less than 100 in order to reduce "
+        "the\n"
+        "odds of instrumenting every discovered branch.\n\n"
         "Environment variables used:\n"
         "AFL_AS: path to assembler to use for instrumented files\n"
         "AFL_CC: fall back path to assembler\n"
diff --git a/src/afl-common.c b/src/afl-common.c
index fee520c9..0f8094be 100644
--- a/src/afl-common.c
+++ b/src/afl-common.c
@@ -112,7 +112,7 @@ char** get_qemu_argv(u8* own_loc, char** argv, int argc) {
   char** new_argv = ck_alloc(sizeof(char*) * (argc + 4));
   u8 *   tmp, *cp, *rsl, *own_copy;
 
-  memcpy(new_argv + 3, argv + 1, sizeof(char*) * argc);
+  memcpy(new_argv + 3, argv + 1, (int)(sizeof(char*)) * argc);
 
   new_argv[2] = target_path;
   new_argv[1] = "--";
@@ -163,7 +163,7 @@ char** get_qemu_argv(u8* own_loc, char** argv, int argc) {
   SAYF("\n" cLRD "[-] " cRST
        "Oops, unable to find the 'afl-qemu-trace' binary. The binary must be "
        "built\n"
-       "    separately by following the instructions in qemu_mode/README.qemu. "
+       "    separately by following the instructions in qemu_mode/README.md. "
        "If you\n"
        "    already have the binary installed, you may need to specify "
        "AFL_PATH in the\n"
@@ -187,7 +187,7 @@ char** get_wine_argv(u8* own_loc, char** argv, int argc) {
   char** new_argv = ck_alloc(sizeof(char*) * (argc + 3));
   u8 *   tmp, *cp, *rsl, *own_copy;
 
-  memcpy(new_argv + 2, argv + 1, sizeof(char*) * argc);
+  memcpy(new_argv + 2, argv + 1, (int)(sizeof(char*)) * argc);
 
   new_argv[1] = target_path;
 
@@ -259,7 +259,7 @@ char** get_wine_argv(u8* own_loc, char** argv, int argc) {
   SAYF("\n" cLRD "[-] " cRST
        "Oops, unable to find the '%s' binary. The binary must be "
        "built\n"
-       "    separately by following the instructions in qemu_mode/README.qemu. "
+       "    separately by following the instructions in qemu_mode/README.md. "
        "If you\n"
        "    already have the binary installed, you may need to specify "
        "AFL_PATH in the\n"
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index 93ecfe99..1858fabd 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -1980,11 +1980,11 @@ void check_binary(u8* fname) {
         "while\n"
         "    mutating the input data. For more information, and for tips on "
         "how to\n"
-        "    instrument binaries, please see %s/README.\n\n"
+        "    instrument binaries, please see %s/README.md.\n\n"
 
         "    When source code is not available, you may be able to leverage "
         "QEMU\n"
-        "    mode support. Consult the README for tips on how to enable this.\n"
+        "    mode support. Consult the README.md for tips on how to enable this.\n"
 
         "    (It is also possible to use afl-fuzz as a traditional, \"dumb\" "
         "fuzzer.\n"
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index 0ddeeb8a..f1efe2df 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -3714,7 +3714,7 @@ pacemaker_fuzzing:
 
             case 1:
               if (temp_len < 2) break;
-              temp_len_puppet = UR((temp_len << 3) -1);
+              temp_len_puppet = UR((temp_len << 3) - 1);
               FLIP_BIT(out_buf, temp_len_puppet);
               FLIP_BIT(out_buf, temp_len_puppet + 1);
               MOpt_globals.cycles_v2[STAGE_FLIP2] += 1;
@@ -3722,7 +3722,7 @@ pacemaker_fuzzing:
 
             case 2:
               if (temp_len < 2) break;
-              temp_len_puppet = UR((temp_len << 3) -3);
+              temp_len_puppet = UR((temp_len << 3) - 3);
               FLIP_BIT(out_buf, temp_len_puppet);
               FLIP_BIT(out_buf, temp_len_puppet + 1);
               FLIP_BIT(out_buf, temp_len_puppet + 2);
diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c
index 6cb229e3..19fc51f0 100644
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@@ -243,7 +243,7 @@ u8 cmp_extend_encoding(struct cmp_header* h, u64 pattern, u64 repl, u32 idx,
 
   if (SHAPE_BYTES(h->shape) == 8) {
 
-    if (its_len >= 8 && *buf_64 == pattern) {// && *o_buf_64 == pattern) {
+    if (its_len >= 8 && *buf_64 == pattern) {  // && *o_buf_64 == pattern) {
 
       *buf_64 = repl;
       if (unlikely(its_fuzz(buf, len, status))) return 1;
@@ -261,7 +261,8 @@ u8 cmp_extend_encoding(struct cmp_header* h, u64 pattern, u64 repl, u32 idx,
 
   if (SHAPE_BYTES(h->shape) == 4 || *status == 2) {
 
-    if (its_len >= 4 && *buf_32 == (u32)pattern) {// && *o_buf_32 == (u32)pattern) {
+    if (its_len >= 4 &&
+        *buf_32 == (u32)pattern) {  // && *o_buf_32 == (u32)pattern) {
 
       *buf_32 = (u32)repl;
       if (unlikely(its_fuzz(buf, len, status))) return 1;
@@ -279,7 +280,8 @@ u8 cmp_extend_encoding(struct cmp_header* h, u64 pattern, u64 repl, u32 idx,
 
   if (SHAPE_BYTES(h->shape) == 2 || *status == 2) {
 
-    if (its_len >= 2 && *buf_16 == (u16)pattern) {// && *o_buf_16 == (u16)pattern) {
+    if (its_len >= 2 &&
+        *buf_16 == (u16)pattern) {  // && *o_buf_16 == (u16)pattern) {
 
       *buf_16 = (u16)repl;
       if (unlikely(its_fuzz(buf, len, status))) return 1;
@@ -531,7 +533,7 @@ u8 input_to_state_stage(char** argv, u8* orig_buf, u8* buf, u32 len,
       stage_max += MIN(cmp_map->headers[k].hits, CMP_MAP_RTN_H);
 
   }
-  
+
   for (k = 0; k < CMP_MAP_W; ++k) {
 
     if (!cmp_map->headers[k].hits) continue;
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 5fa737d7..cc895f74 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -112,7 +112,7 @@ static void usage(u8* argv0) {
       "entering the\n"
       "                  pacemaker mode (minutes of no new paths, 0 = "
       "immediately).\n"
-      "                  a recommended value is 10-60. see docs/README.MOpt\n"
+      "                  a recommended value is 10-60. see docs/README.MOpt.md\n"
       "  -c program    - enable CmpLog by specifying a binary compiled for "
       "it.\n"
       "                  if using QEMU, just use -c 0.\n\n"
@@ -121,7 +121,7 @@ static void usage(u8* argv0) {
       "  -N            - do not unlink the fuzzing input file\n"
       "  -d            - quick & dirty mode (skips deterministic steps)\n"
       "  -n            - fuzz without instrumentation (dumb mode)\n"
-      "  -x dir        - optional fuzzer dictionary (see README, its really "
+      "  -x dir        - optional fuzzer dictionary (see README.md, its really "
       "good!)\n\n"
 
       "Testing settings:\n"
@@ -1087,7 +1087,7 @@ stop_fuzzing:
 
     SAYF("\n" cYEL "[!] " cRST
          "Stopped during the first cycle, results may be incomplete.\n"
-         "    (For info on resuming, see %s/README)\n",
+         "    (For info on resuming, see %s/README.md)\n",
          doc_path);
 
   }
diff --git a/src/afl-showmap.c b/src/afl-showmap.c
index 5ea164f8..2f6a263f 100644
--- a/src/afl-showmap.c
+++ b/src/afl-showmap.c
@@ -647,7 +647,7 @@ static void usage(u8* argv0) {
       "  -c            - allow core dumps\n\n"
 
       "This tool displays raw tuple data captured by AFL instrumentation.\n"
-      "For additional help, consult %s/README.\n\n" cRST,
+      "For additional help, consult %s/README.md.\n\n" cRST,
 
       argv0, MEM_LIMIT, doc_path);
 
diff --git a/src/afl-tmin.c b/src/afl-tmin.c
index d1e87be1..1b05a6c2 100644
--- a/src/afl-tmin.c
+++ b/src/afl-tmin.c
@@ -977,9 +977,18 @@ static void usage(u8* argv0) {
       "  -e            - solve for edge coverage only, ignore hit counts\n"
       "  -x            - treat non-zero exit codes as crashes\n\n"
 
-      "For additional tips, please consult %s/README.\n\n",
-
-      argv0, EXEC_TIMEOUT, MEM_LIMIT, doc_path);
+      "For additional tips, please consult %s/README.md.\n\n"
+
+      "Environment variables used:\n"
+      "TMPDIR: directory to use for temporary input files\n"
+      "ASAN_OPTIONS: custom settings for ASAN\n"
+      "              (must contain abort_on_error=1 and symbolize=0)\n"
+      "MSAN_OPTIONS: custom settings for MSAN\n"
+      "              (must contain exitcode="STRINGIFY(MSAN_ERROR)" and symbolize=0)\n"
+      "AFL_PRELOAD: LD_PRELOAD settings for target\n"
+      "AFL_TMIN_EXACT: require execution paths to match for crashing inputs\n"
+
+      , argv0, EXEC_TIMEOUT, MEM_LIMIT, doc_path);
 
   exit(1);