From 25945d51a4c4130ec5dc7e0fe07f4579e1927e43 Mon Sep 17 00:00:00 2001 From: Yiyi Wang <91304853+ahuo1@users.noreply.github.com> Date: Sun, 28 Jul 2024 16:45:45 +0800 Subject: To support AFL instrumentation, add default settings. --- src/afl-forkserver.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 6366f473..5390b597 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -1338,6 +1338,10 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, fsrv->map_size = tmp_map_size; + } else { + + fsrv->real_map_size = fsrv->map_size = MAP_SIZE; + } if ((status & FS_OPT_AUTODICT) == FS_OPT_AUTODICT) { @@ -1444,6 +1448,11 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } + } else { + + // The binary is most likely instrumented using AFL's tool, and we will set map_size to MAP_SIZE. + fsrv->real_map_size = fsrv->map_size = MAP_SIZE; + } } -- cgit 1.4.1 From 26ae4124f3cf6fb17c2a058c7209469131d904ea Mon Sep 17 00:00:00 2001 From: killerra <25255685+killerra@users.noreply.github.com> Date: Sun, 28 Jul 2024 11:30:48 +0100 Subject: fixed lasan defaults evaluation --- src/afl-common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-common.c b/src/afl-common.c index 04a984cb..e7173504 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -108,7 +108,7 @@ void set_sanitizer_defaults() { if (!have_san_options) { strcpy(buf, default_options); } if (have_asan_options) { - if (NULL != strstr(have_asan_options, "detect_leaks=0")) { + if (NULL != strstr(have_asan_options, "detect_leaks=false")) { strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=0:malloc_context_size=0:"); -- cgit 1.4.1 From 4369d6209fc8040d130645ce5578ca4f43f3b7bd Mon Sep 17 00:00:00 2001 From: killerra <25255685+killerra@users.noreply.github.com> Date: Sun, 28 Jul 2024 19:57:55 +0100 Subject: Removed bogus free in instrument_coverage_unstable_find_output --- frida_mode/src/instrument/instrument_coverage.c | 1 - 1 file changed, 1 deletion(-) diff --git a/frida_mode/src/instrument/instrument_coverage.c b/frida_mode/src/instrument/instrument_coverage.c index a546dc24..140072dd 100644 --- a/frida_mode/src/instrument/instrument_coverage.c +++ b/frida_mode/src/instrument/instrument_coverage.c @@ -878,7 +878,6 @@ void instrument_coverage_unstable_find_output(void) { g_dir_close(dir); g_free(instance_name); - g_free(path_tmp); g_free(fds_name); if (unstable_coverage_fuzzer_stats == NULL) { -- cgit 1.4.1 From 2e57d865769541ca5fe8463e959c671f0eb7558a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 2 Aug 2024 15:27:57 +0200 Subject: lower mem usage attempt --- src/afl-fuzz-queue.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 999929a1..3d244aa8 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -476,6 +476,17 @@ void mark_as_redundant(afl_state_t *afl, struct queue_entry *q, u8 state) { q->fs_redundant = state; + if (likely(q->fs_redundant)) { + + if (unlikely(q->trace_mini)) { + + ck_free(q->trace_mini); + q->trace_mini = NULL; + + } + + } + sprintf(fn, "%s/queue/.state/redundant_edges/%s", afl->out_dir, strrchr((char *)q->fname, '/') + 1); @@ -901,7 +912,7 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { if (!--afl->top_rated[i]->tc_ref) { ck_free(afl->top_rated[i]->trace_mini); - afl->top_rated[i]->trace_mini = 0; + afl->top_rated[i]->trace_mini = NULL; } -- cgit 1.4.1 From dd16be405a7e2b77656f3cf90f212fb58a022ab2 Mon Sep 17 00:00:00 2001 From: killerra <25255685+killerra@users.noreply.github.com> Date: Fri, 2 Aug 2024 14:51:42 +0100 Subject: Handle detect_leaks 0 and false --- src/afl-common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-common.c b/src/afl-common.c index e7173504..e5584e93 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -108,7 +108,7 @@ void set_sanitizer_defaults() { if (!have_san_options) { strcpy(buf, default_options); } if (have_asan_options) { - if (NULL != strstr(have_asan_options, "detect_leaks=false")) { + if (NULL != strstr(have_asan_options, "detect_leaks=0") || NULL != strstr(have_asan_options, "detect_leaks=false")) { strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=0:malloc_context_size=0:"); -- cgit 1.4.1 From 8d72f41e20e0e5bbbb179e23a0916d32149345e6 Mon Sep 17 00:00:00 2001 From: TTFISH Date: Mon, 5 Aug 2024 23:33:31 +0800 Subject: update build dependencies for source-only/distrib Otherwise the building of nyx_mode, frida_mode, unicorn_mode with source_only/all/distrib flag will fail due to missing dependencies. Signed-off-by: TTFISH --- docs/INSTALL.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 3089aab2..cea1ae6b 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -30,6 +30,9 @@ sudo apt-get install -y build-essential python3-dev automake cmake git flex biso sudo apt-get install -y lld-14 llvm-14 llvm-14-dev clang-14 || sudo apt-get install -y lld llvm llvm-dev clang sudo apt-get install -y gcc-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-plugin-dev libstdc++-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-dev sudo apt-get install -y ninja-build # for QEMU mode +sudo apt-get install -y cpio libcapstone-dev # for Nyx mode +sudo apt-get install -y wget curl # for Frida mode +sudo apt-get install python3-pip # for Unicorn mode git clone https://github.com/AFLplusplus/AFLplusplus cd AFLplusplus make distrib -- cgit 1.4.1 From 5bb894f1ee2a3e6089dc119ea07e97124c65d1d1 Mon Sep 17 00:00:00 2001 From: TTFISH Date: Mon, 5 Aug 2024 23:35:22 +0800 Subject: remove redundant tracked tmp files during building Signed-off-by: TTFISH --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 9ac577d3..bc06ef2d 100644 --- a/.gitignore +++ b/.gitignore @@ -112,3 +112,5 @@ utils/replay_record/persistent_demo_replay_compat utils/replay_record/persistent_demo_replay_argparse utils/plot_ui/afl-plot-ui vuln_prog +argv_fuzz_demo +argv_fuzz_persistent_demo \ No newline at end of file -- cgit 1.4.1 From 256bc6ab4201fe5c07498c97b3b5bdee5c0bba71 Mon Sep 17 00:00:00 2001 From: Thomas Hebb Date: Tue, 6 Aug 2024 11:16:44 -0700 Subject: Fix "/bin/sh:" errors when building without LLVM In GNUmakefile.llvm, several variables are unconditionally populated by expanding $(LLVMVER) and $(LLVM_CONFIG) inside shell commands. However, when LLVM is not present, both those variables are empty, meaning that the shell commands end up malformed and emit harmless, but noisy, errors like this one: /bin/sh: --: invalid option Usage: /bin/sh [GNU long option] [option] ... /bin/sh [GNU long option] [option] script-file ... GNU long options: --debug --debugger --dump-po-strings --dump-strings --help --init-file --login --noediting --noprofile --norc --posix --pretty-print --rcfile --rpm-requires --restricted --verbose --version Shell options: -ilrsD or -c command or -O shopt_option (invocation only) -abefhkmnptuvxBCHP or -o option /bin/sh: line 1: test: -gt: unary operator expected /bin/sh: line 1: test: -lt: unary operator expected /bin/sh: line 1: test: -ge: unary operator expected /bin/sh: line 1: test: -ge: unary operator expected Fix the problem by only populating the "downstream" variables if the upstream ones have values. --- GNUmakefile.llvm | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 52ff778c..d5dcb09b 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -48,18 +48,25 @@ else LLVM_CONFIG ?= $(call detect_newest,llvm-config) endif -override LLVM_RAW_VER := $(shell $(LLVM_CONFIG) --version 2>/dev/null) -LLVMVER := $(subst svn,,$(subst git,,$(LLVM_RAW_VER))) -LLVM_MAJOR := $(firstword $(subst ., ,$(LLVMVER))) -LLVM_MINOR := $(firstword $(subst ., ,$(subst $(LLVM_MAJOR).,,$(LLVMVER)))) -LLVM_TOO_NEW := $(shell test $(LLVM_MAJOR) -gt $(LLVM_TOO_NEW_DEFAULT) && echo 1 || echo 0) -LLVM_TOO_OLD := $(shell test $(LLVM_MAJOR) -lt $(LLVM_TOO_OLD_DEFAULT) && echo 1 || echo 0) -LLVM_NEW_API := $(shell test $(LLVM_MAJOR) -ge 10 && echo 1 || echo 0) -LLVM_NEWER_API := $(shell test $(LLVM_MAJOR) -ge 16 && echo 1 || echo 0) -LLVM_13_OK := $(shell test $(LLVM_MAJOR) -ge 13 && echo 1 || echo 0) -LLVM_HAVE_LTO := $(shell test $(LLVM_MAJOR) -ge 12 && echo 1 || echo 0) -LLVM_BINDIR := $(shell $(LLVM_CONFIG) --bindir 2>/dev/null) -LLVM_LIBDIR := $(shell $(LLVM_CONFIG) --libdir 2>/dev/null) +ifneq "$(LLVM_CONFIG)" "" + override LLVM_RAW_VER := $(shell $(LLVM_CONFIG) --version 2>/dev/null) + LLVMVER := $(subst svn,,$(subst git,,$(LLVM_RAW_VER))) + + LLVM_BINDIR := $(shell $(LLVM_CONFIG) --bindir 2>/dev/null) + LLVM_LIBDIR := $(shell $(LLVM_CONFIG) --libdir 2>/dev/null) +endif + +ifneq "$(LLVMVER)" "" + LLVM_MAJOR := $(firstword $(subst ., ,$(LLVMVER))) + LLVM_MINOR := $(firstword $(subst ., ,$(subst $(LLVM_MAJOR).,,$(LLVMVER)))) + LLVM_TOO_NEW := $(shell test $(LLVM_MAJOR) -gt $(LLVM_TOO_NEW_DEFAULT) && echo 1 || echo 0) + LLVM_TOO_OLD := $(shell test $(LLVM_MAJOR) -lt $(LLVM_TOO_OLD_DEFAULT) && echo 1 || echo 0) + LLVM_NEW_API := $(shell test $(LLVM_MAJOR) -ge 10 && echo 1 || echo 0) + LLVM_NEWER_API := $(shell test $(LLVM_MAJOR) -ge 16 && echo 1 || echo 0) + LLVM_13_OK := $(shell test $(LLVM_MAJOR) -ge 13 && echo 1 || echo 0) + LLVM_HAVE_LTO := $(shell test $(LLVM_MAJOR) -ge 12 && echo 1 || echo 0) +endif + LLVM_STDCXX := gnu++11 LLVM_LTO := 0 LLVM_UNSUPPORTED := $(shell echo "$(LLVMVER)" | grep -E -q '^[0-2]\.|^3\.[0-8]\.' && echo 1 || echo 0) -- cgit 1.4.1 From 9df906454935134b68ec330e7fddddf6f6987d96 Mon Sep 17 00:00:00 2001 From: Thomas Hebb Date: Tue, 6 Aug 2024 11:37:19 -0700 Subject: Fix syntax error when compiling without zlib commit ecb5854be08fa ("add zlib compression for fast resume") added new logic selected at compile-time when zlib is present. Unfortunately, it also broke the existing logic by removing the last line of a multi-line if statement, resulting in a syntax error when zlib isn't present. Restore the line as it was. --- src/afl-fuzz.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 9867eba3..1546597e 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2237,7 +2237,6 @@ int main(int argc, char **argv_orig, char **envp) { snprintf(fn, PATH_MAX, "%s/fastresume.bin", afl->out_dir); #ifdef HAVE_ZLIB if ((fr_fd = ZLIBOPEN(fn, "rb")) != NULL) { - #else if ((fr_fd = open(fn, O_RDONLY)) >= 0) { @@ -3341,9 +3340,9 @@ stop_fuzzing: ACTF("Writing %s ...", fr); #ifdef HAVE_ZLIB if ((fr_fd = ZLIBOPEN(fr, "wb9")) != NULL) { - #else if ((fr_fd = open(fr, O_WRONLY | O_TRUNC | O_CREAT, DEFAULT_PERMISSION)) >= + 0) { #endif u8 ver_string[8]; -- cgit 1.4.1 From 9a04df5d97b98b2030c55f707abf5741f4023c7b Mon Sep 17 00:00:00 2001 From: NareshBiradar1 Date: Sun, 11 Aug 2024 19:55:01 +0530 Subject: Corrected the 'heigh' attribute to 'height' in the HTML image tag for the AFL++ logo to ensure proper display. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 015b6829..94f02b75 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # American Fuzzy Lop plus plus (AFL++) -AFL++ logo +AFL++ logo Release version: [4.21c](https://github.com/AFLplusplus/AFLplusplus/releases) -- cgit 1.4.1 From 7b2f983bf3d9f7854891eda5692a3cf8afdf1650 Mon Sep 17 00:00:00 2001 From: aarnav Date: Tue, 13 Aug 2024 16:40:52 +0200 Subject: fix unicorn and unicornafl build script --- unicorn_mode/build_unicorn_support.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/unicorn_mode/build_unicorn_support.sh b/unicorn_mode/build_unicorn_support.sh index 097a2dc9..68f7eac2 100755 --- a/unicorn_mode/build_unicorn_support.sh +++ b/unicorn_mode/build_unicorn_support.sh @@ -203,20 +203,20 @@ $PYTHONBIN -m pip install --help 2>/dev/null | grep -q break-system-packages && cd unicorn/bindings/python || exit 1 if [ -z "$VIRTUAL_ENV" ]; then echo "[*] Info: Installing python unicornafl using --user" - THREADS=$CORES $PYTHONBIN -m pip install --user $XOPT --force .|| exit 1 + THREADS=$CORES $PYTHONBIN setup.py install --user $XOPT --force || exit 1 else echo "[*] Info: Installing python unicornafl to virtualenv: $VIRTUAL_ENV" - THREADS=$CORES $PYTHONBIN -m pip install --force .|| exit 1 + THREADS=$CORES $PYTHONBIN setup.py install --force || exit 1 fi cd ../../../ echo "[*] Installing Unicornafl python bindings..." cd bindings/python || exit 1 if [ -z "$VIRTUAL_ENV" ]; then echo "[*] Info: Installing python unicornafl using --user" - THREADS=$CORES $PYTHONBIN -m pip install --user $XOPT --force .|| exit 1 + THREADS=$CORES $PYTHONBIN setup.py install --user $XOPT --force || exit 1 else echo "[*] Info: Installing python unicornafl to virtualenv: $VIRTUAL_ENV" - THREADS=$CORES $PYTHONBIN -m pip install --force .|| exit 1 + THREADS=$CORES $PYTHONBIN setup.py install --force || exit 1 fi echo '[*] If needed, you can (re)install the bindings in `./unicornafl/bindings/python` using `pip install --force .`' -- cgit 1.4.1 From d78a8698e48dadaac4f0763d9375346639d48203 Mon Sep 17 00:00:00 2001 From: aarnav Date: Tue, 13 Aug 2024 16:56:22 +0200 Subject: fix rebuild message --- unicorn_mode/build_unicorn_support.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unicorn_mode/build_unicorn_support.sh b/unicorn_mode/build_unicorn_support.sh index 68f7eac2..a21d05eb 100755 --- a/unicorn_mode/build_unicorn_support.sh +++ b/unicorn_mode/build_unicorn_support.sh @@ -218,7 +218,7 @@ else echo "[*] Info: Installing python unicornafl to virtualenv: $VIRTUAL_ENV" THREADS=$CORES $PYTHONBIN setup.py install --force || exit 1 fi -echo '[*] If needed, you can (re)install the bindings in `./unicornafl/bindings/python` using `pip install --force .`' +echo '[*] If needed, you can (re)install the bindings in `./unicornafl/bindings/python` using `python setup.py install --force .`' cd ../../ || exit 1 -- cgit 1.4.1 From 91110354950ff36bb6c7cb10b71d2540c7756d98 Mon Sep 17 00:00:00 2001 From: aarnav Date: Wed, 14 Aug 2024 13:44:23 +0200 Subject: fix incorrect check for unicorn CI --- test/test-unicorn-mode.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test-unicorn-mode.sh b/test/test-unicorn-mode.sh index 338c5982..99bfebdc 100755 --- a/test/test-unicorn-mode.sh +++ b/test/test-unicorn-mode.sh @@ -35,7 +35,7 @@ test -d ../unicorn_mode/unicornafl -a -e ../unicorn_mode/unicornafl/Makefile && make >>errors 2>&1 $ECHO "$GREY[*] running afl-fuzz for unicorn_mode (persistent), this will take approx 25 seconds" AFL_DEBUG_CHILD=1 ../../../afl-fuzz -m none -V15 -U -i sample_inputs -o out -d -- ./harness @@ >>errors 2>&1 - test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { + test -n "$( ls out/default/queue/id:000006* 2>/dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode (persistent)" } || { echo CUT------------------------------------------------------------------CUT -- cgit 1.4.1 From db84f75a813345783993285fa2780885a70c46a6 Mon Sep 17 00:00:00 2001 From: aarnav Date: Wed, 14 Aug 2024 13:45:10 +0200 Subject: remove deprecated -d option in unicorn CI test --- test/test-unicorn-mode.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test-unicorn-mode.sh b/test/test-unicorn-mode.sh index 99bfebdc..9a290bb5 100755 --- a/test/test-unicorn-mode.sh +++ b/test/test-unicorn-mode.sh @@ -34,7 +34,7 @@ test -d ../unicorn_mode/unicornafl -a -e ../unicorn_mode/unicornafl/Makefile && cd ../unicorn_mode/samples/persistent make >>errors 2>&1 $ECHO "$GREY[*] running afl-fuzz for unicorn_mode (persistent), this will take approx 25 seconds" - AFL_DEBUG_CHILD=1 ../../../afl-fuzz -m none -V15 -U -i sample_inputs -o out -d -- ./harness @@ >>errors 2>&1 + AFL_DEBUG_CHILD=1 ../../../afl-fuzz -m none -V15 -U -i sample_inputs -o out -- ./harness @@ >>errors 2>&1 test -n "$( ls out/default/queue/id:000006* 2>/dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode (persistent)" } || { -- cgit 1.4.1 From 6ddd5ecf4a3bfc2a5b306b663e57ac29e60bf92f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 14 Aug 2024 18:47:38 +0200 Subject: fix missing trace_mini check --- src/afl-fuzz-queue.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 3d244aa8..599d31f6 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -973,7 +973,8 @@ void cull_queue(afl_state_t *afl) { for (i = 0; i < afl->fsrv.map_size; ++i) { - if (afl->top_rated[i] && (temp_v[i >> 3] & (1 << (i & 7)))) { + if (afl->top_rated[i] && (temp_v[i >> 3] & (1 << (i & 7))) && + afl->top_rated[i]->trace_mini) { u32 j = len; -- cgit 1.4.1 From bf7a6d69cf47db6b4d11d48e5e6638659817f0d2 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 Aug 2024 11:52:01 +0200 Subject: update changelog --- docs/Changelog.md | 2 ++ unicorn_mode/UNICORNAFL_VERSION | 2 +- unicorn_mode/unicornafl | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 3f9f0161..a1f8829e 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -23,6 +23,8 @@ - qemu_mode: - new hooks supported (optional), see qemu_mode/hooking_bridge - thanks to @CowBoy4mH3LL + - unicorn_mode: + - fix install and forkserver (thanks aarnav!) - custom mutators: - custom_send_tcp custom mutator added, thanks to @dergoegge - afl-cc diff --git a/unicorn_mode/UNICORNAFL_VERSION b/unicorn_mode/UNICORNAFL_VERSION index deac0bf9..00a2aba3 100644 --- a/unicorn_mode/UNICORNAFL_VERSION +++ b/unicorn_mode/UNICORNAFL_VERSION @@ -1 +1 @@ -4b4fdab1 +1c58dc97 diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index 4b4fdab1..1c58dc97 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit 4b4fdab161c15529affcc1e785d779e318b882ab +Subproject commit 1c58dc9774012bace730df5c1c273356762e848a -- cgit 1.4.1 From 93fb1d1a241168f67f65bdb4dbdb05c0b5f25acf Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 16 Aug 2024 10:46:01 +0200 Subject: fix custom post process with custom send --- src/afl-fuzz-run.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 2f244a1d..208d957a 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -216,17 +216,17 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { /* everything as planned. use the potentially new data. */ afl_fsrv_write_to_testcase(&afl->fsrv, *mem, new_size); - if (likely(!afl->afl_env.afl_post_process_keep_original)) { + } - len = new_size; + if (likely(!afl->afl_env.afl_post_process_keep_original)) { - } else { + len = new_size; - /* restore the original memory which was saved in new_mem */ - *mem = new_mem; - afl_swap_bufs(AFL_BUF_PARAM(out), AFL_BUF_PARAM(out_scratch)); + } else { - } + /* restore the original memory which was saved in new_mem */ + *mem = new_mem; + afl_swap_bufs(AFL_BUF_PARAM(out), AFL_BUF_PARAM(out_scratch)); } -- cgit 1.4.1 From 6edc3b51ba81d577eeb4a64299916c1eaadfdd70 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 18 Aug 2024 16:06:57 +0200 Subject: fix AFL_OLD_FORKSERVER --- instrumentation/afl-compiler-rt.o.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 6e04ae47..0da689b2 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -886,11 +886,11 @@ static void __afl_start_forkserver(void) { /* Phone home and tell the parent that we're OK. If parent isn't there, assume we're not running in forkserver mode and just execute program. */ - // return because possible non-forkserver usage - if (write(FORKSRV_FD + 1, msg, 4) != 4) { return; } - if (!__afl_old_forkserver) { + // return because possible non-forkserver usage + if (write(FORKSRV_FD + 1, msg, 4) != 4) { return; } + if (read(FORKSRV_FD, reply, 4) != 4) { _exit(1); } if (tmp != status2) { -- cgit 1.4.1 From 1689a8e053c1f73e16331bfeda28c79e1ed4bbd0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 19 Aug 2024 16:25:32 +0200 Subject: code format, llvm 18 --- .custom-format.py | 2 +- docs/Changelog.md | 1 + include/debug.h | 12 ++-- include/t1ha_bits.h | 23 +++++--- include/types.h | 2 +- include/xxhash.h | 14 +++-- qemu_mode/libqasan/dlmalloc.c | 2 +- src/afl-common.c | 3 +- src/afl-forkserver.c | 26 ++++----- src/afl-fuzz-bitmap.c | 4 +- src/afl-fuzz-one.c | 2 +- src/afl-fuzz-run.c | 13 +++-- src/afl-fuzz-stats.c | 82 ++++++++++++++-------------- src/afl-fuzz.c | 3 + utils/aflpp_driver/aflpp_qemu_driver_hook.c | 2 +- utils/libtokencap/libtokencap.so.c | 6 +- utils/persistent_mode/persistent_demo.c | 2 +- utils/persistent_mode/persistent_demo_new.c | 2 +- utils/persistent_mode/test-instr.c | 2 +- utils/qemu_persistent_hook/read_into_rdi.c | 2 +- utils/replay_record/persistent_demo_replay.c | 2 +- 21 files changed, 110 insertions(+), 97 deletions(-) diff --git a/.custom-format.py b/.custom-format.py index c8075ace..e787df28 100755 --- a/.custom-format.py +++ b/.custom-format.py @@ -24,7 +24,7 @@ import importlib.metadata # string_re = re.compile('(\\"(\\\\.|[^"\\\\])*\\")') # TODO: for future use -CURRENT_LLVM = os.getenv('LLVM_VERSION', 17) +CURRENT_LLVM = os.getenv('LLVM_VERSION', 18) CLANG_FORMAT_BIN = os.getenv("CLANG_FORMAT_BIN", "") diff --git a/docs/Changelog.md b/docs/Changelog.md index a1f8829e..f7c53b08 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -31,6 +31,7 @@ - new runtime (!) variable: `AFL_OLD_FORKSERVER` to use the old vanilla AFL type forkserver. Useful for symcc/symqemu/nautilus/etc. with AFL_LLVM_INSTRUMENT=CLASSIC + - code formatting updated to llvm 18 ### Version ++4.21c (release) diff --git a/include/debug.h b/include/debug.h index 5496135c..e7cbdb5c 100644 --- a/include/debug.h +++ b/include/debug.h @@ -314,8 +314,8 @@ static inline const char *colorfilter(const char *x) { #define FATAL(x...) \ do { \ \ - SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \ - "\n[-] PROGRAM ABORT : " cRST x); \ + SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \ + "\n[-] PROGRAM ABORT : " cRST x); \ SAYF(cLRD "\n Location : " cRST "%s(), %s:%u\n\n", __func__, \ __FILE__, (u32)__LINE__); \ exit(1); \ @@ -327,8 +327,8 @@ static inline const char *colorfilter(const char *x) { #define ABORT(x...) \ do { \ \ - SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \ - "\n[-] PROGRAM ABORT : " cRST x); \ + SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \ + "\n[-] PROGRAM ABORT : " cRST x); \ SAYF(cLRD "\n Stop location : " cRST "%s(), %s:%u\n\n", __func__, \ __FILE__, (u32)__LINE__); \ abort(); \ @@ -341,8 +341,8 @@ static inline const char *colorfilter(const char *x) { do { \ \ fflush(stdout); \ - SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \ - "\n[-] SYSTEM ERROR : " cRST x); \ + SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \ + "\n[-] SYSTEM ERROR : " cRST x); \ SAYF(cLRD "\n Stop location : " cRST "%s(), %s:%u\n", __func__, \ __FILE__, (u32)__LINE__); \ SAYF(cLRD " OS message : " cRST "%s\n", strerror(errno)); \ diff --git a/include/t1ha_bits.h b/include/t1ha_bits.h index 0b9bbda5..9ddc8589 100644 --- a/include/t1ha_bits.h +++ b/include/t1ha_bits.h @@ -455,9 +455,10 @@ typedef struct { } __attribute__((__packed__)) t1ha_unaligned_proxy; - #define read_unaligned(ptr, bits) \ - (((const t1ha_unaligned_proxy *)((const uint8_t *)(ptr)-offsetof( \ - t1ha_unaligned_proxy, unaligned_##bits))) \ + #define read_unaligned(ptr, bits) \ + (((const t1ha_unaligned_proxy *)((const uint8_t *)(ptr) - \ + offsetof(t1ha_unaligned_proxy, \ + unaligned_##bits))) \ ->unaligned_##bits) #elif defined(_MSC_VER) #pragma warning( \ @@ -477,9 +478,10 @@ typedef struct { } t1ha_unaligned_proxy; #pragma pack(pop) - #define read_unaligned(ptr, bits) \ - (((const t1ha_unaligned_proxy *)((const uint8_t *)(ptr)-offsetof( \ - t1ha_unaligned_proxy, unaligned_##bits))) \ + #define read_unaligned(ptr, bits) \ + (((const t1ha_unaligned_proxy *)((const uint8_t *)(ptr) - \ + offsetof(t1ha_unaligned_proxy, \ + unaligned_##bits))) \ ->unaligned_##bits) #endif #endif /* read_unaligned */ @@ -496,21 +498,24 @@ typedef struct { #elif __has_attribute(__assume_aligned__) static __always_inline const uint16_t *__attribute__(( - __assume_aligned__(ALIGNMENT_16))) cast_aligned_16(const void *ptr) { + __assume_aligned__(ALIGNMENT_16))) +cast_aligned_16(const void *ptr) { return (const uint16_t *)ptr; } static __always_inline const uint32_t *__attribute__(( - __assume_aligned__(ALIGNMENT_32))) cast_aligned_32(const void *ptr) { + __assume_aligned__(ALIGNMENT_32))) +cast_aligned_32(const void *ptr) { return (const uint32_t *)ptr; } static __always_inline const uint64_t *__attribute__(( - __assume_aligned__(ALIGNMENT_64))) cast_aligned_64(const void *ptr) { + __assume_aligned__(ALIGNMENT_64))) +cast_aligned_64(const void *ptr) { return (const uint64_t *)ptr; diff --git a/include/types.h b/include/types.h index cfb2f3d5..d370bcfb 100644 --- a/include/types.h +++ b/include/types.h @@ -155,7 +155,7 @@ typedef int128_t s128; ({ \ \ char *d = (char *)(_x), *s = (char *)(_y); \ - u32 i, l = (_l)-1; \ + u32 i, l = (_l) - 1; \ for (i = 0; i <= l; i++) \ d[l - i] = s[i]; \ \ diff --git a/include/xxhash.h b/include/xxhash.h index 991a8f1e..72044177 100644 --- a/include/xxhash.h +++ b/include/xxhash.h @@ -6616,12 +6616,14 @@ static XXH64_hash_t XXH3_mergeAccs(const xxh_u64 *XXH_RESTRICT acc, } - #define XXH3_INIT_ACC \ - { \ - \ - XXH_PRIME32_3, XXH_PRIME64_1, XXH_PRIME64_2, XXH_PRIME64_3, \ - XXH_PRIME64_4, XXH_PRIME32_2, XXH_PRIME64_5, XXH_PRIME32_1 \ - \ + #define XXH3_INIT_ACC \ + { \ + \ + \ + XXH_PRIME32_3, XXH_PRIME64_1, XXH_PRIME64_2, \ + XXH_PRIME64_3, XXH_PRIME64_4, XXH_PRIME32_2, \ + XXH_PRIME64_5, XXH_PRIME32_1 \ + \ } XXH_FORCE_INLINE XXH64_hash_t XXH3_hashLong_64b_internal( diff --git a/qemu_mode/libqasan/dlmalloc.c b/qemu_mode/libqasan/dlmalloc.c index 1919ae26..d1d4dc08 100644 --- a/qemu_mode/libqasan/dlmalloc.c +++ b/qemu_mode/libqasan/dlmalloc.c @@ -2355,7 +2355,7 @@ typedef unsigned int flag_t; /* The type of various bit flag sets */ /* conversion from malloc headers to user pointers, and back */ #define chunk2mem(p) ((void *)((char *)(p) + TWO_SIZE_T_SIZES)) - #define mem2chunk(mem) ((mchunkptr)((char *)(mem)-TWO_SIZE_T_SIZES)) + #define mem2chunk(mem) ((mchunkptr)((char *)(mem) - TWO_SIZE_T_SIZES)) /* chunk associated with aligned address A */ #define align_as_chunk(A) (mchunkptr)((A) + align_offset(chunk2mem(A))) diff --git a/src/afl-common.c b/src/afl-common.c index e5584e93..892745a7 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -108,7 +108,8 @@ void set_sanitizer_defaults() { if (!have_san_options) { strcpy(buf, default_options); } if (have_asan_options) { - if (NULL != strstr(have_asan_options, "detect_leaks=0") || NULL != strstr(have_asan_options, "detect_leaks=false")) { + if (NULL != strstr(have_asan_options, "detect_leaks=0") || + NULL != strstr(have_asan_options, "detect_leaks=false")) { strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=0:malloc_context_size=0:"); diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 5390b597..c7c493cf 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -307,8 +307,8 @@ void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from) { Returns the time passed to read. If the wait times out, returns timeout_ms + 1; Returns 0 if an error occurred (fd closed, signal, ...); */ -static u32 __attribute__((hot)) -read_s32_timed(s32 fd, s32 *buf, u32 timeout_ms, volatile u8 *stop_soon_p) { +static u32 __attribute__((hot)) read_s32_timed(s32 fd, s32 *buf, u32 timeout_ms, + volatile u8 *stop_soon_p) { fd_set readfds; FD_ZERO(&readfds); @@ -1339,9 +1339,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, fsrv->map_size = tmp_map_size; } else { - - fsrv->real_map_size = fsrv->map_size = MAP_SIZE; - + + fsrv->real_map_size = fsrv->map_size = MAP_SIZE; + } if ((status & FS_OPT_AUTODICT) == FS_OPT_AUTODICT) { @@ -1450,9 +1450,10 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } else { - // The binary is most likely instrumented using AFL's tool, and we will set map_size to MAP_SIZE. - fsrv->real_map_size = fsrv->map_size = MAP_SIZE; - + // The binary is most likely instrumented using AFL's tool, and we will + // set map_size to MAP_SIZE. + fsrv->real_map_size = fsrv->map_size = MAP_SIZE; + } } @@ -1704,8 +1705,8 @@ u32 afl_fsrv_get_mapsize(afl_forkserver_t *fsrv, char **argv, /* Delete the current testcase and write the buf to the testcase file */ -void __attribute__((hot)) -afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { +void __attribute__((hot)) afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, + u8 *buf, size_t len) { #ifdef __linux__ if (unlikely(fsrv->nyx_mode)) { @@ -1823,9 +1824,8 @@ afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { /* Execute target application, monitoring for timeouts. Return status information. The called program will update afl->fsrv->trace_bits. */ -fsrv_run_result_t __attribute__((hot)) -afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, - volatile u8 *stop_soon_p) { +fsrv_run_result_t __attribute__((hot)) afl_fsrv_run_target( + afl_forkserver_t *fsrv, u32 timeout, volatile u8 *stop_soon_p) { s32 res; u32 exec_ms; diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 97ccd3d3..fd75a822 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -456,8 +456,8 @@ void write_crash_readme(afl_state_t *afl) { save or queue the input test case for further analysis if so. Returns 1 if entry is saved, 0 otherwise. */ -u8 __attribute__((hot)) -save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { +u8 __attribute__((hot)) save_if_interesting(afl_state_t *afl, void *mem, + u32 len, u8 fault) { if (unlikely(len == 0)) { return 0; } diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 74bb8cbc..fd5ed87c 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -3914,7 +3914,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { #define EFF_APOS(_p) ((_p) >> EFF_MAP_SCALE2) #define EFF_REM(_x) ((_x) & ((1 << EFF_MAP_SCALE2) - 1)) #define EFF_ALEN(_l) (EFF_APOS(_l) + !!EFF_REM(_l)) -#define EFF_SPAN_ALEN(_p, _l) (EFF_APOS((_p) + (_l)-1) - EFF_APOS(_p) + 1) +#define EFF_SPAN_ALEN(_p, _l) (EFF_APOS((_p) + (_l) - 1) - EFF_APOS(_p) + 1) /* Initialize effector map for the next step (see comments below). Always flag first and last byte as doing something. */ diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 208d957a..4ce17eb2 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -41,8 +41,9 @@ u64 time_spent_working = 0; /* Execute target application, monitoring for timeouts. Return status information. The called program will update afl->fsrv->trace_bits. */ -fsrv_run_result_t __attribute__((hot)) -fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { +fsrv_run_result_t __attribute__((hot)) fuzz_run_target(afl_state_t *afl, + afl_forkserver_t *fsrv, + u32 timeout) { #ifdef PROFILING static u64 time_spent_start = 0; @@ -111,8 +112,8 @@ fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { old file is unlinked and a new one is created. Otherwise, afl->fsrv.out_fd is rewound and truncated. */ -u32 __attribute__((hot)) -write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { +u32 __attribute__((hot)) write_to_testcase(afl_state_t *afl, void **mem, + u32 len, u32 fix) { u8 sent = 0; @@ -1173,8 +1174,8 @@ abort_trimming: error conditions, returning 1 if it's time to bail out. This is a helper function for fuzz_one(). */ -u8 __attribute__((hot)) -common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { +u8 __attribute__((hot)) common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, + u32 len) { u8 fault; diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index a20c46d0..9f5f59c0 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -963,9 +963,9 @@ void show_stats_normal(afl_state_t *afl) { /* Lord, forgive me this. */ - SAYF(SET_G1 bSTG bLT bH bSTOP cCYA + SAYF(SET_G1 bSTG bLT bH bSTOP cCYA " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA - " overall results " bSTG bH2 bH2 bRT "\n"); + " overall results " bSTG bH2 bH2 bRT "\n"); if (afl->non_instrumented_mode) { @@ -1007,7 +1007,7 @@ void show_stats_normal(afl_state_t *afl) { u_stringify_time_diff(time_tmp, afl->prev_run_time + cur_ms, afl->start_time); SAYF(bV bSTOP " run time : " cRST "%-33s " bSTG bV bSTOP - " cycles done : %s%-5s " bSTG bV "\n", + " cycles done : %s%-5s " bSTG bV "\n", time_tmp, tmp, u_stringify_int(IB(0), afl->queue_cycle - 1)); /* We want to warn people about not seeing new paths after a full cycle, @@ -1047,7 +1047,7 @@ void show_stats_normal(afl_state_t *afl) { u_stringify_time_diff(time_tmp, cur_ms, afl->last_crash_time); SAYF(bV bSTOP "last saved crash : " cRST "%-33s " bSTG bV bSTOP - "saved crashes : %s%-6s" bSTG bV "\n", + "saved crashes : %s%-6s" bSTG bV "\n", time_tmp, crash_color, tmp); sprintf(tmp, "%s%s", u_stringify_int(IB(0), afl->saved_hangs), @@ -1055,12 +1055,12 @@ void show_stats_normal(afl_state_t *afl) { u_stringify_time_diff(time_tmp, cur_ms, afl->last_hang_time); SAYF(bV bSTOP " last saved hang : " cRST "%-33s " bSTG bV bSTOP - " saved hangs : " cRST "%-6s" bSTG bV "\n", + " saved hangs : " cRST "%-6s" bSTG bV "\n", time_tmp, tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " cycle progress " bSTG bH10 bH5 bH2 bH2 bH2 bHB bH bSTOP cCYA - " map coverage" bSTG bHT bH20 bH2 bVL "\n"); + " map coverage" bSTG bHT bH20 bH2 bVL "\n"); /* This gets funny because we want to print several variable-length variables together, but then cram them into a fixed-width field - so we need to @@ -1091,9 +1091,9 @@ void show_stats_normal(afl_state_t *afl) { SAYF(bSTOP " count coverage : " cRST "%-19s" bSTG bV "\n", tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " stage progress " bSTG bH10 bH5 bH2 bH2 bH2 bX bH bSTOP cCYA - " findings in depth " bSTG bH10 bH5 bH2 bVL "\n"); + " findings in depth " bSTG bH10 bH5 bH2 bVL "\n"); sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored), ((double)afl->queued_favored) * 100 / afl->queued_items); @@ -1101,7 +1101,7 @@ void show_stats_normal(afl_state_t *afl) { /* Yeah... it's still going on... halp? */ SAYF(bV bSTOP " now trying : " cRST "%-22s " bSTG bV bSTOP - " favored items : " cRST "%-20s" bSTG bV "\n", + " favored items : " cRST "%-20s" bSTG bV "\n", afl->stage_name, tmp); if (!afl->stage_max) { @@ -1130,13 +1130,13 @@ void show_stats_normal(afl_state_t *afl) { if (afl->crash_mode) { SAYF(bV bSTOP " total execs : " cRST "%-22s " bSTG bV bSTOP - " new crashes : %s%-20s" bSTG bV "\n", + " new crashes : %s%-20s" bSTG bV "\n", u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp); } else { SAYF(bV bSTOP " total execs : " cRST "%-22s " bSTG bV bSTOP - " total crashes : %s%-20s" bSTG bV "\n", + " total crashes : %s%-20s" bSTG bV "\n", u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp); } @@ -1189,7 +1189,7 @@ void show_stats_normal(afl_state_t *afl) { } SAYF(bV bSTOP " bit flips : " cRST "%-36s " bSTG bV bSTOP - " levels : " cRST "%-10s" bSTG bV "\n", + " levels : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->max_depth)); if (unlikely(!afl->skip_deterministic)) { @@ -1205,7 +1205,7 @@ void show_stats_normal(afl_state_t *afl) { } SAYF(bV bSTOP " byte flips : " cRST "%-36s " bSTG bV bSTOP - " pending : " cRST "%-10s" bSTG bV "\n", + " pending : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->pending_not_fuzzed)); if (unlikely(!afl->skip_deterministic)) { @@ -1221,7 +1221,7 @@ void show_stats_normal(afl_state_t *afl) { } SAYF(bV bSTOP " arithmetics : " cRST "%-36s " bSTG bV bSTOP - " pend fav : " cRST "%-10s" bSTG bV "\n", + " pend fav : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->pending_favored)); if (unlikely(!afl->skip_deterministic)) { @@ -1237,7 +1237,7 @@ void show_stats_normal(afl_state_t *afl) { } SAYF(bV bSTOP " known ints : " cRST "%-36s " bSTG bV bSTOP - " own finds : " cRST "%-10s" bSTG bV "\n", + " own finds : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->queued_discovered)); if (unlikely(!afl->skip_deterministic)) { @@ -1263,7 +1263,7 @@ void show_stats_normal(afl_state_t *afl) { } SAYF(bV bSTOP " dictionary : " cRST "%-36s " bSTG bV bSTOP - " imported : " cRST "%-10s" bSTG bV "\n", + " imported : " cRST "%-10s" bSTG bV "\n", tmp, afl->sync_id ? u_stringify_int(IB(0), afl->queued_imported) : (u8 *)"n/a"); @@ -1451,8 +1451,8 @@ void show_stats_normal(afl_state_t *afl) { /* Last line */ - SAYF(SET_G1 "\n" bSTG bLB bH cCYA bSTOP " strategy:" cPIN - " %s " bSTG bH10 cCYA bSTOP " state:" cPIN + SAYF(SET_G1 "\n" bSTG bLB bH cCYA bSTOP " strategy:" cPIN + " %s " bSTG bH10 cCYA bSTOP " state:" cPIN " %s " bSTG bH2 bRB bSTOP cRST RESET_G1, afl->fuzz_mode == 0 ? "explore" : "exploit", get_fuzzing_state(afl)); @@ -1821,8 +1821,8 @@ void show_stats_pizza(afl_state_t *afl) { } u_stringify_time_diff(time_tmp, afl->prev_run_time + cur_ms, afl->start_time); - SAYF(bV bSTOP - " open time : " cRST "%-37s " bSTG bV bSTOP + SAYF(bV bSTOP + " open time : " cRST "%-37s " bSTG bV bSTOP " seasons done : %s%-5s " bSTG bV "\n", time_tmp, tmp, u_stringify_int(IB(0), afl->queue_cycle - 1)); @@ -1865,7 +1865,7 @@ void show_stats_pizza(afl_state_t *afl) { (afl->saved_crashes >= KEEP_UNIQUE_CRASH) ? "+" : ""); u_stringify_time_diff(time_tmp, cur_ms, afl->last_crash_time); - SAYF(bV bSTOP + SAYF(bV bSTOP " last ordered pizza : " cRST "%-33s " bSTG bV bSTOP " at table : %s%-6s " bSTG bV "\n", time_tmp, crash_color, tmp); @@ -1874,15 +1874,15 @@ void show_stats_pizza(afl_state_t *afl) { (afl->saved_hangs >= KEEP_UNIQUE_HANG) ? "+" : ""); u_stringify_time_diff(time_tmp, cur_ms, afl->last_hang_time); - SAYF(bV bSTOP + SAYF(bV bSTOP " last conversation with customers : " cRST "%-33s " bSTG bV bSTOP " number of Peroni : " cRST "%-6s " bSTG bV "\n", time_tmp, tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " Baking progress " bSTG bH30 bH20 bH5 bH bX bH bSTOP cCYA - " Pizzeria busyness" bSTG bH30 bH5 bH bH bVL "\n"); + " Pizzeria busyness" bSTG bH30 bH5 bH bH bVL "\n"); /* This gets funny because we want to print several variable-length variables together, but then cram them into a fixed-width field - so we need to @@ -1918,8 +1918,8 @@ void show_stats_pizza(afl_state_t *afl) { SAYF(bSTOP " count coverage : " cRST "%-19s " bSTG bV "\n", tmp); - SAYF(bVR bH bSTOP cCYA - " Pizzas almost ready " bSTG bH30 bH20 bH2 bH bX bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA + " Pizzas almost ready " bSTG bH30 bH20 bH2 bH bX bH bSTOP cCYA " Types of pizzas cooking " bSTG bH10 bH5 bH2 bH10 bH2 bH bVL "\n"); sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored), @@ -1928,7 +1928,7 @@ void show_stats_pizza(afl_state_t *afl) { /* Yeah... it's still going on... halp? */ SAYF(bV bSTOP " now preparing : " cRST - "%-22s " bSTG bV bSTOP + "%-22s " bSTG bV bSTOP " favourite topping : " cRST "%-20s" bSTG bV "\n", afl->stage_name, tmp); @@ -1961,14 +1961,14 @@ void show_stats_pizza(afl_state_t *afl) { if (afl->crash_mode) { SAYF(bV bSTOP " total pizzas : " cRST - "%-22s " bSTG bV bSTOP + "%-22s " bSTG bV bSTOP " pizzas with pineapple : %s%-20s" bSTG bV "\n", u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp); } else { SAYF(bV bSTOP " total pizzas : " cRST - "%-22s " bSTG bV bSTOP + "%-22s " bSTG bV bSTOP " total pizzas with pineapple : %s%-20s" bSTG bV "\n", u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp); @@ -2005,7 +2005,7 @@ void show_stats_pizza(afl_state_t *afl) { /* Aaaalmost there... hold on! */ SAYF(bVR bH cCYA bSTOP " Promotional campaign on TikTok yields " bSTG bH30 bH2 - bH bH2 bX bH bSTOP cCYA + bH bH2 bX bH bSTOP cCYA " Customer type " bSTG bH5 bH2 bH30 bH2 bH bVL "\n"); if (unlikely(afl->custom_only)) { @@ -2028,8 +2028,8 @@ void show_stats_pizza(afl_state_t *afl) { } - SAYF(bV bSTOP - " pizzas for celiac : " cRST "%-36s " bSTG bV bSTOP + SAYF(bV bSTOP + " pizzas for celiac : " cRST "%-36s " bSTG bV bSTOP " levels : " cRST "%-10s " bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->max_depth)); @@ -2046,8 +2046,8 @@ void show_stats_pizza(afl_state_t *afl) { } - SAYF(bV bSTOP - " pizzas for kids : " cRST "%-36s " bSTG bV bSTOP + SAYF(bV bSTOP + " pizzas for kids : " cRST "%-36s " bSTG bV bSTOP " pizzas to make : " cRST "%-10s " bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->pending_not_fuzzed)); @@ -2064,8 +2064,8 @@ void show_stats_pizza(afl_state_t *afl) { } - SAYF(bV bSTOP - " pizza bianca : " cRST "%-36s " bSTG bV bSTOP + SAYF(bV bSTOP + " pizza bianca : " cRST "%-36s " bSTG bV bSTOP " nice table : " cRST "%-10s " bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->pending_favored)); @@ -2082,8 +2082,8 @@ void show_stats_pizza(afl_state_t *afl) { } - SAYF(bV bSTOP - " recurring customers : " cRST "%-36s " bSTG bV bSTOP + SAYF(bV bSTOP + " recurring customers : " cRST "%-36s " bSTG bV bSTOP " new customers : " cRST "%-10s " bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->queued_discovered)); @@ -2110,8 +2110,8 @@ void show_stats_pizza(afl_state_t *afl) { } - SAYF(bV bSTOP - " dictionary : " cRST "%-36s " bSTG bV bSTOP + SAYF(bV bSTOP + " dictionary : " cRST "%-36s " bSTG bV bSTOP " patrons from old resturant : " cRST "%-10s " bSTG bV "\n", tmp, diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 1546597e..726a2260 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2237,6 +2237,7 @@ int main(int argc, char **argv_orig, char **envp) { snprintf(fn, PATH_MAX, "%s/fastresume.bin", afl->out_dir); #ifdef HAVE_ZLIB if ((fr_fd = ZLIBOPEN(fn, "rb")) != NULL) { + #else if ((fr_fd = open(fn, O_RDONLY)) >= 0) { @@ -3340,9 +3341,11 @@ stop_fuzzing: ACTF("Writing %s ...", fr); #ifdef HAVE_ZLIB if ((fr_fd = ZLIBOPEN(fr, "wb9")) != NULL) { + #else if ((fr_fd = open(fr, O_WRONLY | O_TRUNC | O_CREAT, DEFAULT_PERMISSION)) >= 0) { + #endif u8 ver_string[8]; diff --git a/utils/aflpp_driver/aflpp_qemu_driver_hook.c b/utils/aflpp_driver/aflpp_qemu_driver_hook.c index 2979fadc..d75de539 100644 --- a/utils/aflpp_driver/aflpp_qemu_driver_hook.c +++ b/utils/aflpp_driver/aflpp_qemu_driver_hook.c @@ -4,7 +4,7 @@ #include #define g2h(x) ((void *)((unsigned long)(x) + guest_base)) -#define h2g(x) ((uint64_t)(x)-guest_base) +#define h2g(x) ((uint64_t)(x) - guest_base) void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, uint8_t *input_buf, uint32_t input_buf_len) { diff --git a/utils/libtokencap/libtokencap.so.c b/utils/libtokencap/libtokencap.so.c index cc499150..8f693c51 100644 --- a/utils/libtokencap/libtokencap.so.c +++ b/utils/libtokencap/libtokencap.so.c @@ -167,7 +167,7 @@ static void __tokencap_load_mappings(void) { #elif defined __FreeBSD__ || defined __OpenBSD__ || defined __NetBSD__ - #if defined __FreeBSD__ + #if defined __FreeBSD__ int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_VMMAP, __tokencap_pid}; #elif defined __OpenBSD__ int mib[] = {CTL_KERN, KERN_PROC_VMMAP, __tokencap_pid}; @@ -183,7 +183,7 @@ static void __tokencap_load_mappings(void) { #if defined __FreeBSD__ || defined __NetBSD__ len = len * 4 / 3; - #elif defined __OpenBSD__ + #elif defined __OpenBSD__ len -= len % sizeof(struct kinfo_vmentry); #endif @@ -208,7 +208,7 @@ static void __tokencap_load_mappings(void) { #if defined __FreeBSD__ || defined __NetBSD__ - #if defined __FreeBSD__ + #if defined __FreeBSD__ size_t size = region->kve_structsize; if (size == 0) break; diff --git a/utils/persistent_mode/persistent_demo.c b/utils/persistent_mode/persistent_demo.c index f5e43728..00d59ef4 100644 --- a/utils/persistent_mode/persistent_demo.c +++ b/utils/persistent_mode/persistent_demo.c @@ -34,7 +34,7 @@ /* To ensure checks are not optimized out it is recommended to disable code optimization for the fuzzer harness main() */ #pragma clang optimize off -#pragma GCC optimize("O0") +#pragma GCC optimize("O0") int main(int argc, char **argv) { diff --git a/utils/persistent_mode/persistent_demo_new.c b/utils/persistent_mode/persistent_demo_new.c index 285f50aa..36a0043a 100644 --- a/utils/persistent_mode/persistent_demo_new.c +++ b/utils/persistent_mode/persistent_demo_new.c @@ -51,7 +51,7 @@ __AFL_FUZZ_INIT(); /* To ensure checks are not optimized out it is recommended to disable code optimization for the fuzzer harness main() */ #pragma clang optimize off -#pragma GCC optimize("O0") +#pragma GCC optimize("O0") int main(int argc, char **argv) { diff --git a/utils/persistent_mode/test-instr.c b/utils/persistent_mode/test-instr.c index 72e26e93..7c83f629 100644 --- a/utils/persistent_mode/test-instr.c +++ b/utils/persistent_mode/test-instr.c @@ -24,7 +24,7 @@ __AFL_FUZZ_INIT(); /* To ensure checks are not optimized out it is recommended to disable code optimization for the fuzzer harness main() */ #pragma clang optimize off -#pragma GCC optimize("O0") +#pragma GCC optimize("O0") int main(int argc, char **argv) { diff --git a/utils/qemu_persistent_hook/read_into_rdi.c b/utils/qemu_persistent_hook/read_into_rdi.c index 14b2ed85..3e913870 100644 --- a/utils/qemu_persistent_hook/read_into_rdi.c +++ b/utils/qemu_persistent_hook/read_into_rdi.c @@ -4,7 +4,7 @@ #include #define g2h(x) ((void *)((unsigned long)(x) + guest_base)) -#define h2g(x) ((uint64_t)(x)-guest_base) +#define h2g(x) ((uint64_t)(x) - guest_base) void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, uint8_t *input_buf, uint32_t input_buf_len) { diff --git a/utils/replay_record/persistent_demo_replay.c b/utils/replay_record/persistent_demo_replay.c index 6f6648f1..fa6255fd 100644 --- a/utils/replay_record/persistent_demo_replay.c +++ b/utils/replay_record/persistent_demo_replay.c @@ -46,7 +46,7 @@ __AFL_FUZZ_INIT(); /* To ensure checks are not optimized out it is recommended to disable code optimization for the fuzzer harness main() */ #pragma clang optimize off -#pragma GCC optimize("O0") +#pragma GCC optimize("O0") int main(int argc, char **argv) { -- cgit 1.4.1