From 326ab632c378878c96f44586a6e1f3dfa3db2276 Mon Sep 17 00:00:00 2001
From: Dominik Maier <domenukk@gmail.com>
Date: Mon, 13 Apr 2020 16:57:19 +0200
Subject: fixed uaf and warnings

---
 src/afl-fuzz-bitmap.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/afl-fuzz-bitmap.c')

diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c
index b6a494db..9603f2f5 100644
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@@ -535,7 +535,7 @@ u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
   if (unlikely(len == 0)) return 0;
 
   u8 *queue_fn = "";
-  u8  hnb;
+  u8  hnb = '\0';
   s32 fd;
   u8  keeping = 0, res;
 
@@ -718,9 +718,9 @@ u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
 
         // if the user wants to be informed on new crashes - do that
 #if !TARGET_OS_IPHONE
-        if (system(afl->infoexec) == -1)
-          hnb += 0;  // we dont care if system errors, but we dont want a
-                     // compiler warning either
+        // we dont care if system errors, but we dont want a
+          // compiler warning either
+        (void)(system(afl->infoexec)+1);
 #else
         WARNF("command execution unsupported");
 #endif
-- 
cgit 1.4.1


From a897f355a97e8992126aa1f2c612a6304f547b0c Mon Sep 17 00:00:00 2001
From: Dominik Maier <domenukk@gmail.com>
Date: Mon, 13 Apr 2020 16:57:41 +0200
Subject: code format

---
 src/afl-analyze.c       |  6 +-----
 src/afl-fuzz-bitmap.c   |  4 ++--
 src/afl-fuzz-redqueen.c |  1 -
 src/afl-fuzz-stats.c    | 14 +++++++-------
 4 files changed, 10 insertions(+), 15 deletions(-)

(limited to 'src/afl-fuzz-bitmap.c')

diff --git a/src/afl-analyze.c b/src/afl-analyze.c
index 2c98982f..952786b0 100644
--- a/src/afl-analyze.c
+++ b/src/afl-analyze.c
@@ -902,11 +902,7 @@ int main(int argc, char **argv, char **envp) {
         if (mem_limit_given) FATAL("Multiple -m options not supported");
         mem_limit_given = 1;
 
-        if (!optarg) {
-
-          FATAL("Bad syntax used for -m");
-
-        }
+        if (!optarg) { FATAL("Bad syntax used for -m"); }
 
         if (!strcmp(optarg, "none")) {
 
diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c
index 9603f2f5..f5364c72 100644
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@@ -719,8 +719,8 @@ u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
         // if the user wants to be informed on new crashes - do that
 #if !TARGET_OS_IPHONE
         // we dont care if system errors, but we dont want a
-          // compiler warning either
-        (void)(system(afl->infoexec)+1);
+        // compiler warning either
+        (void)(system(afl->infoexec) + 1);
 #else
         WARNF("command execution unsupported");
 #endif
diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c
index b9b41c74..0255b5f1 100644
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@@ -188,7 +188,6 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, u32 exec_cksum) {
 
   }
 
-
   return 0;
 
 checksum_fail:
diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c
index d42df2db..d48dd5e3 100644
--- a/src/afl-fuzz-stats.c
+++ b/src/afl-fuzz-stats.c
@@ -387,9 +387,9 @@ void show_stats(afl_state_t *afl) {
 
   /* Lord, forgive me this. */
 
-  SAYF(SET_G1 bSTG bLT bH bSTOP cCYA
+  SAYF(SET_G1 bSTG bLT bH bSTOP                         cCYA
        " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA
-       " overall results " bSTG bH2 bH2 bRT "\n");
+       " overall results " bSTG bH2 bH2                 bRT "\n");
 
   if (afl->dumb_mode) {
 
@@ -471,9 +471,9 @@ void show_stats(afl_state_t *afl) {
                 "   uniq hangs : " cRST "%-6s" bSTG         bV "\n",
        time_tmp, tmp);
 
-  SAYF(bVR bH bSTOP            cCYA
+  SAYF(bVR bH bSTOP                                          cCYA
        " cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA
-       " map coverage " bSTG bH bHT bH20 bH2 bVL "\n");
+       " map coverage " bSTG bH bHT bH20 bH2                 bVL "\n");
 
   /* This gets funny because we want to print several variable-length variables
      together, but then cram them into a fixed-width field - so we need to
@@ -503,9 +503,9 @@ void show_stats(afl_state_t *afl) {
 
   SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp);
 
-  SAYF(bVR bH bSTOP            cCYA
+  SAYF(bVR bH bSTOP                                         cCYA
        " stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA
-       " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n");
+       " findings in depth " bSTG bH10 bH5 bH2 bH2          bVL "\n");
 
   sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored),
           ((double)afl->queued_favored) * 100 / afl->queued_paths);
@@ -579,7 +579,7 @@ void show_stats(afl_state_t *afl) {
 
   /* Aaaalmost there... hold on! */
 
-  SAYF(bVR bH cCYA                      bSTOP
+  SAYF(bVR bH cCYA                                                     bSTOP
        " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA
        " path geometry " bSTG bH5 bH2 bVL "\n");
 
-- 
cgit 1.4.1


From 12a7059ae8c7a3bd016f0d62b03a76baffcde24b Mon Sep 17 00:00:00 2001
From: Dominik Maier <domenukk@gmail.com>
Date: Mon, 13 Apr 2020 16:58:35 +0200
Subject: added ignore info

---
 src/afl-fuzz-bitmap.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/afl-fuzz-bitmap.c')

diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c
index f5364c72..a0a720fa 100644
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@@ -720,6 +720,8 @@ u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
 #if !TARGET_OS_IPHONE
         // we dont care if system errors, but we dont want a
         // compiler warning either
+        // See
+        // https://stackoverflow.com/questions/11888594/ignoring-return-values-in-c
         (void)(system(afl->infoexec) + 1);
 #else
         WARNF("command execution unsupported");
-- 
cgit 1.4.1