From 25945d51a4c4130ec5dc7e0fe07f4579e1927e43 Mon Sep 17 00:00:00 2001 From: Yiyi Wang <91304853+ahuo1@users.noreply.github.com> Date: Sun, 28 Jul 2024 16:45:45 +0800 Subject: To support AFL instrumentation, add default settings. --- src/afl-forkserver.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'src') diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 6366f473..5390b597 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -1338,6 +1338,10 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, fsrv->map_size = tmp_map_size; + } else { + + fsrv->real_map_size = fsrv->map_size = MAP_SIZE; + } if ((status & FS_OPT_AUTODICT) == FS_OPT_AUTODICT) { @@ -1444,6 +1448,11 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } + } else { + + // The binary is most likely instrumented using AFL's tool, and we will set map_size to MAP_SIZE. + fsrv->real_map_size = fsrv->map_size = MAP_SIZE; + } } -- cgit 1.4.1 From 26ae4124f3cf6fb17c2a058c7209469131d904ea Mon Sep 17 00:00:00 2001 From: killerra <25255685+killerra@users.noreply.github.com> Date: Sun, 28 Jul 2024 11:30:48 +0100 Subject: fixed lasan defaults evaluation --- src/afl-common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-common.c b/src/afl-common.c index 04a984cb..e7173504 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -108,7 +108,7 @@ void set_sanitizer_defaults() { if (!have_san_options) { strcpy(buf, default_options); } if (have_asan_options) { - if (NULL != strstr(have_asan_options, "detect_leaks=0")) { + if (NULL != strstr(have_asan_options, "detect_leaks=false")) { strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=0:malloc_context_size=0:"); -- cgit 1.4.1 From 2e57d865769541ca5fe8463e959c671f0eb7558a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 2 Aug 2024 15:27:57 +0200 Subject: lower mem usage attempt --- src/afl-fuzz-queue.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 999929a1..3d244aa8 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -476,6 +476,17 @@ void mark_as_redundant(afl_state_t *afl, struct queue_entry *q, u8 state) { q->fs_redundant = state; + if (likely(q->fs_redundant)) { + + if (unlikely(q->trace_mini)) { + + ck_free(q->trace_mini); + q->trace_mini = NULL; + + } + + } + sprintf(fn, "%s/queue/.state/redundant_edges/%s", afl->out_dir, strrchr((char *)q->fname, '/') + 1); @@ -901,7 +912,7 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { if (!--afl->top_rated[i]->tc_ref) { ck_free(afl->top_rated[i]->trace_mini); - afl->top_rated[i]->trace_mini = 0; + afl->top_rated[i]->trace_mini = NULL; } -- cgit 1.4.1 From dd16be405a7e2b77656f3cf90f212fb58a022ab2 Mon Sep 17 00:00:00 2001 From: killerra <25255685+killerra@users.noreply.github.com> Date: Fri, 2 Aug 2024 14:51:42 +0100 Subject: Handle detect_leaks 0 and false --- src/afl-common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-common.c b/src/afl-common.c index e7173504..e5584e93 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -108,7 +108,7 @@ void set_sanitizer_defaults() { if (!have_san_options) { strcpy(buf, default_options); } if (have_asan_options) { - if (NULL != strstr(have_asan_options, "detect_leaks=false")) { + if (NULL != strstr(have_asan_options, "detect_leaks=0") || NULL != strstr(have_asan_options, "detect_leaks=false")) { strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=0:malloc_context_size=0:"); -- cgit 1.4.1 From 9df906454935134b68ec330e7fddddf6f6987d96 Mon Sep 17 00:00:00 2001 From: Thomas Hebb Date: Tue, 6 Aug 2024 11:37:19 -0700 Subject: Fix syntax error when compiling without zlib commit ecb5854be08fa ("add zlib compression for fast resume") added new logic selected at compile-time when zlib is present. Unfortunately, it also broke the existing logic by removing the last line of a multi-line if statement, resulting in a syntax error when zlib isn't present. Restore the line as it was. --- src/afl-fuzz.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 9867eba3..1546597e 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2237,7 +2237,6 @@ int main(int argc, char **argv_orig, char **envp) { snprintf(fn, PATH_MAX, "%s/fastresume.bin", afl->out_dir); #ifdef HAVE_ZLIB if ((fr_fd = ZLIBOPEN(fn, "rb")) != NULL) { - #else if ((fr_fd = open(fn, O_RDONLY)) >= 0) { @@ -3341,9 +3340,9 @@ stop_fuzzing: ACTF("Writing %s ...", fr); #ifdef HAVE_ZLIB if ((fr_fd = ZLIBOPEN(fr, "wb9")) != NULL) { - #else if ((fr_fd = open(fr, O_WRONLY | O_TRUNC | O_CREAT, DEFAULT_PERMISSION)) >= + 0) { #endif u8 ver_string[8]; -- cgit 1.4.1 From 6ddd5ecf4a3bfc2a5b306b663e57ac29e60bf92f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 14 Aug 2024 18:47:38 +0200 Subject: fix missing trace_mini check --- src/afl-fuzz-queue.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 3d244aa8..599d31f6 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -973,7 +973,8 @@ void cull_queue(afl_state_t *afl) { for (i = 0; i < afl->fsrv.map_size; ++i) { - if (afl->top_rated[i] && (temp_v[i >> 3] & (1 << (i & 7)))) { + if (afl->top_rated[i] && (temp_v[i >> 3] & (1 << (i & 7))) && + afl->top_rated[i]->trace_mini) { u32 j = len; -- cgit 1.4.1 From 93fb1d1a241168f67f65bdb4dbdb05c0b5f25acf Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 16 Aug 2024 10:46:01 +0200 Subject: fix custom post process with custom send --- src/afl-fuzz-run.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 2f244a1d..208d957a 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -216,17 +216,17 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { /* everything as planned. use the potentially new data. */ afl_fsrv_write_to_testcase(&afl->fsrv, *mem, new_size); - if (likely(!afl->afl_env.afl_post_process_keep_original)) { + } - len = new_size; + if (likely(!afl->afl_env.afl_post_process_keep_original)) { - } else { + len = new_size; - /* restore the original memory which was saved in new_mem */ - *mem = new_mem; - afl_swap_bufs(AFL_BUF_PARAM(out), AFL_BUF_PARAM(out_scratch)); + } else { - } + /* restore the original memory which was saved in new_mem */ + *mem = new_mem; + afl_swap_bufs(AFL_BUF_PARAM(out), AFL_BUF_PARAM(out_scratch)); } -- cgit 1.4.1 From 1689a8e053c1f73e16331bfeda28c79e1ed4bbd0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 19 Aug 2024 16:25:32 +0200 Subject: code format, llvm 18 --- .custom-format.py | 2 +- docs/Changelog.md | 1 + include/debug.h | 12 ++-- include/t1ha_bits.h | 23 +++++--- include/types.h | 2 +- include/xxhash.h | 14 +++-- qemu_mode/libqasan/dlmalloc.c | 2 +- src/afl-common.c | 3 +- src/afl-forkserver.c | 26 ++++----- src/afl-fuzz-bitmap.c | 4 +- src/afl-fuzz-one.c | 2 +- src/afl-fuzz-run.c | 13 +++-- src/afl-fuzz-stats.c | 82 ++++++++++++++-------------- src/afl-fuzz.c | 3 + utils/aflpp_driver/aflpp_qemu_driver_hook.c | 2 +- utils/libtokencap/libtokencap.so.c | 6 +- utils/persistent_mode/persistent_demo.c | 2 +- utils/persistent_mode/persistent_demo_new.c | 2 +- utils/persistent_mode/test-instr.c | 2 +- utils/qemu_persistent_hook/read_into_rdi.c | 2 +- utils/replay_record/persistent_demo_replay.c | 2 +- 21 files changed, 110 insertions(+), 97 deletions(-) (limited to 'src') diff --git a/.custom-format.py b/.custom-format.py index c8075ace..e787df28 100755 --- a/.custom-format.py +++ b/.custom-format.py @@ -24,7 +24,7 @@ import importlib.metadata # string_re = re.compile('(\\"(\\\\.|[^"\\\\])*\\")') # TODO: for future use -CURRENT_LLVM = os.getenv('LLVM_VERSION', 17) +CURRENT_LLVM = os.getenv('LLVM_VERSION', 18) CLANG_FORMAT_BIN = os.getenv("CLANG_FORMAT_BIN", "") diff --git a/docs/Changelog.md b/docs/Changelog.md index a1f8829e..f7c53b08 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -31,6 +31,7 @@ - new runtime (!) variable: `AFL_OLD_FORKSERVER` to use the old vanilla AFL type forkserver. Useful for symcc/symqemu/nautilus/etc. with AFL_LLVM_INSTRUMENT=CLASSIC + - code formatting updated to llvm 18 ### Version ++4.21c (release) diff --git a/include/debug.h b/include/debug.h index 5496135c..e7cbdb5c 100644 --- a/include/debug.h +++ b/include/debug.h @@ -314,8 +314,8 @@ static inline const char *colorfilter(const char *x) { #define FATAL(x...) \ do { \ \ - SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \ - "\n[-] PROGRAM ABORT : " cRST x); \ + SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \ + "\n[-] PROGRAM ABORT : " cRST x); \ SAYF(cLRD "\n Location : " cRST "%s(), %s:%u\n\n", __func__, \ __FILE__, (u32)__LINE__); \ exit(1); \ @@ -327,8 +327,8 @@ static inline const char *colorfilter(const char *x) { #define ABORT(x...) \ do { \ \ - SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \ - "\n[-] PROGRAM ABORT : " cRST x); \ + SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \ + "\n[-] PROGRAM ABORT : " cRST x); \ SAYF(cLRD "\n Stop location : " cRST "%s(), %s:%u\n\n", __func__, \ __FILE__, (u32)__LINE__); \ abort(); \ @@ -341,8 +341,8 @@ static inline const char *colorfilter(const char *x) { do { \ \ fflush(stdout); \ - SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \ - "\n[-] SYSTEM ERROR : " cRST x); \ + SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \ + "\n[-] SYSTEM ERROR : " cRST x); \ SAYF(cLRD "\n Stop location : " cRST "%s(), %s:%u\n", __func__, \ __FILE__, (u32)__LINE__); \ SAYF(cLRD " OS message : " cRST "%s\n", strerror(errno)); \ diff --git a/include/t1ha_bits.h b/include/t1ha_bits.h index 0b9bbda5..9ddc8589 100644 --- a/include/t1ha_bits.h +++ b/include/t1ha_bits.h @@ -455,9 +455,10 @@ typedef struct { } __attribute__((__packed__)) t1ha_unaligned_proxy; - #define read_unaligned(ptr, bits) \ - (((const t1ha_unaligned_proxy *)((const uint8_t *)(ptr)-offsetof( \ - t1ha_unaligned_proxy, unaligned_##bits))) \ + #define read_unaligned(ptr, bits) \ + (((const t1ha_unaligned_proxy *)((const uint8_t *)(ptr) - \ + offsetof(t1ha_unaligned_proxy, \ + unaligned_##bits))) \ ->unaligned_##bits) #elif defined(_MSC_VER) #pragma warning( \ @@ -477,9 +478,10 @@ typedef struct { } t1ha_unaligned_proxy; #pragma pack(pop) - #define read_unaligned(ptr, bits) \ - (((const t1ha_unaligned_proxy *)((const uint8_t *)(ptr)-offsetof( \ - t1ha_unaligned_proxy, unaligned_##bits))) \ + #define read_unaligned(ptr, bits) \ + (((const t1ha_unaligned_proxy *)((const uint8_t *)(ptr) - \ + offsetof(t1ha_unaligned_proxy, \ + unaligned_##bits))) \ ->unaligned_##bits) #endif #endif /* read_unaligned */ @@ -496,21 +498,24 @@ typedef struct { #elif __has_attribute(__assume_aligned__) static __always_inline const uint16_t *__attribute__(( - __assume_aligned__(ALIGNMENT_16))) cast_aligned_16(const void *ptr) { + __assume_aligned__(ALIGNMENT_16))) +cast_aligned_16(const void *ptr) { return (const uint16_t *)ptr; } static __always_inline const uint32_t *__attribute__(( - __assume_aligned__(ALIGNMENT_32))) cast_aligned_32(const void *ptr) { + __assume_aligned__(ALIGNMENT_32))) +cast_aligned_32(const void *ptr) { return (const uint32_t *)ptr; } static __always_inline const uint64_t *__attribute__(( - __assume_aligned__(ALIGNMENT_64))) cast_aligned_64(const void *ptr) { + __assume_aligned__(ALIGNMENT_64))) +cast_aligned_64(const void *ptr) { return (const uint64_t *)ptr; diff --git a/include/types.h b/include/types.h index cfb2f3d5..d370bcfb 100644 --- a/include/types.h +++ b/include/types.h @@ -155,7 +155,7 @@ typedef int128_t s128; ({ \ \ char *d = (char *)(_x), *s = (char *)(_y); \ - u32 i, l = (_l)-1; \ + u32 i, l = (_l) - 1; \ for (i = 0; i <= l; i++) \ d[l - i] = s[i]; \ \ diff --git a/include/xxhash.h b/include/xxhash.h index 991a8f1e..72044177 100644 --- a/include/xxhash.h +++ b/include/xxhash.h @@ -6616,12 +6616,14 @@ static XXH64_hash_t XXH3_mergeAccs(const xxh_u64 *XXH_RESTRICT acc, } - #define XXH3_INIT_ACC \ - { \ - \ - XXH_PRIME32_3, XXH_PRIME64_1, XXH_PRIME64_2, XXH_PRIME64_3, \ - XXH_PRIME64_4, XXH_PRIME32_2, XXH_PRIME64_5, XXH_PRIME32_1 \ - \ + #define XXH3_INIT_ACC \ + { \ + \ + \ + XXH_PRIME32_3, XXH_PRIME64_1, XXH_PRIME64_2, \ + XXH_PRIME64_3, XXH_PRIME64_4, XXH_PRIME32_2, \ + XXH_PRIME64_5, XXH_PRIME32_1 \ + \ } XXH_FORCE_INLINE XXH64_hash_t XXH3_hashLong_64b_internal( diff --git a/qemu_mode/libqasan/dlmalloc.c b/qemu_mode/libqasan/dlmalloc.c index 1919ae26..d1d4dc08 100644 --- a/qemu_mode/libqasan/dlmalloc.c +++ b/qemu_mode/libqasan/dlmalloc.c @@ -2355,7 +2355,7 @@ typedef unsigned int flag_t; /* The type of various bit flag sets */ /* conversion from malloc headers to user pointers, and back */ #define chunk2mem(p) ((void *)((char *)(p) + TWO_SIZE_T_SIZES)) - #define mem2chunk(mem) ((mchunkptr)((char *)(mem)-TWO_SIZE_T_SIZES)) + #define mem2chunk(mem) ((mchunkptr)((char *)(mem) - TWO_SIZE_T_SIZES)) /* chunk associated with aligned address A */ #define align_as_chunk(A) (mchunkptr)((A) + align_offset(chunk2mem(A))) diff --git a/src/afl-common.c b/src/afl-common.c index e5584e93..892745a7 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -108,7 +108,8 @@ void set_sanitizer_defaults() { if (!have_san_options) { strcpy(buf, default_options); } if (have_asan_options) { - if (NULL != strstr(have_asan_options, "detect_leaks=0") || NULL != strstr(have_asan_options, "detect_leaks=false")) { + if (NULL != strstr(have_asan_options, "detect_leaks=0") || + NULL != strstr(have_asan_options, "detect_leaks=false")) { strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=0:malloc_context_size=0:"); diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 5390b597..c7c493cf 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -307,8 +307,8 @@ void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from) { Returns the time passed to read. If the wait times out, returns timeout_ms + 1; Returns 0 if an error occurred (fd closed, signal, ...); */ -static u32 __attribute__((hot)) -read_s32_timed(s32 fd, s32 *buf, u32 timeout_ms, volatile u8 *stop_soon_p) { +static u32 __attribute__((hot)) read_s32_timed(s32 fd, s32 *buf, u32 timeout_ms, + volatile u8 *stop_soon_p) { fd_set readfds; FD_ZERO(&readfds); @@ -1339,9 +1339,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, fsrv->map_size = tmp_map_size; } else { - - fsrv->real_map_size = fsrv->map_size = MAP_SIZE; - + + fsrv->real_map_size = fsrv->map_size = MAP_SIZE; + } if ((status & FS_OPT_AUTODICT) == FS_OPT_AUTODICT) { @@ -1450,9 +1450,10 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } else { - // The binary is most likely instrumented using AFL's tool, and we will set map_size to MAP_SIZE. - fsrv->real_map_size = fsrv->map_size = MAP_SIZE; - + // The binary is most likely instrumented using AFL's tool, and we will + // set map_size to MAP_SIZE. + fsrv->real_map_size = fsrv->map_size = MAP_SIZE; + } } @@ -1704,8 +1705,8 @@ u32 afl_fsrv_get_mapsize(afl_forkserver_t *fsrv, char **argv, /* Delete the current testcase and write the buf to the testcase file */ -void __attribute__((hot)) -afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { +void __attribute__((hot)) afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, + u8 *buf, size_t len) { #ifdef __linux__ if (unlikely(fsrv->nyx_mode)) { @@ -1823,9 +1824,8 @@ afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { /* Execute target application, monitoring for timeouts. Return status information. The called program will update afl->fsrv->trace_bits. */ -fsrv_run_result_t __attribute__((hot)) -afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, - volatile u8 *stop_soon_p) { +fsrv_run_result_t __attribute__((hot)) afl_fsrv_run_target( + afl_forkserver_t *fsrv, u32 timeout, volatile u8 *stop_soon_p) { s32 res; u32 exec_ms; diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 97ccd3d3..fd75a822 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -456,8 +456,8 @@ void write_crash_readme(afl_state_t *afl) { save or queue the input test case for further analysis if so. Returns 1 if entry is saved, 0 otherwise. */ -u8 __attribute__((hot)) -save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { +u8 __attribute__((hot)) save_if_interesting(afl_state_t *afl, void *mem, + u32 len, u8 fault) { if (unlikely(len == 0)) { return 0; } diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 74bb8cbc..fd5ed87c 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -3914,7 +3914,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { #define EFF_APOS(_p) ((_p) >> EFF_MAP_SCALE2) #define EFF_REM(_x) ((_x) & ((1 << EFF_MAP_SCALE2) - 1)) #define EFF_ALEN(_l) (EFF_APOS(_l) + !!EFF_REM(_l)) -#define EFF_SPAN_ALEN(_p, _l) (EFF_APOS((_p) + (_l)-1) - EFF_APOS(_p) + 1) +#define EFF_SPAN_ALEN(_p, _l) (EFF_APOS((_p) + (_l) - 1) - EFF_APOS(_p) + 1) /* Initialize effector map for the next step (see comments below). Always flag first and last byte as doing something. */ diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 208d957a..4ce17eb2 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -41,8 +41,9 @@ u64 time_spent_working = 0; /* Execute target application, monitoring for timeouts. Return status information. The called program will update afl->fsrv->trace_bits. */ -fsrv_run_result_t __attribute__((hot)) -fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { +fsrv_run_result_t __attribute__((hot)) fuzz_run_target(afl_state_t *afl, + afl_forkserver_t *fsrv, + u32 timeout) { #ifdef PROFILING static u64 time_spent_start = 0; @@ -111,8 +112,8 @@ fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { old file is unlinked and a new one is created. Otherwise, afl->fsrv.out_fd is rewound and truncated. */ -u32 __attribute__((hot)) -write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { +u32 __attribute__((hot)) write_to_testcase(afl_state_t *afl, void **mem, + u32 len, u32 fix) { u8 sent = 0; @@ -1173,8 +1174,8 @@ abort_trimming: error conditions, returning 1 if it's time to bail out. This is a helper function for fuzz_one(). */ -u8 __attribute__((hot)) -common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { +u8 __attribute__((hot)) common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, + u32 len) { u8 fault; diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index a20c46d0..9f5f59c0 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -963,9 +963,9 @@ void show_stats_normal(afl_state_t *afl) { /* Lord, forgive me this. */ - SAYF(SET_G1 bSTG bLT bH bSTOP cCYA + SAYF(SET_G1 bSTG bLT bH bSTOP cCYA " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA - " overall results " bSTG bH2 bH2 bRT "\n"); + " overall results " bSTG bH2 bH2 bRT "\n"); if (afl->non_instrumented_mode) { @@ -1007,7 +1007,7 @@ void show_stats_normal(afl_state_t *afl) { u_stringify_time_diff(time_tmp, afl->prev_run_time + cur_ms, afl->start_time); SAYF(bV bSTOP " run time : " cRST "%-33s " bSTG bV bSTOP - " cycles done : %s%-5s " bSTG bV "\n", + " cycles done : %s%-5s " bSTG bV "\n", time_tmp, tmp, u_stringify_int(IB(0), afl->queue_cycle - 1)); /* We want to warn people about not seeing new paths after a full cycle, @@ -1047,7 +1047,7 @@ void show_stats_normal(afl_state_t *afl) { u_stringify_time_diff(time_tmp, cur_ms, afl->last_crash_time); SAYF(bV bSTOP "last saved crash : " cRST "%-33s " bSTG bV bSTOP - "saved crashes : %s%-6s" bSTG bV "\n", + "saved crashes : %s%-6s" bSTG bV "\n", time_tmp, crash_color, tmp); sprintf(tmp, "%s%s", u_stringify_int(IB(0), afl->saved_hangs), @@ -1055,12 +1055,12 @@ void show_stats_normal(afl_state_t *afl) { u_stringify_time_diff(time_tmp, cur_ms, afl->last_hang_time); SAYF(bV bSTOP " last saved hang : " cRST "%-33s " bSTG bV bSTOP - " saved hangs : " cRST "%-6s" bSTG bV "\n", + " saved hangs : " cRST "%-6s" bSTG bV "\n", time_tmp, tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " cycle progress " bSTG bH10 bH5 bH2 bH2 bH2 bHB bH bSTOP cCYA - " map coverage" bSTG bHT bH20 bH2 bVL "\n"); + " map coverage" bSTG bHT bH20 bH2 bVL "\n"); /* This gets funny because we want to print several variable-length variables together, but then cram them into a fixed-width field - so we need to @@ -1091,9 +1091,9 @@ void show_stats_normal(afl_state_t *afl) { SAYF(bSTOP " count coverage : " cRST "%-19s" bSTG bV "\n", tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " stage progress " bSTG bH10 bH5 bH2 bH2 bH2 bX bH bSTOP cCYA - " findings in depth " bSTG bH10 bH5 bH2 bVL "\n"); + " findings in depth " bSTG bH10 bH5 bH2 bVL "\n"); sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored), ((double)afl->queued_favored) * 100 / afl->queued_items); @@ -1101,7 +1101,7 @@ void show_stats_normal(afl_state_t *afl) { /* Yeah... it's still going on... halp? */ SAYF(bV bSTOP " now trying : " cRST "%-22s " bSTG bV bSTOP - " favored items : " cRST "%-20s" bSTG bV "\n", + " favored items : " cRST "%-20s" bSTG bV "\n", afl->stage_name, tmp); if (!afl->stage_max) { @@ -1130,13 +1130,13 @@ void show_stats_normal(afl_state_t *afl) { if (afl->crash_mode) { SAYF(bV bSTOP " total execs : " cRST "%-22s " bSTG bV bSTOP - " new crashes : %s%-20s" bSTG bV "\n", + " new crashes : %s%-20s" bSTG bV "\n", u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp); } else { SAYF(bV bSTOP " total execs : " cRST "%-22s " bSTG bV bSTOP - " total crashes : %s%-20s" bSTG bV "\n", + " total crashes : %s%-20s" bSTG bV "\n", u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp); } @@ -1189,7 +1189,7 @@ void show_stats_normal(afl_state_t *afl) { } SAYF(bV bSTOP " bit flips : " cRST "%-36s " bSTG bV bSTOP - " levels : " cRST "%-10s" bSTG bV "\n", + " levels : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->max_depth)); if (unlikely(!afl->skip_deterministic)) { @@ -1205,7 +1205,7 @@ void show_stats_normal(afl_state_t *afl) { } SAYF(bV bSTOP " byte flips : " cRST "%-36s " bSTG bV bSTOP - " pending : " cRST "%-10s" bSTG bV "\n", + " pending : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->pending_not_fuzzed)); if (unlikely(!afl->skip_deterministic)) { @@ -1221,7 +1221,7 @@ void show_stats_normal(afl_state_t *afl) { } SAYF(bV bSTOP " arithmetics : " cRST "%-36s " bSTG bV bSTOP - " pend fav : " cRST "%-10s" bSTG bV "\n", + " pend fav : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->pending_favored)); if (unlikely(!afl->skip_deterministic)) { @@ -1237,7 +1237,7 @@ void show_stats_normal(afl_state_t *afl) { } SAYF(bV bSTOP " known ints : " cRST "%-36s " bSTG bV bSTOP - " own finds : " cRST "%-10s" bSTG bV "\n", + " own finds : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->queued_discovered)); if (unlikely(!afl->skip_deterministic)) { @@ -1263,7 +1263,7 @@ void show_stats_normal(afl_state_t *afl) { } SAYF(bV bSTOP " dictionary : " cRST "%-36s " bSTG bV bSTOP - " imported : " cRST "%-10s" bSTG bV "\n", + " imported : " cRST "%-10s" bSTG bV "\n", tmp, afl->sync_id ? u_stringify_int(IB(0), afl->queued_imported) : (u8 *)"n/a"); @@ -1451,8 +1451,8 @@ void show_stats_normal(afl_state_t *afl) { /* Last line */ - SAYF(SET_G1 "\n" bSTG bLB bH cCYA bSTOP " strategy:" cPIN - " %s " bSTG bH10 cCYA bSTOP " state:" cPIN + SAYF(SET_G1 "\n" bSTG bLB bH cCYA bSTOP " strategy:" cPIN + " %s " bSTG bH10 cCYA bSTOP " state:" cPIN " %s " bSTG bH2 bRB bSTOP cRST RESET_G1, afl->fuzz_mode == 0 ? "explore" : "exploit", get_fuzzing_state(afl)); @@ -1821,8 +1821,8 @@ void show_stats_pizza(afl_state_t *afl) { } u_stringify_time_diff(time_tmp, afl->prev_run_time + cur_ms, afl->start_time); - SAYF(bV bSTOP - " open time : " cRST "%-37s " bSTG bV bSTOP + SAYF(bV bSTOP + " open time : " cRST "%-37s " bSTG bV bSTOP " seasons done : %s%-5s " bSTG bV "\n", time_tmp, tmp, u_stringify_int(IB(0), afl->queue_cycle - 1)); @@ -1865,7 +1865,7 @@ void show_stats_pizza(afl_state_t *afl) { (afl->saved_crashes >= KEEP_UNIQUE_CRASH) ? "+" : ""); u_stringify_time_diff(time_tmp, cur_ms, afl->last_crash_time); - SAYF(bV bSTOP + SAYF(bV bSTOP " last ordered pizza : " cRST "%-33s " bSTG bV bSTOP " at table : %s%-6s " bSTG bV "\n", time_tmp, crash_color, tmp); @@ -1874,15 +1874,15 @@ void show_stats_pizza(afl_state_t *afl) { (afl->saved_hangs >= KEEP_UNIQUE_HANG) ? "+" : ""); u_stringify_time_diff(time_tmp, cur_ms, afl->last_hang_time); - SAYF(bV bSTOP + SAYF(bV bSTOP " last conversation with customers : " cRST "%-33s " bSTG bV bSTOP " number of Peroni : " cRST "%-6s " bSTG bV "\n", time_tmp, tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " Baking progress " bSTG bH30 bH20 bH5 bH bX bH bSTOP cCYA - " Pizzeria busyness" bSTG bH30 bH5 bH bH bVL "\n"); + " Pizzeria busyness" bSTG bH30 bH5 bH bH bVL "\n"); /* This gets funny because we want to print several variable-length variables together, but then cram them into a fixed-width field - so we need to @@ -1918,8 +1918,8 @@ void show_stats_pizza(afl_state_t *afl) { SAYF(bSTOP " count coverage : " cRST "%-19s " bSTG bV "\n", tmp); - SAYF(bVR bH bSTOP cCYA - " Pizzas almost ready " bSTG bH30 bH20 bH2 bH bX bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA + " Pizzas almost ready " bSTG bH30 bH20 bH2 bH bX bH bSTOP cCYA " Types of pizzas cooking " bSTG bH10 bH5 bH2 bH10 bH2 bH bVL "\n"); sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored), @@ -1928,7 +1928,7 @@ void show_stats_pizza(afl_state_t *afl) { /* Yeah... it's still going on... halp? */ SAYF(bV bSTOP " now preparing : " cRST - "%-22s " bSTG bV bSTOP + "%-22s " bSTG bV bSTOP " favourite topping : " cRST "%-20s" bSTG bV "\n", afl->stage_name, tmp); @@ -1961,14 +1961,14 @@ void show_stats_pizza(afl_state_t *afl) { if (afl->crash_mode) { SAYF(bV bSTOP " total pizzas : " cRST - "%-22s " bSTG bV bSTOP + "%-22s " bSTG bV bSTOP " pizzas with pineapple : %s%-20s" bSTG bV "\n", u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp); } else { SAYF(bV bSTOP " total pizzas : " cRST - "%-22s " bSTG bV bSTOP + "%-22s " bSTG bV bSTOP " total pizzas with pineapple : %s%-20s" bSTG bV "\n", u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp); @@ -2005,7 +2005,7 @@ void show_stats_pizza(afl_state_t *afl) { /* Aaaalmost there... hold on! */ SAYF(bVR bH cCYA bSTOP " Promotional campaign on TikTok yields " bSTG bH30 bH2 - bH bH2 bX bH bSTOP cCYA + bH bH2 bX bH bSTOP cCYA " Customer type " bSTG bH5 bH2 bH30 bH2 bH bVL "\n"); if (unlikely(afl->custom_only)) { @@ -2028,8 +2028,8 @@ void show_stats_pizza(afl_state_t *afl) { } - SAYF(bV bSTOP - " pizzas for celiac : " cRST "%-36s " bSTG bV bSTOP + SAYF(bV bSTOP + " pizzas for celiac : " cRST "%-36s " bSTG bV bSTOP " levels : " cRST "%-10s " bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->max_depth)); @@ -2046,8 +2046,8 @@ void show_stats_pizza(afl_state_t *afl) { } - SAYF(bV bSTOP - " pizzas for kids : " cRST "%-36s " bSTG bV bSTOP + SAYF(bV bSTOP + " pizzas for kids : " cRST "%-36s " bSTG bV bSTOP " pizzas to make : " cRST "%-10s " bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->pending_not_fuzzed)); @@ -2064,8 +2064,8 @@ void show_stats_pizza(afl_state_t *afl) { } - SAYF(bV bSTOP - " pizza bianca : " cRST "%-36s " bSTG bV bSTOP + SAYF(bV bSTOP + " pizza bianca : " cRST "%-36s " bSTG bV bSTOP " nice table : " cRST "%-10s " bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->pending_favored)); @@ -2082,8 +2082,8 @@ void show_stats_pizza(afl_state_t *afl) { } - SAYF(bV bSTOP - " recurring customers : " cRST "%-36s " bSTG bV bSTOP + SAYF(bV bSTOP + " recurring customers : " cRST "%-36s " bSTG bV bSTOP " new customers : " cRST "%-10s " bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->queued_discovered)); @@ -2110,8 +2110,8 @@ void show_stats_pizza(afl_state_t *afl) { } - SAYF(bV bSTOP - " dictionary : " cRST "%-36s " bSTG bV bSTOP + SAYF(bV bSTOP + " dictionary : " cRST "%-36s " bSTG bV bSTOP " patrons from old resturant : " cRST "%-10s " bSTG bV "\n", tmp, diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 1546597e..726a2260 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2237,6 +2237,7 @@ int main(int argc, char **argv_orig, char **envp) { snprintf(fn, PATH_MAX, "%s/fastresume.bin", afl->out_dir); #ifdef HAVE_ZLIB if ((fr_fd = ZLIBOPEN(fn, "rb")) != NULL) { + #else if ((fr_fd = open(fn, O_RDONLY)) >= 0) { @@ -3340,9 +3341,11 @@ stop_fuzzing: ACTF("Writing %s ...", fr); #ifdef HAVE_ZLIB if ((fr_fd = ZLIBOPEN(fr, "wb9")) != NULL) { + #else if ((fr_fd = open(fr, O_WRONLY | O_TRUNC | O_CREAT, DEFAULT_PERMISSION)) >= 0) { + #endif u8 ver_string[8]; diff --git a/utils/aflpp_driver/aflpp_qemu_driver_hook.c b/utils/aflpp_driver/aflpp_qemu_driver_hook.c index 2979fadc..d75de539 100644 --- a/utils/aflpp_driver/aflpp_qemu_driver_hook.c +++ b/utils/aflpp_driver/aflpp_qemu_driver_hook.c @@ -4,7 +4,7 @@ #include #define g2h(x) ((void *)((unsigned long)(x) + guest_base)) -#define h2g(x) ((uint64_t)(x)-guest_base) +#define h2g(x) ((uint64_t)(x) - guest_base) void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, uint8_t *input_buf, uint32_t input_buf_len) { diff --git a/utils/libtokencap/libtokencap.so.c b/utils/libtokencap/libtokencap.so.c index cc499150..8f693c51 100644 --- a/utils/libtokencap/libtokencap.so.c +++ b/utils/libtokencap/libtokencap.so.c @@ -167,7 +167,7 @@ static void __tokencap_load_mappings(void) { #elif defined __FreeBSD__ || defined __OpenBSD__ || defined __NetBSD__ - #if defined __FreeBSD__ + #if defined __FreeBSD__ int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_VMMAP, __tokencap_pid}; #elif defined __OpenBSD__ int mib[] = {CTL_KERN, KERN_PROC_VMMAP, __tokencap_pid}; @@ -183,7 +183,7 @@ static void __tokencap_load_mappings(void) { #if defined __FreeBSD__ || defined __NetBSD__ len = len * 4 / 3; - #elif defined __OpenBSD__ + #elif defined __OpenBSD__ len -= len % sizeof(struct kinfo_vmentry); #endif @@ -208,7 +208,7 @@ static void __tokencap_load_mappings(void) { #if defined __FreeBSD__ || defined __NetBSD__ - #if defined __FreeBSD__ + #if defined __FreeBSD__ size_t size = region->kve_structsize; if (size == 0) break; diff --git a/utils/persistent_mode/persistent_demo.c b/utils/persistent_mode/persistent_demo.c index f5e43728..00d59ef4 100644 --- a/utils/persistent_mode/persistent_demo.c +++ b/utils/persistent_mode/persistent_demo.c @@ -34,7 +34,7 @@ /* To ensure checks are not optimized out it is recommended to disable code optimization for the fuzzer harness main() */ #pragma clang optimize off -#pragma GCC optimize("O0") +#pragma GCC optimize("O0") int main(int argc, char **argv) { diff --git a/utils/persistent_mode/persistent_demo_new.c b/utils/persistent_mode/persistent_demo_new.c index 285f50aa..36a0043a 100644 --- a/utils/persistent_mode/persistent_demo_new.c +++ b/utils/persistent_mode/persistent_demo_new.c @@ -51,7 +51,7 @@ __AFL_FUZZ_INIT(); /* To ensure checks are not optimized out it is recommended to disable code optimization for the fuzzer harness main() */ #pragma clang optimize off -#pragma GCC optimize("O0") +#pragma GCC optimize("O0") int main(int argc, char **argv) { diff --git a/utils/persistent_mode/test-instr.c b/utils/persistent_mode/test-instr.c index 72e26e93..7c83f629 100644 --- a/utils/persistent_mode/test-instr.c +++ b/utils/persistent_mode/test-instr.c @@ -24,7 +24,7 @@ __AFL_FUZZ_INIT(); /* To ensure checks are not optimized out it is recommended to disable code optimization for the fuzzer harness main() */ #pragma clang optimize off -#pragma GCC optimize("O0") +#pragma GCC optimize("O0") int main(int argc, char **argv) { diff --git a/utils/qemu_persistent_hook/read_into_rdi.c b/utils/qemu_persistent_hook/read_into_rdi.c index 14b2ed85..3e913870 100644 --- a/utils/qemu_persistent_hook/read_into_rdi.c +++ b/utils/qemu_persistent_hook/read_into_rdi.c @@ -4,7 +4,7 @@ #include #define g2h(x) ((void *)((unsigned long)(x) + guest_base)) -#define h2g(x) ((uint64_t)(x)-guest_base) +#define h2g(x) ((uint64_t)(x) - guest_base) void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, uint8_t *input_buf, uint32_t input_buf_len) { diff --git a/utils/replay_record/persistent_demo_replay.c b/utils/replay_record/persistent_demo_replay.c index 6f6648f1..fa6255fd 100644 --- a/utils/replay_record/persistent_demo_replay.c +++ b/utils/replay_record/persistent_demo_replay.c @@ -46,7 +46,7 @@ __AFL_FUZZ_INIT(); /* To ensure checks are not optimized out it is recommended to disable code optimization for the fuzzer harness main() */ #pragma clang optimize off -#pragma GCC optimize("O0") +#pragma GCC optimize("O0") int main(int argc, char **argv) { -- cgit 1.4.1