From 7c383094d92af16cf610a7c58cc0e7fbd701ff40 Mon Sep 17 00:00:00 2001
From: Dominik Maier <domenukk@gmail.com>
Date: Mon, 30 Mar 2020 16:01:29 +0200
Subject: added unittest for unit_maybe_alloc

---
 test/unittests/unit_maybe_alloc.c | 140 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 140 insertions(+)
 create mode 100644 test/unittests/unit_maybe_alloc.c

(limited to 'test/unittests/unit_maybe_alloc.c')

diff --git a/test/unittests/unit_maybe_alloc.c b/test/unittests/unit_maybe_alloc.c
new file mode 100644
index 00000000..93f10889
--- /dev/null
+++ b/test/unittests/unit_maybe_alloc.c
@@ -0,0 +1,140 @@
+#include <stdarg.h>
+#include <stddef.h>
+#include <setjmp.h>
+#include <assert.h>
+#include <cmocka.h>
+
+extern void mock_assert(const int result, const char* const expression,
+                        const char * const file, const int line);
+#undef assert
+#define assert(expression) \
+    mock_assert((int)(expression), #expression, __FILE__, __LINE__);
+#include "alloc-inl.h"
+
+/* remap exit -> assert, then use cmocka's mock_assert
+    (compile with `--wrap=exit`) */
+extern void exit(int status);
+extern void __real_exit(int status);
+void __wrap_exit(int status) {
+    assert(0);
+}
+
+/* ignore all printfs */
+extern int printf(const char *format, ...);
+extern int __real_printf(const char *format, ...);
+int __wrap_printf(const char *format, ...) {
+    return 1;
+}
+
+#define BUF_PARAMS (void **)&buf, &size
+
+static int setup(void **state) {
+
+    return 0;
+
+}
+
+static void test_null_allocs(void **state) {
+
+    void *buf = NULL;
+    size_t size = 0;
+    void *ptr = ck_maybe_grow(BUF_PARAMS, 100);
+    assert_true(buf == ptr);
+    assert_true(size >= 100);
+    ck_free(ptr);
+
+}
+
+static void test_nonpow2_size(void **state) {
+
+    char *buf = ck_alloc(150);
+    size_t size = 150;
+    buf[140] = '5';
+    char *ptr = ck_maybe_grow(BUF_PARAMS, 160);
+    assert_ptr_equal(buf, ptr);
+    assert_true(size >= 160);
+    assert_true(buf[140] == '5');
+    ck_free(ptr);
+
+}
+
+static void test_zero_size() {
+
+    char *buf = NULL;
+    size_t size = 0;
+    //assert_non_null(maybe_grow(BUF_PARAMS, 0));
+    free(buf);
+    buf = NULL;
+    size = 0;
+
+    char *ptr = ck_maybe_grow(BUF_PARAMS, 100);
+    assert_non_null(ptr);
+    assert_ptr_equal(buf, ptr);
+    assert_true(size >= 100);
+
+    expect_assert_failure(ck_maybe_grow(BUF_PARAMS, 0));
+
+}
+
+static void test_unchanged_size(void **state) {
+
+    void *buf = ck_alloc(100);
+    size_t size = 100;
+    void *buf_before = buf;
+    void *buf_after = ck_maybe_grow(BUF_PARAMS, 100);
+    assert_ptr_equal(buf, buf_after);
+    assert_ptr_equal(buf_after, buf_before);
+    ck_free(buf);
+
+}
+
+static void test_grow_multiple(void **state) {
+
+    char *buf = NULL;
+    size_t size = 0;
+
+    char *ptr = ck_maybe_grow(BUF_PARAMS, 100);
+    assert_ptr_equal(ptr, buf);
+    assert_true(size >= 100);
+    assert_int_equal(size, next_pow2(size));
+    buf[50] = '5';
+
+    ptr = (char *)ck_maybe_grow(BUF_PARAMS, 1000);
+    assert_ptr_equal(ptr, buf);
+    assert_true(size >= 100);
+    assert_int_equal(size, next_pow2(size));
+    buf[500] = '5';
+
+    ptr = (char *)ck_maybe_grow(BUF_PARAMS, 10000);
+    assert_ptr_equal(ptr, buf);
+    assert_true(size >= 10000);
+    assert_int_equal(size, next_pow2(size));
+    buf[5000] = '5';
+
+    assert_int_equal(buf[50], '5');
+    assert_int_equal(buf[500], '5');
+    assert_int_equal(buf[5000], '5');
+
+    ck_free(buf);
+
+}
+
+static int teardown(void **state) {
+
+    return 0;
+
+}
+
+int main(int argc, char **argv) {
+
+	const struct CMUnitTest tests[] = {
+		cmocka_unit_test(test_null_allocs),
+		cmocka_unit_test(test_nonpow2_size),
+		cmocka_unit_test(test_zero_size),
+        cmocka_unit_test(test_unchanged_size),
+        cmocka_unit_test(test_grow_multiple),
+	};
+
+    return cmocka_run_group_tests (tests, setup, teardown);
+
+}
\ No newline at end of file
-- 
cgit 1.4.1


From eca55be4fb961bc65cf8c3531fe2e2eb2b7ca614 Mon Sep 17 00:00:00 2001
From: Dominik Maier <domenukk@gmail.com>
Date: Wed, 1 Apr 2020 01:55:13 +0200
Subject: minor changes

---
 afl-whatsup                       | 4 ++--
 src/afl-fuzz-init.c               | 2 +-
 test/unittests/unit_maybe_alloc.c | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'test/unittests/unit_maybe_alloc.c')

diff --git a/afl-whatsup b/afl-whatsup
index c3017689..1a276964 100755
--- a/afl-whatsup
+++ b/afl-whatsup
@@ -171,8 +171,8 @@ for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do
   TOTAL_CRASHES=$((TOTAL_CRASHES + unique_crashes))
   TOTAL_PENDING=$((TOTAL_PENDING + pending_total))
   TOTAL_PFAV=$((TOTAL_PFAV + pending_favs))
-  
-   if [ "$last_path" -gt "$TOTAL_LAST_PATH" ]; then
+
+  if [ "$last_path" -gt "$TOTAL_LAST_PATH" ]; then
     TOTAL_LAST_PATH=$last_path
   fi
 
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index fe2be4d2..e2495524 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -391,7 +391,7 @@ void read_testcases(afl_state_t *afl) {
 
     if (!S_ISREG(st.st_mode) || !st.st_size || strstr(fn2, "/README.txt")) {
 
-      free(fn2);
+      ck_free(fn2);
       continue;
 
     }
diff --git a/test/unittests/unit_maybe_alloc.c b/test/unittests/unit_maybe_alloc.c
index 93f10889..25b41d46 100644
--- a/test/unittests/unit_maybe_alloc.c
+++ b/test/unittests/unit_maybe_alloc.c
@@ -137,4 +137,4 @@ int main(int argc, char **argv) {
 
     return cmocka_run_group_tests (tests, setup, teardown);
 
-}
\ No newline at end of file
+}
-- 
cgit 1.4.1


From 6392a349cee77edb98b38d4988b0696ea3213c84 Mon Sep 17 00:00:00 2001
From: Dominik Maier <domenukk@gmail.com>
Date: Wed, 1 Apr 2020 02:28:54 +0200
Subject: add assert_ptr_equal fallback

---
 test/unittests/unit_maybe_alloc.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'test/unittests/unit_maybe_alloc.c')

diff --git a/test/unittests/unit_maybe_alloc.c b/test/unittests/unit_maybe_alloc.c
index 25b41d46..985e28f7 100644
--- a/test/unittests/unit_maybe_alloc.c
+++ b/test/unittests/unit_maybe_alloc.c
@@ -4,6 +4,14 @@
 #include <assert.h>
 #include <cmocka.h>
 
+/* Apparently not supported in very old cmocka versions */
+#ifndef assert_ptr_equal
+#define assert_ptr_equal(a, b) \
+    _assert_int_equal(cast_ptr_to_largest_integral_type(a), \
+                      cast_ptr_to_largest_integral_type(b), \
+                      __FILE__, __LINE__)
+#endif
+
 extern void mock_assert(const int result, const char* const expression,
                         const char * const file, const int line);
 #undef assert
-- 
cgit 1.4.1


From 77d68bc7bd4a693844ffb3dfe33ce4923e4a74ba Mon Sep 17 00:00:00 2001
From: Dominik Maier <domenukk@gmail.com>
Date: Wed, 1 Apr 2020 02:59:19 +0200
Subject: old cmocka is old

---
 test/unittests/unit_maybe_alloc.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'test/unittests/unit_maybe_alloc.c')

diff --git a/test/unittests/unit_maybe_alloc.c b/test/unittests/unit_maybe_alloc.c
index 985e28f7..8fa986d8 100644
--- a/test/unittests/unit_maybe_alloc.c
+++ b/test/unittests/unit_maybe_alloc.c
@@ -2,15 +2,17 @@
 #include <stddef.h>
 #include <setjmp.h>
 #include <assert.h>
-#include <cmocka.h>
-
-/* Apparently not supported in very old cmocka versions */
+/* cmocka < 1.0 didn't support these features we need */
 #ifndef assert_ptr_equal
 #define assert_ptr_equal(a, b) \
     _assert_int_equal(cast_ptr_to_largest_integral_type(a), \
                       cast_ptr_to_largest_integral_type(b), \
                       __FILE__, __LINE__)
+#define CMUnitTest UnitTest
+#define cmocka_unit_test unit_test
 #endif
+#include <cmocka.h>
+
 
 extern void mock_assert(const int result, const char* const expression,
                         const char * const file, const int line);
-- 
cgit 1.4.1


From 35c817ccd09187a1e712fb5f3ac78eb8441a7b05 Mon Sep 17 00:00:00 2001
From: Dominik Maier <domenukk@gmail.com>
Date: Wed, 1 Apr 2020 03:20:22 +0200
Subject: mocking cmocka 1 for cmocka 0.x

---
 test/unittests/unit_maybe_alloc.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'test/unittests/unit_maybe_alloc.c')

diff --git a/test/unittests/unit_maybe_alloc.c b/test/unittests/unit_maybe_alloc.c
index 8fa986d8..dcab5baf 100644
--- a/test/unittests/unit_maybe_alloc.c
+++ b/test/unittests/unit_maybe_alloc.c
@@ -10,6 +10,7 @@
                       __FILE__, __LINE__)
 #define CMUnitTest UnitTest
 #define cmocka_unit_test unit_test
+#define cmocka_run_group_tests(t, setup, teardown) run_tests(t)
 #endif
 #include <cmocka.h>
 
-- 
cgit 1.4.1


From b9783e44a3941e3ea381ae47ed1e2fc90bc2ef92 Mon Sep 17 00:00:00 2001
From: Dominik Maier <domenukk@gmail.com>
Date: Wed, 1 Apr 2020 03:39:36 +0200
Subject: cmocka mocks

---
 test/unittests/unit_maybe_alloc.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'test/unittests/unit_maybe_alloc.c')

diff --git a/test/unittests/unit_maybe_alloc.c b/test/unittests/unit_maybe_alloc.c
index dcab5baf..7c6cfaaa 100644
--- a/test/unittests/unit_maybe_alloc.c
+++ b/test/unittests/unit_maybe_alloc.c
@@ -39,11 +39,13 @@ int __wrap_printf(const char *format, ...) {
 
 #define BUF_PARAMS (void **)&buf, &size
 
+/*
 static int setup(void **state) {
 
     return 0;
 
 }
+*/
 
 static void test_null_allocs(void **state) {
 
@@ -130,11 +132,13 @@ static void test_grow_multiple(void **state) {
 
 }
 
+/*
 static int teardown(void **state) {
 
     return 0;
 
 }
+*/
 
 int main(int argc, char **argv) {
 
@@ -146,6 +150,7 @@ int main(int argc, char **argv) {
         cmocka_unit_test(test_grow_multiple),
 	};
 
-    return cmocka_run_group_tests (tests, setup, teardown);
+    //return cmocka_run_group_tests (tests, setup, teardown);
+    return cmocka_run_group_tests (tests, NULL, NULL);
 
 }
-- 
cgit 1.4.1


From effa766d4abfc1901585e306609f3571a268796e Mon Sep 17 00:00:00 2001
From: hexcoder- <heiko@hexco.de>
Date: Wed, 1 Apr 2020 09:42:40 +0200
Subject: fix cmocka fixup

---
 test/unittests/unit_maybe_alloc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'test/unittests/unit_maybe_alloc.c')

diff --git a/test/unittests/unit_maybe_alloc.c b/test/unittests/unit_maybe_alloc.c
index 7c6cfaaa..6a165dd4 100644
--- a/test/unittests/unit_maybe_alloc.c
+++ b/test/unittests/unit_maybe_alloc.c
@@ -2,6 +2,7 @@
 #include <stddef.h>
 #include <setjmp.h>
 #include <assert.h>
+#include <cmocka.h>
 /* cmocka < 1.0 didn't support these features we need */
 #ifndef assert_ptr_equal
 #define assert_ptr_equal(a, b) \
@@ -12,7 +13,6 @@
 #define cmocka_unit_test unit_test
 #define cmocka_run_group_tests(t, setup, teardown) run_tests(t)
 #endif
-#include <cmocka.h>
 
 
 extern void mock_assert(const int result, const char* const expression,
-- 
cgit 1.4.1


From b5c5496b2fa9703bcdf7ab685499ae976a9107f6 Mon Sep 17 00:00:00 2001
From: Dominik Maier <domenukk@gmail.com>
Date: Wed, 1 Apr 2020 18:19:43 +0200
Subject: list testcase added

---
 .gitignore                        |  2 ++
 Makefile                          | 26 ++++++++++++++------------
 include/list.h                    |  3 ++-
 test/unittests/unit_list.c        |  2 +-
 test/unittests/unit_maybe_alloc.c |  4 +++-
 5 files changed, 22 insertions(+), 15 deletions(-)

(limited to 'test/unittests/unit_maybe_alloc.c')

diff --git a/.gitignore b/.gitignore
index 2687f959..c8a92b7d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -47,3 +47,5 @@ unicorn_mode/samples/*/\.test-*
 unicorn_mode/samples/*/output/
 core\.*
 test/unittests/unit_maybe_alloc
+test/unittests/unit_preallocable
+test/unittests/unit_list
diff --git a/Makefile b/Makefile
index 23fcaeca..a193f357 100644
--- a/Makefile
+++ b/Makefile
@@ -64,8 +64,8 @@ ifneq "$(shell uname -m)" "x86_64"
  endif
 endif
 
-CFLAGS     ?= -O3 -funroll-loops $(CFLAGS_OPT)
-override CFLAGS += -Wall -g -Wno-pointer-sign -D_FORTIFY_SOURCE=2 \
+CFLAGS     ?= -O2 -funroll-loops $(CFLAGS_OPT) -D_FORTIFY_SOURCE=2
+override CFLAGS += -Wall -g -Wno-pointer-sign \
 			  -I include/ -Werror -DAFL_PATH=\"$(HELPER_PATH)\" \
 			  -DBIN_PATH=\"$(BIN_PATH)\" -DDOC_PATH=\"$(DOC_PATH)\"
 
@@ -151,10 +151,13 @@ ifdef STATIC
   LDFLAGS += -lm -lpthread -lz -lutil
 endif
 
+ASAN_CFLAGS=-fsanitize=address -fstack-protector-all
+ASAN_LDFLAGS+=-fsanitize=address -fstack-protector-all
+
 ifdef ASAN_BUILD
   $(info Compiling ASAN version of binaries)
-  CFLAGS+=-fsanitize=address -fstack-protector-all
-  LDFLAGS+=-fsanitize=address -fstack-protector-all
+  CFLAGS+="$ASAN_CFLAGS"
+  LDFLAGS+="$ASAN_LDFLAGS"
 endif
 
 ifdef PROFILING
@@ -313,27 +316,27 @@ document: $(COMM_HDR) include/afl-fuzz.h $(AFL_FUZZ_FILES) src/afl-common.o src/
 	$(CC) -D_AFL_DOCUMENT_MUTATIONS $(CFLAGS) $(CFLAGS_FLTO) $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o -o afl-fuzz-document $(PYFLAGS) $(LDFLAGS)
 
 test/unittests/unit_maybe_alloc.o : $(COMM_HDR) include/alloc-inl.h test/unittests/unit_maybe_alloc.c $(AFL_FUZZ_FILES)
-	$(CC) $(CFLAGS) -c test/unittests/unit_maybe_alloc.c -o test/unittests/unit_maybe_alloc.o
+	$(CC) $(CFLAGS) $(ASAN_CFLAGS) -c test/unittests/unit_maybe_alloc.c -o test/unittests/unit_maybe_alloc.o
 
 test/unittests/unit_preallocable.o : $(COMM_HDR) include/alloc-inl.h test/unittests/unit_preallocable.c $(AFL_FUZZ_FILES)
-	$(CC) $(CFLAGS) -c test/unittests/unit_preallocable.c -o test/unittests/unit_preallocable.o
+	$(CC) $(CFLAGS) $(ASAN_CFLAGS) -c test/unittests/unit_preallocable.c -o test/unittests/unit_preallocable.o
 
 unit_maybe_alloc: test/unittests/unit_maybe_alloc.o
-	$(CC) $(CFLAGS) -Wl,--wrap=exit -Wl,--wrap=printf test/unittests/unit_maybe_alloc.o -o test/unittests/unit_maybe_alloc $(LDFLAGS) -lcmocka
+	$(CC) $(CFLAGS) -Wl,--wrap=exit -Wl,--wrap=printf test/unittests/unit_maybe_alloc.o -o test/unittests/unit_maybe_alloc $(LDFLAGS) $(ASAN_LDFLAGS) -lcmocka
 	./test/unittests/unit_maybe_alloc
 
 test/unittests/unit_list.o : $(COMM_HDR) include/list.h test/unittests/unit_list.c $(AFL_FUZZ_FILES)
-	$(CC) $(CFLAGS) -c test/unittests/unit_list.c -o test/unittests/unit_list.o
+	$(CC) $(CFLAGS) $(ASAN_CFLAGS) -c test/unittests/unit_list.c -o test/unittests/unit_list.o
 
 unit_list: test/unittests/unit_list.o
-	$(CC) $(CFLAGS) -Wl,--wrap=exit -Wl,--wrap=printf test/unittests/unit_list.o -o test/unittests/unit_list  $(LDFLAGS) -lcmocka
+	$(CC) $(CFLAGS) $(ASAN_CFLAGS) -Wl,--wrap=exit -Wl,--wrap=printf test/unittests/unit_list.o -o test/unittests/unit_list  $(LDFLAGS) $(ASAN_LDFLAGS) -lcmocka
 	./test/unittests/unit_list
 
 test/unittests/preallocable.o : $(COMM_HDR) include/afl-prealloc.h test/unittests/preallocable.c $(AFL_FUZZ_FILES)
-	$(CC) $(CFLAGS) $(CFLAGS_FLTO) -c test/unittests/preallocable.c -o test/unittests/preallocable.o
+	$(CC) $(CFLAGS) $(ASAN_CFLAGS) $(CFLAGS_FLTO) -c test/unittests/preallocable.c -o test/unittests/preallocable.o
 
 unit_preallocable: test/unittests/unit_preallocable.o
-	$(CC) $(CFLAGS) -Wl,--wrap=exit -Wl,--wrap=printf test/unittests/unit_preallocable.o -o test/unittests/unit_preallocable $(LDFLAGS) -lcmocka
+	$(CC) $(CFLAGS) $(ASAN_CFLAGS) -Wl,--wrap=exit -Wl,--wrap=printf test/unittests/unit_preallocable.o -o test/unittests/unit_preallocable $(LDFLAGS) $(ASAN_LDFLAGS) -lcmocka
 	./test/unittests/unit_preallocable
 
 unit: unit_maybe_alloc unit_preallocable unit_list
@@ -472,4 +475,3 @@ install: all $(MANPAGES)
 	install -m 644 docs/*.md $${DESTDIR}$(DOC_PATH)
 	cp -r testcases/ $${DESTDIR}$(MISC_PATH)
 	cp -r dictionaries/ $${DESTDIR}$(MISC_PATH)
-
diff --git a/include/list.h b/include/list.h
index c67b24b2..a0f23c85 100644
--- a/include/list.h
+++ b/include/list.h
@@ -56,7 +56,8 @@ typedef struct list {
 
 static inline element_t *get_head(list_t *list) {
 
-  return &list->element_prealloc_buf[0];
+  /* The first element is the head */
+  return list->element_prealloc_buf;
 
 }
 
diff --git a/test/unittests/unit_list.c b/test/unittests/unit_list.c
index 6e0be7b6..7e8ef363 100644
--- a/test/unittests/unit_list.c
+++ b/test/unittests/unit_list.c
@@ -93,7 +93,7 @@ static void test_long_list(void **state) {
     list_remove(&testlist, &vals[50]);
 
     LIST_FOREACH(&testlist, u32, {
-        printf("var: %d\n", *el);
+        // printf("var: %d\n", *el);
         result2 += *el;
     });
     assert_int_not_equal(result1, result2);
diff --git a/test/unittests/unit_maybe_alloc.c b/test/unittests/unit_maybe_alloc.c
index 6a165dd4..a856fa08 100644
--- a/test/unittests/unit_maybe_alloc.c
+++ b/test/unittests/unit_maybe_alloc.c
@@ -75,7 +75,7 @@ static void test_zero_size() {
 
     char *buf = NULL;
     size_t size = 0;
-    //assert_non_null(maybe_grow(BUF_PARAMS, 0));
+    assert_non_null(maybe_grow(BUF_PARAMS, 0));
     free(buf);
     buf = NULL;
     size = 0;
@@ -87,6 +87,8 @@ static void test_zero_size() {
 
     expect_assert_failure(ck_maybe_grow(BUF_PARAMS, 0));
 
+    ck_free(ptr);
+
 }
 
 static void test_unchanged_size(void **state) {
-- 
cgit 1.4.1