From 02db8685f10246bd458dcf324b6a179b0dbfaf5d Mon Sep 17 00:00:00 2001
From: Laszlo Szekeres <lszekeres@google.com>
Date: Fri, 16 Sep 2022 23:04:47 -0400
Subject: Fix null pointers.

---
 utils/aflpp_driver/aflpp_driver.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'utils/aflpp_driver/aflpp_driver.c')

diff --git a/utils/aflpp_driver/aflpp_driver.c b/utils/aflpp_driver/aflpp_driver.c
index 52b98f41..3961b401 100644
--- a/utils/aflpp_driver/aflpp_driver.c
+++ b/utils/aflpp_driver/aflpp_driver.c
@@ -198,7 +198,8 @@ size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize) {
 }
 
 // Execute any files provided as parameters.
-static int ExecuteFilesOnyByOne(int argc, char **argv) {
+static int ExecuteFilesOnyByOne(int argc, char **argv, 
+                                int (*callback)(const uint8_t *data, size_t size)) {
 
   unsigned char *buf = (unsigned char *)malloc(MAX_FILE);
 
@@ -234,7 +235,7 @@ static int ExecuteFilesOnyByOne(int argc, char **argv) {
       prev_length = length;
 
       printf("Reading %zu bytes from %s\n", length, argv[i]);
-      LLVMFuzzerTestOneInput(buf, length);
+      callback(buf, length);
       printf("Execution successful.\n");
 
     }
@@ -312,7 +313,7 @@ int LLVMFuzzerRunDriver(int *argcp, char ***argvp,
 
     __afl_sharedmem_fuzzing = 0;
     __afl_manual_init();
-    return ExecuteFilesOnyByOne(argc, argv);
+    return ExecuteFilesOnyByOne(argc, argv, callback);
 
   } else if (argc == 2 && argv[1][0] == '-') {
 
@@ -328,7 +329,7 @@ int LLVMFuzzerRunDriver(int *argcp, char ***argvp,
 
     if (argc == 2) { __afl_manual_init(); }
 
-    return ExecuteFilesOnyByOne(argc, argv);
+    return ExecuteFilesOnyByOne(argc, argv, callback);
 
   }
 
@@ -338,7 +339,7 @@ int LLVMFuzzerRunDriver(int *argcp, char ***argvp,
 
   // Call LLVMFuzzerTestOneInput here so that coverage caused by initialization
   // on the first execution of LLVMFuzzerTestOneInput is ignored.
-  LLVMFuzzerTestOneInput(dummy_input, 4);
+  callback(dummy_input, 4);
 
   __asan_poison_memory_region(__afl_fuzz_ptr, MAX_FILE);
   size_t prev_length = 0;
@@ -375,7 +376,7 @@ int LLVMFuzzerRunDriver(int *argcp, char ***argvp,
 
     while (__afl_persistent_loop(N)) {
 
-      LLVMFuzzerTestOneInput(__afl_fuzz_ptr, *__afl_fuzz_len);
+      callback(__afl_fuzz_ptr, *__afl_fuzz_len);
 
     }
 
-- 
cgit 1.4.1


From 0623a73a5cb8a0c2cff32413df9f4c5c69b8e339 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Sat, 17 Sep 2022 11:56:39 +0200
Subject: fix docs

---
 src/afl-cc.c                      | 4 ++--
 src/afl-fuzz-init.c               | 4 +++-
 src/afl-fuzz.c                    | 6 +++---
 src/afl-gotcpu.c                  | 3 ++-
 utils/aflpp_driver/aflpp_driver.c | 5 +++--
 5 files changed, 13 insertions(+), 9 deletions(-)

(limited to 'utils/aflpp_driver/aflpp_driver.c')

diff --git a/src/afl-cc.c b/src/afl-cc.c
index 5e7a9c9e..53fba1e7 100644
--- a/src/afl-cc.c
+++ b/src/afl-cc.c
@@ -668,8 +668,8 @@ static void edit_params(u32 argc, char **argv, char **envp) {
 
 #if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 15
       // The NewPM implementation only works fully since LLVM 15.
-      cc_params[cc_par_cnt++] =
-          alloc_printf("-Wl,--load-pass-plugin=%s/SanitizerCoverageLTO.so", obj_path);
+      cc_params[cc_par_cnt++] = alloc_printf(
+          "-Wl,--load-pass-plugin=%s/SanitizerCoverageLTO.so", obj_path);
 #elif defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 13
       cc_params[cc_par_cnt++] = "-Wl,--lto-legacy-pass-manager";
       cc_params[cc_par_cnt++] =
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index 4ffcfd2b..e41d29fd 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -2420,7 +2420,9 @@ void get_core_count(afl_state_t *afl) {
 
       } else if ((s64)cur_runnable + 1 <= (s64)afl->cpu_core_count) {
 
-        OKF("Try parallel jobs - see %s/parallel_fuzzing.md.", doc_path);
+        OKF("Try parallel jobs - see "
+            "%s/fuzzing_in_depth.md#c-using-multiple-cores",
+            doc_path);
 
       }
 
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 1f0fcab1..294c42f6 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -192,9 +192,9 @@ static void usage(u8 *argv0, int more_help) {
       "executions.\n\n"
 
       "Other stuff:\n"
-      "  -M/-S id      - distributed mode (see docs/parallel_fuzzing.md)\n"
-      "                  -M auto-sets -D, -Z (use -d to disable -D) and no "
-      "trimming\n"
+      "  -M/-S id      - distributed mode (-M sets -Z and disables trimming)\n"
+      "                  see docs/fuzzing_in_depth.md#c-using-multiple-cores\n"
+      "                  for effective recommendations for parallel fuzzing.\n"
       "  -F path       - sync to a foreign fuzzer queue directory (requires "
       "-M, can\n"
       "                  be specified up to %u times)\n"
diff --git a/src/afl-gotcpu.c b/src/afl-gotcpu.c
index 539206ce..eee642fb 100644
--- a/src/afl-gotcpu.c
+++ b/src/afl-gotcpu.c
@@ -19,7 +19,8 @@
 
    This tool provides a fairly accurate measurement of CPU preemption rate.
    It is meant to complement the quick-and-dirty load average widget shown
-   in the afl-fuzz UI. See docs/parallel_fuzzing.md for more info.
+   in the afl-fuzz UI. See docs/fuzzing_in_depth.md#c-using-multiple-cores
+   for more info.
 
    For some work loads, the tool may actually suggest running more instances
    than you have CPU cores. This can happen if the tested program is spending
diff --git a/utils/aflpp_driver/aflpp_driver.c b/utils/aflpp_driver/aflpp_driver.c
index 3961b401..7e553723 100644
--- a/utils/aflpp_driver/aflpp_driver.c
+++ b/utils/aflpp_driver/aflpp_driver.c
@@ -198,8 +198,9 @@ size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize) {
 }
 
 // Execute any files provided as parameters.
-static int ExecuteFilesOnyByOne(int argc, char **argv, 
-                                int (*callback)(const uint8_t *data, size_t size)) {
+static int ExecuteFilesOnyByOne(int argc, char **argv,
+                                int (*callback)(const uint8_t *data,
+                                                size_t         size)) {
 
   unsigned char *buf = (unsigned char *)malloc(MAX_FILE);
 
-- 
cgit 1.4.1