diff options
| -rw-r--r-- | afl-dyninst.cc | 371 | ||||
| -rw-r--r-- | libafldyninst.cc | 17 |
2 files changed, 195 insertions, 193 deletions
diff --git a/afl-dyninst.cc b/afl-dyninst.cc index 745b072..620f588 100644 --- a/afl-dyninst.cc +++ b/afl-dyninst.cc @@ -12,35 +12,33 @@ #include "BPatch_flowGraph.h" #include "BPatch_point.h" -#include <cstdlib> #include <fcntl.h> #include <getopt.h> -#include <iostream> -#include <sstream> -#include <stdint.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <string> #include <sys/mman.h> #include <sys/stat.h> #include <sys/types.h> #include <unistd.h> -#include <vector> -using namespace std; -using namespace Dyninst; +#include <cstdint> +#include <cstdio> +#include <cstdlib> +#include <cstring> +#include <iostream> +#include <limits> +#include <sstream> +#include <string> +#include <vector> // cmd line options char *entryPointName = NULL; int verbose = 0; Dyninst::Address entryPoint; -set<string> todo; -set<string> runtimeLibraries; -set<string> skipAddresses; -set<string> onlyAddresses; -set<unsigned long> exitAddresses; +std::set<std::string> todo; +std::set<std::string> runtimeLibraries; +std::set<std::string> skipAddresses; +std::set<std::string> onlyAddresses; +std::set<unsigned long> exitAddresses; unsigned int bbMinSize = 10; int bbSkip = 0, performance = 1; bool skipMainModule = false, do_bb = true, dynfix = false; @@ -50,13 +48,15 @@ uintptr_t mapaddr = 0; BPatch_function *save_rdi; BPatch_function *restore_rdi; -const char *functions[] = {"main", "_main", "_initproc", "_init", "start", "_start", NULL}; +const char *const functions[] = { + "main", "_main", "_initproc", "_init", "start", "_start" +}; BPatch_function *findFuncByName(BPatch_image *appImage, char *funcName) { BPatch_Vector<BPatch_function *> funcs; if (NULL == appImage->findFunction(funcName, funcs) || !funcs.size() || NULL == funcs[0]) { - cerr << "Failed to find " << funcName << " function." << endl; + std::cerr << "Failed to find function " << funcName << ".\n"; return NULL; } @@ -67,20 +67,20 @@ BPatch_function *findFuncByName(BPatch_image *appImage, char *funcName) { // either at _init or at manualy specified entry point. bool insertCallToInit(BPatch_addressSpace *appBin, BPatch_function *instIncFunc, BPatch_module *module, BPatch_function *funcInit, bool install_hack) { /* Find the instrumentation points */ - vector<BPatch_point *> points; - vector<BPatch_point *> *funcEntry = funcInit->findPoint(BPatch_entry); + std::vector<BPatch_point*> points; + std::vector<BPatch_point*>* funcEntry = funcInit->findPoint(BPatch_entry); BPatch_image *appImage = appBin->getImage(); BPatchSnippetHandle *handle; if (NULL == funcEntry) { - cerr << "Failed to find entry for function. " << endl; + std::cerr << "Failed to find entry for function.\n"; return false; } // THIS BLOCK IS DISABLED - dyninst is too volatile for this to work reliably // disabled because performance can not be greater than 2 if (performance >= 3 && install_hack == true) { - cout << "Inserting global variables" << endl; + std::cerr << "Inserting global variables\n"; // we set up a fake map so we do not have crashes if the the forkserver // is not installed in _init but later for speed reasons. // we could also check in the bb() code if map == 0 but that would @@ -109,7 +109,7 @@ bool insertCallToInit(BPatch_addressSpace *appBin, BPatch_function *instIncFunc, } if (!handle) { - cerr << "Failed to insert init callback." << endl; + std::cerr << "Failed to insert init callback.\n"; return false; } return true; @@ -123,55 +123,58 @@ bool insertBBCallback(BPatch_addressSpace *appBin, BPatch_function *curFunc, cha unsigned short randID; if (!appCFG) { - cerr << "Failed to find CFG for function " << funcName << endl; + std::cerr << "Failed to find CFG for function " << funcName << std::endl; return false; } BPatch_Set<BPatch_basicBlock *> allBlocks; if (!appCFG->getAllBasicBlocks(allBlocks)) { - cerr << "Failed to find basic blocks for function " << funcName << endl; + std::cerr << "Failed to find basic blocks for function " + << funcName << std::endl; return false; } else if (allBlocks.size() == 0) { - cerr << "No basic blocks for function " << funcName << endl; + std::cerr << "No basic blocks for function " << funcName << std::endl; return false; } - BPatch_Set<BPatch_basicBlock *>::iterator iter; - for (iter = allBlocks.begin(); iter != allBlocks.end(); iter++) { - if (*bbIndex < bbSkip || (*iter)->size() < bbMinSize) { // skip over first bbSkip bbs or below minimum size + for (auto* blk : allBlocks) { + if (*bbIndex < bbSkip || blk->size() < bbMinSize) { // skip over first bbSkip bbs or below minimum size (*bbIndex)++; continue; } - BPatch_point *bbEntry = (*iter)->findEntryPoint(); + BPatch_point *bbEntry = blk->findEntryPoint(); if (performance >= 1) { - if ((*iter)->isEntryBlock() == false) { + if (blk->isEntryBlock() == false) { bool good = false; - BPatch_Vector<BPatch_basicBlock *> sources; - (*iter)->getSources(sources); + blk->getSources(sources); for (unsigned int i = 0; i < sources.size() && good == false; i++) { BPatch_Vector<BPatch_basicBlock *> targets; sources[i]->getTargets(targets); if (targets.size() > 1) good = true; } - if (good == false) + if (!good) continue; } } - unsigned long address = (*iter)->getStartAddress(); + unsigned long address = blk->getStartAddress(); randID = rand() % USHRT_MAX; - if (verbose >= 1) { - cout << "Instrumenting Basic Block 0x" << hex << address << " of " << funcName << " with size " << dec << (*iter)->size() << " with random id " << randID << "/0x" << hex << randID << endl; - } + if (verbose >= 1) + std::cerr + << "Instrumenting Basic Block 0x" << std::hex << address + << " of " << funcName << " with size " << std::dec << blk->size() + << " with random id " << randID + << "/0x" << std::hex << randID << std::endl; if (NULL == bbEntry) { // warn the user, but continue - cerr << "Failed to find entry for basic block at 0x" << hex << address << endl; + std::cerr << "Failed to find entry for basic block at 0x" + << std::hex << address << std::endl; (*bbIndex)++; continue; } @@ -208,7 +211,8 @@ bool insertBBCallback(BPatch_addressSpace *appBin, BPatch_function *curFunc, cha if (!handle) { // warn the user, but continue to next bb - cerr << "Failed to insert instrumention in basic block at 0x" << hex << address << endl; + std::cerr << "Failed to insert instrumention in basic block at 0x" + << std::hex << address << std::endl; (*bbIndex)++; continue; } else @@ -264,7 +268,7 @@ int main(int argc, char **argv) { long_options, &option_index)) != -1) { switch (c) { case 0: - if (strcmp(long_options[option_index].name, "version") == 0) { + if (std::strcmp(long_options[option_index].name, "version") == 0) { std::cout << "afl-dyninst " VERSION "\n"; return EXIT_SUCCESS; } @@ -333,9 +337,11 @@ int main(int argc, char **argv) { bpatch.setTrampRecursive(true); } + // TODO: RAII as context manager? const char *dyninstapi_rt_lib = getenv("DYNINSTAPI_RT_LIB"); if (setenv("DYNINSTAPI_RT_LIB", DYNINSTAPI_RT_LIB, true) != 0) { - cerr << "Failed to set DYNINSTAPI_RT_LIB\n"; // TODO: explain + std::cerr << "Failed to set DYNINSTAPI_RT_LIB=" + << DYNINSTAPI_RT_LIB << std::endl; // TODO: explain return EXIT_FAILURE; } BPatch_addressSpace *appBin = bpatch.openBinary(originalBinary, false); @@ -344,65 +350,61 @@ int main(int argc, char **argv) { else setenv("DYNINSTAPI_RT_LIB", dyninstapi_rt_lib, true); if (appBin == NULL) { - cerr << "Failed to open binary" << endl; + std::cerr << "Failed to open binary: " << originalBinary << std::endl; return EXIT_FAILURE; } - BPatch_image *appImage = appBin->getImage(); + BPatch_image* appImage = appBin->getImage(); // get and iterate over all modules, instrumenting only the default and manually specified ones - vector<BPatch_module *> *modules = appImage->getModules(); - vector<BPatch_module *>::iterator moduleIter; - vector<BPatch_function *> *funcsInModule; - BPatch_module *defaultModule = NULL, *firstModule = NULL; - string defaultModuleName; + std::vector<BPatch_module*>* modules = appImage->getModules(); + BPatch_module* defaultModule = NULL; + BPatch_module* firstModule = NULL; + std::string defaultModuleName; + const char* func2patch = NULL; // look for _init - char *func2patch = NULL; if (defaultModuleName.empty()) { - for (unsigned loop = 0; functions[loop] != NULL && func2patch == NULL; loop++) { - for (moduleIter = modules->begin(); moduleIter != modules->end(); ++moduleIter) { - vector<BPatch_function *>::iterator funcsIterator; - char moduleName[1024]; + for (auto* mod : *modules) { + if (firstModule == NULL) + firstModule = mod; + char moduleName[1024]; + mod->getName(moduleName, 1024); - if (firstModule == NULL) - firstModule = (*moduleIter); - (*moduleIter)->getName(moduleName, 1024); - funcsInModule = (*moduleIter)->getProcedures(); - if (verbose >= 2) - cout << "Looking for init function " << functions[loop] << " in " << moduleName << endl; - for (funcsIterator = funcsInModule->begin(); funcsIterator != funcsInModule->end(); ++funcsIterator) { - char funcName[1024]; - - (*funcsIterator)->getName(funcName, 1024); - if (verbose >= 3 && loop == 0) - printf("module: %s function: %s\n", moduleName, funcName); - if (string(funcName) == string(functions[loop])) { - func2patch = (char *)functions[loop]; - defaultModuleName = string(moduleName); - defaultModule = (*moduleIter); - if (verbose >= 1) { - cout << "Found " << func2patch << " in " << moduleName << endl; - } + for (auto* fn : *mod->getProcedures()) { + char funcName[1024]; + fn->getName(funcName, 1024); + if (verbose >= 3) + std::cerr << "Looking at function " << funcName + << " in module " << moduleName << std::endl; + + for (const auto* entry_fn : functions) + if (std::strcmp(entry_fn, funcName) == 0) { + func2patch = entry_fn; + defaultModuleName = moduleName; + defaultModule = mod; + if (verbose >= 1) + std::cerr << "Found init function " << func2patch + << " in " << moduleName << std::endl; break; } - } if (!defaultModuleName.empty()) break; } - if (func2patch != NULL) + if (!defaultModuleName.empty()) break; } } // last resort, by name of the binary if (defaultModuleName.empty()) - defaultModuleName = string(originalBinary).substr(string(originalBinary).find_last_of("\\/") + 1); + defaultModuleName = std::string(originalBinary).substr(std::string(originalBinary).find_last_of("\\/") + 1); if (defaultModule == NULL) defaultModule = firstModule; if (!appBin->loadLibrary(AFL_DYNINST_LIB)) { - cerr << "Failed to open instrumentation library " << AFL_DYNINST_LIB << endl; - cerr << "It needs to be located in the current working directory." << endl; + std::cerr << "Failed to open instrumentation library: " + << AFL_DYNINST_LIB << std::endl; + std::cerr << "It needs to be located in the current working directory.\n"; return EXIT_FAILURE; } @@ -421,7 +423,8 @@ int main(int argc, char **argv) { initAflForkServer = findFuncByName(appImage, (char *)"initOnlyAflForkServer"); if (!initAflForkServer || !bbCallback || !forceCleanExit) { - cerr << "Instrumentation library lacks callbacks!" << endl; + std::cerr << "Instrumentation library lacks callbacks: " + << AFL_DYNINST_LIB << std::endl; return EXIT_FAILURE; } @@ -432,35 +435,37 @@ int main(int argc, char **argv) { if (entryPoint == 0 && entryPointName == NULL) { if (func2patch == NULL) { - cerr << "Couldn't locate _init, specify entry point manually with -e 0xaddr" << endl; + std::cerr << "Couldn't locate entry point," + " specify entry point manually with --entry=ADDR\n"; return EXIT_FAILURE; } BPatch_Vector<BPatch_function *> funcs; defaultModule->findFunction(func2patch, funcs); if (!funcs.size()) { - cerr << "Couldn't locate _init, specify entry point manually with -e 0xaddr" << endl; + std::cerr << "Couldn't locate entry point," + " specify entry point manually with --entry=ADDR\n"; return EXIT_FAILURE; } // there should really be only one funcToPatch = funcs[0]; } else { if (entryPointName != NULL) { - for (moduleIter = modules->begin(); moduleIter != modules->end() && funcToPatch == 0; ++moduleIter) { - BPatch_Vector<BPatch_function *> funcs; - (*moduleIter)->findFunction(entryPointName, funcs); + for (auto* mod : *modules) { + BPatch_Vector<BPatch_function*> funcs; + mod->findFunction(entryPointName, funcs); if (funcs.size() > 0) { char moduleName[1024]; - funcToPatch = funcs[0]; - defaultModule = (*moduleIter); + defaultModule = mod; defaultModule->getName(moduleName, 1024); - defaultModuleName = string(moduleName); - printf("Found entypoint %s in module %s\n", entryPointName, moduleName); + defaultModuleName = moduleName; + std::cerr << "Found entry point " << entryPointName + << " in module " << moduleName << std::endl; break; } } } - if (!funcToPatch) { + if (funcToPatch == NULL) { if (verbose > 1) printf("Looking for entrypoint %p\n", (char *)entryPoint); funcToPatch = defaultModule->findFunctionByEntry(entryPoint); @@ -471,79 +476,83 @@ int main(int argc, char **argv) { } if (!funcToPatch) { // ok lets go hardcore ... if (verbose > 1) - printf("OK we did not find the entrypoint so far, lets dig deeper ...\n"); - for (moduleIter = modules->begin(); moduleIter != modules->end() && funcToPatch != NULL; ++moduleIter) { - vector<BPatch_function *>::iterator funcsIterator; - funcToPatch = (*moduleIter)->findFunctionByEntry(entryPoint); - if (funcToPatch) - defaultModule = (*moduleIter); + std::cerr << "OK we did not find the entry point so far," + " lets dig deeper ...\n"; + for (auto* mod : *modules) { + funcToPatch = mod->findFunctionByEntry(entryPoint); + if (funcToPatch) { + defaultModule = mod; + break; + } } } if (funcToPatch && verbose >= 1) { char moduleName[1024]; defaultModule->getName(moduleName, 1024); - defaultModuleName = string(moduleName); - printf("Found entypoint %p in module %s\n", (void *)entryPoint, moduleName); + defaultModuleName = moduleName; + std::cerr << "Found entry point " << std::hex << entryPoint + << " in module " << moduleName << std::endl; } } } - if (!funcToPatch) { - cerr << "Couldn't locate function at given entry point. " << endl; - cerr << "Try: readelf -ls " << originalBinary << " | egrep 'Entry|FUNC.*GLOBAL.*DEFAULT' | egrep -v '@|UND'" << endl; + if (funcToPatch == NULL) { + std::cerr << "Couldn't locate function at given entry point.\n" + << "Try: readelf -ls " << originalBinary + << " | egrep 'Entry|FUNC.*GLOBAL.*DEFAULT' | egrep -v '@|UND'\n"; return EXIT_FAILURE; } if (!insertCallToInit(appBin, initAflForkServer, defaultModule, funcToPatch, true)) { - cerr << "Could not insert init callback at given entry point." << endl; + std::cerr << "Could not insert init callback at given entry point.\n"; return EXIT_FAILURE; } - for (moduleIter = modules->begin(); moduleIter != modules->end(); ++moduleIter) { + for (auto* mod : *modules) { + if (mod->isSharedLib()) + continue; char moduleName[1024]; - - (*moduleIter)->getName(moduleName, 1024); - if ((*moduleIter)->isSharedLib()) + mod->getName(moduleName, 1024); + if (std::string(moduleName).find(defaultModuleName) != std::string::npos + && skipMainModule) continue; - if (string(moduleName).find(defaultModuleName) != string::npos) { - if (skipMainModule) - continue; - } - if (do_bb == true) { - cout << "Instrumenting module: " << moduleName << endl; - vector<BPatch_function *> *allFunctions = (*moduleIter)->getProcedures(); - vector<BPatch_function *>::iterator funcIter; + std::cerr << "Instrumenting module: " << moduleName << std::endl; // iterate over all functions in the module - for (funcIter = allFunctions->begin(); funcIter != allFunctions->end(); ++funcIter) { - BPatch_function *curFunc = *funcIter; + for (auto* curFunc : *mod->getProcedures()) { char funcName[1024]; - int do_patch = 1; - curFunc->getName(funcName, 1024); - if (string(funcName) == string("_init") || string(funcName) == string("__libc_csu_init") || string(funcName) == string("_start")) { + if (std::strcmp(funcName, "_init") == 0 + || std::strcmp(funcName, "__libc_csu_init") == 0 + || std::strcmp(funcName, "_start") == 0) { if (verbose) - cout << "Skipping instrumenting function " << funcName << endl; + std::cerr << "Skipping instrumenting function " + << funcName << std::endl; continue; // here's a bug on hlt // XXX: check what happens if removed } if (!skipAddresses.empty()) { - set<string>::iterator saiter; - for (saiter = skipAddresses.begin(); saiter != skipAddresses.end() && do_patch == 1; saiter++) - if (*saiter == string(funcName)) - do_patch = 0; - if (do_patch == 0) { - cout << "Skipping instrumenting function " << funcName << endl; + bool do_patch = true; + for (const auto& sa : skipAddresses) + if (sa == funcName) { + do_patch = false; + break; + } + if (!do_patch) { + std::cerr << "Skipping instrumenting function " + << funcName << std::endl; continue; } } if (!onlyAddresses.empty()) { - do_patch = 0; - set<string>::iterator saiter; - for (saiter = onlyAddresses.begin(); saiter != onlyAddresses.end() && do_patch == 1; saiter++) - if (*saiter == string(funcName)) - do_patch = 1; - if (do_patch == 0) { - cout << "Skipping instrumenting function " << funcName << endl; + bool do_patch = false; + for (const auto& oa : skipAddresses) + if (oa == funcName) { + do_patch = true; + break; + } + if (!do_patch) { + std::cerr << "Skipping instrumenting function " + << funcName << std::endl; continue; } } @@ -553,68 +562,62 @@ int main(int argc, char **argv) { } if (!exitAddresses.empty()) { - cout << "Instrumenting forced exit addresses." << endl; - set<unsigned long>::iterator uliter; - - for (uliter = exitAddresses.begin(); uliter != exitAddresses.end(); uliter++) { - if (*uliter > 0 && (signed long)*uliter != -1) { - funcToPatch = defaultModule->findFunctionByEntry(*uliter); - if (!funcToPatch) { - cerr << "Could not find enty point 0x" << hex << *uliter << " (continuing)" << endl; - } else { - if (!insertCallToInit(appBin, forceCleanExit, defaultModule, funcToPatch, false)) - cerr << "Could not insert force clean exit callback at 0x" << hex << *uliter << " (continuing)" << endl; - } + std::cerr << "Instrumenting forced exit addresses.\n"; + for (const unsigned long& addr : exitAddresses) + if (addr > 0 && addr != std::numeric_limits<unsigned long>::max()) { + funcToPatch = defaultModule->findFunctionByEntry(addr); + if (!funcToPatch) + std::cerr << "Could not find entry point 0x" + << std::hex << addr << " (continuing)\n"; + else if (!insertCallToInit(appBin, forceCleanExit, defaultModule, + funcToPatch, false)) + std::cerr << "Could not insert force clean exit callback at 0x" + << std::hex << addr << " (continuing)\n"; } - } } // Output the instrumented binary BPatch_binaryEdit *appBinr = dynamic_cast<BPatch_binaryEdit *>(appBin); if (!appBinr->writeFile(instrumentedBinary)) { - cerr << "Failed to write output file: " << instrumentedBinary << endl; + std::cerr << "Failed to write output file: " + << instrumentedBinary << std::endl; return EXIT_FAILURE; } todo.insert(instrumentedBinary); if (!runtimeLibraries.empty()) { - cout << "Instrumenting runtime libraries." << endl; - set<string>::iterator rtLibIter; - for (rtLibIter = runtimeLibraries.begin(); rtLibIter != runtimeLibraries.end(); rtLibIter++) { - BPatch_addressSpace *libBin = bpatch.openBinary((*rtLibIter).c_str(), false); + std::cerr << "Instrumenting runtime libraries.\n"; + for (const auto& lib : runtimeLibraries) { + BPatch_addressSpace *libBin = bpatch.openBinary(lib.c_str(), false); if (libBin == NULL) { - cerr << "Failed to open binary " << *rtLibIter << endl; + std::cerr << "Failed to open binary " << lib << std::endl; return EXIT_FAILURE; } BPatch_image *libImg = libBin->getImage(); - vector<BPatch_module *> *modules = libImg->getModules(); - moduleIter = modules->begin(); - for (; moduleIter != modules->end(); ++moduleIter) { + std::vector<BPatch_module*>* modules = libImg->getModules(); + for (auto* mod : *modules) { char moduleName[1024]; - - (*moduleIter)->getName(moduleName, 1024); - cout << "Instrumenting module: " << moduleName << endl; - vector<BPatch_function *> *allFunctions = (*moduleIter)->getProcedures(); - vector<BPatch_function *>::iterator funcIter; + mod->getName(moduleName, 1024); + std::cerr << "Instrumenting module: " << moduleName << std::endl; // iterate over all functions in the module - for (funcIter = allFunctions->begin(); funcIter != allFunctions->end(); ++funcIter) { - BPatch_function *curFunc = *funcIter; + for (auto* curFunc : *mod->getProcedures()) { char funcName[1024]; - int do_patch = 1; - curFunc->getName(funcName, 1024); - if (string(funcName) == string("_init") || string(funcName) == string("__libc_csu_init") || string(funcName) == string("_start")) - continue; + if (std::strcmp(funcName, "_init") == 0 + || std::strcmp(funcName, "__libc_csu_init") == 0 + || std::strcmp(funcName, "_start") == 0) + continue; // TODO: DRY if (!skipAddresses.empty()) { - set<string>::iterator saiter; - for (saiter = skipAddresses.begin(); saiter != skipAddresses.end() && do_patch == 1; saiter++) - if (*saiter == string(funcName)) - do_patch = 0; - if (do_patch == 0) { - cout << "Skipping instrumenting function " << funcName << endl; + bool do_patch = true; + for (const auto& sa : skipAddresses) + if (sa == funcName) + do_patch = false; + if (!do_patch) { + std::cerr << "Skipping instrumenting function " + << funcName << std::endl; continue; } } @@ -623,17 +626,17 @@ int main(int argc, char **argv) { } } appBinr = dynamic_cast<BPatch_binaryEdit *>(libBin); - if (!appBinr->writeFile((*rtLibIter + ".ins").c_str())) { - cerr << "Failed to write output file: " << (*rtLibIter + ".ins").c_str() << endl; + const char* const ins = (lib + ".ins").c_str(); + if (!appBinr->writeFile(ins)) { + std::cerr << "Failed to write output file: " << ins << std::endl; return EXIT_FAILURE; } else { - cout << "Saved the instrumented library to " << (*rtLibIter + ".ins").c_str() << "." << endl; - todo.insert(*rtLibIter + ".ins"); + std::cerr << "Saved the instrumented library to " << ins << ".\n"; + todo.insert(lib + ".ins"); } } } - - printf("Did a total of %lu basic block insertions\n", insertions); + std::cerr << "Did a total of " << insertions << " basic block insertions\n"; if (performance >= 3) { int fd; @@ -649,15 +652,15 @@ int main(int argc, char **argv) { mapaddr += sizeof(mapaddr); memcpy(snip2, (char *)&mapaddr, sizeof(mapaddr)); memcpy(fullsnip + 24, (char *)&mapaddr, sizeof(mapaddr)); - set<string>::iterator fn; - for (fn = todo.begin(); fn != todo.end(); fn++) { - cout << "Reinstrumenting " << *fn << " ..." << endl; - if ((fd = open((const char *)(fn->c_str()), O_RDWR)) == -1 || fstat(fd, &st) != 0) { - cerr << "Error: file is gone: " << *fn << endl; + for (const auto& fn : todo) { + std::cerr << "Reinstrumenting " << fn << " ..." << std::endl; + if ((fd = open(fn.c_str(), O_RDWR)) == -1 || fstat(fd, &st) != 0) { + std::cerr << "Error: file is gone: " << fn << std::endl; exit(-1); } - if ((size_t)st.st_size < (size_t)sizeof(fullsnip)) { - cerr << "Error: somethings horrible wrong here with " << *fn << " ..." << endl; + if ((size_t) st.st_size < sizeof(fullsnip)) { + std::cerr << "Error: somethings horrible wrong here with " + << fn << " ..." << std::endl; continue; } ptr = (unsigned char *)mmap(NULL, st.st_size, PROT_WRITE | PROT_READ, MAP_SHARED, fd, 0); diff --git a/libafldyninst.cc b/libafldyninst.cc index 2919c5c..693724e 100644 --- a/libafldyninst.cc +++ b/libafldyninst.cc @@ -7,23 +7,22 @@ // SPDX-FileCopyrightText: 2024 Nguyễn Gia Phong <cnx@loang.net> // SPDX-License-Identifier: AGPL-3.0-or-later -#include "afl/config.h" -#include "afl/types.h" +#include <afl/config.h> +#include <afl/types.h> -#include <algorithm> -#include <cstdio> -#include <cstdlib> -#include <cstring> #include <fcntl.h> -#include <iostream> #include <sys/shm.h> #include <sys/stat.h> #include <sys/types.h> #include <sys/wait.h> #include <unistd.h> -#include <vector> -using namespace std; +#include <algorithm> +#include <cstdio> +#include <cstdlib> +#include <cstring> +#include <iostream> +#include <vector> static u8 dummy[65536]; static u8 *__afl_area_ptr = dummy; // this saves a test + jz instruction |