ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-12 10:08:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix warning, code format

Browse Source
This commit is contained in:
van Hauser
2020-05-10 11:35:31 +02:00
parent 3beec8d4fa
commit 26f8708fed
42 changed files with 656 additions and 658 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
examples/afl_network_proxy/afl-network-client.c
View File

@ -15,7 +15,7 @@
*/ */
#ifdef __ANDROID__ #ifdef __ANDROID__
#include "android-ashmem.h" # include "android-ashmem.h"
#endif #endif
#include "config.h" #include "config.h"
#include "types.h" #include "types.h"
@ -42,7 +42,7 @@
#include <fcntl.h> #include <fcntl.h>
#ifdef USE_DEFLATE #ifdef USE_DEFLATE
#include <libdeflate.h> # include <libdeflate.h>
#endif #endif
u8 *__afl_area_ptr; u8 *__afl_area_ptr;
@ -321,7 +321,7 @@ int main(int argc, char *argv[]) {
// fprintf(stderr, "Sending testcase with len %u\n", *lenptr); // fprintf(stderr, "Sending testcase with len %u\n", *lenptr);
#ifdef USE_DEFLATE #ifdef USE_DEFLATE
#ifdef COMPRESS_TESTCASES # ifdef COMPRESS_TESTCASES
// we only compress the testcase if it does not fit in the TCP packet // we only compress the testcase if it does not fit in the TCP packet
if (*lenptr > 1500 - 20 - 32 - 4) { if (*lenptr > 1500 - 20 - 32 - 4) {
@ -341,17 +341,17 @@ int main(int argc, char *argv[]) {
} else { } else {
#endif # endif
#endif #endif
if (send(s, buf, *lenptr + 4, 0) != *lenptr + 4) if (send(s, buf, *lenptr + 4, 0) != *lenptr + 4)
PFATAL("sending test data failed"); PFATAL("sending test data failed");
#ifdef USE_DEFLATE #ifdef USE_DEFLATE
#ifdef COMPRESS_TESTCASES # ifdef COMPRESS_TESTCASES
// fprintf(stderr, "unCOMPRESS (%u)\n", *lenptr); // fprintf(stderr, "unCOMPRESS (%u)\n", *lenptr);
} }
#endif # endif
#endif #endif
received = 0; received = 0;

4
examples/afl_network_proxy/afl-network-server.c
View File

@ -25,7 +25,7 @@
#define AFL_MAIN #define AFL_MAIN
#ifdef __ANDROID__ #ifdef __ANDROID__
#include "android-ashmem.h" # include "android-ashmem.h"
#endif #endif
#include "config.h" #include "config.h"
@ -62,7 +62,7 @@
#include <netdb.h> #include <netdb.h>
#ifdef USE_DEFLATE #ifdef USE_DEFLATE
#include <libdeflate.h> # include <libdeflate.h>
struct libdeflate_compressor * compressor; struct libdeflate_compressor * compressor;
struct libdeflate_decompressor *decompressor; struct libdeflate_decompressor *decompressor;
#endif #endif

2
examples/afl_proxy/afl-proxy.c
View File

@ -24,7 +24,7 @@
*/ */
#ifdef __ANDROID__ #ifdef __ANDROID__
#include "android-ashmem.h" # include "android-ashmem.h"
#endif #endif
#include "config.h" #include "config.h"
#include "types.h" #include "types.h"

42
examples/afl_untracer/afl-untracer.c
View File

@ -34,7 +34,7 @@
#define _GNU_SOURCE #define _GNU_SOURCE
#ifdef __ANDROID__ #ifdef __ANDROID__
#include "android-ashmem.h" # include "android-ashmem.h"
#endif #endif
#include "config.h" #include "config.h"
#include "types.h" #include "types.h"
@ -58,14 +58,14 @@
#include <sys/types.h> #include <sys/types.h>
#if defined(__linux__) #if defined(__linux__)
#include <sys/ucontext.h> # include <sys/ucontext.h>
#elif defined(__APPLE__) && defined(__LP64__) #elif defined(__APPLE__) && defined(__LP64__)
#include <mach-o/dyld_images.h> # include <mach-o/dyld_images.h>
#elif defined(__FreeBSD__) #elif defined(__FreeBSD__)
#include <sys/sysctl.h> # include <sys/sysctl.h>
#include <sys/user.h> # include <sys/user.h>
#else #else
#error "Unsupported platform" # error "Unsupported platform"
#endif #endif
#define MEMORY_MAP_DECREMENT 0x200000000000 #define MEMORY_MAP_DECREMENT 0x200000000000
@ -446,15 +446,15 @@ static void __afl_end_testcase(int status) {
} }
#ifdef __aarch64__ #ifdef __aarch64__
#define SHADOW(addr) \ # define SHADOW(addr) \
((uint64_t *)(((uintptr_t)addr & 0xfffffffffffffff8) - \ ((uint64_t *)(((uintptr_t)addr & 0xfffffffffffffff8) - \
MEMORY_MAP_DECREMENT - \ MEMORY_MAP_DECREMENT - \
((uintptr_t)addr & 0x7) * 0x10000000000)) ((uintptr_t)addr & 0x7) * 0x10000000000))
#else #else
#define SHADOW(addr) \ # define SHADOW(addr) \
((uint32_t *)(((uintptr_t)addr & 0xfffffffffffffffc) - \ ((uint32_t *)(((uintptr_t)addr & 0xfffffffffffffffc) - \
MEMORY_MAP_DECREMENT - \ MEMORY_MAP_DECREMENT - \
((uintptr_t)addr & 0x3) * 0x10000000000)) ((uintptr_t)addr & 0x3) * 0x10000000000))
#endif #endif
void setup_trap_instrumentation() { void setup_trap_instrumentation() {
@ -583,7 +583,7 @@ void setup_trap_instrumentation() {
#else #else
// this will be ARM and AARCH64 // this will be ARM and AARCH64
// for ARM we will need to identify if the code is in thumb or ARM // for ARM we will need to identify if the code is in thumb or ARM
#error "non x86_64/aarch64 not supported yet" # error "non x86_64/aarch64 not supported yet"
//__arm__: //__arm__:
// linux thumb: 0xde01 // linux thumb: 0xde01
// linux arm: 0xe7f001f0 // linux arm: 0xe7f001f0
@ -622,20 +622,20 @@ static void sigtrap_handler(int signum, siginfo_t *si, void *context) {
ctx->uc_mcontext->__ss.__rip -= 1; ctx->uc_mcontext->__ss.__rip -= 1;
addr = ctx->uc_mcontext->__ss.__rip; addr = ctx->uc_mcontext->__ss.__rip;
#elif defined(__linux__) #elif defined(__linux__)
#if defined(__x86_64__) || defined(__i386__) # if defined(__x86_64__) || defined(__i386__)
ctx->uc_mcontext.gregs[REG_RIP] -= 1; ctx->uc_mcontext.gregs[REG_RIP] -= 1;
addr = ctx->uc_mcontext.gregs[REG_RIP]; addr = ctx->uc_mcontext.gregs[REG_RIP];
#elif defined(__aarch64__) # elif defined(__aarch64__)
ctx->uc_mcontext.pc -= 4; ctx->uc_mcontext.pc -= 4;
addr = ctx->uc_mcontext.pc; addr = ctx->uc_mcontext.pc;
#else # else
#error "Unsupported processor" # error "Unsupported processor"
#endif # endif
#elif defined(__FreeBSD__) && defined(__LP64__) #elif defined(__FreeBSD__) && defined(__LP64__)
ctx->uc_mcontext.mc_rip -= 1; ctx->uc_mcontext.mc_rip -= 1;
addr = ctx->uc_mcontext.mc_rip; addr = ctx->uc_mcontext.mc_rip;
#else #else
#error "Unsupported platform" # error "Unsupported platform"
#endif #endif
// fprintf(stderr, "TRAP at context addr = %lx, fault addr = %lx\n", addr, // fprintf(stderr, "TRAP at context addr = %lx, fault addr = %lx\n", addr,

10
gcc_plugin/afl-gcc-pass.so.cc
View File

@ -55,10 +55,10 @@
/* clear helper macros AFL types pull in, which intervene with gcc-plugin /* clear helper macros AFL types pull in, which intervene with gcc-plugin
* headers from GCC-8 */ * headers from GCC-8 */
#ifdef likely #ifdef likely
#undef likely # undef likely
#endif #endif
#ifdef unlikely #ifdef unlikely
#undef unlikely # undef unlikely
#endif #endif
#include <stdio.h> #include <stdio.h>
@ -295,16 +295,16 @@ static unsigned int inline_instrument(function *fun) {
update_stmt(g); update_stmt(g);
#if 1 #if 1
#if 0 # if 0
tree addr = build2(ADDR_EXPR, map_type, map_ptr, area_off); tree addr = build2(ADDR_EXPR, map_type, map_ptr, area_off);
g = gimple_build_assign(map_ptr2, MODIFY_EXPR, addr); g = gimple_build_assign(map_ptr2, MODIFY_EXPR, addr);
gimple_seq_add_stmt(&seq, g); // map_ptr2 = map_ptr + area_off gimple_seq_add_stmt(&seq, g); // map_ptr2 = map_ptr + area_off
update_stmt(g); update_stmt(g);
#else # else
g = gimple_build_assign(map_ptr2, PLUS_EXPR, map_ptr, area_off); g = gimple_build_assign(map_ptr2, PLUS_EXPR, map_ptr, area_off);
gimple_seq_add_stmt(&seq, g); // map_ptr2 = map_ptr + area_off gimple_seq_add_stmt(&seq, g); // map_ptr2 = map_ptr + area_off
update_stmt(g); update_stmt(g);
#endif # endif
// gimple_assign <mem_ref, _3, *p_6, NULL, NULL> // gimple_assign <mem_ref, _3, *p_6, NULL, NULL>
tree tmp1 = create_tmp_var_raw(unsigned_char_type_node, "tmp1"); tree tmp1 = create_tmp_var_raw(unsigned_char_type_node, "tmp1");

4
gcc_plugin/afl-gcc-rt.o.c
View File

@ -20,13 +20,13 @@
*/ */
#ifdef __ANDROID__ #ifdef __ANDROID__
#include "android-ashmem.h" # include "android-ashmem.h"
#endif #endif
#include "../config.h" #include "../config.h"
#include "../types.h" #include "../types.h"
#ifdef USEMMAP #ifdef USEMMAP
#include <stdio.h> # include <stdio.h>
#endif #endif
#include <stdlib.h> #include <stdlib.h>
#include <signal.h> #include <signal.h>

12
include/afl-as.h
View File

@ -404,9 +404,9 @@ static const u8 *main_payload_32 =
recognize .string. */ recognize .string. */
#ifdef __APPLE__ #ifdef __APPLE__
#define CALL_L64(str) "call _" str "\n" # define CALL_L64(str) "call _" str "\n"
#else #else
#define CALL_L64(str) "call " str "@PLT\n" # define CALL_L64(str) "call " str "@PLT\n"
#endif /* ^__APPLE__ */ #endif /* ^__APPLE__ */
static const u8 *main_payload_64 = static const u8 *main_payload_64 =
@ -744,9 +744,9 @@ static const u8 *main_payload_64 =
#ifdef __APPLE__ #ifdef __APPLE__
" .comm __afl_area_ptr, 8\n" " .comm __afl_area_ptr, 8\n"
#ifndef COVERAGE_ONLY # ifndef COVERAGE_ONLY
" .comm __afl_prev_loc, 8\n" " .comm __afl_prev_loc, 8\n"
#endif /* !COVERAGE_ONLY */ # endif /* !COVERAGE_ONLY */
" .comm __afl_fork_pid, 4\n" " .comm __afl_fork_pid, 4\n"
" .comm __afl_temp, 4\n" " .comm __afl_temp, 4\n"
" .comm __afl_setup_failure, 1\n" " .comm __afl_setup_failure, 1\n"
@ -754,9 +754,9 @@ static const u8 *main_payload_64 =
#else #else
" .lcomm __afl_area_ptr, 8\n" " .lcomm __afl_area_ptr, 8\n"
#ifndef COVERAGE_ONLY # ifndef COVERAGE_ONLY
" .lcomm __afl_prev_loc, 8\n" " .lcomm __afl_prev_loc, 8\n"
#endif /* !COVERAGE_ONLY */ # endif /* !COVERAGE_ONLY */
" .lcomm __afl_fork_pid, 4\n" " .lcomm __afl_fork_pid, 4\n"
" .lcomm __afl_temp, 4\n" " .lcomm __afl_temp, 4\n"
" .lcomm __afl_setup_failure, 1\n" " .lcomm __afl_setup_failure, 1\n"

82
include/afl-fuzz.h
View File

@ -31,14 +31,14 @@
#define MESSAGES_TO_STDOUT #define MESSAGES_TO_STDOUT
#ifndef _GNU_SOURCE #ifndef _GNU_SOURCE
#define _GNU_SOURCE 1 # define _GNU_SOURCE 1
#endif #endif
#ifndef _FILE_OFFSET_BITS #ifndef _FILE_OFFSET_BITS
#define _FILE_OFFSET_BITS 64 # define _FILE_OFFSET_BITS 64
#endif #endif
#ifdef __ANDROID__ #ifdef __ANDROID__
#include "android-ashmem.h" # include "android-ashmem.h"
#endif #endif
#include "config.h" #include "config.h"
@ -76,7 +76,7 @@
#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || \ #if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || \
defined(__NetBSD__) || defined(__DragonFly__) defined(__NetBSD__) || defined(__DragonFly__)
#include <sys/sysctl.h> # include <sys/sysctl.h>
#endif /* __APPLE__ || __FreeBSD__ || __OpenBSD__ */ #endif /* __APPLE__ || __FreeBSD__ || __OpenBSD__ */
/* For systems that have sched_setaffinity; right now just Linux, but one /* For systems that have sched_setaffinity; right now just Linux, but one
@ -84,31 +84,31 @@
#if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__) || \ #if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__) || \
defined(__DragonFly__) defined(__DragonFly__)
#define HAVE_AFFINITY 1 # define HAVE_AFFINITY 1
#if defined(__FreeBSD__) || defined(__DragonFly__) # if defined(__FreeBSD__) || defined(__DragonFly__)
#include <sys/param.h> # include <sys/param.h>
#if defined(__FreeBSD__) # if defined(__FreeBSD__)
#include <sys/cpuset.h> # include <sys/cpuset.h>
#endif # endif
#include <sys/user.h> # include <sys/user.h>
#include <pthread.h> # include <pthread.h>
#include <pthread_np.h> # include <pthread_np.h>
#define cpu_set_t cpuset_t # define cpu_set_t cpuset_t
#elif defined(__NetBSD__) # elif defined(__NetBSD__)
#include <pthread.h> # include <pthread.h>
#endif # endif
#endif /* __linux__ */ #endif /* __linux__ */
#ifdef __APPLE__ #ifdef __APPLE__
#include <TargetConditionals.h> # include <TargetConditionals.h>
#endif #endif
#undef LIST_FOREACH /* clashes with FreeBSD */ #undef LIST_FOREACH /* clashes with FreeBSD */
#include "list.h" #include "list.h"
#ifndef SIMPLE_FILES #ifndef SIMPLE_FILES
#define CASE_PREFIX "id:" # define CASE_PREFIX "id:"
#else #else
#define CASE_PREFIX "id_" # define CASE_PREFIX "id_"
#endif /* ^!SIMPLE_FILES */ #endif /* ^!SIMPLE_FILES */
#define STAGE_BUF_SIZE (64) /* usable size for stage name buf in afl_state */ #define STAGE_BUF_SIZE (64) /* usable size for stage name buf in afl_state */
@ -232,29 +232,29 @@ enum {
#ifdef USE_PYTHON #ifdef USE_PYTHON
// because Python sets stuff it should not ... // because Python sets stuff it should not ...
#ifdef _POSIX_C_SOURCE # ifdef _POSIX_C_SOURCE
#define _SAVE_POSIX_C_SOURCE _POSIX_C_SOURCE # define _SAVE_POSIX_C_SOURCE _POSIX_C_SOURCE
#undef _POSIX_C_SOURCE # undef _POSIX_C_SOURCE
#endif # endif
#ifdef _XOPEN_SOURCE # ifdef _XOPEN_SOURCE
#define _SAVE_XOPEN_SOURCE _XOPEN_SOURCE # define _SAVE_XOPEN_SOURCE _XOPEN_SOURCE
#undef _XOPEN_SOURCE # undef _XOPEN_SOURCE
#endif # endif
#include <Python.h> # include <Python.h>
#ifdef _SAVE_POSIX_C_SOURCE # ifdef _SAVE_POSIX_C_SOURCE
#ifdef _POSIX_C_SOURCE # ifdef _POSIX_C_SOURCE
#undef _POSIX_C_SOURCE # undef _POSIX_C_SOURCE
#endif # endif
#define _POSIX_C_SOURCE _SAVE_POSIX_C_SOURCE # define _POSIX_C_SOURCE _SAVE_POSIX_C_SOURCE
#endif # endif
#ifdef _SAVE_XOPEN_SOURCE # ifdef _SAVE_XOPEN_SOURCE
#ifdef _XOPEN_SOURCE # ifdef _XOPEN_SOURCE
#undef _XOPEN_SOURCE # undef _XOPEN_SOURCE
#endif # endif
#define _XOPEN_SOURCE _SAVE_XOPEN_SOURCE # define _XOPEN_SOURCE _SAVE_XOPEN_SOURCE
#endif # endif
enum { enum {

262
include/alloc-inl.h
View File

@ -45,40 +45,39 @@
/* User-facing macro to sprintf() to a dynamically allocated buffer. */ /* User-facing macro to sprintf() to a dynamically allocated buffer. */
#define alloc_printf(_str...) \ # define alloc_printf(_str...) \
({ \ ({ \
\ u8 *_tmp; \
u8 *_tmp; \ s32 _len = snprintf(NULL, 0, _str); \
s32 _len = snprintf(NULL, 0, _str); \ if (_len < 0) FATAL("Whoa, snprintf() fails?!"); \
if (_len < 0) FATAL("Whoa, snprintf() fails?!"); \ _tmp = ck_alloc(_len + 1); \
_tmp = ck_alloc(_len + 1); \ snprintf((char *)_tmp, _len + 1, _str); \
snprintf((char *)_tmp, _len + 1, _str); \ _tmp; \
_tmp; \
\ })
})
/* Macro to enforce allocation limits as a last-resort defense against /* Macro to enforce allocation limits as a last-resort defense against
integer overflows. */ integer overflows. */
#define ALLOC_CHECK_SIZE(_s) \ # define ALLOC_CHECK_SIZE(_s) \
do { \ do { \
\ if ((_s) > MAX_ALLOC) ABORT("Bad alloc request: %u bytes", (_s)); \
if ((_s) > MAX_ALLOC) ABORT("Bad alloc request: %u bytes", (_s)); \ \
\
} while (0) } while (0)
/* Macro to check malloc() failures and the like. */ /* Macro to check malloc() failures and the like. */
#define ALLOC_CHECK_RESULT(_r, _s) \ # define ALLOC_CHECK_RESULT(_r, _s) \
do { \ do { \
\ if (!(_r)) ABORT("Out of memory: can't allocate %u bytes", (_s)); \
if (!(_r)) ABORT("Out of memory: can't allocate %u bytes", (_s)); \ \
\
} while (0) } while (0)
/* Allocator increments for ck_realloc_block(). */ /* Allocator increments for ck_realloc_block(). */
#define ALLOC_BLK_INC 256 # define ALLOC_BLK_INC 256
/* Allocate a buffer, explicitly not zeroing it. Returns NULL for zero-sized /* Allocate a buffer, explicitly not zeroing it. Returns NULL for zero-sized
requests. */ requests. */
@ -217,102 +216,100 @@ static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) {
/* In non-debug mode, we just do straightforward aliasing of the above functions /* In non-debug mode, we just do straightforward aliasing of the above functions
to user-visible names such as ck_alloc(). */ to user-visible names such as ck_alloc(). */
#define ck_alloc DFL_ck_alloc # define ck_alloc DFL_ck_alloc
#define ck_alloc_nozero DFL_ck_alloc_nozero # define ck_alloc_nozero DFL_ck_alloc_nozero
#define ck_realloc DFL_ck_realloc # define ck_realloc DFL_ck_realloc
#define ck_realloc_block DFL_ck_realloc_block # define ck_realloc_block DFL_ck_realloc_block
#define ck_strdup DFL_ck_strdup # define ck_strdup DFL_ck_strdup
#define ck_memdup DFL_ck_memdup # define ck_memdup DFL_ck_memdup
#define ck_memdup_str DFL_ck_memdup_str # define ck_memdup_str DFL_ck_memdup_str
#define ck_free DFL_ck_free # define ck_free DFL_ck_free
#define alloc_report() # define alloc_report()
#else #else
// This is the original alloc-inl of stock afl // This is the original alloc-inl of stock afl
/* User-facing macro to sprintf() to a dynamically allocated buffer. */ /* User-facing macro to sprintf() to a dynamically allocated buffer. */
#define alloc_printf(_str...) \ # define alloc_printf(_str...) \
({ \ ({ \
\ u8 *_tmp; \
u8 *_tmp; \ s32 _len = snprintf(NULL, 0, _str); \
s32 _len = snprintf(NULL, 0, _str); \ if (_len < 0) FATAL("Whoa, snprintf() fails?!"); \
if (_len < 0) FATAL("Whoa, snprintf() fails?!"); \ _tmp = ck_alloc(_len + 1); \
_tmp = ck_alloc(_len + 1); \ snprintf((char *)_tmp, _len + 1, _str); \
snprintf((char *)_tmp, _len + 1, _str); \ _tmp; \
_tmp; \
\ })
})
/* Macro to enforce allocation limits as a last-resort defense against /* Macro to enforce allocation limits as a last-resort defense against
integer overflows. */ integer overflows. */
#define ALLOC_CHECK_SIZE(_s) \ # define ALLOC_CHECK_SIZE(_s) \
do { \ do { \
\ if ((_s) > MAX_ALLOC) ABORT("Bad alloc request: %u bytes", (_s)); \
if ((_s) > MAX_ALLOC) ABORT("Bad alloc request: %u bytes", (_s)); \ \
\
} while (0) } while (0)
/* Macro to check malloc() failures and the like. */ /* Macro to check malloc() failures and the like. */
#define ALLOC_CHECK_RESULT(_r, _s) \ # define ALLOC_CHECK_RESULT(_r, _s) \
do { \ do { \
\ if (!(_r)) ABORT("Out of memory: can't allocate %u bytes", (_s)); \
if (!(_r)) ABORT("Out of memory: can't allocate %u bytes", (_s)); \ \
\
} while (0) } while (0)
/* Magic tokens used to mark used / freed chunks. */ /* Magic tokens used to mark used / freed chunks. */
#define ALLOC_MAGIC_C1 0xFF00FF00 /* Used head (dword) */ # define ALLOC_MAGIC_C1 0xFF00FF00 /* Used head (dword) */
#define ALLOC_MAGIC_F 0xFE00FE00 /* Freed head (dword) */ # define ALLOC_MAGIC_F 0xFE00FE00 /* Freed head (dword) */
#define ALLOC_MAGIC_C2 0xF0 /* Used tail (byte) */ # define ALLOC_MAGIC_C2 0xF0 /* Used tail (byte) */
/* Positions of guard tokens in relation to the user-visible pointer. */ /* Positions of guard tokens in relation to the user-visible pointer. */
#define ALLOC_C1(_ptr) (((u32 *)(_ptr))[-2]) # define ALLOC_C1(_ptr) (((u32 *)(_ptr))[-2])
#define ALLOC_S(_ptr) (((u32 *)(_ptr))[-1]) # define ALLOC_S(_ptr) (((u32 *)(_ptr))[-1])
#define ALLOC_C2(_ptr) (((u8 *)(_ptr))[ALLOC_S(_ptr)]) # define ALLOC_C2(_ptr) (((u8 *)(_ptr))[ALLOC_S(_ptr)])
#define ALLOC_OFF_HEAD 8 # define ALLOC_OFF_HEAD 8
#define ALLOC_OFF_TOTAL (ALLOC_OFF_HEAD + 1) # define ALLOC_OFF_TOTAL (ALLOC_OFF_HEAD + 1)
/* Allocator increments for ck_realloc_block(). */ /* Allocator increments for ck_realloc_block(). */
#define ALLOC_BLK_INC 256 # define ALLOC_BLK_INC 256
/* Sanity-checking macros for pointers. */ /* Sanity-checking macros for pointers. */
#define CHECK_PTR(_p) \ # define CHECK_PTR(_p) \
do { \ do { \
\ if (_p) { \
if (_p) { \ if (ALLOC_C1(_p) ^ ALLOC_MAGIC_C1) { \
\ if (ALLOC_C1(_p) == ALLOC_MAGIC_F) \
if (ALLOC_C1(_p) ^ ALLOC_MAGIC_C1) { \ ABORT("Use after free."); \
\ else \
if (ALLOC_C1(_p) == ALLOC_MAGIC_F) \ ABORT("Corrupted head alloc canary."); \
ABORT("Use after free."); \
else \
ABORT("Corrupted head alloc canary."); \
\
} \
if (ALLOC_C2(_p) ^ ALLOC_MAGIC_C2) \
ABORT("Corrupted tail alloc canary."); \
\
} \
\
} while (0)
#define CHECK_PTR_EXPR(_p) \ } \
({ \
\ if (ALLOC_C2(_p) ^ ALLOC_MAGIC_C2) \
typeof(_p) _tmp = (_p); \ ABORT("Corrupted tail alloc canary."); \
CHECK_PTR(_tmp); \
_tmp; \ } \
\
}) \
} while (0)
# define CHECK_PTR_EXPR(_p) \
({ \
typeof(_p) _tmp = (_p); \
CHECK_PTR(_tmp); \
_tmp; \
})
/* Allocate a buffer, explicitly not zeroing it. Returns NULL for zero-sized /* Allocate a buffer, explicitly not zeroing it. Returns NULL for zero-sized
requests. */ requests. */
@ -359,12 +356,12 @@ static inline void DFL_ck_free(void *mem) {
CHECK_PTR(mem); CHECK_PTR(mem);
#ifdef DEBUG_BUILD # ifdef DEBUG_BUILD
/* Catch pointer issues sooner. */ /* Catch pointer issues sooner. */
memset(mem, 0xFF, ALLOC_S(mem)); memset(mem, 0xFF, ALLOC_S(mem));
#endif /* DEBUG_BUILD */ # endif /* DEBUG_BUILD */
ALLOC_C1(mem) = ALLOC_MAGIC_F; ALLOC_C1(mem) = ALLOC_MAGIC_F;
@ -392,9 +389,9 @@ static inline void *DFL_ck_realloc(void *orig, u32 size) {
CHECK_PTR(orig); CHECK_PTR(orig);
#ifndef DEBUG_BUILD # ifndef DEBUG_BUILD
ALLOC_C1(orig) = ALLOC_MAGIC_F; ALLOC_C1(orig) = ALLOC_MAGIC_F;
#endif /* !DEBUG_BUILD */ # endif /* !DEBUG_BUILD */
old_size = ALLOC_S(orig); old_size = ALLOC_S(orig);
orig -= ALLOC_OFF_HEAD; orig -= ALLOC_OFF_HEAD;
@ -405,12 +402,12 @@ static inline void *DFL_ck_realloc(void *orig, u32 size) {
ALLOC_CHECK_SIZE(size); ALLOC_CHECK_SIZE(size);
#ifndef DEBUG_BUILD # ifndef DEBUG_BUILD
ret = realloc(orig, size + ALLOC_OFF_TOTAL); ret = realloc(orig, size + ALLOC_OFF_TOTAL);
ALLOC_CHECK_RESULT(ret, size); ALLOC_CHECK_RESULT(ret, size);
#else # else
/* Catch pointer issues sooner: force relocation and make sure that the /* Catch pointer issues sooner: force relocation and make sure that the
original buffer is wiped. */ original buffer is wiped. */
@ -429,7 +426,7 @@ static inline void *DFL_ck_realloc(void *orig, u32 size) {
} }
#endif /* ^!DEBUG_BUILD */ # endif /* ^!DEBUG_BUILD */
ret += ALLOC_OFF_HEAD; ret += ALLOC_OFF_HEAD;
@ -448,7 +445,7 @@ static inline void *DFL_ck_realloc(void *orig, u32 size) {
static inline void *DFL_ck_realloc_block(void *orig, u32 size) { static inline void *DFL_ck_realloc_block(void *orig, u32 size) {
#ifndef DEBUG_BUILD # ifndef DEBUG_BUILD
if (orig) { if (orig) {
@ -460,7 +457,7 @@ static inline void *DFL_ck_realloc_block(void *orig, u32 size) {
} }
#endif /* !DEBUG_BUILD */ # endif /* !DEBUG_BUILD */
return DFL_ck_realloc(orig, size); return DFL_ck_realloc(orig, size);
@ -540,30 +537,30 @@ static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) {
} }
#ifndef DEBUG_BUILD # ifndef DEBUG_BUILD
/* In non-debug mode, we just do straightforward aliasing of the above functions /* In non-debug mode, we just do straightforward aliasing of the above functions
to user-visible names such as ck_alloc(). */ to user-visible names such as ck_alloc(). */
#define ck_alloc DFL_ck_alloc # define ck_alloc DFL_ck_alloc
#define ck_alloc_nozero DFL_ck_alloc_nozero # define ck_alloc_nozero DFL_ck_alloc_nozero
#define ck_realloc DFL_ck_realloc # define ck_realloc DFL_ck_realloc
#define ck_realloc_block DFL_ck_realloc_block # define ck_realloc_block DFL_ck_realloc_block
#define ck_strdup DFL_ck_strdup # define ck_strdup DFL_ck_strdup
#define ck_memdup DFL_ck_memdup # define ck_memdup DFL_ck_memdup
#define ck_memdup_str DFL_ck_memdup_str # define ck_memdup_str DFL_ck_memdup_str
#define ck_free DFL_ck_free # define ck_free DFL_ck_free
#define alloc_report() # define alloc_report()
#else # else
/* In debugging mode, we also track allocations to detect memory leaks, and the /* In debugging mode, we also track allocations to detect memory leaks, and the
flow goes through one more layer of indirection. */ flow goes through one more layer of indirection. */
/* Alloc tracking data structures: */ /* Alloc tracking data structures: */
#define ALLOC_BUCKETS 4096 # define ALLOC_BUCKETS 4096
struct TRK_obj { struct TRK_obj {
@ -573,25 +570,25 @@ struct TRK_obj {
}; };
#ifdef AFL_MAIN # ifdef AFL_MAIN
struct TRK_obj *TRK[ALLOC_BUCKETS]; struct TRK_obj *TRK[ALLOC_BUCKETS];
u32 TRK_cnt[ALLOC_BUCKETS]; u32 TRK_cnt[ALLOC_BUCKETS];
#define alloc_report() TRK_report() # define alloc_report() TRK_report()
#else # else
extern struct TRK_obj *TRK[ALLOC_BUCKETS]; extern struct TRK_obj *TRK[ALLOC_BUCKETS];
extern u32 TRK_cnt[ALLOC_BUCKETS]; extern u32 TRK_cnt[ALLOC_BUCKETS];
#define alloc_report() # define alloc_report()
#endif /* ^AFL_MAIN */ # endif /* ^AFL_MAIN */
/* Bucket-assigning function for a given pointer: */ /* Bucket-assigning function for a given pointer: */
#define TRKH(_ptr) (((((u32)(_ptr)) >> 16) ^ ((u32)(_ptr))) % ALLOC_BUCKETS) # define TRKH(_ptr) (((((u32)(_ptr)) >> 16) ^ ((u32)(_ptr))) % ALLOC_BUCKETS)
/* Add a new entry to the list of allocated objects. */ /* Add a new entry to the list of allocated objects. */
@ -743,27 +740,28 @@ static inline void TRK_ck_free(void *ptr, const char *file, const char *func,
/* Aliasing user-facing names to tracking functions: */ /* Aliasing user-facing names to tracking functions: */
#define ck_alloc(_p1) TRK_ck_alloc(_p1, __FILE__, __FUNCTION__, __LINE__) # define ck_alloc(_p1) TRK_ck_alloc(_p1, __FILE__, __FUNCTION__, __LINE__)
#define ck_alloc_nozero(_p1) TRK_ck_alloc(_p1, __FILE__, __FUNCTION__, __LINE__) # define ck_alloc_nozero(_p1) \
TRK_ck_alloc(_p1, __FILE__, __FUNCTION__, __LINE__)
#define ck_realloc(_p1, _p2) \ # define ck_realloc(_p1, _p2) \
TRK_ck_realloc(_p1, _p2, __FILE__, __FUNCTION__, __LINE__) TRK_ck_realloc(_p1, _p2, __FILE__, __FUNCTION__, __LINE__)
#define ck_realloc_block(_p1, _p2) \ # define ck_realloc_block(_p1, _p2) \
TRK_ck_realloc_block(_p1, _p2, __FILE__, __FUNCTION__, __LINE__) TRK_ck_realloc_block(_p1, _p2, __FILE__, __FUNCTION__, __LINE__)
#define ck_strdup(_p1) TRK_ck_strdup(_p1, __FILE__, __FUNCTION__, __LINE__) # define ck_strdup(_p1) TRK_ck_strdup(_p1, __FILE__, __FUNCTION__, __LINE__)
#define ck_memdup(_p1, _p2) \ # define ck_memdup(_p1, _p2) \
TRK_ck_memdup(_p1, _p2, __FILE__, __FUNCTION__, __LINE__) TRK_ck_memdup(_p1, _p2, __FILE__, __FUNCTION__, __LINE__)
#define ck_memdup_str(_p1, _p2) \ # define ck_memdup_str(_p1, _p2) \
TRK_ck_memdup_str(_p1, _p2, __FILE__, __FUNCTION__, __LINE__) TRK_ck_memdup_str(_p1, _p2, __FILE__, __FUNCTION__, __LINE__)
#define ck_free(_p1) TRK_ck_free(_p1, __FILE__, __FUNCTION__, __LINE__) # define ck_free(_p1) TRK_ck_free(_p1, __FILE__, __FUNCTION__, __LINE__)
#endif /* ^!DEBUG_BUILD */ # endif /* ^!DEBUG_BUILD */
#endif /* _WANT_ORIGINAL_AFL_ALLOC */ #endif /* _WANT_ORIGINAL_AFL_ALLOC */

36
include/android-ashmem.h
View File

@ -28,27 +28,27 @@
#ifdef __ANDROID__ #ifdef __ANDROID__
#include <fcntl.h> # include <fcntl.h>
#include <linux/shm.h> # include <linux/shm.h>
#include <linux/ashmem.h> # include <linux/ashmem.h>
#include <sys/ioctl.h> # include <sys/ioctl.h>
#include <sys/mman.h> # include <sys/mman.h>
#if __ANDROID_API__ >= 26 # if __ANDROID_API__ >= 26
#define shmat bionic_shmat # define shmat bionic_shmat
#define shmctl bionic_shmctl # define shmctl bionic_shmctl
#define shmdt bionic_shmdt # define shmdt bionic_shmdt
#define shmget bionic_shmget # define shmget bionic_shmget
#endif # endif
#include <sys/shm.h> # include <sys/shm.h>
#undef shmat # undef shmat
#undef shmctl # undef shmctl
#undef shmdt # undef shmdt
#undef shmget # undef shmget
#include <stdio.h> # include <stdio.h>
#define ASHMEM_DEVICE "/dev/ashmem" # define ASHMEM_DEVICE "/dev/ashmem"
static inline int shmctl(int __shmid, int __cmd, struct shmid_ds *__buf) { static inline int shmctl(int __shmid, int __cmd, struct shmid_ds *__buf) {

26
include/config.h
View File

@ -49,7 +49,7 @@
/* Comment out to disable fancy ANSI boxes and use poor man's 7-bit UI: */ /* Comment out to disable fancy ANSI boxes and use poor man's 7-bit UI: */
#ifndef ANDROID_DISABLE_FANCY // Fancy boxes are ugly from adb #ifndef ANDROID_DISABLE_FANCY // Fancy boxes are ugly from adb
#define FANCY_BOXES # define FANCY_BOXES
#endif #endif
/* Default timeout for fuzzed code (milliseconds). This is the upper bound, /* Default timeout for fuzzed code (milliseconds). This is the upper bound,
@ -63,20 +63,20 @@
/* 64bit arch MACRO */ /* 64bit arch MACRO */
#if (defined(__x86_64__) || defined(__arm64__) || defined(__aarch64__)) #if (defined(__x86_64__) || defined(__arm64__) || defined(__aarch64__))
#define WORD_SIZE_64 1 # define WORD_SIZE_64 1
#endif #endif
/* Default memory limit for child process (MB): */ /* Default memory limit for child process (MB): */
#ifndef __NetBSD__ #ifndef __NetBSD__
#ifndef WORD_SIZE_64 # ifndef WORD_SIZE_64
#define MEM_LIMIT 25 # define MEM_LIMIT 25
#else # else
#define MEM_LIMIT 50 # define MEM_LIMIT 50
#endif /* ^!WORD_SIZE_64 */ # endif /* ^!WORD_SIZE_64 */
#else /* NetBSD's kernel needs more space for stack, see discussion for issue \ #else /* NetBSD's kernel needs more space for stack, see discussion for issue \
#165 */ #165 */
#define MEM_LIMIT 200 # define MEM_LIMIT 200
#endif #endif
/* Default memory limit when running in QEMU mode (MB): */ /* Default memory limit when running in QEMU mode (MB): */
@ -395,9 +395,9 @@
/* for *BSD: use ARC4RANDOM and save a file descriptor */ /* for *BSD: use ARC4RANDOM and save a file descriptor */
#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) #if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__)
#ifndef HAVE_ARC4RANDOM # ifndef HAVE_ARC4RANDOM
#define HAVE_ARC4RANDOM 1 # define HAVE_ARC4RANDOM 1
#endif # endif
#endif /* __APPLE__ || __FreeBSD__ || __OpenBSD__ */ #endif /* __APPLE__ || __FreeBSD__ || __OpenBSD__ */
#endif /* ! _HAVE_CONFIG_H */ #endif /* ! _HAVE_CONFIG_H */

200
include/debug.h
View File

@ -30,7 +30,7 @@
/* __FUNCTION__ is non-iso */ /* __FUNCTION__ is non-iso */
#ifdef __func__ #ifdef __func__
#define __FUNCTION__ __func__ # define __FUNCTION__ __func__
#endif #endif
/******************* /*******************
@ -38,82 +38,82 @@
*******************/ *******************/
#ifndef MESSAGES_TO_STDOUT #ifndef MESSAGES_TO_STDOUT
#define MESSAGES_TO_STDOUT # define MESSAGES_TO_STDOUT
#endif #endif
#ifdef USE_COLOR #ifdef USE_COLOR
#define cBLK "\x1b[0;30m" # define cBLK "\x1b[0;30m"
#define cRED "\x1b[0;31m" # define cRED "\x1b[0;31m"
#define cGRN "\x1b[0;32m" # define cGRN "\x1b[0;32m"
#define cBRN "\x1b[0;33m" # define cBRN "\x1b[0;33m"
#define cBLU "\x1b[0;34m" # define cBLU "\x1b[0;34m"
#define cMGN "\x1b[0;35m" # define cMGN "\x1b[0;35m"
#define cCYA "\x1b[0;36m" # define cCYA "\x1b[0;36m"
#define cLGR "\x1b[0;37m" # define cLGR "\x1b[0;37m"
#define cGRA "\x1b[1;90m" # define cGRA "\x1b[1;90m"
#define cLRD "\x1b[1;91m" # define cLRD "\x1b[1;91m"
#define cLGN "\x1b[1;92m" # define cLGN "\x1b[1;92m"
#define cYEL "\x1b[1;93m" # define cYEL "\x1b[1;93m"
#define cLBL "\x1b[1;94m" # define cLBL "\x1b[1;94m"
#define cPIN "\x1b[1;95m" # define cPIN "\x1b[1;95m"
#define cLCY "\x1b[1;96m" # define cLCY "\x1b[1;96m"
#define cBRI "\x1b[1;97m" # define cBRI "\x1b[1;97m"
#define cRST "\x1b[0m" # define cRST "\x1b[0m"
#define bgBLK "\x1b[40m" # define bgBLK "\x1b[40m"
#define bgRED "\x1b[41m" # define bgRED "\x1b[41m"
#define bgGRN "\x1b[42m" # define bgGRN "\x1b[42m"
#define bgBRN "\x1b[43m" # define bgBRN "\x1b[43m"
#define bgBLU "\x1b[44m" # define bgBLU "\x1b[44m"
#define bgMGN "\x1b[45m" # define bgMGN "\x1b[45m"
#define bgCYA "\x1b[46m" # define bgCYA "\x1b[46m"
#define bgLGR "\x1b[47m" # define bgLGR "\x1b[47m"
#define bgGRA "\x1b[100m" # define bgGRA "\x1b[100m"
#define bgLRD "\x1b[101m" # define bgLRD "\x1b[101m"
#define bgLGN "\x1b[102m" # define bgLGN "\x1b[102m"
#define bgYEL "\x1b[103m" # define bgYEL "\x1b[103m"
#define bgLBL "\x1b[104m" # define bgLBL "\x1b[104m"
#define bgPIN "\x1b[105m" # define bgPIN "\x1b[105m"
#define bgLCY "\x1b[106m" # define bgLCY "\x1b[106m"
#define bgBRI "\x1b[107m" # define bgBRI "\x1b[107m"
#else #else
#define cBLK "" # define cBLK ""
#define cRED "" # define cRED ""
#define cGRN "" # define cGRN ""
#define cBRN "" # define cBRN ""
#define cBLU "" # define cBLU ""
#define cMGN "" # define cMGN ""
#define cCYA "" # define cCYA ""
#define cLGR "" # define cLGR ""
#define cGRA "" # define cGRA ""
#define cLRD "" # define cLRD ""
#define cLGN "" # define cLGN ""
#define cYEL "" # define cYEL ""
#define cLBL "" # define cLBL ""
#define cPIN "" # define cPIN ""
#define cLCY "" # define cLCY ""
#define cBRI "" # define cBRI ""
#define cRST "" # define cRST ""
#define bgBLK "" # define bgBLK ""
#define bgRED "" # define bgRED ""
#define bgGRN "" # define bgGRN ""
#define bgBRN "" # define bgBRN ""
#define bgBLU "" # define bgBLU ""
#define bgMGN "" # define bgMGN ""
#define bgCYA "" # define bgCYA ""
#define bgLGR "" # define bgLGR ""
#define bgGRA "" # define bgGRA ""
#define bgLRD "" # define bgLRD ""
#define bgLGN "" # define bgLGN ""
#define bgYEL "" # define bgYEL ""
#define bgLBL "" # define bgLBL ""
#define bgPIN "" # define bgPIN ""
#define bgLCY "" # define bgLCY ""
#define bgBRI "" # define bgBRI ""
#endif /* ^USE_COLOR */ #endif /* ^USE_COLOR */
@ -123,39 +123,39 @@
#ifdef FANCY_BOXES #ifdef FANCY_BOXES
#define SET_G1 "\x1b)0" /* Set G1 for box drawing */ # define SET_G1 "\x1b)0" /* Set G1 for box drawing */
#define RESET_G1 "\x1b)B" /* Reset G1 to ASCII */ # define RESET_G1 "\x1b)B" /* Reset G1 to ASCII */
#define bSTART "\x0e" /* Enter G1 drawing mode */ # define bSTART "\x0e" /* Enter G1 drawing mode */
#define bSTOP "\x0f" /* Leave G1 drawing mode */ # define bSTOP "\x0f" /* Leave G1 drawing mode */
#define bH "q" /* Horizontal line */ # define bH "q" /* Horizontal line */
#define bV "x" /* Vertical line */ # define bV "x" /* Vertical line */
#define bLT "l" /* Left top corner */ # define bLT "l" /* Left top corner */
#define bRT "k" /* Right top corner */ # define bRT "k" /* Right top corner */
#define bLB "m" /* Left bottom corner */ # define bLB "m" /* Left bottom corner */
#define bRB "j" /* Right bottom corner */ # define bRB "j" /* Right bottom corner */
#define bX "n" /* Cross */ # define bX "n" /* Cross */
#define bVR "t" /* Vertical, branch right */ # define bVR "t" /* Vertical, branch right */
#define bVL "u" /* Vertical, branch left */ # define bVL "u" /* Vertical, branch left */
#define bHT "v" /* Horizontal, branch top */ # define bHT "v" /* Horizontal, branch top */
#define bHB "w" /* Horizontal, branch bottom */ # define bHB "w" /* Horizontal, branch bottom */
#else #else
#define SET_G1 "" # define SET_G1 ""
#define RESET_G1 "" # define RESET_G1 ""
#define bSTART "" # define bSTART ""
#define bSTOP "" # define bSTOP ""
#define bH "-" # define bH "-"
#define bV "|" # define bV "|"
#define bLT "+" # define bLT "+"
#define bRT "+" # define bRT "+"
#define bLB "+" # define bLB "+"
#define bRB "+" # define bRB "+"
#define bX "+" # define bX "+"
#define bVR "+" # define bVR "+"
#define bVL "+" # define bVL "+"
#define bHT "+" # define bHT "+"
#define bHB "+" # define bHB "+"
#endif /* ^FANCY_BOXES */ #endif /* ^FANCY_BOXES */
@ -176,9 +176,9 @@
/* Just print stuff to the appropriate stream. */ /* Just print stuff to the appropriate stream. */
#ifdef MESSAGES_TO_STDOUT #ifdef MESSAGES_TO_STDOUT
#define SAYF(x...) printf(x) # define SAYF(x...) printf(x)
#else #else
#define SAYF(x...) fprintf(stderr, x) # define SAYF(x...) fprintf(stderr, x)
#endif /* ^MESSAGES_TO_STDOUT */ #endif /* ^MESSAGES_TO_STDOUT */
/* Show a prefixed warning. */ /* Show a prefixed warning. */

18
include/forkserver.h
View File

@ -110,20 +110,20 @@ void afl_fsrv_killall(void);
void afl_fsrv_deinit(afl_forkserver_t *fsrv); void afl_fsrv_deinit(afl_forkserver_t *fsrv);
#ifdef __APPLE__ #ifdef __APPLE__
#define MSG_FORK_ON_APPLE \ # define MSG_FORK_ON_APPLE \
" - On MacOS X, the semantics of fork() syscalls are non-standard and " \ " - On MacOS X, the semantics of fork() syscalls are non-standard and " \
"may\n" \ "may\n" \
" break afl-fuzz performance optimizations when running " \ " break afl-fuzz performance optimizations when running " \
"platform-specific\n" \ "platform-specific\n" \
" targets. To fix this, set AFL_NO_FORKSRV=1 in the environment.\n\n" " targets. To fix this, set AFL_NO_FORKSRV=1 in the environment.\n\n"
#else #else
#define MSG_FORK_ON_APPLE "" # define MSG_FORK_ON_APPLE ""
#endif #endif
#ifdef RLIMIT_AS #ifdef RLIMIT_AS
#define MSG_ULIMIT_USAGE " ( ulimit -Sv $[%llu << 10];" # define MSG_ULIMIT_USAGE " ( ulimit -Sv $[%llu << 10];"
#else #else
#define MSG_ULIMIT_USAGE " ( ulimit -Sd $[%llu << 10];" # define MSG_ULIMIT_USAGE " ( ulimit -Sd $[%llu << 10];"
#endif /* ^RLIMIT_AS */ #endif /* ^RLIMIT_AS */
#endif #endif

4
include/hash.h
View File

@ -32,7 +32,7 @@
#ifdef __x86_64__ #ifdef __x86_64__
#define ROL64(_x, _r) ((((u64)(_x)) << (_r)) | (((u64)(_x)) >> (64 - (_r)))) # define ROL64(_x, _r) ((((u64)(_x)) << (_r)) | (((u64)(_x)) >> (64 - (_r))))
static inline u32 hash32(const void *key, u32 len, u32 seed) { static inline u32 hash32(const void *key, u32 len, u32 seed) {
@ -67,7 +67,7 @@ static inline u32 hash32(const void *key, u32 len, u32 seed) {
#else #else
#define ROL32(_x, _r) ((((u32)(_x)) << (_r)) | (((u32)(_x)) >> (32 - (_r)))) # define ROL32(_x, _r) ((((u32)(_x)) << (_r)) | (((u32)(_x)) >> (32 - (_r))))
static inline u32 hash32(const void *key, u32 len, u32 seed) { static inline u32 hash32(const void *key, u32 len, u32 seed) {

84
include/types.h
View File

@ -81,22 +81,22 @@ typedef int32_t s32;
typedef int64_t s64; typedef int64_t s64;
#ifndef MIN #ifndef MIN
#define MIN(a, b) \ # define MIN(a, b) \
({ \ ({ \
\ __typeof__(a) _a = (a); \
__typeof__(a) _a = (a); \ __typeof__(b) _b = (b); \
__typeof__(b) _b = (b); \ _a < _b ? _a : _b;
_a < _b ? _a : _b; \
\ })
})
#define MAX(a, b) \ # define MAX(a, b) \
({ \ ({ \
\ __typeof__(a) _a = (a); \
__typeof__(a) _a = (a); \ __typeof__(b) _b = (b); \
__typeof__(b) _b = (b); \ _a > _b ? _a : _b;
_a > _b ? _a : _b; \
\ })
})
#endif /* !MIN */ #endif /* !MIN */
#define SWAP16(_x) \ #define SWAP16(_x) \
@ -131,21 +131,21 @@ typedef int64_t s64;
}) })
#ifdef AFL_LLVM_PASS #ifdef AFL_LLVM_PASS
#if defined(__linux__) || !defined(__ANDROID__) # if defined(__linux__) || !defined(__ANDROID__)
#define AFL_SR(s) (srandom(s)) # define AFL_SR(s) (srandom(s))
#define AFL_R(x) (random() % (x)) # define AFL_R(x) (random() % (x))
# else
# define AFL_SR(s) ((void)s)
# define AFL_R(x) (arc4random_uniform(x))
# endif
#else #else
#define AFL_SR(s) ((void)s) # if defined(__linux__) || !defined(__ANDROID__)
#define AFL_R(x) (arc4random_uniform(x)) # define SR(s) (srandom(s))
#endif # define R(x) (random() % (x))
#else # else
#if defined(__linux__) || !defined(__ANDROID__) # define SR(s) ((void)s)
#define SR(s) (srandom(s)) # define R(x) (arc4random_uniform(x))
#define R(x) (random() % (x)) # endif
#else
#define SR(s) ((void)s)
#define R(x) (arc4random_uniform(x))
#endif
#endif /* ^AFL_LLVM_PASS */ #endif /* ^AFL_LLVM_PASS */
#define STRINGIFY_INTERNAL(x) #x #define STRINGIFY_INTERNAL(x) #x
@ -154,19 +154,19 @@ typedef int64_t s64;
#define MEM_BARRIER() __asm__ volatile("" ::: "memory") #define MEM_BARRIER() __asm__ volatile("" ::: "memory")
#if __GNUC__ < 6 #if __GNUC__ < 6
#ifndef likely # ifndef likely
#define likely(_x) (_x) # define likely(_x) (_x)
#endif # endif
#ifndef unlikely # ifndef unlikely
#define unlikely(_x) (_x) # define unlikely(_x) (_x)
#endif # endif
#else #else
#ifndef likely # ifndef likely
#define likely(_x) __builtin_expect(!!(_x), 1) # define likely(_x) __builtin_expect(!!(_x), 1)
#endif # endif
#ifndef unlikely # ifndef unlikely
#define unlikely(_x) __builtin_expect(!!(_x), 0) # define unlikely(_x) __builtin_expect(!!(_x), 0)
#endif # endif
#endif #endif
#endif /* ! _HAVE_TYPES_H */ #endif /* ! _HAVE_TYPES_H */

74
libdislocator/libdislocator.so.c
View File

@ -30,39 +30,39 @@
#include <sys/mman.h> #include <sys/mman.h>
#ifdef __APPLE__ #ifdef __APPLE__
#include <mach/vm_statistics.h> # include <mach/vm_statistics.h>
#endif #endif
#ifdef __FreeBSD__ #ifdef __FreeBSD__
#include <sys/param.h> # include <sys/param.h>
#endif #endif
#if defined(__linux__) && !defined(__ANDROID__) #if defined(__linux__) && !defined(__ANDROID__)
#include <unistd.h> # include <unistd.h>
#include <sys/syscall.h> # include <sys/syscall.h>
#ifdef __NR_getrandom # ifdef __NR_getrandom
#define arc4random_buf(p, l) \ # define arc4random_buf(p, l) \
do { \ do { \
\ ssize_t rd = syscall(__NR_getrandom, p, l, 0); \
ssize_t rd = syscall(__NR_getrandom, p, l, 0); \ if (rd != l) DEBUGF("getrandom failed"); \
if (rd != l) DEBUGF("getrandom failed"); \ \
\
} while (0)
#else } while (0)
#include <time.h>
#define arc4random_buf(p, l) \
do { \
\
srand(time(NULL)); \
u32 i; \
u8 *ptr = (u8 *)p; \
for (i = 0; i < l; i++) \
ptr[i] = rand() % INT_MAX; \
\
} while (0)
#endif # else
# include <time.h>
# define arc4random_buf(p, l) \
do { \
srand(time(NULL)); \
u32 i; \
u8 *ptr = (u8 *)p; \
for (i = 0; i < l; i++) \
ptr[i] = rand() % INT_MAX; \
\
} while (0)
# endif
#endif #endif
#include "config.h" #include "config.h"
@ -83,11 +83,11 @@ typedef struct {
#define ALLOC_ALIGN_SIZE (_Alignof(max_align_t)) #define ALLOC_ALIGN_SIZE (_Alignof(max_align_t))
#ifndef PAGE_SIZE #ifndef PAGE_SIZE
#define PAGE_SIZE 4096 # define PAGE_SIZE 4096
#endif /* !PAGE_SIZE */ #endif /* !PAGE_SIZE */
#ifndef MAP_ANONYMOUS #ifndef MAP_ANONYMOUS
#define MAP_ANONYMOUS MAP_ANON # define MAP_ANONYMOUS MAP_ANON
#endif /* !MAP_ANONYMOUS */ #endif /* !MAP_ANONYMOUS */
#define SUPER_PAGE_SIZE 1 << 21 #define SUPER_PAGE_SIZE 1 << 21
@ -148,8 +148,8 @@ static u8 alloc_verbose, /* Additional debug messages */
align_allocations; /* Force alignment to sizeof(void*) */ align_allocations; /* Force alignment to sizeof(void*) */
#if defined __OpenBSD__ || defined __APPLE__ #if defined __OpenBSD__ || defined __APPLE__
#define __thread # define __thread
#warning no thread support available # warning no thread support available
#endif #endif
static __thread size_t total_mem; /* Currently allocated mem */ static __thread size_t total_mem; /* Currently allocated mem */
@ -192,13 +192,13 @@ static void *__dislocator_alloc(size_t len) {
#if defined(USEHUGEPAGE) #if defined(USEHUGEPAGE)
sp = (rlen >= SUPER_PAGE_SIZE && !(rlen % SUPER_PAGE_SIZE)); sp = (rlen >= SUPER_PAGE_SIZE && !(rlen % SUPER_PAGE_SIZE));
#if defined(__APPLE__) # if defined(__APPLE__)
if (sp) fd = VM_FLAGS_SUPERPAGE_SIZE_2MB; if (sp) fd = VM_FLAGS_SUPERPAGE_SIZE_2MB;
#elif defined(__linux__) # elif defined(__linux__)
if (sp) flags |= MAP_HUGETLB; if (sp) flags |= MAP_HUGETLB;
#elif defined(__FreeBSD__) # elif defined(__FreeBSD__)
if (sp) flags |= MAP_ALIGNED_SUPER; if (sp) flags |= MAP_ALIGNED_SUPER;
#endif # endif
#else #else
(void)sp; (void)sp;
#endif #endif
@ -208,13 +208,13 @@ static void *__dislocator_alloc(size_t len) {
/* We try one more time with regular call */ /* We try one more time with regular call */
if (ret == MAP_FAILED) { if (ret == MAP_FAILED) {
#if defined(__APPLE__) # if defined(__APPLE__)
fd = -1; fd = -1;
#elif defined(__linux__) # elif defined(__linux__)
flags &= -MAP_HUGETLB; flags &= -MAP_HUGETLB;
#elif defined(__FreeBSD__) # elif defined(__FreeBSD__)
flags &= -MAP_ALIGNED_SUPER; flags &= -MAP_ALIGNED_SUPER;
#endif # endif
ret = (u8 *)mmap(NULL, tlen, PROT_READ | PROT_WRITE, flags, fd, 0); ret = (u8 *)mmap(NULL, tlen, PROT_READ | PROT_WRITE, flags, fd, 0);
} }

46
libtokencap/libtokencap.so.c
View File

@ -21,7 +21,7 @@
*/ */
#ifndef _GNU_SOURCE #ifndef _GNU_SOURCE
#define _GNU_SOURCE # define _GNU_SOURCE
#endif #endif
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
@ -35,20 +35,20 @@
#if !defined __linux__ && !defined __APPLE__ && !defined __FreeBSD__ && \ #if !defined __linux__ && !defined __APPLE__ && !defined __FreeBSD__ && \
!defined __OpenBSD__ && !defined __NetBSD__ && !defined __DragonFly__ !defined __OpenBSD__ && !defined __NetBSD__ && !defined __DragonFly__
#error "Sorry, this library is unsupported in this platform for now!" # error "Sorry, this library is unsupported in this platform for now!"
#endif /* !__linux__ && !__APPLE__ && ! __FreeBSD__ && ! __OpenBSD__ && \ #endif /* !__linux__ && !__APPLE__ && ! __FreeBSD__ && ! __OpenBSD__ && \
!__NetBSD__*/ !__NetBSD__*/
#if defined __APPLE__ #if defined __APPLE__
#include <mach/vm_map.h> # include <mach/vm_map.h>
#include <mach/mach_init.h> # include <mach/mach_init.h>
#elif defined __FreeBSD__ || defined __OpenBSD__ || defined __NetBSD__ #elif defined __FreeBSD__ || defined __OpenBSD__ || defined __NetBSD__
#include <sys/types.h> # include <sys/types.h>
#include <sys/sysctl.h> # include <sys/sysctl.h>
#if !defined __NetBSD__ # if !defined __NetBSD__
#include <sys/user.h> # include <sys/user.h>
#endif # endif
#include <sys/mman.h> # include <sys/mman.h>
#endif #endif
#include <dlfcn.h> #include <dlfcn.h>
@ -154,25 +154,25 @@ static void __tokencap_load_mappings(void) {
#elif defined __FreeBSD__ || defined __OpenBSD__ || defined __NetBSD__ #elif defined __FreeBSD__ || defined __OpenBSD__ || defined __NetBSD__
#if defined __FreeBSD__ # if defined __FreeBSD__
int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_VMMAP, __tokencap_pid}; int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_VMMAP, __tokencap_pid};
#elif defined __OpenBSD__ # elif defined __OpenBSD__
int mib[] = {CTL_KERN, KERN_PROC_VMMAP, __tokencap_pid}; int mib[] = {CTL_KERN, KERN_PROC_VMMAP, __tokencap_pid};
#elif defined __NetBSD__ # elif defined __NetBSD__
int mib[] = {CTL_VM, VM_PROC, VM_PROC_MAP, __tokencap_pid, int mib[] = {CTL_VM, VM_PROC, VM_PROC_MAP, __tokencap_pid,
sizeof(struct kinfo_vmentry)}; sizeof(struct kinfo_vmentry)};
#endif # endif
char * buf, *low, *high; char * buf, *low, *high;
size_t miblen = sizeof(mib) / sizeof(mib[0]); size_t miblen = sizeof(mib) / sizeof(mib[0]);
size_t len; size_t len;
if (sysctl(mib, miblen, NULL, &len, NULL, 0) == -1) return; if (sysctl(mib, miblen, NULL, &len, NULL, 0) == -1) return;
#if defined __FreeBSD__ || defined __NetBSD__ # if defined __FreeBSD__ || defined __NetBSD__
len = len * 4 / 3; len = len * 4 / 3;
#elif defined __OpenBSD__ # elif defined __OpenBSD__
len -= len % sizeof(struct kinfo_vmentry); len -= len % sizeof(struct kinfo_vmentry);
#endif # endif
buf = mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANON, -1, 0); buf = mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANON, -1, 0);
if (buf == MAP_FAILED) return; if (buf == MAP_FAILED) return;
@ -193,22 +193,22 @@ static void __tokencap_load_mappings(void) {
struct kinfo_vmentry *region = (struct kinfo_vmentry *)low; struct kinfo_vmentry *region = (struct kinfo_vmentry *)low;
#if defined __FreeBSD__ || defined __NetBSD__ # if defined __FreeBSD__ || defined __NetBSD__
#if defined __FreeBSD__ # if defined __FreeBSD__
size_t size = region->kve_structsize; size_t size = region->kve_structsize;
if (size == 0) break; if (size == 0) break;
#elif defined __NetBSD__ # elif defined __NetBSD__
size_t size = sizeof(*region); size_t size = sizeof(*region);
#endif # endif
/* We go through the whole mapping of the process and track read-only /* We go through the whole mapping of the process and track read-only
* addresses */ * addresses */
if ((region->kve_protection & KVME_PROT_READ) && if ((region->kve_protection & KVME_PROT_READ) &&
!(region->kve_protection & KVME_PROT_WRITE)) { !(region->kve_protection & KVME_PROT_WRITE)) {
#elif defined __OpenBSD__ # elif defined __OpenBSD__
size_t size = sizeof(*region); size_t size = sizeof(*region);
@ -217,7 +217,7 @@ static void __tokencap_load_mappings(void) {
if ((region->kve_protection & KVE_PROT_READ) && if ((region->kve_protection & KVE_PROT_READ) &&
!(region->kve_protection & KVE_PROT_WRITE)) { !(region->kve_protection & KVE_PROT_WRITE)) {
#endif # endif
__tokencap_ro[__tokencap_ro_cnt].st = (void *)region->kve_start; __tokencap_ro[__tokencap_ro_cnt].st = (void *)region->kve_start;
__tokencap_ro[__tokencap_ro_cnt].en = (void *)region->kve_end; __tokencap_ro[__tokencap_ro_cnt].en = (void *)region->kve_end;

26
llvm_mode/LLVMInsTrim.so.cc
View File

@ -12,13 +12,13 @@ typedef long double max_align_t;
#include "llvm/ADT/DenseSet.h" #include "llvm/ADT/DenseSet.h"
#if LLVM_VERSION_MAJOR > 3 || \ #if LLVM_VERSION_MAJOR > 3 || \
(LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4)
#include "llvm/IR/CFG.h" # include "llvm/IR/CFG.h"
#include "llvm/IR/Dominators.h" # include "llvm/IR/Dominators.h"
#include "llvm/IR/DebugInfo.h" # include "llvm/IR/DebugInfo.h"
#else #else
#include "llvm/Support/CFG.h" # include "llvm/Support/CFG.h"
#include "llvm/Analysis/Dominators.h" # include "llvm/Analysis/Dominators.h"
#include "llvm/DebugInfo.h" # include "llvm/DebugInfo.h"
#endif #endif
#include "llvm/IR/IRBuilder.h" #include "llvm/IR/IRBuilder.h"
#include "llvm/IR/Instructions.h" #include "llvm/IR/Instructions.h"
@ -97,7 +97,7 @@ struct InsTrim : public ModulePass {
#if LLVM_VERSION_MAJOR >= 4 || \ #if LLVM_VERSION_MAJOR >= 4 || \
(LLVM_VERSION_MAJOR == 4 && LLVM_VERSION_PATCH >= 1) (LLVM_VERSION_MAJOR == 4 && LLVM_VERSION_PATCH >= 1)
#define AFL_HAVE_VECTOR_INTRINSICS 1 # define AFL_HAVE_VECTOR_INTRINSICS 1
#endif #endif
bool runOnModule(Module &M) override { bool runOnModule(Module &M) override {
@ -137,13 +137,13 @@ struct InsTrim : public ModulePass {
getenv("AFL_LLVM_SKIPSINGLEBLOCK")) getenv("AFL_LLVM_SKIPSINGLEBLOCK"))
function_minimum_size = 2; function_minimum_size = 2;
unsigned PrevLocSize = 0; unsigned int PrevLocSize = 0;
char * ngram_size_str = getenv("AFL_LLVM_NGRAM_SIZE"); char * ngram_size_str = getenv("AFL_LLVM_NGRAM_SIZE");
if (!ngram_size_str) ngram_size_str = getenv("AFL_NGRAM_SIZE"); if (!ngram_size_str) ngram_size_str = getenv("AFL_NGRAM_SIZE");
char *ctx_str = getenv("AFL_LLVM_CTX"); char *ctx_str = getenv("AFL_LLVM_CTX");
#ifdef AFL_HAVE_VECTOR_INTRINSICS #ifdef AFL_HAVE_VECTOR_INTRINSICS
int ngram_size = 0; unsigned int ngram_size = 0;
/* Decide previous location vector size (must be a power of two) */ /* Decide previous location vector size (must be a power of two) */
VectorType *PrevLocTy; VectorType *PrevLocTy;
@ -196,17 +196,17 @@ struct InsTrim : public ModulePass {
#ifdef AFL_HAVE_VECTOR_INTRINSICS #ifdef AFL_HAVE_VECTOR_INTRINSICS
if (ngram_size) if (ngram_size)
#ifdef __ANDROID__ # ifdef __ANDROID__
AFLPrevLoc = new GlobalVariable( AFLPrevLoc = new GlobalVariable(
M, PrevLocTy, /* isConstant */ false, GlobalValue::ExternalLinkage, M, PrevLocTy, /* isConstant */ false, GlobalValue::ExternalLinkage,
/* Initializer */ nullptr, "__afl_prev_loc"); /* Initializer */ nullptr, "__afl_prev_loc");
#else # else
AFLPrevLoc = new GlobalVariable( AFLPrevLoc = new GlobalVariable(
M, PrevLocTy, /* isConstant */ false, GlobalValue::ExternalLinkage, M, PrevLocTy, /* isConstant */ false, GlobalValue::ExternalLinkage,
/* Initializer */ nullptr, "__afl_prev_loc", /* Initializer */ nullptr, "__afl_prev_loc",
/* InsertBefore */ nullptr, GlobalVariable::GeneralDynamicTLSModel, /* InsertBefore */ nullptr, GlobalVariable::GeneralDynamicTLSModel,
/* AddressSpace */ 0, /* IsExternallyInitialized */ false); /* AddressSpace */ 0, /* IsExternallyInitialized */ false);
#endif # endif
else else
#endif #endif
#ifdef __ANDROID__ #ifdef __ANDROID__

4
llvm_mode/MarkNodes.cc
View File

@ -15,9 +15,9 @@ typedef long double max_align_t;
#include "llvm/IR/BasicBlock.h" #include "llvm/IR/BasicBlock.h"
#if LLVM_VERSION_MAJOR > 3 || \ #if LLVM_VERSION_MAJOR > 3 || \
(LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4)
#include "llvm/IR/CFG.h" # include "llvm/IR/CFG.h"
#else #else
#include "llvm/Support/CFG.h" # include "llvm/Support/CFG.h"
#endif #endif
#include "llvm/IR/Constants.h" #include "llvm/IR/Constants.h"
#include "llvm/IR/Function.h" #include "llvm/IR/Function.h"

8
llvm_mode/afl-llvm-common.h
View File

@ -25,11 +25,11 @@ typedef long double max_align_t;
#if LLVM_VERSION_MAJOR > 3 || \ #if LLVM_VERSION_MAJOR > 3 || \
(LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4)
#include "llvm/IR/DebugInfo.h" # include "llvm/IR/DebugInfo.h"
#include "llvm/IR/CFG.h" # include "llvm/IR/CFG.h"
#else #else
#include "llvm/DebugInfo.h" # include "llvm/DebugInfo.h"
#include "llvm/Support/CFG.h" # include "llvm/Support/CFG.h"
#endif #endif
char * getBBName(const llvm::BasicBlock *BB); char * getBBName(const llvm::BasicBlock *BB);

16
llvm_mode/afl-llvm-pass.so.cc
View File

@ -54,11 +54,11 @@ typedef long double max_align_t;
#if LLVM_VERSION_MAJOR > 3 || \ #if LLVM_VERSION_MAJOR > 3 || \
(LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4)
#include "llvm/IR/DebugInfo.h" # include "llvm/IR/DebugInfo.h"
#include "llvm/IR/CFG.h" # include "llvm/IR/CFG.h"
#else #else
#include "llvm/DebugInfo.h" # include "llvm/DebugInfo.h"
#include "llvm/Support/CFG.h" # include "llvm/Support/CFG.h"
#endif #endif
#include "afl-llvm-common.h" #include "afl-llvm-common.h"
@ -115,7 +115,7 @@ uint64_t PowerOf2Ceil(unsigned in) {
/* #if LLVM_VERSION_STRING >= "4.0.1" */ /* #if LLVM_VERSION_STRING >= "4.0.1" */
#if LLVM_VERSION_MAJOR >= 4 || \ #if LLVM_VERSION_MAJOR >= 4 || \
(LLVM_VERSION_MAJOR == 4 && LLVM_VERSION_PATCH >= 1) (LLVM_VERSION_MAJOR == 4 && LLVM_VERSION_PATCH >= 1)
#define AFL_HAVE_VECTOR_INTRINSICS 1 # define AFL_HAVE_VECTOR_INTRINSICS 1
#endif #endif
bool AFLCoverage::runOnModule(Module &M) { bool AFLCoverage::runOnModule(Module &M) {
@ -242,17 +242,17 @@ bool AFLCoverage::runOnModule(Module &M) {
#ifdef AFL_HAVE_VECTOR_INTRINSICS #ifdef AFL_HAVE_VECTOR_INTRINSICS
if (ngram_size) if (ngram_size)
#ifdef __ANDROID__ # ifdef __ANDROID__
AFLPrevLoc = new GlobalVariable( AFLPrevLoc = new GlobalVariable(
M, PrevLocTy, /* isConstant */ false, GlobalValue::ExternalLinkage, M, PrevLocTy, /* isConstant */ false, GlobalValue::ExternalLinkage,
/* Initializer */ nullptr, "__afl_prev_loc"); /* Initializer */ nullptr, "__afl_prev_loc");
#else # else
AFLPrevLoc = new GlobalVariable( AFLPrevLoc = new GlobalVariable(
M, PrevLocTy, /* isConstant */ false, GlobalValue::ExternalLinkage, M, PrevLocTy, /* isConstant */ false, GlobalValue::ExternalLinkage,
/* Initializer */ nullptr, "__afl_prev_loc", /* Initializer */ nullptr, "__afl_prev_loc",
/* InsertBefore */ nullptr, GlobalVariable::GeneralDynamicTLSModel, /* InsertBefore */ nullptr, GlobalVariable::GeneralDynamicTLSModel,
/* AddressSpace */ 0, /* IsExternallyInitialized */ false); /* AddressSpace */ 0, /* IsExternallyInitialized */ false);
#endif # endif
else else
#endif #endif
#ifdef __ANDROID__ #ifdef __ANDROID__

22
llvm_mode/afl-llvm-rt.o.c
View File

@ -21,7 +21,7 @@
*/ */
#ifdef __ANDROID__ #ifdef __ANDROID__
#include "android-ashmem.h" # include "android-ashmem.h"
#endif #endif
#include "config.h" #include "config.h"
#include "types.h" #include "types.h"
@ -43,7 +43,7 @@
#include <sys/types.h> #include <sys/types.h>
#ifdef __linux__ #ifdef __linux__
#include "snapshot-inl.h" # include "snapshot-inl.h"
#endif #endif
/* This is a somewhat ugly hack for the experimental 'trace-pc-guard' mode. /* This is a somewhat ugly hack for the experimental 'trace-pc-guard' mode.
@ -53,7 +53,7 @@
#define CONST_PRIO 5 #define CONST_PRIO 5
#ifndef MAP_FIXED_NOREPLACE #ifndef MAP_FIXED_NOREPLACE
#define MAP_FIXED_NOREPLACE MAP_FIXED # define MAP_FIXED_NOREPLACE MAP_FIXED
#endif #endif
#include <sys/mman.h> #include <sys/mman.h>
@ -822,15 +822,15 @@ void __cmplog_ins_hook8(uint64_t arg1, uint64_t arg2) {
} }
#if defined(__APPLE__) #if defined(__APPLE__)
#pragma weak __sanitizer_cov_trace_const_cmp1 = __cmplog_ins_hook1 # pragma weak __sanitizer_cov_trace_const_cmp1 = __cmplog_ins_hook1
#pragma weak __sanitizer_cov_trace_const_cmp2 = __cmplog_ins_hook2 # pragma weak __sanitizer_cov_trace_const_cmp2 = __cmplog_ins_hook2
#pragma weak __sanitizer_cov_trace_const_cmp4 = __cmplog_ins_hook4 # pragma weak __sanitizer_cov_trace_const_cmp4 = __cmplog_ins_hook4
#pragma weak __sanitizer_cov_trace_const_cmp8 = __cmplog_ins_hook8 # pragma weak __sanitizer_cov_trace_const_cmp8 = __cmplog_ins_hook8
#pragma weak __sanitizer_cov_trace_cmp1 = __cmplog_ins_hook1 # pragma weak __sanitizer_cov_trace_cmp1 = __cmplog_ins_hook1
#pragma weak __sanitizer_cov_trace_cmp2 = __cmplog_ins_hook2 # pragma weak __sanitizer_cov_trace_cmp2 = __cmplog_ins_hook2
#pragma weak __sanitizer_cov_trace_cmp4 = __cmplog_ins_hook4 # pragma weak __sanitizer_cov_trace_cmp4 = __cmplog_ins_hook4
#pragma weak __sanitizer_cov_trace_cmp8 = __cmplog_ins_hook8 # pragma weak __sanitizer_cov_trace_cmp8 = __cmplog_ins_hook8
#else #else
void __sanitizer_cov_trace_const_cmp1(uint8_t arg1, uint8_t arg2) void __sanitizer_cov_trace_const_cmp1(uint8_t arg1, uint8_t arg2)
__attribute__((alias("__cmplog_ins_hook1"))); __attribute__((alias("__cmplog_ins_hook1")));

10
llvm_mode/cmplog-instructions-pass.cc
View File

@ -38,12 +38,12 @@
#if LLVM_VERSION_MAJOR > 3 || \ #if LLVM_VERSION_MAJOR > 3 || \
(LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4)
#include "llvm/IR/Verifier.h" # include "llvm/IR/Verifier.h"
#include "llvm/IR/DebugInfo.h" # include "llvm/IR/DebugInfo.h"
#else #else
#include "llvm/Analysis/Verifier.h" # include "llvm/Analysis/Verifier.h"
#include "llvm/DebugInfo.h" # include "llvm/DebugInfo.h"
#define nullptr 0 # define nullptr 0
#endif #endif
#include <set> #include <set>

10
llvm_mode/cmplog-routines-pass.cc
View File

@ -38,12 +38,12 @@
#if LLVM_VERSION_MAJOR > 3 || \ #if LLVM_VERSION_MAJOR > 3 || \
(LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4)
#include "llvm/IR/Verifier.h" # include "llvm/IR/Verifier.h"
#include "llvm/IR/DebugInfo.h" # include "llvm/IR/DebugInfo.h"
#else #else
#include "llvm/Analysis/Verifier.h" # include "llvm/Analysis/Verifier.h"
#include "llvm/DebugInfo.h" # include "llvm/DebugInfo.h"
#define nullptr 0 # define nullptr 0
#endif #endif
#include <set> #include <set>

10
llvm_mode/compare-transform-pass.so.cc
View File

@ -38,12 +38,12 @@
#if LLVM_VERSION_MAJOR > 3 || \ #if LLVM_VERSION_MAJOR > 3 || \
(LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4)
#include "llvm/IR/Verifier.h" # include "llvm/IR/Verifier.h"
#include "llvm/IR/DebugInfo.h" # include "llvm/IR/DebugInfo.h"
#else #else
#include "llvm/Analysis/Verifier.h" # include "llvm/Analysis/Verifier.h"
#include "llvm/DebugInfo.h" # include "llvm/DebugInfo.h"
#define nullptr 0 # define nullptr 0
#endif #endif
#include <set> #include <set>

10
llvm_mode/split-compares-pass.so.cc
View File

@ -37,12 +37,12 @@
#include "llvm/IR/IRBuilder.h" #include "llvm/IR/IRBuilder.h"
#if LLVM_VERSION_MAJOR > 3 || \ #if LLVM_VERSION_MAJOR > 3 || \
(LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4)
#include "llvm/IR/Verifier.h" # include "llvm/IR/Verifier.h"
#include "llvm/IR/DebugInfo.h" # include "llvm/IR/DebugInfo.h"
#else #else
#include "llvm/Analysis/Verifier.h" # include "llvm/Analysis/Verifier.h"
#include "llvm/DebugInfo.h" # include "llvm/DebugInfo.h"
#define nullptr 0 # define nullptr 0
#endif #endif
using namespace llvm; using namespace llvm;

10
llvm_mode/split-switches-pass.so.cc
View File

@ -40,12 +40,12 @@
#include "llvm/IR/IRBuilder.h" #include "llvm/IR/IRBuilder.h"
#if LLVM_VERSION_MAJOR > 3 || \ #if LLVM_VERSION_MAJOR > 3 || \
(LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4)
#include "llvm/IR/Verifier.h" # include "llvm/IR/Verifier.h"
#include "llvm/IR/DebugInfo.h" # include "llvm/IR/DebugInfo.h"
#else #else
#include "llvm/Analysis/Verifier.h" # include "llvm/Analysis/Verifier.h"
#include "llvm/DebugInfo.h" # include "llvm/DebugInfo.h"
#define nullptr 0 # define nullptr 0
#endif #endif
#include <set> #include <set>

18
qbdi_mode/template.cpp
View File

@ -11,7 +11,7 @@
#include <dlfcn.h> #include <dlfcn.h>
#ifdef __ANDROID__ #ifdef __ANDROID__
#include "../include/android-ashmem.h" # include "../include/android-ashmem.h"
#endif #endif
#include <sys/ipc.h> #include <sys/ipc.h>
@ -23,15 +23,15 @@
/* NeverZero */ /* NeverZero */
#if (defined(__x86_64__) || defined(__i386__)) && defined(AFL_QEMU_NOT_ZERO) #if (defined(__x86_64__) || defined(__i386__)) && defined(AFL_QEMU_NOT_ZERO)
#define INC_AFL_AREA(loc) \ # define INC_AFL_AREA(loc) \
asm volatile( \ asm volatile( \
"incb (%0, %1, 1)\n" \ "incb (%0, %1, 1)\n" \
"adcb $0, (%0, %1, 1)\n" \ "adcb $0, (%0, %1, 1)\n" \
: /* no out */ \ : /* no out */ \
: "r"(afl_area_ptr), "r"(loc) \ : "r"(afl_area_ptr), "r"(loc) \
: "memory", "eax") : "memory", "eax")
#else #else
#define INC_AFL_AREA(loc) afl_area_ptr[loc]++ # define INC_AFL_AREA(loc) afl_area_ptr[loc]++
#endif #endif
using namespace QBDI; using namespace QBDI;

4
qemu_mode/libcompcov/libcompcov.so.c
View File

@ -20,7 +20,7 @@
*/ */
#ifndef _GNU_SOURCE #ifndef _GNU_SOURCE
#define _GNU_SOURCE # define _GNU_SOURCE
#endif #endif
#include <dlfcn.h> #include <dlfcn.h>
#include <stdio.h> #include <stdio.h>
@ -36,7 +36,7 @@
#include "pmparser.h" #include "pmparser.h"
#ifndef __linux__ #ifndef __linux__
#error "Sorry, this library is Linux-specific for now!" # error "Sorry, this library is Linux-specific for now!"
#endif /* !__linux__ */ #endif /* !__linux__ */
/* Change this value to tune the compare coverage */ /* Change this value to tune the compare coverage */

24
qemu_mode/patches/afl-qemu-common.h
View File

@ -40,27 +40,27 @@
#define PERSISTENT_DEFAULT_MAX_CNT 1000 #define PERSISTENT_DEFAULT_MAX_CNT 1000
#ifdef CPU_NB_REGS #ifdef CPU_NB_REGS
#define AFL_REGS_NUM CPU_NB_REGS # define AFL_REGS_NUM CPU_NB_REGS
#elif TARGET_ARM #elif TARGET_ARM
#define AFL_REGS_NUM 32 # define AFL_REGS_NUM 32
#elif TARGET_AARCH64 #elif TARGET_AARCH64
#define AFL_REGS_NUM 32 # define AFL_REGS_NUM 32
#else #else
#define AFL_REGS_NUM 100 # define AFL_REGS_NUM 100
#endif #endif
/* NeverZero */ /* NeverZero */
#if (defined(__x86_64__) || defined(__i386__)) && defined(AFL_QEMU_NOT_ZERO) #if (defined(__x86_64__) || defined(__i386__)) && defined(AFL_QEMU_NOT_ZERO)
#define INC_AFL_AREA(loc) \ # define INC_AFL_AREA(loc) \
asm volatile( \ asm volatile( \
"incb (%0, %1, 1)\n" \ "incb (%0, %1, 1)\n" \
"adcb $0, (%0, %1, 1)\n" \ "adcb $0, (%0, %1, 1)\n" \
: /* no out */ \ : /* no out */ \
: "r"(afl_area_ptr), "r"(loc) \ : "r"(afl_area_ptr), "r"(loc) \
: "memory", "eax") : "memory", "eax")
#else #else
#define INC_AFL_AREA(loc) afl_area_ptr[loc]++ # define INC_AFL_AREA(loc) afl_area_ptr[loc]++
#endif #endif
typedef void (*afl_persistent_hook_fn)(uint64_t *regs, uint64_t guest_base); typedef void (*afl_persistent_hook_fn)(uint64_t *regs, uint64_t guest_base);

2
qemu_mode/patches/afl-qemu-cpu-inl.h
View File

@ -35,7 +35,7 @@
#include "afl-qemu-common.h" #include "afl-qemu-common.h"
#ifndef AFL_QEMU_STATIC_BUILD #ifndef AFL_QEMU_STATIC_BUILD
#include <dlfcn.h> # include <dlfcn.h>
#endif #endif
/*************************** /***************************

4
qemu_mode/patches/afl-qemu-cpu-translate-inl.h
View File

@ -36,9 +36,9 @@
#include "tcg-op.h" #include "tcg-op.h"
#if TCG_TARGET_REG_BITS == 64 #if TCG_TARGET_REG_BITS == 64
#define _DEFAULT_MO MO_64 # define _DEFAULT_MO MO_64
#else #else
#define _DEFAULT_MO MO_32 # define _DEFAULT_MO MO_32
#endif #endif
static void afl_gen_compcov(target_ulong cur_loc, TCGv arg1, TCGv arg2, static void afl_gen_compcov(target_ulong cur_loc, TCGv arg1, TCGv arg2,

2
src/afl-analyze.c
View File

@ -27,7 +27,7 @@
#define AFL_MAIN #define AFL_MAIN
#ifdef __ANDROID__ #ifdef __ANDROID__
#include "android-ashmem.h" # include "android-ashmem.h"
#endif #endif
#include "config.h" #include "config.h"
#include "types.h" #include "types.h"

6
src/afl-as.c
View File

@ -79,9 +79,9 @@ static u8 use_64bit = 1;
static u8 use_64bit = 0; static u8 use_64bit = 0;
#ifdef __APPLE__ # ifdef __APPLE__
#error "Sorry, 32-bit Apple platforms are not supported." # error "Sorry, 32-bit Apple platforms are not supported."
#endif /* __APPLE__ */ # endif /* __APPLE__ */
#endif /* ^WORD_SIZE_64 */ #endif /* ^WORD_SIZE_64 */

2
src/afl-common.c
View File

@ -34,7 +34,7 @@
/* Detect @@ in args. */ /* Detect @@ in args. */
#ifndef __glibc__ #ifndef __glibc__
#include <unistd.h> # include <unistd.h>
#endif #endif
#include <limits.h> #include <limits.h>
#include <sys/types.h> #include <sys/types.h>

68
src/afl-fuzz-init.c
View File

@ -33,11 +33,11 @@
void bind_to_free_cpu(afl_state_t *afl) { void bind_to_free_cpu(afl_state_t *afl) {
#if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) # if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__)
cpu_set_t c; cpu_set_t c;
#elif defined(__NetBSD__) # elif defined(__NetBSD__)
cpuset_t * c; cpuset_t * c;
#endif # endif
u8 cpu_used[4096] = {0}; u8 cpu_used[4096] = {0};
u32 i; u32 i;
@ -51,7 +51,7 @@ void bind_to_free_cpu(afl_state_t *afl) {
} }
#if defined(__linux__) # if defined(__linux__)
DIR * d; DIR * d;
struct dirent *de; struct dirent *de;
d = opendir("/proc"); d = opendir("/proc");
@ -112,7 +112,7 @@ void bind_to_free_cpu(afl_state_t *afl) {
} }
closedir(d); closedir(d);
#elif defined(__FreeBSD__) || defined(__DragonFly__) # elif defined(__FreeBSD__) || defined(__DragonFly__)
struct kinfo_proc *procs; struct kinfo_proc *procs;
size_t nprocs; size_t nprocs;
size_t proccount; size_t proccount;
@ -133,7 +133,7 @@ void bind_to_free_cpu(afl_state_t *afl) {
for (i = 0; i < proccount; i++) { for (i = 0; i < proccount; i++) {
#if defined(__FreeBSD__) # if defined(__FreeBSD__)
if (!strcmp(procs[i].ki_comm, "idle")) continue; if (!strcmp(procs[i].ki_comm, "idle")) continue;
// fix when ki_oncpu = -1 // fix when ki_oncpu = -1
@ -143,16 +143,16 @@ void bind_to_free_cpu(afl_state_t *afl) {
if (oncpu != -1 && oncpu < sizeof(cpu_used) && procs[i].ki_pctcpu > 60) if (oncpu != -1 && oncpu < sizeof(cpu_used) && procs[i].ki_pctcpu > 60)
cpu_used[oncpu] = 1; cpu_used[oncpu] = 1;
#elif defined(__DragonFly__) # elif defined(__DragonFly__)
if (procs[i].kp_lwp.kl_cpuid < sizeof(cpu_used) && if (procs[i].kp_lwp.kl_cpuid < sizeof(cpu_used) &&
procs[i].kp_lwp.kl_pctcpu > 10) procs[i].kp_lwp.kl_pctcpu > 10)
cpu_used[procs[i].kp_lwp.kl_cpuid] = 1; cpu_used[procs[i].kp_lwp.kl_cpuid] = 1;
#endif # endif
} }
ck_free(procs); ck_free(procs);
#elif defined(__NetBSD__) # elif defined(__NetBSD__)
struct kinfo_proc2 *procs; struct kinfo_proc2 *procs;
size_t nprocs; size_t nprocs;
size_t proccount; size_t proccount;
@ -181,15 +181,15 @@ void bind_to_free_cpu(afl_state_t *afl) {
} }
ck_free(procs); ck_free(procs);
#else # else
#warning \ # warning \
"For this platform we do not have free CPU binding code yet. If possible, please supply a PR to https://github.com/AFLplusplus/AFLplusplus" "For this platform we do not have free CPU binding code yet. If possible, please supply a PR to https://github.com/AFLplusplus/AFLplusplus"
#endif # endif
size_t cpu_start = 0; size_t cpu_start = 0;
try: try:
#ifndef __ANDROID__ # ifndef __ANDROID__
for (i = cpu_start; i < afl->cpu_core_count; i++) { for (i = cpu_start; i < afl->cpu_core_count; i++) {
if (!cpu_used[i]) { break; } if (!cpu_used[i]) { break; }
@ -198,12 +198,12 @@ void bind_to_free_cpu(afl_state_t *afl) {
if (i == afl->cpu_core_count) { if (i == afl->cpu_core_count) {
#else # else
for (i = afl->cpu_core_count - cpu_start - 1; i > -1; i--) for (i = afl->cpu_core_count - cpu_start - 1; i > -1; i--)
if (!cpu_used[i]) break; if (!cpu_used[i]) break;
if (i == -1) { if (i == -1) {
#endif # endif
SAYF("\n" cLRD "[-] " cRST SAYF("\n" cLRD "[-] " cRST
"Uh-oh, looks like all %d CPU cores on your system are allocated to\n" "Uh-oh, looks like all %d CPU cores on your system are allocated to\n"
@ -221,16 +221,16 @@ void bind_to_free_cpu(afl_state_t *afl) {
afl->cpu_aff = i; afl->cpu_aff = i;
#if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) # if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__)
CPU_ZERO(&c); CPU_ZERO(&c);
CPU_SET(i, &c); CPU_SET(i, &c);
#elif defined(__NetBSD__) # elif defined(__NetBSD__)
c = cpuset_create(); c = cpuset_create();
if (c == NULL) PFATAL("cpuset_create failed"); if (c == NULL) PFATAL("cpuset_create failed");
cpuset_set(i, c); cpuset_set(i, c);
#endif # endif
#if defined(__linux__) # if defined(__linux__)
if (sched_setaffinity(0, sizeof(c), &c)) { if (sched_setaffinity(0, sizeof(c), &c)) {
if (cpu_start == afl->cpu_core_count) { if (cpu_start == afl->cpu_core_count) {
@ -246,7 +246,7 @@ void bind_to_free_cpu(afl_state_t *afl) {
} }
#elif defined(__FreeBSD__) || defined(__DragonFly__) # elif defined(__FreeBSD__) || defined(__DragonFly__)
if (pthread_setaffinity_np(pthread_self(), sizeof(c), &c)) { if (pthread_setaffinity_np(pthread_self(), sizeof(c), &c)) {
if (cpu_start == afl->cpu_core_count) if (cpu_start == afl->cpu_core_count)
@ -258,7 +258,7 @@ void bind_to_free_cpu(afl_state_t *afl) {
} }
#elif defined(__NetBSD__) # elif defined(__NetBSD__)
if (pthread_setaffinity_np(pthread_self(), cpuset_size(c), c)) { if (pthread_setaffinity_np(pthread_self(), cpuset_size(c), c)) {
if (cpu_start == afl->cpu_core_count) if (cpu_start == afl->cpu_core_count)
@ -271,10 +271,10 @@ if (pthread_setaffinity_np(pthread_self(), cpuset_size(c), c)) {
} }
cpuset_destroy(c); cpuset_destroy(c);
#else # else
// this will need something for other platforms // this will need something for other platforms
// TODO: Solaris/Illumos has processor_bind ... might worth a try // TODO: Solaris/Illumos has processor_bind ... might worth a try
#endif # endif
} }
@ -1565,7 +1565,7 @@ void check_crash_handling(void) {
until I get a box to test the code. So, for now, we check for crash until I get a box to test the code. So, for now, we check for crash
reporting the awful way. */ reporting the awful way. */
#if !TARGET_OS_IPHONE # if !TARGET_OS_IPHONE
if (system("launchctl list 2>/dev/null | grep -q '\\.ReportCrash$'")) return; if (system("launchctl list 2>/dev/null | grep -q '\\.ReportCrash$'")) return;
SAYF( SAYF(
@ -1583,7 +1583,7 @@ void check_crash_handling(void) {
" launchctl unload -w ${SL}/LaunchAgents/${PL}.plist\n" " launchctl unload -w ${SL}/LaunchAgents/${PL}.plist\n"
" sudo launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist\n"); " sudo launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist\n");
#endif # endif
if (!get_afl_env("AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES")) if (!get_afl_env("AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES"))
FATAL("Crash reporter detected"); FATAL("Crash reporter detected");
@ -1778,26 +1778,26 @@ void get_core_count(afl_state_t *afl) {
/* On *BSD systems, we can just use a sysctl to get the number of CPUs. */ /* On *BSD systems, we can just use a sysctl to get the number of CPUs. */
#ifdef __APPLE__ # ifdef __APPLE__
if (sysctlbyname("hw.logicalcpu", &afl->cpu_core_count, &s, NULL, 0) < 0) if (sysctlbyname("hw.logicalcpu", &afl->cpu_core_count, &s, NULL, 0) < 0)
return; return;
#else # else
int s_name[2] = {CTL_HW, HW_NCPU}; int s_name[2] = {CTL_HW, HW_NCPU};
if (sysctl(s_name, 2, &afl->cpu_core_count, &s, NULL, 0) < 0) return; if (sysctl(s_name, 2, &afl->cpu_core_count, &s, NULL, 0) < 0) return;
#endif /* ^__APPLE__ */ # endif /* ^__APPLE__ */
#else #else
#ifdef HAVE_AFFINITY # ifdef HAVE_AFFINITY
afl->cpu_core_count = sysconf(_SC_NPROCESSORS_ONLN); afl->cpu_core_count = sysconf(_SC_NPROCESSORS_ONLN);
#else # else
FILE *f = fopen("/proc/stat", "r"); FILE *f = fopen("/proc/stat", "r");
u8 tmp[1024]; u8 tmp[1024];
@ -1809,7 +1809,7 @@ void get_core_count(afl_state_t *afl) {
fclose(f); fclose(f);
#endif /* ^HAVE_AFFINITY */ # endif /* ^HAVE_AFFINITY */
#endif /* ^(__APPLE__ || __FreeBSD__ || __OpenBSD__) */ #endif /* ^(__APPLE__ || __FreeBSD__ || __OpenBSD__) */
@ -2102,12 +2102,12 @@ void check_binary(afl_state_t *afl, u8 *fname) {
#else #else
#if !defined(__arm__) && !defined(__arm64__) # if !defined(__arm__) && !defined(__arm64__)
if ((f_data[0] != 0xCF || f_data[1] != 0xFA || f_data[2] != 0xED) && if ((f_data[0] != 0xCF || f_data[1] != 0xFA || f_data[2] != 0xED) &&
(f_data[0] != 0xCA || f_data[1] != 0xFE || f_data[2] != 0xBA)) (f_data[0] != 0xCA || f_data[1] != 0xFE || f_data[2] != 0xBA))
FATAL("Program '%s' is not a 64-bit or universal Mach-O binary", FATAL("Program '%s' is not a 64-bit or universal Mach-O binary",
afl->fsrv.target_path); afl->fsrv.target_path);
#endif # endif
#endif /* ^!__APPLE__ */ #endif /* ^!__APPLE__ */

62
src/afl-fuzz-python.c
View File

@ -37,9 +37,9 @@ static void *unsupported(afl_state_t *afl, unsigned int seed) {
/* sorry for this makro... /* sorry for this makro...
it just fills in `&py_mutator->something_buf, &py_mutator->something_size`. */ it just fills in `&py_mutator->something_buf, &py_mutator->something_size`. */
#define BUF_PARAMS(name) \ # define BUF_PARAMS(name) \
(void **)&((py_mutator_t *)py_mutator)->name##_buf, \ (void **)&((py_mutator_t *)py_mutator)->name##_buf, \
&((py_mutator_t *)py_mutator)->name##_size &((py_mutator_t *)py_mutator)->name##_size
static size_t fuzz_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf, static size_t fuzz_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf,
u8 *add_buf, size_t add_buf_size, size_t max_size) { u8 *add_buf, size_t add_buf_size, size_t max_size) {
@ -72,11 +72,11 @@ static size_t fuzz_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf,
PyTuple_SetItem(py_args, 1, py_value); PyTuple_SetItem(py_args, 1, py_value);
/* max_size */ /* max_size */
#if PY_MAJOR_VERSION >= 3 # if PY_MAJOR_VERSION >= 3
py_value = PyLong_FromLong(max_size); py_value = PyLong_FromLong(max_size);
#else # else
py_value = PyInt_FromLong(max_size); py_value = PyInt_FromLong(max_size);
#endif # endif
if (!py_value) { if (!py_value) {
Py_DECREF(py_args); Py_DECREF(py_args);
@ -118,11 +118,11 @@ static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) {
Py_Initialize(); Py_Initialize();
#if PY_MAJOR_VERSION >= 3 # if PY_MAJOR_VERSION >= 3
PyObject *py_name = PyUnicode_FromString(module_name); PyObject *py_name = PyUnicode_FromString(module_name);
#else # else
PyObject *py_name = PyString_FromString(module_name); PyObject *py_name = PyString_FromString(module_name);
#endif # endif
py->py_module = PyImport_Import(py_name); py->py_module = PyImport_Import(py_name);
Py_DECREF(py_name); Py_DECREF(py_name);
@ -243,11 +243,11 @@ static void init_py(afl_state_t *afl, py_mutator_t *py_mutator,
/* Provide the init function a seed for the Python RNG */ /* Provide the init function a seed for the Python RNG */
py_args = PyTuple_New(1); py_args = PyTuple_New(1);
#if PY_MAJOR_VERSION >= 3 # if PY_MAJOR_VERSION >= 3
py_value = PyLong_FromLong(seed); py_value = PyLong_FromLong(seed);
#else # else
py_value = PyInt_FromLong(seed); py_value = PyInt_FromLong(seed);
#endif # endif
if (!py_value) { if (!py_value) {
@ -440,11 +440,11 @@ s32 init_trim_py(void *py_mutator, u8 *buf, size_t buf_size) {
if (py_value != NULL) { if (py_value != NULL) {
#if PY_MAJOR_VERSION >= 3 # if PY_MAJOR_VERSION >= 3
u32 retcnt = (u32)PyLong_AsLong(py_value); u32 retcnt = (u32)PyLong_AsLong(py_value);
#else # else
u32 retcnt = PyInt_AsLong(py_value); u32 retcnt = PyInt_AsLong(py_value);
#endif # endif
Py_DECREF(py_value); Py_DECREF(py_value);
return retcnt; return retcnt;
@ -479,11 +479,11 @@ s32 post_trim_py(void *py_mutator, u8 success) {
if (py_value != NULL) { if (py_value != NULL) {
#if PY_MAJOR_VERSION >= 3 # if PY_MAJOR_VERSION >= 3
u32 retcnt = (u32)PyLong_AsLong(py_value); u32 retcnt = (u32)PyLong_AsLong(py_value);
#else # else
u32 retcnt = PyInt_AsLong(py_value); u32 retcnt = PyInt_AsLong(py_value);
#endif # endif
Py_DECREF(py_value); Py_DECREF(py_value);
return retcnt; return retcnt;
@ -543,11 +543,11 @@ size_t havoc_mutation_py(void *py_mutator, u8 *buf, size_t buf_size,
PyTuple_SetItem(py_args, 0, py_value); PyTuple_SetItem(py_args, 0, py_value);
/* max_size */ /* max_size */
#if PY_MAJOR_VERSION >= 3 # if PY_MAJOR_VERSION >= 3
py_value = PyLong_FromLong(max_size); py_value = PyLong_FromLong(max_size);
#else # else
py_value = PyInt_FromLong(max_size); py_value = PyInt_FromLong(max_size);
#endif # endif
if (!py_value) { if (!py_value) {
Py_DECREF(py_args); Py_DECREF(py_args);
@ -625,11 +625,11 @@ u8 queue_get_py(void *py_mutator, const u8 *filename) {
py_args = PyTuple_New(1); py_args = PyTuple_New(1);
// File name // File name
#if PY_MAJOR_VERSION >= 3 # if PY_MAJOR_VERSION >= 3
py_value = PyUnicode_FromString(filename); py_value = PyUnicode_FromString(filename);
#else # else
py_value = PyString_FromString(filename); py_value = PyString_FromString(filename);
#endif # endif
if (!py_value) { if (!py_value) {
Py_DECREF(py_args); Py_DECREF(py_args);
@ -675,11 +675,11 @@ void queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue,
py_args = PyTuple_New(2); py_args = PyTuple_New(2);
// New queue // New queue
#if PY_MAJOR_VERSION >= 3 # if PY_MAJOR_VERSION >= 3
py_value = PyUnicode_FromString(filename_new_queue); py_value = PyUnicode_FromString(filename_new_queue);
#else # else
py_value = PyString_FromString(filename_new_queue); py_value = PyString_FromString(filename_new_queue);
#endif # endif
if (!py_value) { if (!py_value) {
Py_DECREF(py_args); Py_DECREF(py_args);
@ -693,11 +693,11 @@ void queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue,
py_value = Py_None; py_value = Py_None;
if (filename_orig_queue) { if (filename_orig_queue) {
#if PY_MAJOR_VERSION >= 3 # if PY_MAJOR_VERSION >= 3
py_value = PyUnicode_FromString(filename_orig_queue); py_value = PyUnicode_FromString(filename_orig_queue);
#else # else
py_value = PyString_FromString(filename_orig_queue); py_value = PyString_FromString(filename_orig_queue);
#endif # endif
if (!py_value) { if (!py_value) {
Py_DECREF(py_args); Py_DECREF(py_args);
@ -724,7 +724,7 @@ void queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue,
} }
#undef BUF_PARAMS # undef BUF_PARAMS
#endif /* USE_PYTHON */ #endif /* USE_PYTHON */

12
src/afl-fuzz.c
View File

@ -853,7 +853,7 @@ int main(int argc, char **argv_orig, char **envp) {
} }
#if defined(__SANITIZE_ADDRESS__) # if defined(__SANITIZE_ADDRESS__)
if (afl->fsrv.mem_limit) { if (afl->fsrv.mem_limit) {
WARNF("in the ASAN build we disable all memory limits"); WARNF("in the ASAN build we disable all memory limits");
@ -861,7 +861,7 @@ int main(int argc, char **argv_orig, char **envp) {
} }
#endif # endif
setup_signal_handlers(); setup_signal_handlers();
check_asan_opts(); check_asan_opts();
@ -1054,9 +1054,9 @@ int main(int argc, char **argv_orig, char **envp) {
get_core_count(afl); get_core_count(afl);
#ifdef HAVE_AFFINITY # ifdef HAVE_AFFINITY
bind_to_free_cpu(afl); bind_to_free_cpu(afl);
#endif /* HAVE_AFFINITY */ # endif /* HAVE_AFFINITY */
check_crash_handling(); check_crash_handling();
check_cpu_governor(afl); check_cpu_governor(afl);
@ -1352,12 +1352,12 @@ stop_fuzzing:
} }
#ifdef PROFILING # ifdef PROFILING
SAYF(cYEL "[!] " cRST SAYF(cYEL "[!] " cRST
"Profiling information: %llu ms total work, %llu ns/run\n", "Profiling information: %llu ms total work, %llu ns/run\n",
time_spent_working / 1000000, time_spent_working / 1000000,
time_spent_working / afl->fsrv.total_execs); time_spent_working / afl->fsrv.total_execs);
#endif # endif
fclose(afl->fsrv.plot_file); fclose(afl->fsrv.plot_file);
destroy_queue(afl); destroy_queue(afl);

56
src/afl-gotcpu.c
View File

@ -32,11 +32,11 @@
#define AFL_MAIN #define AFL_MAIN
#ifndef _GNU_SOURCE #ifndef _GNU_SOURCE
#define _GNU_SOURCE # define _GNU_SOURCE
#endif #endif
#ifdef __ANDROID__ #ifdef __ANDROID__
#include "android-ashmem.h" # include "android-ashmem.h"
#endif #endif
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
@ -55,22 +55,22 @@
#if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__) || \ #if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__) || \
defined(__APPLE__) || defined(__DragonFly__) defined(__APPLE__) || defined(__DragonFly__)
#define HAVE_AFFINITY 1 # define HAVE_AFFINITY 1
#if defined(__FreeBSD__) || defined(__DragonFly__) # if defined(__FreeBSD__) || defined(__DragonFly__)
#include <pthread.h> # include <pthread.h>
#include <pthread_np.h> # include <pthread_np.h>
#if defined(__FreeBSD__) # if defined(__FreeBSD__)
#include <sys/cpuset.h> # include <sys/cpuset.h>
#endif # endif
#define cpu_set_t cpuset_t # define cpu_set_t cpuset_t
#elif defined(__NetBSD__) # elif defined(__NetBSD__)
#include <pthread.h> # include <pthread.h>
#include <sched.h> # include <sched.h>
#elif defined(__APPLE__) # elif defined(__APPLE__)
#include <pthread.h> # include <pthread.h>
#include <mach/thread_act.h> # include <mach/thread_act.h>
#include <mach/thread_policy.h> # include <mach/thread_policy.h>
#endif # endif
#endif /* __linux__ || __FreeBSD__ || __NetBSD__ || __APPLE__ */ #endif /* __linux__ || __FreeBSD__ || __NetBSD__ || __APPLE__ */
/* Get CPU usage in microseconds. */ /* Get CPU usage in microseconds. */
@ -163,46 +163,46 @@ int main(int argc, char **argv) {
if (!fr) { if (!fr) {
u32 util_perc; u32 util_perc;
#if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) # if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__)
cpu_set_t c; cpu_set_t c;
CPU_ZERO(&c); CPU_ZERO(&c);
CPU_SET(i, &c); CPU_SET(i, &c);
#elif defined(__NetBSD__) # elif defined(__NetBSD__)
cpuset_t *c; cpuset_t *c;
c = cpuset_create(); c = cpuset_create();
if (c == NULL) PFATAL("cpuset_create failed"); if (c == NULL) PFATAL("cpuset_create failed");
cpuset_set(i, c); cpuset_set(i, c);
#elif defined(__APPLE__) # elif defined(__APPLE__)
thread_affinity_policy_data_t c = {i}; thread_affinity_policy_data_t c = {i};
thread_port_t native_thread = pthread_mach_thread_np(pthread_self()); thread_port_t native_thread = pthread_mach_thread_np(pthread_self());
if (thread_policy_set(native_thread, THREAD_AFFINITY_POLICY, if (thread_policy_set(native_thread, THREAD_AFFINITY_POLICY,
(thread_policy_t)&c, 1) != KERN_SUCCESS) (thread_policy_t)&c, 1) != KERN_SUCCESS)
PFATAL("thread_policy_set failed"); PFATAL("thread_policy_set failed");
#endif # endif
#if defined(__FreeBSD__) || defined(__DragonFly__) # if defined(__FreeBSD__) || defined(__DragonFly__)
if (pthread_setaffinity_np(pthread_self(), sizeof(c), &c)) if (pthread_setaffinity_np(pthread_self(), sizeof(c), &c))
PFATAL("pthread_setaffinity_np failed"); PFATAL("pthread_setaffinity_np failed");
#endif # endif
#if defined(__NetBSD__) # if defined(__NetBSD__)
if (pthread_setaffinity_np(pthread_self(), cpuset_size(c), c)) if (pthread_setaffinity_np(pthread_self(), cpuset_size(c), c))
PFATAL("pthread_setaffinity_np failed"); PFATAL("pthread_setaffinity_np failed");
cpuset_destroy(c); cpuset_destroy(c);
#endif # endif
#if defined(__linux__) # if defined(__linux__)
if (sched_setaffinity(0, sizeof(c), &c)) { if (sched_setaffinity(0, sizeof(c), &c)) {
PFATAL("sched_setaffinity failed for cpu %d", i); PFATAL("sched_setaffinity failed for cpu %d", i);
} }
#endif # endif
util_perc = measure_preemption(CTEST_CORE_TRG_MS); util_perc = measure_preemption(CTEST_CORE_TRG_MS);

6
src/afl-sharedmem.c
View File

@ -27,7 +27,7 @@
#define AFL_MAIN #define AFL_MAIN
#ifdef __ANDROID__ #ifdef __ANDROID__
#include "android-ashmem.h" # include "android-ashmem.h"
#endif #endif
#include "config.h" #include "config.h"
#include "types.h" #include "types.h"
@ -56,8 +56,8 @@
#include <sys/mman.h> #include <sys/mman.h>
#ifndef USEMMAP #ifndef USEMMAP
#include <sys/ipc.h> # include <sys/ipc.h>
#include <sys/shm.h> # include <sys/shm.h>
#endif #endif
static list_t shm_list = {.element_prealloc_count = 0}; static list_t shm_list = {.element_prealloc_count = 0};

2
src/afl-showmap.c
View File

@ -32,7 +32,7 @@
#define AFL_MAIN #define AFL_MAIN
#ifdef __ANDROID__ #ifdef __ANDROID__
#include "android-ashmem.h" # include "android-ashmem.h"
#endif #endif
#include "config.h" #include "config.h"
#include "types.h" #include "types.h"

2
src/afl-tmin.c
View File

@ -30,7 +30,7 @@
#define AFL_MAIN #define AFL_MAIN
#ifdef __ANDROID__ #ifdef __ANDROID__
#include "android-ashmem.h" # include "android-ashmem.h"
#endif #endif
#include "config.h" #include "config.h"