mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-14 02:58:08 +00:00
cleanup minor issues
This commit is contained in:
van Hauser
@ -183,6 +183,8 @@ u32 count_bits_len(afl_state_t *afl, u8 *mem, u32 len) {
|
|||||||
u32 i = (len >> 2);
|
u32 i = (len >> 2);
|
||||||
u32 ret = 0;
|
u32 ret = 0;
|
||||||
|
|
||||||
|
(void)(afl);
|
||||||
|
|
||||||
if (len % 4) i++;
|
if (len % 4) i++;
|
||||||
|
|
||||||
while (i--) {
|
while (i--) {
|
||||||
@ -241,6 +243,8 @@ u32 count_bytes_len(afl_state_t *afl, u8 *mem, u32 len) {
|
|||||||
u32 i = (len >> 2);
|
u32 i = (len >> 2);
|
||||||
u32 ret = 0;
|
u32 ret = 0;
|
||||||
|
|
||||||
|
(void)(afl);
|
||||||
|
|
||||||
while (i--) {
|
while (i--) {
|
||||||
|
|
||||||
u32 v = *(ptr++);
|
u32 v = *(ptr++);
|
||||||
|
|||||||
@ -472,12 +472,12 @@ u8 fuzz_one_original(afl_state_t *afl) {
|
|||||||
|
|
||||||
ret_val = 1;
|
ret_val = 1;
|
||||||
|
|
||||||
u32 dst = 0, i;
|
s32 dst = 0, i;
|
||||||
temp_len = len = afl->queue_cur->len;
|
temp_len = len = afl->queue_cur->len;
|
||||||
|
|
||||||
fd = open(afl->queue_cur->fname, O_RDONLY);
|
fd = open(afl->queue_cur->fname, O_RDONLY);
|
||||||
afl->taint_src = mmap(0, len, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
|
afl->taint_src = mmap(0, len, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
|
||||||
if (fd < 0 || (size_t)afl->taint_src == -1)
|
if (fd < 0 || (ssize_t)afl->taint_src == -1)
|
||||||
FATAL("unable to open '%s'", afl->queue_cur->fname);
|
FATAL("unable to open '%s'", afl->queue_cur->fname);
|
||||||
close(fd);
|
close(fd);
|
||||||
afl->taint_needs_splode = 1;
|
afl->taint_needs_splode = 1;
|
||||||
@ -490,18 +490,18 @@ u8 fuzz_one_original(afl_state_t *afl) {
|
|||||||
temp_len = len = afl->taint_len = afl->queue_cur->taint_bytes_all;
|
temp_len = len = afl->taint_len = afl->queue_cur->taint_bytes_all;
|
||||||
orig_in = in_buf =
|
orig_in = in_buf =
|
||||||
mmap(0, len, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
|
mmap(0, len, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
|
||||||
if (fd < 0 || (size_t)in_buf == -1)
|
if (fd < 0 || (ssize_t)in_buf == -1)
|
||||||
FATAL("unable to open '%s'", afl->taint_input_file);
|
FATAL("unable to open '%s'", afl->taint_input_file);
|
||||||
close(fd);
|
close(fd);
|
||||||
|
|
||||||
fd = open(afl->queue_cur->fname_taint, O_RDWR);
|
fd = open(afl->queue_cur->fname_taint, O_RDWR);
|
||||||
afl->taint_map = mmap(0, afl->queue_cur->len, PROT_READ | PROT_WRITE,
|
afl->taint_map = mmap(0, afl->queue_cur->len, PROT_READ | PROT_WRITE,
|
||||||
MAP_PRIVATE, fd, 0);
|
MAP_PRIVATE, fd, 0);
|
||||||
if (fd < 0 || (size_t)in_buf == -1)
|
if (fd < 0 || (ssize_t)in_buf == -1)
|
||||||
FATAL("unable to open '%s'", afl->queue_cur->fname_taint);
|
FATAL("unable to open '%s'", afl->queue_cur->fname_taint);
|
||||||
close(fd);
|
close(fd);
|
||||||
|
|
||||||
for (i = 0; i < afl->queue_cur->len && dst < len; i++)
|
for (i = 0; i < (s32)afl->queue_cur->len && dst < len; i++)
|
||||||
if (afl->taint_map[i]) in_buf[dst++] = afl->taint_src[i];
|
if (afl->taint_map[i]) in_buf[dst++] = afl->taint_src[i];
|
||||||
|
|
||||||
break;
|
break;
|
||||||
@ -512,7 +512,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
|
|||||||
temp_len = len = afl->taint_len = afl->queue_cur->taint_bytes_new;
|
temp_len = len = afl->taint_len = afl->queue_cur->taint_bytes_new;
|
||||||
orig_in = in_buf =
|
orig_in = in_buf =
|
||||||
mmap(0, len, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
|
mmap(0, len, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
|
||||||
if (fd < 0 || (size_t)in_buf == -1)
|
if (fd < 0 || (ssize_t)in_buf == -1)
|
||||||
FATAL("unable to open '%s'", afl->taint_input_file);
|
FATAL("unable to open '%s'", afl->taint_input_file);
|
||||||
close(fd);
|
close(fd);
|
||||||
|
|
||||||
@ -520,12 +520,12 @@ u8 fuzz_one_original(afl_state_t *afl) {
|
|||||||
fd = open(fn, O_RDWR);
|
fd = open(fn, O_RDWR);
|
||||||
afl->taint_map = mmap(0, afl->queue_cur->len, PROT_READ | PROT_WRITE,
|
afl->taint_map = mmap(0, afl->queue_cur->len, PROT_READ | PROT_WRITE,
|
||||||
MAP_PRIVATE, fd, 0);
|
MAP_PRIVATE, fd, 0);
|
||||||
if (fd < 0 || (size_t)in_buf == -1)
|
if (fd < 0 || (ssize_t)in_buf == -1)
|
||||||
FATAL("unable to open '%s' for %u bytes", fn, len);
|
FATAL("unable to open '%s' for %u bytes", fn, len);
|
||||||
close(fd);
|
close(fd);
|
||||||
ck_free(fn);
|
ck_free(fn);
|
||||||
|
|
||||||
for (i = 0; i < afl->queue_cur->len && dst < len; i++)
|
for (i = 0; i < (s32)afl->queue_cur->len && dst < len; i++)
|
||||||
if (afl->taint_map[i]) in_buf[dst++] = afl->taint_src[i];
|
if (afl->taint_map[i]) in_buf[dst++] = afl->taint_src[i];
|
||||||
|
|
||||||
break;
|
break;
|
||||||
@ -2297,7 +2297,8 @@ havoc_stage:
|
|||||||
}
|
}
|
||||||
|
|
||||||
copy_to = rand_below(afl, temp_len - copy_len + 1);
|
copy_to = rand_below(afl, temp_len - copy_len + 1);
|
||||||
if (unlikely(copy_to > temp_len)) copy_to = rand_below(afl, temp_len);
|
if (unlikely(copy_to > (u32)temp_len))
|
||||||
|
copy_to = rand_below(afl, temp_len);
|
||||||
|
|
||||||
if (rand_below(afl, 4)) {
|
if (rand_below(afl, 4)) {
|
||||||
|
|
||||||
@ -2305,7 +2306,8 @@ havoc_stage:
|
|||||||
|
|
||||||
if (unlikely(afl->taint_needs_splode)) {
|
if (unlikely(afl->taint_needs_splode)) {
|
||||||
|
|
||||||
if (copy_to > temp_len) copy_to = rand_below(afl, temp_len);
|
if (copy_to > (u32)temp_len)
|
||||||
|
copy_to = rand_below(afl, temp_len);
|
||||||
|
|
||||||
// fprintf(stderr, "\nout_buf %p + copy_to %u, src %p + %u,
|
// fprintf(stderr, "\nout_buf %p + copy_to %u, src %p + %u,
|
||||||
// copy_len %u -- len %u\n", out_buf , copy_to, afl->taint_src ,
|
// copy_len %u -- len %u\n", out_buf , copy_to, afl->taint_src ,
|
||||||
|
|||||||
@ -108,7 +108,6 @@ void perform_taint_run(afl_state_t *afl, struct queue_entry *q, u8 *fname,
|
|||||||
|
|
||||||
u8 * ptr, *fn = fname;
|
u8 * ptr, *fn = fname;
|
||||||
u32 bytes = 0, plen = len;
|
u32 bytes = 0, plen = len;
|
||||||
s32 fd = -1;
|
|
||||||
struct queue_entry *prev = q->prev;
|
struct queue_entry *prev = q->prev;
|
||||||
|
|
||||||
if (plen % 4) plen = plen + 4 - (len % 4);
|
if (plen % 4) plen = plen + 4 - (len % 4);
|
||||||
@ -170,7 +169,7 @@ void perform_taint_run(afl_state_t *afl, struct queue_entry *q, u8 *fname,
|
|||||||
|
|
||||||
u8 *bufr = mmap(0, prev->len, PROT_READ, MAP_PRIVATE, r, 0);
|
u8 *bufr = mmap(0, prev->len, PROT_READ, MAP_PRIVATE, r, 0);
|
||||||
|
|
||||||
if ((size_t)bufr != -1) {
|
if ((ssize_t)bufr != -1) {
|
||||||
|
|
||||||
u32 i;
|
u32 i;
|
||||||
u8 *tmp = ck_maybe_grow(BUF_PARAMS(in_scratch), plen);
|
u8 *tmp = ck_maybe_grow(BUF_PARAMS(in_scratch), plen);
|
||||||
|
|||||||
@ -883,7 +883,7 @@ u8 common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) {
|
|||||||
u8 *new_buf = ck_maybe_grow(BUF_PARAMS(in_scratch), new_len);
|
u8 *new_buf = ck_maybe_grow(BUF_PARAMS(in_scratch), new_len);
|
||||||
|
|
||||||
u32 i, taint = 0;
|
u32 i, taint = 0;
|
||||||
for (i = 0; i < new_len; i++) {
|
for (i = 0; i < (u32)new_len; i++) {
|
||||||
|
|
||||||
if (i >= afl->taint_len || i >= afl->queue_cur->len || afl->taint_map[i])
|
if (i >= afl->taint_len || i >= afl->queue_cur->len || afl->taint_map[i])
|
||||||
new_buf[i] = out_buf[taint++];
|
new_buf[i] = out_buf[taint++];
|
||||||
|
|||||||
@ -1095,7 +1095,7 @@ int main(int argc, char **argv_orig, char **envp) {
|
|||||||
if (map_size != real_map_size) {
|
if (map_size != real_map_size) {
|
||||||
|
|
||||||
afl->fsrv.map_size = real_map_size;
|
afl->fsrv.map_size = real_map_size;
|
||||||
if (afl->cmplog_binary) afl->cmplog_fsrv.map_size;
|
if (afl->cmplog_binary) afl->cmplog_fsrv.map_size = real_map_size;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user