src doku is now markdown

Makefile

@@ -66,7 +66,7 @@ endif
 
 CFLAGS     ?= -O3 -funroll-loops $(CFLAGS_OPT)
 override CFLAGS += -Wall -g -Wno-pointer-sign -D_FORTIFY_SOURCE=2 \
-			  -I include/ -DAFL_PATH=\"$(HELPER_PATH)\" \
+			  -I include/ -Werror -DAFL_PATH=\"$(HELPER_PATH)\" \
 			  -DBIN_PATH=\"$(BIN_PATH)\" -DDOC_PATH=\"$(DOC_PATH)\"
 
 AFL_FUZZ_FILES = $(wildcard src/afl-fuzz*.c)

docs/Changelog.md

@@ -23,7 +23,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
     - force all output to stdout (some OK/SAY/WARN messages were sent to
       stdout, some to stderr)
     - uninstrumented mode uses an internal forkserver ("fauxserver")
-    - reduced number of (de)allocations
+    - now builds with `-D_FORTIFY_SOURCE=2`
+    - drastically reduced number of (de)allocations during fuzzing
   - afl-fuzz:
     - python mutator modules and custom mutator modules now use the same
       interface and hence the API changed
@@ -205,7 +206,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
 
   - big code refactoring:
     * all includes are now in include/
-    * all afl sources are now in src/ - see src/README.src
+    * all afl sources are now in src/ - see src/README.md
     * afl-fuzz was splitted up in various individual files for including
       functionality in other programs (e.g. forkserver, memory map, etc.)
       for better readability.

include/common.h

@@ -101,3 +101,4 @@ u8 *u_stringify_time_diff(u8 *buf, u64 cur_ms, u64 event_ms);
 u32 read_timed(s32 fd, void *buf, size_t len, u32 timeout_ms);
 
 #endif
+

qbdi_mode/build.sh

@@ -52,6 +52,6 @@ ${compiler_prefix}${CC} -shared -o libdemo.so demo-so.c -w -g
 echo "[+] Building afl-fuzz for Android"
 # build afl-fuzz
 cd ..
-${compiler_prefix}${CC} -DANDROID_DISABLE_FANCY=1 -O3 -funroll-loops -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign -I include/ -DAFL_PATH=\"/usr/local/lib/afl\" -DBIN_PATH=\"/usr/local/bin\" -DDOC_PATH=\"/usr/local/share/doc/afl\" -Wno-unused-function src/afl-fuzz-misc.c src/afl-fuzz-extras.c src/afl-fuzz-queue.c src/afl-fuzz-one.c src/afl-fuzz-python.c src/afl-fuzz-stats.c src/afl-fuzz-init.c src/afl-fuzz.c src/afl-fuzz-bitmap.c src/afl-fuzz-run.c src/afl-fuzz-globals.c src/afl-common.c src/afl-sharedmem.c src/afl-forkserver.c -o qbdi_mode/afl-fuzz  -ldl -w
+${compiler_prefix}${CC} -DANDROID_DISABLE_FANCY=1 -O3 -funroll-loops -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign -I include/ -DAFL_PATH=\"/usr/local/lib/afl\" -DBIN_PATH=\"/usr/local/bin\" -DDOC_PATH=\"/usr/local/share/doc/afl\" -Wno-unused-function src/afl-fuzz-misc.c src/afl-fuzz-extras.c src/afl-fuzz-queue.c src/afl-fuzz-one.c src/afl-fuzz-python.c src/afl-fuzz-stats.c src/afl-fuzz-init.c src/afl-fuzz.c src/afl-fuzz-bitmap.c src/afl-fuzz-run.c src/afl-fuzz-state.c src/afl-common.c src/afl-sharedmem.c src/afl-forkserver.c -o qbdi_mode/afl-fuzz  -ldl -w
 
 echo "[+] All done. Enjoy!"

src/README.md

@@ -0,0 +1,24 @@
+# Source Folder
+
+Quick explanation about the files here:
+
+- `afl-analyze.c`		- afl-analyze binary tool
+- `afl-as.c`		- afl-as binary tool
+- `afl-gotcpu.c`		- afl-gotcpu binary tool
+- `afl-showmap.c`		- afl-showmap binary tool
+- `afl-tmin.c`		- afl-tmin binary tool
+- `afl-fuzz.c`		- afl-fuzz binary tool (just main() and usage())
+- `afl-fuzz-bitmap.c`	- afl-fuzz bitmap handling
+- `afl-fuzz-extras.c`	- afl-fuzz the *extra* function calls
+- `afl-fuzz-state.c`	- afl-fuzz state and globals
+- `afl-fuzz-init.c`		- afl-fuzz initialization
+- `afl-fuzz-misc.c`		- afl-fuzz misc functions
+- `afl-fuzz-one.c`          - afl-fuzz fuzzer_one big loop, this is where the mutation is happening
+- `afl-fuzz-python.c`	- afl-fuzz the python mutator extension
+- `afl-fuzz-queue.c`	- afl-fuzz handling the queue
+- `afl-fuzz-run.c`		- afl-fuzz running the target
+- `afl-fuzz-stats.c`	- afl-fuzz writing the statistics file
+- `afl-gcc.c`		- afl-gcc binary tool (deprecated)
+- `afl-common.c`		- common functions, used by afl-analyze, afl-fuzz, afl-showmap and afl-tmin
+- `afl-forkserver.c`	- forkserver implementation, used by afl-fuzz and afl-tmin
+afl-sharedmem.c		- sharedmem implementation, used by afl-fuzz and afl-tmin

src/README.src

@@ -1,22 +0,0 @@
-Quick explanation about the files here:
-
-afl-analyze.c		- afl-analyze binary tool
-afl-as.c		- afl-as binary tool
-afl-gotcpu.c		- afl-gotcpu binary tool
-afl-showmap.c		- afl-showmap binary tool
-afl-tmin.c		- afl-tmin binary tool
-afl-fuzz.c		- afl-fuzz binary tool (just main() and usage())
-afl-fuzz-bitmap.c	- afl-fuzz bitmap handling
-afl-fuzz-extras.c	- afl-fuzz the *extra* function calls
-afl-fuzz-globals.c	- afl-fuzz global variables
-afl-fuzz-init.c		- afl-fuzz initialization
-afl-fuzz-misc.c		- afl-fuzz misc functions
-afl-fuzz-one.c          - afl-fuzz fuzzer_one big loop, this is where the mutation is happening
-afl-fuzz-python.c	- afl-fuzz the python mutator extension
-afl-fuzz-queue.c	- afl-fuzz handling the queue
-afl-fuzz-run.c		- afl-fuzz running the target
-afl-fuzz-stats.c	- afl-fuzz writing the statistics file
-afl-gcc.c		- afl-gcc binary tool (deprecated)
-afl-common.c		- common functions, used by afl-analyze, afl-fuzz, afl-showmap and afl-tmin
-afl-forkserver.c	- forkserver implementation, used by afl-fuzz and afl-tmin
-afl-sharedmem.c		- sharedmem implementation, used by afl-fuzz and afl-tmin

src/afl-common.c

@@ -423,7 +423,7 @@ u64 get_cur_time_us(void) {
    Will return buf for convenience. */
 
 u8 *stringify_int(u8 *buf, size_t len, u64 val) {
-
+\
 #define CHK_FORMAT(_divisor, _limit_mult, _fmt, _cast)     \
   do {                                                     \
                                                            \
@@ -583,7 +583,7 @@ u8 *stringify_time_diff(u8 *buf, size_t len, u64 cur_ms, u64 event_ms) {
    Will return buf for convenience. */
 
 u8 *u_stringify_int(u8 *buf, u64 val) {
-
+\
 #define CHK_FORMAT(_divisor, _limit_mult, _fmt, _cast) \
   do {                                                 \
                                                        \
@@ -783,3 +783,4 @@ u32 read_timed(s32 fd, void *buf, size_t len, u32 timeout_ms) {
                      : 1;  // at least 1 milli must have passed (0 is an error)
 
 }
+