ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 02:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed gcc analyzer warnings

Browse Source
This commit is contained in:
Dominik Maier
2020-12-11 13:29:45 +01:00
parent d5ded820e5
commit 609f3d0265
5 changed files with 48 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/alloc-inl.h
View File

@ -94,7 +94,8 @@ static inline void *DFL_ck_alloc_nozero(u32 size) {
} }
/* Allocate a buffer, returning zeroed memory. */ /* Allocate a buffer, returning zeroed memory.
Returns null for 0 size */
static inline void *DFL_ck_alloc(u32 size) { static inline void *DFL_ck_alloc(u32 size) {

5
src/afl-as.c
View File

@ -131,6 +131,11 @@ static void edit_params(int argc, char **argv) {
if (!tmp_dir) { tmp_dir = "/tmp"; } if (!tmp_dir) { tmp_dir = "/tmp"; }
as_params = ck_alloc((argc + 32) * sizeof(u8 *)); as_params = ck_alloc((argc + 32) * sizeof(u8 *));
if (unlikely((argc + 32) < argc || !as_params)) {
FATAL("Too many parameters passed to as");
}
as_params[0] = afl_as ? afl_as : (u8 *)"as"; as_params[0] = afl_as ? afl_as : (u8 *)"as";

24
src/afl-common.c
View File

@ -108,6 +108,7 @@ char **argv_cpy_dup(int argc, char **argv) {
int i = 0; int i = 0;
char **ret = ck_alloc((argc + 1) * sizeof(char *)); char **ret = ck_alloc((argc + 1) * sizeof(char *));
if (unlikely(!ret)) { FATAL("Amount of arguments specified is too high"); }
for (i = 0; i < argc; i++) { for (i = 0; i < argc; i++) {
@ -130,6 +131,7 @@ void argv_cpy_free(char **argv) {
while (argv[i]) { while (argv[i]) {
ck_free(argv[i]); ck_free(argv[i]);
argv[i] = NULL;
i++; i++;
} }
@ -142,8 +144,12 @@ void argv_cpy_free(char **argv) {
char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) { char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
if (!unlikely(own_loc)) { FATAL("BUG: param own_loc is NULL"); }
u8 *tmp, *cp = NULL, *rsl, *own_copy;
char **new_argv = ck_alloc(sizeof(char *) * (argc + 4)); char **new_argv = ck_alloc(sizeof(char *) * (argc + 4));
u8 * tmp, *cp = NULL, *rsl, *own_copy; if (unlikely(!new_argv)) { FATAL("Illegal amount of arguments specified"); }
memcpy(&new_argv[3], &argv[1], (int)(sizeof(char *)) * (argc - 1)); memcpy(&new_argv[3], &argv[1], (int)(sizeof(char *)) * (argc - 1));
new_argv[argc + 3] = NULL; new_argv[argc + 3] = NULL;
@ -224,8 +230,12 @@ char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) { char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
if (!unlikely(own_loc)) { FATAL("BUG: param own_loc is NULL"); }
u8 *tmp, *cp = NULL, *rsl, *own_copy;
char **new_argv = ck_alloc(sizeof(char *) * (argc + 3)); char **new_argv = ck_alloc(sizeof(char *) * (argc + 3));
u8 * tmp, *cp = NULL, *rsl, *own_copy; if (unlikely(!new_argv)) { FATAL("Illegal amount of arguments specified"); }
memcpy(&new_argv[2], &argv[1], (int)(sizeof(char *)) * (argc - 1)); memcpy(&new_argv[2], &argv[1], (int)(sizeof(char *)) * (argc - 1));
new_argv[argc + 2] = NULL; new_argv[argc + 2] = NULL;
@ -335,6 +345,8 @@ u8 *find_binary(u8 *fname) {
struct stat st; struct stat st;
if (unlikely(!fname)) { FATAL("No binary supplied"); }
if (strchr(fname, '/') || !(env_path = getenv("PATH"))) { if (strchr(fname, '/') || !(env_path = getenv("PATH"))) {
target_path = ck_strdup(fname); target_path = ck_strdup(fname);
@ -356,6 +368,14 @@ u8 *find_binary(u8 *fname) {
if (delim) { if (delim) {
cur_elem = ck_alloc(delim - env_path + 1); cur_elem = ck_alloc(delim - env_path + 1);
if (unlikely(!cur_elem)) {
FATAL(
"Unexpected overflow when processing ENV. This should never "
"happend.");
}
memcpy(cur_elem, env_path, delim - env_path); memcpy(cur_elem, env_path, delim - env_path);
delim++; delim++;

18
src/afl-fuzz-init.c
View File

@ -772,10 +772,17 @@ void perform_dry_run(afl_state_t *afl) {
while (q) { while (q) {
u8 *use_mem; u8 use_mem[MAX_FILE];
u8 res; u8 res;
s32 fd; s32 fd;
if (unlikely(!q->len)) {
WARNF("Skipping 0-sized entry in queue (%s)", q->fname);
continue;
}
u8 *fn = strrchr(q->fname, '/') + 1; u8 *fn = strrchr(q->fname, '/') + 1;
ACTF("Attempting dry run with '%s'...", fn); ACTF("Attempting dry run with '%s'...", fn);
@ -783,9 +790,8 @@ void perform_dry_run(afl_state_t *afl) {
fd = open(q->fname, O_RDONLY); fd = open(q->fname, O_RDONLY);
if (fd < 0) { PFATAL("Unable to open '%s'", q->fname); } if (fd < 0) { PFATAL("Unable to open '%s'", q->fname); }
use_mem = ck_alloc_nozero(q->len); u32 read_len = MIN(q->len, (u32)MAX_FILE);
if (read(fd, use_mem, read_len) != (ssize_t)read_len) {
if (read(fd, use_mem, q->len) != (ssize_t)q->len) {
FATAL("Short read from '%s'", q->fname); FATAL("Short read from '%s'", q->fname);
@ -794,7 +800,6 @@ void perform_dry_run(afl_state_t *afl) {
close(fd); close(fd);
res = calibrate_case(afl, q, use_mem, 0, 1); res = calibrate_case(afl, q, use_mem, 0, 1);
ck_free(use_mem);
if (afl->stop_soon) { return; } if (afl->stop_soon) { return; }
@ -2449,6 +2454,8 @@ void setup_testcase_shmem(afl_state_t *afl) {
void check_binary(afl_state_t *afl, u8 *fname) { void check_binary(afl_state_t *afl, u8 *fname) {
if (unlikely(!fname)) { FATAL("BUG: Binary name is NULL"); }
u8 * env_path = 0; u8 * env_path = 0;
struct stat st; struct stat st;
@ -2477,6 +2484,7 @@ void check_binary(afl_state_t *afl, u8 *fname) {
if (delim) { if (delim) {
cur_elem = ck_alloc(delim - env_path + 1); cur_elem = ck_alloc(delim - env_path + 1);
if (unlikely(!cur_elem)) { FATAL("Unexpected large PATH"); }
memcpy(cur_elem, env_path, delim - env_path); memcpy(cur_elem, env_path, delim - env_path);
++delim; ++delim;

12
src/afl-fuzz-run.c
View File

@ -94,9 +94,9 @@ write_to_testcase(afl_state_t *afl, void *mem, u32 len) {
if (unlikely(afl->custom_mutators_count)) { if (unlikely(afl->custom_mutators_count)) {
u8 * new_buf = NULL;
ssize_t new_size = len; ssize_t new_size = len;
void * new_mem = mem; u8 * new_mem = mem;
u8 * new_buf = NULL;
LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, {
@ -152,13 +152,13 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at,
if (unlikely(!mem_trimmed)) { PFATAL("alloc"); } if (unlikely(!mem_trimmed)) { PFATAL("alloc"); }
ssize_t new_size = len - skip_len; ssize_t new_size = len - skip_len;
void * new_mem = mem; u8 * new_mem = mem;
u8 * new_buf = NULL;
bool post_process_skipped = true; bool post_process_skipped = true;
if (unlikely(afl->custom_mutators_count)) { if (unlikely(afl->custom_mutators_count)) {
u8 *new_buf = NULL;
new_mem = mem_trimmed; new_mem = mem_trimmed;
LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, {
@ -207,7 +207,7 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at,
// If we did post_processing, copy directly from the new_buf bufer // If we did post_processing, copy directly from the new_buf bufer
memcpy(afl->fsrv.shmem_fuzz, new_buf, new_size); memcpy(afl->fsrv.shmem_fuzz, new_mem, new_size);
} }
@ -265,7 +265,7 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at,
if (!post_process_skipped) { if (!post_process_skipped) {
ck_write(fd, new_buf, new_size, afl->fsrv.out_file); ck_write(fd, new_mem, new_size, afl->fsrv.out_file);
} else { } else {