code-format, env.md fixes and adding -hh for env usage display into afl-fuzz and Makefile

Makefile

@@ -399,7 +399,7 @@ source-only: all radamsa
 	@echo >> $@
 	@echo .SH OPTIONS >> $@
 	@echo .nf >> $@
-	@./$* -h 2>&1 | tail -n +4 >> $@
+	@./$* -hh 2>&1 | tail -n +4 >> $@
 	@echo >> $@
 	@echo .SH AUTHOR >> $@
 	@echo "afl++ was written by Michal \"lcamtuf\" Zalewski and is maintained by Marc \"van Hauser\" Heuse <mh@mh-sec.de>, Heiko \"hexcoder-\" Eissfeldt <heiko.eissfeldt@hexco.de> and Andrea Fioraldi <andreafioraldi@gmail.com>" >> $@

docs/env_variables.md

@@ -228,7 +228,8 @@ checks or alter some of the more exotic semantics of the tool:
     performed with/from the library. See [custom_mutator.md](custom_mutator.md)
 
   - For AFL_PYTHON_MODULE and AFL_PYTHON_ONLY - they require afl-fuzz to
-    be compiled with -DUSE_PYTHON. Please see [python_mutators.md](python_mutators.md).
+    be compiled with Python (which is autodetected during builing afl-fuzz).
+    Please see [python_mutators.md](python_mutators.md).
     This feature allows to configure custom mutators which can be very helpful
     in e.g. fuzzing XML or other highly flexible structured input.
 
@@ -264,7 +265,7 @@ checks or alter some of the more exotic semantics of the tool:
 
   - Setting AFL_NO_CPU_RED will not display very high cpu usages in red color.
 
-  - Outdated environment variables are:
+  - Outdated environment variables that are that not supported anymore:
     AFL_DEFER_FORKSRV
     AFL_PERSISTENT
 

gcc_plugin/afl-gcc-fast.c

@@ -339,8 +339,8 @@ int main(int argc, char** argv, char** envp) {
         "AFL_GCC_WHITELIST: enable whitelisting (selective instrumentation)\n"
 
         "\nafl-gcc-fast was built for gcc %s with the gcc binary path of "
-        "\"%s\".\n\n"
+        "\"%s\".\n\n",
-        , BIN_PATH, BIN_PATH, GCC_VERSION, GCC_BINDIR);
+        BIN_PATH, BIN_PATH, GCC_VERSION, GCC_BINDIR);
 
     exit(1);
 

gcc_plugin/afl-gcc-pass.so.cc

@@ -52,7 +52,7 @@
 #include "../config.h"
 #include "../include/debug.h"
 
-/* clear helper macros AFL types pull in, which intervene with gcc-plugin 
+/* clear helper macros AFL types pull in, which intervene with gcc-plugin
  * headers from GCC-8 */
 #ifdef likely
 #undef likely

include/envs.h

@@ -1,97 +1,37 @@
 const char *afl_environment_variables[] = {
 
-    "AFL_ALIGNED_ALLOC",
+    "AFL_ALIGNED_ALLOC", "AFL_ALLOW_TMP", "AFL_ANALYZE_HEX", "AFL_AS",
-    "AFL_ALLOW_TMP",
+    "AFL_AS_FORCE_INSTRUMENT", "AFL_BENCH_JUST_ONE", "AFL_BENCH_UNTIL_CRASH",
-    "AFL_ANALYZE_HEX",
+    "AFL_CAL_FAST", "AFL_CC", "AFL_CMIN_ALLOW_ANY", "AFL_CMIN_CRASHES_ONLY",
-    "AFL_AS",
+    "AFL_CODE_END", "AFL_CODE_START", "AFL_COMPCOV_BINNAME",
-    "AFL_AS_FORCE_INSTRUMENT",
+    "AFL_COMPCOV_LEVEL", "AFL_CUSTOM_MUTATOR_LIBRARY",
-    "AFL_BENCH_JUST_ONE",
+    "AFL_CUSTOM_MUTATOR_ONLY", "AFL_CXX", "AFL_DEBUG", "AFL_DEBUG_CHILD_OUTPUT",
-    "AFL_BENCH_UNTIL_CRASH",
+    //"AFL_DEFER_FORKSRV", // not implemented anymore, so warn additionally
-    "AFL_CAL_FAST",
+    "AFL_DISABLE_TRIM", "AFL_DONT_OPTIMIZE", "AFL_DUMB_FORKSRV",
-    "AFL_CC",
+    "AFL_ENTRYPOINT", "AFL_EXIT_WHEN_DONE", "AFL_FAST_CAL", "AFL_FORCE_UI",
-    "AFL_CMIN_ALLOW_ANY",
+    "AFL_GCC_WHITELIST", "AFL_GCJ", "AFL_HANG_TMOUT", "AFL_HARDEN",
-    "AFL_CMIN_CRASHES_ONLY",
+    "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES", "AFL_IMPORT_FIRST",
-    "AFL_CODE_END",
+    "AFL_INST_LIBS", "AFL_INST_RATIO", "AFL_KEEP_TRACES", "AFL_KEEP_ASSEMBLY",
-    "AFL_CODE_START",
+    "AFL_LD_HARD_FAIL", "AFL_LD_LIMIT_MB", "AFL_LD_NO_CALLOC_OVER",
-    "AFL_COMPCOV_BINNAME",
+    "AFL_LD_PRELOAD", "AFL_LD_VERBOSE", "AFL_LLVM_CMPLOG", "AFL_LLVM_INSTRIM",
-    "AFL_COMPCOV_LEVEL",
+    "AFL_LLVM_INSTRIM_LOOPHEAD", "AFL_LLVM_LAF_SPLIT_COMPARES",
-    "AFL_CUSTOM_MUTATOR_LIBRARY",
+    "AFL_LLVM_LAF_SPLIT_COMPARES_BITW", "AFL_LLVM_LAF_SPLIT_FLOATS",
-    "AFL_CUSTOM_MUTATOR_ONLY",
+    "AFL_LLVM_LAF_SPLIT_SWITCHES", "AFL_LLVM_LAF_TRANSFORM_COMPARES",
-    "AFL_CXX",
+    "AFL_LLVM_NOT_ZERO", "AFL_LLVM_WHITELIST", "AFL_NO_AFFINITY",
-    "AFL_DEBUG",
+    "AFL_NO_ARITH", "AFL_NO_BUILTIN", "AFL_NO_CPU_RED", "AFL_NO_FORKSRV",
-    "AFL_DEBUG_CHILD_OUTPUT",
-    "AFL_DEFER_FORKSRV",
-    "AFL_DISABLE_TRIM",
-    "AFL_DONT_OPTIMIZE",
-    "AFL_DUMB_FORKSRV",
-    "AFL_ENTRYPOINT",
-    "AFL_EXIT_WHEN_DONE",
-    "AFL_FAST_CAL",
-    "AFL_FORCE_UI",
-    "AFL_GCC_WHITELIST",
-    "AFL_GCJ",
-    "AFL_HANG_TMOUT",
-    "AFL_HARDEN",
-    "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES",
-    "AFL_IMPORT_FIRST",
-    "AFL_INST_LIBS",
-    "AFL_INST_RATIO",
-    "AFL_KEEP_TRACES",
-    "AFL_KEEP_ASSEMBLY",
-    "AFL_LD_HARD_FAIL",
-    "AFL_LD_LIMIT_MB",
-    "AFL_LD_NO_CALLOC_OVER",
-    "AFL_LD_PRELOAD",
-    "AFL_LD_VERBOSE",
-    "AFL_LLVM_CMPLOG",
-    "AFL_LLVM_INSTRIM",
-    "AFL_LLVM_INSTRIM_LOOPHEAD",
-    "AFL_LLVM_LAF_SPLIT_COMPARES",
-    "AFL_LLVM_LAF_SPLIT_COMPARES_BITW",
-    "AFL_LLVM_LAF_SPLIT_FLOATS",
-    "AFL_LLVM_LAF_SPLIT_SWITCHES",
-    "AFL_LLVM_LAF_TRANSFORM_COMPARES",
-    "AFL_LLVM_NOT_ZERO",
-    "AFL_LLVM_WHITELIST",
-    "AFL_NO_AFFINITY",
-    "AFL_NO_ARITH",
-    "AFL_NO_BUILTIN",
-    "AFL_NO_CPU_RED",
-    "AFL_NO_FORKSRV",
     "AFL_NO_UI",
     "AFL_NO_X86",  // not really an env but we dont want to warn on it
-    "AFL_PATH",
+    "AFL_PATH", "AFL_PERFORMANCE_FILE",
-    "AFL_PERFORMANCE_FILE",
+    //"AFL_PERSISTENT", // not implemented anymore, so warn additionally
-    "AFL_PERSISTENT",
+    "AFL_POST_LIBRARY", "AFL_PRELOAD", "AFL_PYTHON_MODULE", "AFL_PYTHON_ONLY",
-    "AFL_POST_LIBRARY",
+    "AFL_QEMU_COMPCOV", "AFL_QEMU_COMPCOV_DEBUG", "AFL_QEMU_DEBUG_MAPS",
-    "AFL_PRELOAD",
+    "AFL_QEMU_DISABLE_CACHE", "AFL_QEMU_PERSISTENT_ADDR",
-    "AFL_PYTHON_MODULE",
+    "AFL_QEMU_PERSISTENT_CNT", "AFL_QEMU_PERSISTENT_GPR",
-    "AFL_PYTHON_ONLY",
+    "AFL_QEMU_PERSISTENT_HOOK", "AFL_QEMU_PERSISTENT_RET",
-    "AFL_QEMU_COMPCOV",
+    "AFL_QEMU_PERSISTENT_RETADDR_OFFSET", "AFL_QUIET",
-    "AFL_QEMU_COMPCOV_DEBUG",
+    "AFL_RANDOM_ALLOC_CANARY", "AFL_REAL_PATH", "AFL_SHUFFLE_QUEUE",
-    "AFL_QEMU_DEBUG_MAPS",
+    "AFL_SKIP_BIN_CHECK", "AFL_SKIP_CPUFREQ", "AFL_SKIP_CRASHES",
-    "AFL_QEMU_DISABLE_CACHE",
+    "AFL_TMIN_EXACT", "AFL_TMPDIR", "AFL_TOKEN_FILE", "AFL_TRACE_PC",
-    "AFL_QEMU_PERSISTENT_ADDR",
+    "AFL_USE_ASAN", "AFL_USE_MSAN", "AFL_USE_TRACE_PC", "AFL_USE_UBSAN",
-    "AFL_QEMU_PERSISTENT_CNT",
+    "AFL_WINE_PATH", NULL};
-    "AFL_QEMU_PERSISTENT_GPR",
-    "AFL_QEMU_PERSISTENT_HOOK",
-    "AFL_QEMU_PERSISTENT_RET",
-    "AFL_QEMU_PERSISTENT_RETADDR_OFFSET",
-    "AFL_QUIET",
-    "AFL_RANDOM_ALLOC_CANARY",
-    "AFL_REAL_PATH",
-    "AFL_SHUFFLE_QUEUE",
-    "AFL_SKIP_BIN_CHECK",
-    "AFL_SKIP_CPUFREQ",
-    "AFL_SKIP_CRASHES",
-    "AFL_TMIN_EXACT",
-    "AFL_TMPDIR",
-    "AFL_TOKEN_FILE",
-    "AFL_TRACE_PC",
-    "AFL_USE_ASAN",
-    "AFL_USE_MSAN",
-    "AFL_USE_TRACE_PC",
-    "AFL_USE_UBSAN",
-    "AFL_WINE_PATH",
-    NULL};
 

llvm_mode/afl-clang-fast.c

@@ -507,24 +507,32 @@ int main(int argc, char** argv, char** envp) {
         "AFL_LLVM_WHITELIST: enable whitelisting (selective instrumentation)\n"
         "AFL_LLVM_NOT_ZERO: use cycling trace counters that skip zero\n"
 
-        "AFL_USE_TRACE_PC, USE_TRACE_PC, AFL_LLVM_USE_TRACE_PC, AFL_TRACE_PC: \n"
+        "AFL_USE_TRACE_PC, USE_TRACE_PC, AFL_LLVM_USE_TRACE_PC, AFL_TRACE_PC: "
+        "\n"
         "  use LLVM trace-pc-guard instrumentation\n"
 
-        "AFL_LLVM_LAF_SPLIT_COMPARES, LAF_SPLIT_COMPARES: enable cascaded comparisons\n"
+        "AFL_LLVM_LAF_SPLIT_COMPARES, LAF_SPLIT_COMPARES: enable cascaded "
-        "AFL_LLVM_LAF_SPLIT_SWITCHES, LAF_SPLIT_SWITCHES: casc. comp. in 'switch'\n"
+        "comparisons\n"
+        "AFL_LLVM_LAF_SPLIT_SWITCHES, LAF_SPLIT_SWITCHES: casc. comp. in "
+        "'switch'\n"
         "AFL_LLVM_LAF_TRANSFORM_COMPARES, LAF_TRANSFORM_COMPARES:\n"
-        "  transform library comparison function calls to cascaded comparisons\n"
+        "  transform library comparison function calls to cascaded "
-        "AFL_LLVM_LAF_SPLIT_FLOATS: transform floating point comp. to cascaded comp.\n"
+        "comparisons\n"
-        "AFL_LLVM_LAF_SPLIT_COMPARES_BITW, LAF_SPLIT_COMPARES_BITW: size limit (default 8)\n"
+        "AFL_LLVM_LAF_SPLIT_FLOATS: transform floating point comp. to cascaded "
+        "comp.\n"
+        "AFL_LLVM_LAF_SPLIT_COMPARES_BITW, LAF_SPLIT_COMPARES_BITW: size limit "
+        "(default 8)\n"
 
-        "AFL_LLVM_INSTRIM, INSTRIM_LIB: use light weight instrumentation InsTrim\n"
+        "AFL_LLVM_INSTRIM, INSTRIM_LIB: use light weight instrumentation "
+        "InsTrim\n"
         "AFL_LLVM_INSTRIM_LOOPHEAD, LOOPHEAD: optimize loop tracing for speed\n"
 
-        "AFL_CMPLOG, AFL_LLVM_CMPLOG: log operands of comparisons (RedQueen mutator)\n"
+        "AFL_CMPLOG, AFL_LLVM_CMPLOG: log operands of comparisons (RedQueen "
+        "mutator)\n"
 
         "\nafl-clang-fast was built for llvm %s with the llvm binary path of "
-        "\"%s\".\n\n"
+        "\"%s\".\n\n",
-        , BIN_PATH, BIN_PATH, LLVM_VERSION, LLVM_BINDIR);
+        BIN_PATH, BIN_PATH, LLVM_VERSION, LLVM_BINDIR);
 
     exit(1);
 

src/afl-analyze.c

@@ -728,9 +728,11 @@ static void set_up_environment(void) {
       }
 
       if (qemu_preload)
-        buf = alloc_printf("%s,LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s", qemu_preload, afl_preload, afl_preload);
+        buf = alloc_printf("%s,LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s",
+                           qemu_preload, afl_preload, afl_preload);
       else
-        buf = alloc_printf("LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s", afl_preload, afl_preload);
+        buf = alloc_printf("LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s",
+                           afl_preload, afl_preload);
 
       setenv("QEMU_SET_ENV", buf, 1);
 

src/afl-fuzz.c

@@ -82,7 +82,7 @@ static u8* get_libradamsa_path(u8* own_loc) {
 
 /* Display usage hints. */
 
-static void usage(u8* argv0) {
+static void usage(u8* argv0, int more_help) {
 
   SAYF(
       "\n%s [ options ] -- /path/to/fuzzed_app [ ... ]\n\n"
@@ -143,8 +143,11 @@ static void usage(u8* argv0) {
       "file\n"
       "  -C            - crash exploration mode (the peruvian rabbit thing)\n"
       "  -e ext        - File extension for the temporarily generated test "
-      "case\n\n"
+      "case\n\n",
+      argv0, EXEC_TIMEOUT, MEM_LIMIT);
 
+  if (more_help > 1)
+    SAYF(
       "Environment variables used:\n"
       "AFL_PATH: path to AFL support binaries\n"
       "AFL_QUIET: suppress forkserver status messages\n"
@@ -179,11 +182,16 @@ static void usage(u8* argv0) {
       "MSAN_OPTIONS: custom settings for MSAN\n"
       "              (must contain exitcode="STRINGIFY(MSAN_ERROR)" and symbolize=0)\n"
       "AFL_SKIP_BIN_CHECK: skip the check, if the target is an excutable\n"
-      "AFL_PERSISTENT: not supported anymore -> no effect, just a warning\n"
+      //"AFL_PERSISTENT: not supported anymore -> no effect, just a warning\n"
-      "AFL_DEFER_FORKSRV: not supported anymore -> no effect, just a warning\n"
+      //"AFL_DEFER_FORKSRV: not supported anymore -> no effect, just a warning\n"
       "AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n"
       "AFL_BENCH_UNTIL_CRASH: exit soon when the first crashing input has been found\n"
-      , argv0, EXEC_TIMEOUT, MEM_LIMIT);
+      "\n"
+    );
+  else
+    SAYF(
+        "To view also the supported environment variables of afl-fuzz please "
+        "use \"-hh\".\n\n");
 
 #ifdef USE_PYTHON
   SAYF("Compiled with %s module support, see docs/python_mutators.md\n",
@@ -217,7 +225,7 @@ int main(int argc, char** argv, char** envp) {
 
   s32    opt;
   u64    prev_queued = 0;
-  u32    sync_interval_cnt = 0, seek_to;
+  u32    sync_interval_cnt = 0, seek_to, show_help = 0;
   u8*    extras_dir = 0;
   u8     mem_limit_given = 0;
   u8     exit_1 = !!getenv("AFL_BENCH_JUST_ONE");
@@ -621,10 +629,7 @@ int main(int argc, char** argv, char** envp) {
 
       } break;
 
-      case 'h':
+      case 'h': show_help++; break;  // not needed
-        usage(argv[0]);
-        return -1;
-        break;  // not needed
 
       case 'R':
 
@@ -635,11 +640,13 @@ int main(int argc, char** argv, char** envp) {
 
         break;
 
-      default: usage(argv[0]);
+      default:
+        if (!show_help) show_help = 1;
 
     }
 
-  if (optind == argc || !in_dir || !out_dir) usage(argv[0]);
+  if (optind == argc || !in_dir || !out_dir || show_help)
+    usage(argv[0], show_help);
 
   OKF("afl++ is maintained by Marc \"van Hauser\" Heuse, Heiko \"hexcoder\" "
       "Eißfeldt and Andrea Fioraldi");
@@ -777,9 +784,11 @@ int main(int argc, char** argv, char** envp) {
       }
 
       if (qemu_preload)
-        buf = alloc_printf("%s,LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s", qemu_preload, afl_preload, afl_preload);
+        buf = alloc_printf("%s,LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s",
+                           qemu_preload, afl_preload, afl_preload);
       else
-        buf = alloc_printf("LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s", afl_preload, afl_preload);
+        buf = alloc_printf("LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s",
+                           afl_preload, afl_preload);
 
       setenv("QEMU_SET_ENV", buf, 1);
 

src/afl-showmap.c

@@ -560,9 +560,11 @@ static void set_up_environment(void) {
       }
 
       if (qemu_preload)
-        buf = alloc_printf("%s,LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s", qemu_preload, afl_preload, afl_preload);
+        buf = alloc_printf("%s,LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s",
+                           qemu_preload, afl_preload, afl_preload);
       else
-        buf = alloc_printf("LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s", afl_preload, afl_preload);
+        buf = alloc_printf("LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s",
+                           afl_preload, afl_preload);
 
       setenv("QEMU_SET_ENV", buf, 1);
 
@@ -652,10 +654,11 @@ static void usage(u8* argv0) {
       "Environment variables used:\n"
       "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n"
       "AFL_DEBUG: enable extra developer output\n"
-      "AFL_CMIN_CRASHES_ONLY: (cmin_mode) only write tuples for crashing inputs\n"
+      "AFL_CMIN_CRASHES_ONLY: (cmin_mode) only write tuples for crashing "
+      "inputs\n"
       "AFL_CMIN_ALLOW_ANY: (cmin_mode) write tuples for crashing inputs also\n"
-      "LD_BIND_LAZY: do not set LD_BIND_NOW env var for target\n"
+      "LD_BIND_LAZY: do not set LD_BIND_NOW env var for target\n",
-      , argv0, MEM_LIMIT, doc_path);
+      argv0, MEM_LIMIT, doc_path);
 
   exit(1);
 

src/afl-tmin.c

@@ -903,9 +903,11 @@ static void set_up_environment(void) {
       }
 
       if (qemu_preload)
-        buf = alloc_printf("%s,LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s", qemu_preload, afl_preload, afl_preload);
+        buf = alloc_printf("%s,LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s",
+                           qemu_preload, afl_preload, afl_preload);
       else
-        buf = alloc_printf("LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s", afl_preload, afl_preload);
+        buf = alloc_printf("LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s",
+                           afl_preload, afl_preload);
 
       setenv("QEMU_SET_ENV", buf, 1);