ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-13 02:28:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

clang-tidy readability-braces (#323)

Browse Source
This commit is contained in:
Dominik Maier
2020-04-19 16:42:40 +02:00
committed by GitHub
parent baec99079f
commit 8197e9b2e4
35 changed files with 2925 additions and 1281 deletions
Download Patch File Download Diff File Expand all files Collapse all files

435
src/afl-fuzz.c
View File

@ -37,7 +37,7 @@ static u8 *get_libradamsa_path(u8 *own_loc) {
cp = alloc_printf("%s/libradamsa.so", tmp);
if (access(cp, X_OK)) FATAL("Unable to find '%s'", cp);
if (access(cp, X_OK)) { FATAL("Unable to find '%s'", cp); }
return cp;
@ -53,12 +53,14 @@ static u8 *get_libradamsa_path(u8 *own_loc) {
cp = alloc_printf("%s/libradamsa.so", own_copy);
ck_free(own_copy);
if (!access(cp, X_OK)) return cp;
if (!access(cp, X_OK)) { return cp; }
} else
} else {
ck_free(own_copy);
}
if (!access(AFL_PATH "/libradamsa.so", X_OK)) {
return ck_strdup(AFL_PATH "/libradamsa.so");
@ -148,7 +150,8 @@ static void usage(afl_state_t *afl, u8 *argv0, int more_help) {
"case\n\n",
argv0, EXEC_TIMEOUT, MEM_LIMIT);
if (more_help > 1)
if (more_help > 1) {
SAYF(
"Environment variables used:\n"
"LD_BIND_LAZY: do not set LD_BIND_NOW env var for target\n"
@ -193,11 +196,15 @@ static void usage(afl_state_t *afl, u8 *argv0, int more_help) {
//"AFL_DEFER_FORKSRV: not supported anymore -> no effect, just a warning\n"
"\n"
);
else
} else {
SAYF(
"To view also the supported environment variables of afl-fuzz please "
"use \"-hh\".\n\n");
}
#ifdef USE_PYTHON
SAYF("Compiled with %s module support, see docs/custom_mutator.md\n",
(char *)PYTHON_VERSION);
@ -216,13 +223,13 @@ static void usage(afl_state_t *afl, u8 *argv0, int more_help) {
static int stricmp(char const *a, char const *b) {
if (!a || !b) FATAL("Null reference");
if (!a || !b) { FATAL("Null reference"); }
for (;; ++a, ++b) {
int d;
d = tolower(*a) - tolower(*b);
if (d != 0 || !*a) return d;
if (d != 0 || !*a) { return d; }
}
@ -247,14 +254,14 @@ int main(int argc, char **argv_orig, char **envp) {
afl_state_t *afl = calloc(1, sizeof(afl_state_t));
if (!afl) { FATAL("Could not create afl state"); }
if (get_afl_env("AFL_DEBUG")) afl->debug = 1;
if (get_afl_env("AFL_DEBUG")) { afl->debug = 1; }
map_size = get_map_size();
afl_state_init(afl, map_size);
afl_fsrv_init(&afl->fsrv);
read_afl_environment(afl, envp);
if (afl->shm.map_size) afl->fsrv.map_size = afl->shm.map_size;
if (afl->shm.map_size) { afl->fsrv.map_size = afl->shm.map_size; }
exit_1 = !!afl->afl_env.afl_bench_just_one;
SAYF(cCYA "afl-fuzz" VERSION cRST
@ -266,11 +273,14 @@ int main(int argc, char **argv_orig, char **envp) {
afl->init_seed = tv.tv_sec ^ tv.tv_usec ^ getpid();
while ((opt = getopt(argc, argv,
"+c:i:I:o:f:m:t:T:dnCB:S:M:x:QNUWe:p:s:V:E:L:hRP:")) > 0)
"+c:i:I:o:f:m:t:T:dnCB:S:M:x:QNUWe:p:s:V:E:L:hRP:")) >
0) {
switch (opt) {
case 'I': afl->infoexec = optarg; break;
case 'I':
afl->infoexec = optarg;
break;
case 'c': {
@ -334,7 +344,7 @@ int main(int argc, char **argv_orig, char **envp) {
case 'e':
if (afl->file_extension) FATAL("Multiple -e options not supported");
if (afl->file_extension) { FATAL("Multiple -e options not supported"); }
afl->file_extension = optarg;
@ -342,16 +352,16 @@ int main(int argc, char **argv_orig, char **envp) {
case 'i': /* input dir */
if (afl->in_dir) FATAL("Multiple -i options not supported");
if (afl->in_dir) { FATAL("Multiple -i options not supported"); }
afl->in_dir = optarg;
if (!strcmp(afl->in_dir, "-")) afl->in_place_resume = 1;
if (!strcmp(afl->in_dir, "-")) { afl->in_place_resume = 1; }
break;
case 'o': /* output dir */
if (afl->out_dir) FATAL("Multiple -o options not supported");
if (afl->out_dir) { FATAL("Multiple -o options not supported"); }
afl->out_dir = optarg;
break;
@ -359,7 +369,7 @@ int main(int argc, char **argv_orig, char **envp) {
u8 *c;
if (afl->sync_id) FATAL("Multiple -S or -M options not supported");
if (afl->sync_id) { FATAL("Multiple -S or -M options not supported"); }
afl->sync_id = ck_strdup(optarg);
if ((c = strchr(afl->sync_id, ':'))) {
@ -368,9 +378,12 @@ int main(int argc, char **argv_orig, char **envp) {
if (sscanf(c + 1, "%u/%u", &afl->master_id, &afl->master_max) != 2 ||
!afl->master_id || !afl->master_max ||
afl->master_id > afl->master_max || afl->master_max > 1000000)
afl->master_id > afl->master_max || afl->master_max > 1000000) {
FATAL("Bogus master ID passed to -M");
}
}
afl->force_deterministic = 1;
@ -381,20 +394,20 @@ int main(int argc, char **argv_orig, char **envp) {
case 'S':
if (afl->sync_id) FATAL("Multiple -S or -M options not supported");
if (afl->sync_id) { FATAL("Multiple -S or -M options not supported"); }
afl->sync_id = ck_strdup(optarg);
break;
case 'f': /* target file */
if (afl->fsrv.out_file) FATAL("Multiple -f options not supported");
if (afl->fsrv.out_file) { FATAL("Multiple -f options not supported"); }
afl->fsrv.out_file = ck_strdup(optarg);
afl->fsrv.use_stdin = 0;
break;
case 'x': /* dictionary */
if (extras_dir) FATAL("Multiple -x options not supported");
if (extras_dir) { FATAL("Multiple -x options not supported"); }
extras_dir = optarg;
break;
@ -402,19 +415,27 @@ int main(int argc, char **argv_orig, char **envp) {
u8 suffix = 0;
if (afl->timeout_given) FATAL("Multiple -t options not supported");
if (afl->timeout_given) { FATAL("Multiple -t options not supported"); }
if (sscanf(optarg, "%u%c", &afl->fsrv.exec_tmout, &suffix) < 1 ||
optarg[0] == '-')
optarg[0] == '-') {
FATAL("Bad syntax used for -t");
if (afl->fsrv.exec_tmout < 5) FATAL("Dangerously low value of -t");
}
if (afl->fsrv.exec_tmout < 5) { FATAL("Dangerously low value of -t"); }
if (suffix == '+') {
if (suffix == '+')
afl->timeout_given = 2;
else
} else {
afl->timeout_given = 1;
}
break;
}
@ -423,10 +444,10 @@ int main(int argc, char **argv_orig, char **envp) {
u8 suffix = 'M';
if (mem_limit_given) FATAL("Multiple -m options not supported");
if (mem_limit_given) { FATAL("Multiple -m options not supported"); }
mem_limit_given = 1;
if (!optarg) FATAL("Wrong usage of -m");
if (!optarg) { FATAL("Wrong usage of -m"); }
if (!strcmp(optarg, "none")) {
@ -436,32 +457,51 @@ int main(int argc, char **argv_orig, char **envp) {
}
if (sscanf(optarg, "%llu%c", &afl->fsrv.mem_limit, &suffix) < 1 ||
optarg[0] == '-')
optarg[0] == '-') {
FATAL("Bad syntax used for -m");
switch (suffix) {
case 'T': afl->fsrv.mem_limit *= 1024 * 1024; break;
case 'G': afl->fsrv.mem_limit *= 1024; break;
case 'k': afl->fsrv.mem_limit /= 1024; break;
case 'M': break;
default: FATAL("Unsupported suffix or bad syntax for -m");
}
if (afl->fsrv.mem_limit < 5) FATAL("Dangerously low value of -m");
switch (suffix) {
case 'T':
afl->fsrv.mem_limit *= 1024 * 1024;
break;
case 'G':
afl->fsrv.mem_limit *= 1024;
break;
case 'k':
afl->fsrv.mem_limit /= 1024;
break;
case 'M':
break;
default:
FATAL("Unsupported suffix or bad syntax for -m");
}
if (afl->fsrv.mem_limit < 5) { FATAL("Dangerously low value of -m"); }
if (sizeof(rlim_t) == 4 && afl->fsrv.mem_limit > 2000) {
if (sizeof(rlim_t) == 4 && afl->fsrv.mem_limit > 2000)
FATAL("Value of -m out of range on 32-bit systems");
}
}
break;
case 'd': /* skip deterministic */
if (afl->skip_deterministic) FATAL("Multiple -d options not supported");
if (afl->skip_deterministic) {
FATAL("Multiple -d options not supported");
}
afl->skip_deterministic = 1;
afl->use_splicing = 1;
break;
@ -479,7 +519,7 @@ int main(int argc, char **argv_orig, char **envp) {
I only used this once or twice to get variants of a particular
file, so I'm not making this an official setting. */
if (afl->in_bitmap) FATAL("Multiple -B options not supported");
if (afl->in_bitmap) { FATAL("Multiple -B options not supported"); }
afl->in_bitmap = optarg;
read_bitmap(afl->in_bitmap, afl->virgin_bits, afl->fsrv.map_size);
@ -487,85 +527,99 @@ int main(int argc, char **argv_orig, char **envp) {
case 'C': /* crash mode */
if (afl->crash_mode) FATAL("Multiple -C options not supported");
if (afl->crash_mode) { FATAL("Multiple -C options not supported"); }
afl->crash_mode = FSRV_RUN_CRASH;
break;
case 'n': /* dumb mode */
if (afl->dumb_mode) FATAL("Multiple -n options not supported");
if (afl->afl_env.afl_dumb_forksrv)
if (afl->dumb_mode) { FATAL("Multiple -n options not supported"); }
if (afl->afl_env.afl_dumb_forksrv) {
afl->dumb_mode = 2;
else
} else {
afl->dumb_mode = 1;
}
break;
case 'T': /* banner */
if (afl->use_banner) FATAL("Multiple -T options not supported");
if (afl->use_banner) { FATAL("Multiple -T options not supported"); }
afl->use_banner = optarg;
break;
case 'Q': /* QEMU mode */
if (afl->fsrv.qemu_mode) FATAL("Multiple -Q options not supported");
if (afl->fsrv.qemu_mode) { FATAL("Multiple -Q options not supported"); }
afl->fsrv.qemu_mode = 1;
if (!mem_limit_given) afl->fsrv.mem_limit = MEM_LIMIT_QEMU;
if (!mem_limit_given) { afl->fsrv.mem_limit = MEM_LIMIT_QEMU; }
break;
case 'N': /* Unicorn mode */
if (afl->no_unlink) FATAL("Multiple -N options not supported");
if (afl->no_unlink) { FATAL("Multiple -N options not supported"); }
afl->no_unlink = 1;
break;
case 'U': /* Unicorn mode */
if (afl->unicorn_mode) FATAL("Multiple -U options not supported");
if (afl->unicorn_mode) { FATAL("Multiple -U options not supported"); }
afl->unicorn_mode = 1;
if (!mem_limit_given) afl->fsrv.mem_limit = MEM_LIMIT_UNICORN;
if (!mem_limit_given) { afl->fsrv.mem_limit = MEM_LIMIT_UNICORN; }
break;
case 'W': /* Wine+QEMU mode */
if (afl->use_wine) FATAL("Multiple -W options not supported");
if (afl->use_wine) { FATAL("Multiple -W options not supported"); }
afl->fsrv.qemu_mode = 1;
afl->use_wine = 1;
if (!mem_limit_given) afl->fsrv.mem_limit = 0;
if (!mem_limit_given) { afl->fsrv.mem_limit = 0; }
break;
case 'V': {
afl->most_time_key = 1;
if (sscanf(optarg, "%llu", &afl->most_time) < 1 || optarg[0] == '-')
if (sscanf(optarg, "%llu", &afl->most_time) < 1 || optarg[0] == '-') {
FATAL("Bad syntax used for -V");
}
} break;
case 'E': {
afl->most_execs_key = 1;
if (sscanf(optarg, "%llu", &afl->most_execs) < 1 || optarg[0] == '-')
if (sscanf(optarg, "%llu", &afl->most_execs) < 1 || optarg[0] == '-') {
FATAL("Bad syntax used for -E");
}
} break;
case 'L': { /* MOpt mode */
if (afl->limit_time_sig) FATAL("Multiple -L options not supported");
if (afl->limit_time_sig) { FATAL("Multiple -L options not supported"); }
afl->havoc_max_mult = HAVOC_MAX_MULT_MOPT;
if (sscanf(optarg, "%d", &afl->limit_time_puppet) < 1)
if (sscanf(optarg, "%d", &afl->limit_time_puppet) < 1) {
FATAL("Bad syntax used for -L");
}
if (afl->limit_time_puppet == -1) {
afl->limit_time_sig = -1;
@ -583,19 +637,23 @@ int main(int argc, char **argv_orig, char **envp) {
u64 limit_time_puppet2 = afl->limit_time_puppet * 60 * 1000;
if (limit_time_puppet2 < afl->limit_time_puppet)
if (limit_time_puppet2 < afl->limit_time_puppet) {
FATAL("limit_time overflow");
}
afl->limit_time_puppet = limit_time_puppet2;
SAYF("limit_time_puppet %d\n", afl->limit_time_puppet);
afl->swarm_now = 0;
if (afl->limit_time_puppet == 0) afl->key_puppet = 1;
if (afl->limit_time_puppet == 0) { afl->key_puppet = 1; }
int i;
int tmp_swarm = 0;
if (afl->g_now > afl->g_max) afl->g_now = 0;
if (afl->g_now > afl->g_max) { afl->g_now = 0; }
afl->w_now = (afl->w_init - afl->w_end) * (afl->g_max - afl->g_now) /
(afl->g_max) +
afl->w_end;
@ -643,11 +701,16 @@ int main(int argc, char **argv_orig, char **envp) {
afl->x_now[tmp_swarm][i] += afl->v_now[tmp_swarm][i];
if (afl->x_now[tmp_swarm][i] > v_max)
if (afl->x_now[tmp_swarm][i] > v_max) {
afl->x_now[tmp_swarm][i] = v_max;
else if (afl->x_now[tmp_swarm][i] < v_min)
} else if (afl->x_now[tmp_swarm][i] < v_min) {
afl->x_now[tmp_swarm][i] = v_min;
}
x_temp += afl->x_now[tmp_swarm][i];
}
@ -655,19 +718,27 @@ int main(int argc, char **argv_orig, char **envp) {
for (i = 0; i < operator_num; ++i) {
afl->x_now[tmp_swarm][i] = afl->x_now[tmp_swarm][i] / x_temp;
if (likely(i != 0))
if (likely(i != 0)) {
afl->probability_now[tmp_swarm][i] =
afl->probability_now[tmp_swarm][i - 1] +
afl->x_now[tmp_swarm][i];
else
} else {
afl->probability_now[tmp_swarm][i] = afl->x_now[tmp_swarm][i];
}
}
if (afl->probability_now[tmp_swarm][operator_num - 1] < 0.99 ||
afl->probability_now[tmp_swarm][operator_num - 1] > 1.01)
afl->probability_now[tmp_swarm][operator_num - 1] > 1.01) {
FATAL("ERROR probability");
}
}
for (i = 0; i < operator_num; ++i) {
@ -682,25 +753,37 @@ int main(int argc, char **argv_orig, char **envp) {
} break;
case 'h': show_help++; break; // not needed
case 'h':
show_help++;
break; // not needed
case 'R':
if (afl->use_radamsa)
if (afl->use_radamsa) {
afl->use_radamsa = 2;
else
} else {
afl->use_radamsa = 1;
}
break;
default:
if (!show_help) show_help = 1;
if (!show_help) { show_help = 1; }
}
if (optind == argc || !afl->in_dir || !afl->out_dir || show_help)
}
if (optind == argc || !afl->in_dir || !afl->out_dir || show_help) {
usage(afl, argv[0], show_help);
}
OKF("afl++ is maintained by Marc \"van Hauser\" Heuse, Heiko \"hexcoder\" "
"Eißfeldt, Andrea Fioraldi and Dominik Maier");
OKF("afl++ is open source, get it at "
@ -711,40 +794,57 @@ int main(int argc, char **argv_orig, char **envp) {
OKF("MOpt Mutator from github.com/puppet-meteor/MOpt-AFL");
if (afl->sync_id && afl->force_deterministic &&
afl->afl_env.afl_custom_mutator_only)
afl->afl_env.afl_custom_mutator_only) {
WARNF(
"Using -M master with the AFL_CUSTOM_MUTATOR_ONLY mutator options will "
"result in no deterministic mutations being done!");
if (afl->fixed_seed) OKF("Running with fixed seed: %u", (u32)afl->init_seed);
}
if (afl->fixed_seed) {
OKF("Running with fixed seed: %u", (u32)afl->init_seed);
}
srandom((u32)afl->init_seed);
srand((u32)afl->init_seed); // in case it is a different implementation
if (afl->use_radamsa) {
if (afl->limit_time_sig > 0)
if (afl->limit_time_sig > 0) {
FATAL(
"MOpt and Radamsa are mutually exclusive unless you specify -L -1. "
"We accept pull requests that integrates MOpt with the optional "
"mutators (custom/radamsa/redqueen/...).");
if (afl->limit_time_sig && afl->use_radamsa > 1)
}
if (afl->limit_time_sig && afl->use_radamsa > 1) {
FATAL("Radamsa in radamsa-only mode can not run together with -L");
}
OKF("Using Radamsa add-on");
u8 * libradamsa_path = get_libradamsa_path(argv[0]);
void *handle = dlopen(libradamsa_path, RTLD_NOW);
ck_free(libradamsa_path);
if (!handle) FATAL("Failed to dlopen() libradamsa");
if (!handle) { FATAL("Failed to dlopen() libradamsa"); }
void (*radamsa_init_ptr)(void) = dlsym(handle, "radamsa_init");
afl->radamsa_mutate_ptr = dlsym(handle, "radamsa");
if (!radamsa_init_ptr || !afl->radamsa_mutate_ptr)
if (!radamsa_init_ptr || !afl->radamsa_mutate_ptr) {
FATAL("Failed to dlsym() libradamsa");
}
/* randamsa_init installs some signal hadlers, call it before
setup_signal_handlers so that AFL++ can then replace those signal
handlers */
@ -767,80 +867,113 @@ int main(int argc, char **argv_orig, char **envp) {
afl->power_name = power_names[afl->schedule];
if (afl->sync_id) fix_up_sync(afl);
if (afl->sync_id) { fix_up_sync(afl); }
if (!strcmp(afl->in_dir, afl->out_dir)) {
if (!strcmp(afl->in_dir, afl->out_dir))
FATAL("Input and output directories can't be the same");
if (afl->dumb_mode) {
if (afl->crash_mode) FATAL("-C and -n are mutually exclusive");
if (afl->fsrv.qemu_mode) FATAL("-Q and -n are mutually exclusive");
if (afl->unicorn_mode) FATAL("-U and -n are mutually exclusive");
}
if (get_afl_env("AFL_DISABLE_TRIM")) afl->disable_trim = 1;
if (afl->dumb_mode) {
if (afl->crash_mode) { FATAL("-C and -n are mutually exclusive"); }
if (afl->fsrv.qemu_mode) { FATAL("-Q and -n are mutually exclusive"); }
if (afl->unicorn_mode) { FATAL("-U and -n are mutually exclusive"); }
}
if (get_afl_env("AFL_DISABLE_TRIM")) { afl->disable_trim = 1; }
if (getenv("AFL_NO_UI") && getenv("AFL_FORCE_UI")) {
if (getenv("AFL_NO_UI") && getenv("AFL_FORCE_UI"))
FATAL("AFL_NO_UI and AFL_FORCE_UI are mutually exclusive");
if (strchr(argv[optind], '/') == NULL && !afl->unicorn_mode)
}
if (strchr(argv[optind], '/') == NULL && !afl->unicorn_mode) {
WARNF(cLRD
"Target binary called without a prefixed path, make sure you are "
"fuzzing the right binary: " cRST "%s",
argv[optind]);
}
ACTF("Getting to work...");
switch (afl->schedule) {
case FAST: OKF("Using exponential power schedule (FAST)"); break;
case COE: OKF("Using cut-off exponential power schedule (COE)"); break;
case FAST:
OKF("Using exponential power schedule (FAST)");
break;
case COE:
OKF("Using cut-off exponential power schedule (COE)");
break;
case EXPLOIT:
OKF("Using exploitation-based constant power schedule (EXPLOIT)");
break;
case LIN: OKF("Using linear power schedule (LIN)"); break;
case QUAD: OKF("Using quadratic power schedule (QUAD)"); break;
case MMOPT: OKF("Using modified MOpt power schedule (MMOPT)"); break;
case RARE: OKF("Using rare edge focus power schedule (RARE)"); break;
case LIN:
OKF("Using linear power schedule (LIN)");
break;
case QUAD:
OKF("Using quadratic power schedule (QUAD)");
break;
case MMOPT:
OKF("Using modified MOpt power schedule (MMOPT)");
break;
case RARE:
OKF("Using rare edge focus power schedule (RARE)");
break;
case EXPLORE:
OKF("Using exploration-based constant power schedule (EXPLORE, default)");
break;
default: FATAL("Unknown power schedule"); break;
default:
FATAL("Unknown power schedule");
break;
}
if (get_afl_env("AFL_NO_FORKSRV")) afl->no_forkserver = 1;
if (get_afl_env("AFL_NO_CPU_RED")) afl->no_cpu_meter_red = 1;
if (get_afl_env("AFL_NO_ARITH")) afl->no_arith = 1;
if (get_afl_env("AFL_SHUFFLE_QUEUE")) afl->shuffle_queue = 1;
if (get_afl_env("AFL_FAST_CAL")) afl->fast_cal = 1;
if (get_afl_env("AFL_NO_FORKSRV")) { afl->no_forkserver = 1; }
if (get_afl_env("AFL_NO_CPU_RED")) { afl->no_cpu_meter_red = 1; }
if (get_afl_env("AFL_NO_ARITH")) { afl->no_arith = 1; }
if (get_afl_env("AFL_SHUFFLE_QUEUE")) { afl->shuffle_queue = 1; }
if (get_afl_env("AFL_FAST_CAL")) { afl->fast_cal = 1; }
if (afl->afl_env.afl_autoresume) {
afl->autoresume = 1;
if (afl->in_place_resume) SAYF("AFL_AUTORESUME has no effect for '-i -'");
if (afl->in_place_resume) {
SAYF("AFL_AUTORESUME has no effect for '-i -'");
}
}
if (afl->afl_env.afl_hang_tmout) {
afl->hang_tmout = atoi(afl->afl_env.afl_hang_tmout);
if (!afl->hang_tmout) FATAL("Invalid value of AFL_HANG_TMOUT");
if (!afl->hang_tmout) { FATAL("Invalid value of AFL_HANG_TMOUT"); }
}
if (afl->dumb_mode == 2 && afl->no_forkserver)
if (afl->dumb_mode == 2 && afl->no_forkserver) {
FATAL("AFL_DUMB_FORKSRV and AFL_NO_FORKSRV are mutually exclusive");
}
afl->fsrv.use_fauxsrv = afl->dumb_mode == 1 || afl->no_forkserver;
if (getenv("LD_PRELOAD"))
if (getenv("LD_PRELOAD")) {
WARNF(
"LD_PRELOAD is set, are you sure that is what to you want to do "
"instead of using AFL_PRELOAD?");
}
if (afl->afl_env.afl_preload) {
if (afl->fsrv.qemu_mode) {
@ -852,20 +985,28 @@ int main(int argc, char **argv_orig, char **envp) {
s32 i, afl_preload_size = strlen(afl_preload);
for (i = 0; i < afl_preload_size; ++i) {
if (afl_preload[i] == ',')
if (afl_preload[i] == ',') {
PFATAL(
"Comma (',') is not allowed in AFL_PRELOAD when -Q is "
"specified!");
}
}
if (qemu_preload)
if (qemu_preload) {
buf = alloc_printf("%s,LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s",
qemu_preload, afl_preload, afl_preload);
else
} else {
buf = alloc_printf("LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s",
afl_preload, afl_preload);
}
setenv("QEMU_SET_ENV", buf, 1);
ck_free(buf);
@ -879,15 +1020,18 @@ int main(int argc, char **argv_orig, char **envp) {
}
if (getenv("AFL_LD_PRELOAD"))
if (getenv("AFL_LD_PRELOAD")) {
FATAL("Use AFL_PRELOAD instead of AFL_LD_PRELOAD");
}
save_cmdline(afl, argc, argv);
fix_up_banner(afl, argv[optind]);
check_if_tty(afl);
if (afl->afl_env.afl_force_ui) afl->not_on_tty = 0;
if (afl->afl_env.afl_force_ui) { afl->not_on_tty = 0; }
if (afl->afl_env.afl_cal_fast) {
@ -921,7 +1065,7 @@ int main(int argc, char **argv_orig, char **envp) {
setup_post(afl);
if (!afl->in_bitmap) memset(afl->virgin_bits, 255, afl->fsrv.map_size);
if (!afl->in_bitmap) { memset(afl->virgin_bits, 255, afl->fsrv.map_size); }
memset(afl->virgin_tmout, 255, afl->fsrv.map_size);
memset(afl->virgin_crash, 255, afl->fsrv.map_size);
@ -938,9 +1082,9 @@ int main(int argc, char **argv_orig, char **envp) {
pivot_inputs(afl);
if (extras_dir) load_extras(afl, extras_dir);
if (extras_dir) { load_extras(afl, extras_dir); }
if (!afl->timeout_given) find_timeout(afl);
if (!afl->timeout_given) { find_timeout(afl); }
if ((afl->tmp_dir = afl->afl_env.afl_tmpdir) != NULL &&
!afl->in_place_resume) {
@ -959,16 +1103,21 @@ int main(int argc, char **argv_orig, char **envp) {
}
/* there is still a race condition here, but well ... */
if (access(tmpfile, F_OK) != -1)
if (access(tmpfile, F_OK) != -1) {
FATAL(
"AFL_TMPDIR already has an existing temporary input file: %s - if "
"this is not from another instance, then just remove the file.",
tmpfile);
} else
}
} else {
afl->tmp_dir = afl->out_dir;
}
/* If we don't have a file name chosen yet, use a safe default. */
if (!afl->fsrv.out_file) {
@ -1005,13 +1154,17 @@ int main(int argc, char **argv_orig, char **envp) {
}
if (!afl->fsrv.out_file) setup_stdio_file(afl);
if (!afl->fsrv.out_file) { setup_stdio_file(afl); }
if (afl->cmplog_binary) {
if (afl->unicorn_mode)
if (afl->unicorn_mode) {
FATAL("CmpLog and Unicorn mode are not compatible at the moment, sorry");
if (!afl->fsrv.qemu_mode) check_binary(afl, afl->cmplog_binary);
}
if (!afl->fsrv.qemu_mode) { check_binary(afl, afl->cmplog_binary); }
}
@ -1021,13 +1174,18 @@ int main(int argc, char **argv_orig, char **envp) {
if (afl->fsrv.qemu_mode) {
if (afl->use_wine)
if (afl->use_wine) {
use_argv = get_wine_argv(argv[0], &afl->fsrv.target_path, argc - optind,
argv + optind);
else
} else {
use_argv = get_qemu_argv(argv[0], &afl->fsrv.target_path, argc - optind,
argv + optind);
}
} else {
use_argv = argv + optind;
@ -1062,7 +1220,7 @@ int main(int argc, char **argv_orig, char **envp) {
maybe_update_plot_file(afl, 0, 0);
save_auto(afl);
if (afl->stop_soon) goto stop_fuzzing;
if (afl->stop_soon) { goto stop_fuzzing; }
/* Woop woop woop */
@ -1070,7 +1228,7 @@ int main(int argc, char **argv_orig, char **envp) {
sleep(4);
afl->start_time += 4000;
if (afl->stop_soon) goto stop_fuzzing;
if (afl->stop_soon) { goto stop_fuzzing; }
}
@ -1112,34 +1270,44 @@ int main(int argc, char **argv_orig, char **envp) {
if (afl->queued_paths == prev_queued) {
if (afl->use_splicing)
if (afl->use_splicing) {
++afl->cycles_wo_finds;
else
} else {
afl->use_splicing = 1;
} else
}
} else {
afl->cycles_wo_finds = 0;
}
prev_queued = afl->queued_paths;
if (afl->sync_id && afl->queue_cycle == 1 &&
afl->afl_env.afl_import_first)
afl->afl_env.afl_import_first) {
sync_fuzzers(afl);
}
}
skipped_fuzz = fuzz_one(afl);
if (!skipped_fuzz && !afl->stop_soon && afl->sync_id) {
if (!(sync_interval_cnt++ % SYNC_INTERVAL)) sync_fuzzers(afl);
if (!(sync_interval_cnt++ % SYNC_INTERVAL)) { sync_fuzzers(afl); }
}
if (!afl->stop_soon && exit_1) afl->stop_soon = 2;
if (!afl->stop_soon && exit_1) { afl->stop_soon = 2; }
if (afl->stop_soon) break;
if (afl->stop_soon) { break; }
afl->queue_cur = afl->queue_cur->next;
++afl->current_entry;
@ -1159,11 +1327,18 @@ stop_fuzzing:
SAYF(CURSOR_SHOW cLRD "\n\n+++ Testing aborted %s +++\n" cRST,
afl->stop_soon == 2 ? "programmatically" : "by user");
if (afl->most_time_key == 2)
if (afl->most_time_key == 2) {
SAYF(cYEL "[!] " cRST "Time limit was reached\n");
if (afl->most_execs_key == 2)
}
if (afl->most_execs_key == 2) {
SAYF(cYEL "[!] " cRST "Execution limit was reached\n");
}
/* Running for more than 30 minutes but still doing first cycle? */
if (afl->queue_cycle == 1 &&
@ -1182,7 +1357,7 @@ stop_fuzzing:
destroy_custom_mutator(afl);
afl_shm_deinit(&afl->shm);
afl_fsrv_deinit(&afl->fsrv);
if (afl->orig_cmdline) ck_free(afl->orig_cmdline);
if (afl->orig_cmdline) { ck_free(afl->orig_cmdline); }
ck_free(afl->fsrv.target_path);
ck_free(afl->fsrv.out_file);
ck_free(afl->sync_id);