mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-14 02:58:08 +00:00
cleaned up maybe_add_auto calls
This commit is contained in:
Dominik Maier
@ -608,8 +608,6 @@ typedef struct afl_state {
|
||||
u32 document_counter;
|
||||
#endif
|
||||
|
||||
void *maybe_add_auto;
|
||||
|
||||
/* statistics file */
|
||||
double last_bitmap_cvg, last_stability, last_eps;
|
||||
|
||||
@ -911,7 +909,7 @@ u8 has_new_bits(afl_state_t *, u8 *);
|
||||
|
||||
void load_extras_file(afl_state_t *, u8 *, u32 *, u32 *, u32);
|
||||
void load_extras(afl_state_t *, u8 *);
|
||||
void maybe_add_auto(void *, u8 *, u32);
|
||||
void maybe_add_auto(afl_state_t *, u8 *, u32);
|
||||
void save_auto(afl_state_t *);
|
||||
void load_auto(afl_state_t *);
|
||||
void destroy_extras(afl_state_t *);
|
||||
|
||||
@ -89,9 +89,9 @@ typedef struct afl_forkserver {
|
||||
/* Function to kick off the forkserver child */
|
||||
void (*init_child_func)(struct afl_forkserver *fsrv, char **argv);
|
||||
|
||||
u8 *function_opt; /* for autodictionary: afl ptr */
|
||||
u8 *afl_ptr; /* for autodictionary: afl ptr */
|
||||
|
||||
void (*function_ptr)(void *afl_tmp, u8 *mem, u32 len);
|
||||
void (*autodict_func)(void *afl_ptr, u8 *mem, u32 len);
|
||||
|
||||
} afl_forkserver_t;
|
||||
|
||||
|
||||
@ -324,8 +324,7 @@ static void report_error_and_exit(int error) {
|
||||
cloning a stopped child. So, we just execute once, and then send commands
|
||||
through a pipe. The other part of this logic is in afl-as.h / llvm_mode */
|
||||
|
||||
void __attribute__((hot))
|
||||
afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, volatile u8 *stop_soon_p,
|
||||
void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, volatile u8 *stop_soon_p,
|
||||
u8 debug_child_output) {
|
||||
|
||||
int st_pipe[2], ctl_pipe[2];
|
||||
@ -631,13 +630,18 @@ afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, volatile u8 *stop_soon_p,
|
||||
|
||||
if ((status & FS_OPT_AUTODICT) == FS_OPT_AUTODICT) {
|
||||
|
||||
if (fsrv->function_ptr == NULL || fsrv->function_opt == NULL) {
|
||||
if (fsrv->autodict_func == NULL || fsrv->afl_ptr == NULL) {
|
||||
|
||||
// this is not afl-fuzz - we deny and return
|
||||
if (fsrv->use_shmem_fuzz)
|
||||
if (fsrv->use_shmem_fuzz) {
|
||||
|
||||
status = (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ);
|
||||
else
|
||||
|
||||
} else {
|
||||
|
||||
status = (FS_OPT_ENABLED);
|
||||
|
||||
}
|
||||
if (write(fsrv->fsrv_ctl_fd, &status, 4) != 4) {
|
||||
|
||||
FATAL("Writing to forkserver failed.");
|
||||
@ -650,11 +654,16 @@ afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, volatile u8 *stop_soon_p,
|
||||
|
||||
if (!be_quiet) { ACTF("Using AUTODICT feature."); }
|
||||
|
||||
if (fsrv->use_shmem_fuzz)
|
||||
if (fsrv->use_shmem_fuzz) {
|
||||
|
||||
status = (FS_OPT_ENABLED | FS_OPT_AUTODICT | FS_OPT_SHDMEM_FUZZ);
|
||||
else
|
||||
|
||||
} else {
|
||||
|
||||
status = (FS_OPT_ENABLED | FS_OPT_AUTODICT);
|
||||
|
||||
}
|
||||
|
||||
if (write(fsrv->fsrv_ctl_fd, &status, 4) != 4) {
|
||||
|
||||
FATAL("Writing to forkserver failed.");
|
||||
@ -673,7 +682,8 @@ afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, volatile u8 *stop_soon_p,
|
||||
|
||||
}
|
||||
|
||||
u32 len = status, offset = 0, count = 0;
|
||||
u32 offset = 0, count = 0;
|
||||
u32 len = status;
|
||||
u8 *dict = ck_alloc(len);
|
||||
if (dict == NULL) {
|
||||
|
||||
@ -704,7 +714,7 @@ afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, volatile u8 *stop_soon_p,
|
||||
while (offset < (u32)status &&
|
||||
(u8)dict[offset] + offset < (u32)status) {
|
||||
|
||||
fsrv->function_ptr(fsrv->function_opt, dict + offset + 1,
|
||||
fsrv->autodict_func(fsrv->afl_ptr, dict + offset + 1,
|
||||
(u8)dict[offset]);
|
||||
offset += (1 + dict[offset]);
|
||||
count++;
|
||||
|
||||
@ -354,13 +354,9 @@ static inline u8 memcmp_nocase(u8 *m1, u8 *m2, u32 len) {
|
||||
}
|
||||
|
||||
/* Maybe add automatic extra. */
|
||||
/* Ugly hack: afl state is transfered as u8* because we import data via
|
||||
afl-forkserver.c - which is shared with other afl tools that do not
|
||||
have the afl state struct */
|
||||
|
||||
void maybe_add_auto(void *afl_tmp, u8 *mem, u32 len) {
|
||||
void maybe_add_auto(afl_state_t *afl, u8 *mem, u32 len) {
|
||||
|
||||
afl_state_t *afl = (afl_state_t *)afl_tmp;
|
||||
u32 i;
|
||||
|
||||
/* Allow users to specify that they don't want auto dictionaries. */
|
||||
@ -544,7 +540,7 @@ void load_auto(afl_state_t *afl) {
|
||||
|
||||
if (len >= MIN_AUTO_EXTRA && len <= MAX_AUTO_EXTRA) {
|
||||
|
||||
maybe_add_auto((u8 *)afl, tmp, len);
|
||||
maybe_add_auto(afl, tmp, len);
|
||||
|
||||
}
|
||||
|
||||
|
||||
@ -681,7 +681,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
|
||||
|
||||
if (a_len >= MIN_AUTO_EXTRA && a_len <= MAX_AUTO_EXTRA) {
|
||||
|
||||
maybe_add_auto((u8 *)afl, a_collect, a_len);
|
||||
maybe_add_auto(afl, a_collect, a_len);
|
||||
|
||||
}
|
||||
|
||||
@ -692,7 +692,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
|
||||
|
||||
if (a_len >= MIN_AUTO_EXTRA && a_len <= MAX_AUTO_EXTRA) {
|
||||
|
||||
maybe_add_auto((u8 *)afl, a_collect, a_len);
|
||||
maybe_add_auto(afl, a_collect, a_len);
|
||||
|
||||
}
|
||||
|
||||
@ -2882,7 +2882,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
|
||||
|
||||
if (a_len >= MIN_AUTO_EXTRA && a_len <= MAX_AUTO_EXTRA) {
|
||||
|
||||
maybe_add_auto((u8 *)afl, a_collect, a_len);
|
||||
maybe_add_auto(afl, a_collect, a_len);
|
||||
|
||||
}
|
||||
|
||||
@ -2893,7 +2893,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
|
||||
|
||||
if (a_len >= MIN_AUTO_EXTRA && a_len <= MAX_AUTO_EXTRA) {
|
||||
|
||||
maybe_add_auto((u8 *)afl, a_collect, a_len);
|
||||
maybe_add_auto(afl, a_collect, a_len);
|
||||
|
||||
}
|
||||
|
||||
|
||||
@ -500,7 +500,7 @@ static void try_to_add_to_dict(afl_state_t *afl, u64 v, u8 shape) {
|
||||
|
||||
}
|
||||
|
||||
maybe_add_auto((u8 *)afl, (u8 *)&v, shape);
|
||||
maybe_add_auto(afl, (u8 *)&v, shape);
|
||||
|
||||
u64 rev;
|
||||
switch (shape) {
|
||||
@ -509,15 +509,15 @@ static void try_to_add_to_dict(afl_state_t *afl, u64 v, u8 shape) {
|
||||
break;
|
||||
case 2:
|
||||
rev = SWAP16((u16)v);
|
||||
maybe_add_auto((u8 *)afl, (u8 *)&rev, shape);
|
||||
maybe_add_auto(afl, (u8 *)&rev, shape);
|
||||
break;
|
||||
case 4:
|
||||
rev = SWAP32((u32)v);
|
||||
maybe_add_auto((u8 *)afl, (u8 *)&rev, shape);
|
||||
maybe_add_auto(afl, (u8 *)&rev, shape);
|
||||
break;
|
||||
case 8:
|
||||
rev = SWAP64(v);
|
||||
maybe_add_auto((u8 *)afl, (u8 *)&rev, shape);
|
||||
maybe_add_auto(afl, (u8 *)&rev, shape);
|
||||
break;
|
||||
|
||||
}
|
||||
@ -772,8 +772,8 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u32 len) {
|
||||
|
||||
if (afl->pass_stats[key].total == 0) {
|
||||
|
||||
maybe_add_auto((u8 *)afl, o->v0, SHAPE_BYTES(h->shape));
|
||||
maybe_add_auto((u8 *)afl, o->v1, SHAPE_BYTES(h->shape));
|
||||
maybe_add_auto(afl, o->v0, SHAPE_BYTES(h->shape));
|
||||
maybe_add_auto(afl, o->v1, SHAPE_BYTES(h->shape));
|
||||
|
||||
}
|
||||
|
||||
|
||||
@ -112,8 +112,9 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) {
|
||||
|
||||
afl->fsrv.use_stdin = 1;
|
||||
afl->fsrv.map_size = map_size;
|
||||
afl->fsrv.function_opt = (u8 *)afl;
|
||||
afl->fsrv.function_ptr = &maybe_add_auto;
|
||||
// afl_state_t is not available in forkserver.c
|
||||
afl->fsrv.afl_ptr = (void *)afl;
|
||||
afl->fsrv.autodict_func = (void (*)(void *, u8 *, u32))&maybe_add_auto;
|
||||
|
||||
afl->cal_cycles = CAL_CYCLES;
|
||||
afl->cal_cycles_long = CAL_CYCLES_LONG;
|
||||
|
||||
Reference in New Issue
Block a user