real fix plus code format

include/android-ashmem.h

@@ -1,81 +1,83 @@
 #ifdef __ANDROID__
-#ifndef _ANDROID_ASHMEM_H
-#define _ANDROID_ASHMEM_H
+  #ifndef _ANDROID_ASHMEM_H
+    #define _ANDROID_ASHMEM_H
 
-#include <fcntl.h>
-#include <linux/ashmem.h>
-#include <sys/ioctl.h>
-#include <sys/mman.h>
+    #include <fcntl.h>
+    #include <linux/ashmem.h>
+    #include <sys/ioctl.h>
+    #include <sys/mman.h>
 
-#if __ANDROID_API__ >= 26
-#define shmat bionic_shmat
-#define shmctl bionic_shmctl
-#define shmdt bionic_shmdt
-#define shmget bionic_shmget
-#endif
-#include <sys/shm.h>
-#undef shmat
-#undef shmctl
-#undef shmdt
-#undef shmget
-#include <stdio.h>
+    #if __ANDROID_API__ >= 26
+      #define shmat bionic_shmat
+      #define shmctl bionic_shmctl
+      #define shmdt bionic_shmdt
+      #define shmget bionic_shmget
+    #endif
+    #include <sys/shm.h>
+    #undef shmat
+    #undef shmctl
+    #undef shmdt
+    #undef shmget
+    #include <stdio.h>
 
-#define ASHMEM_DEVICE "/dev/ashmem"
+    #define ASHMEM_DEVICE "/dev/ashmem"
 
 int shmctl(int __shmid, int __cmd, struct shmid_ds *__buf) {
+
   int ret = 0;
   if (__cmd == IPC_RMID) {
-    int length = ioctl(__shmid, ASHMEM_GET_SIZE, NULL);
+
+    int               length = ioctl(__shmid, ASHMEM_GET_SIZE, NULL);
     struct ashmem_pin pin = {0, length};
     ret = ioctl(__shmid, ASHMEM_UNPIN, &pin);
     close(__shmid);
+
   }
 
   return ret;
+
 }
 
 int shmget(key_t __key, size_t __size, int __shmflg) {
-  (void) __shmflg;
-  int fd, ret;
+
+  (void)__shmflg;
+  int  fd, ret;
   char ourkey[11];
 
   fd = open(ASHMEM_DEVICE, O_RDWR);
-  if (fd < 0)
-    return fd;
+  if (fd < 0) return fd;
 
   sprintf(ourkey, "%d", __key);
   ret = ioctl(fd, ASHMEM_SET_NAME, ourkey);
-  if (ret < 0)
-    goto error;
+  if (ret < 0) goto error;
 
   ret = ioctl(fd, ASHMEM_SET_SIZE, __size);
-  if (ret < 0)
-    goto error;
+  if (ret < 0) goto error;
 
   return fd;
 
 error:
   close(fd);
   return ret;
+
 }
 
 void *shmat(int __shmid, const void *__shmaddr, int __shmflg) {
-  (void) __shmflg;
-  int size;
+
+  (void)__shmflg;
+  int   size;
   void *ptr;
 
   size = ioctl(__shmid, ASHMEM_GET_SIZE, NULL);
-  if (size < 0) {
-    return NULL;
-  }
+  if (size < 0) { return NULL; }
 
   ptr = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, __shmid, 0);
-  if (ptr == MAP_FAILED) {
-    return NULL;
-  }
+  if (ptr == MAP_FAILED) { return NULL; }
 
   return ptr;
+
 }
 
-#endif /* !_ANDROID_ASHMEM_H */
-#endif /* !__ANDROID__ */
+  #endif                                              /* !_ANDROID_ASHMEM_H */
+#endif                                                      /* !__ANDROID__ */
+

src/afl-fuzz-init.c

@@ -1027,7 +1027,7 @@ void perform_dry_run(afl_state_t *afl) {
 
         struct queue_entry *p = afl->queue;
 
-        if (!p->disabled && !p->was_fuzzed) {
+        if (!p->was_fuzzed) {
 
           --afl->pending_not_fuzzed;
           --afl->active_paths;
@@ -1128,16 +1128,6 @@ restart_outer_cull_loop:
       if (!p->cal_failed && p->exec_cksum == q->exec_cksum) {
 
         duplicates = 1;
-        if (!p->disabled && !q->disabled && !p->was_fuzzed && !q->was_fuzzed) {
-
-          --afl->pending_not_fuzzed;
-          afl->active_paths--;
-
-        } else {
-        
-          FATAL("disabled entry? this should not happen, please report!");
-        
-        }
 
         // We do not remove any of the memory allocated because for
         // splicing the data might still be interesting.
@@ -1147,6 +1137,14 @@ restart_outer_cull_loop:
         // we keep the shorter file
         if (p->len >= q->len) {
 
+          if (!p->was_fuzzed) {
+
+            p->was_fuzzed = 1;
+            --afl->pending_not_fuzzed;
+            afl->active_paths--;
+
+          }
+
           p->disabled = 1;
           p->perf_score = 0;
           q->next = p->next;
@@ -1154,6 +1152,14 @@ restart_outer_cull_loop:
 
         } else {
 
+          if (!q->was_fuzzed) {
+
+            q->was_fuzzed = 1;
+            --afl->pending_not_fuzzed;
+            afl->active_paths--;
+
+          }
+
           q->disabled = 1;
           q->perf_score = 0;
           if (prev)

src/afl-fuzz-queue.c

@@ -317,7 +317,7 @@ static u8 check_if_text(afl_state_t *afl, struct queue_entry *q) {
 
   if (q->len < AFL_TXT_MIN_LEN) return 0;
 
-  u8     *buf;
+  u8 *    buf;
   int     fd;
   u32     len = q->len, offset = 0, ascii = 0, utf8 = 0;
   ssize_t comp;

src/afl-fuzz.c

@@ -339,7 +339,7 @@ int main(int argc, char **argv_orig, char **envp) {
   afl_state_init(afl, map_size);
   afl->debug = debug;
   afl_fsrv_init(&afl->fsrv);
-  if (debug) { afl->fsrv.debug = true ; }
+  if (debug) { afl->fsrv.debug = true; }
 
   read_afl_environment(afl, envp);
   if (afl->shm.map_size) { afl->fsrv.map_size = afl->shm.map_size; }

src/afl-showmap.c

@@ -317,8 +317,16 @@ static void showmap_run_target_forkserver(afl_forkserver_t *fsrv, u8 *mem,
 
   }
 
-  if (fsrv->trace_bits[0] == 1) { fsrv->trace_bits[0] = 0; have_coverage = 1; }
-  else { have_coverage = 0; }
+  if (fsrv->trace_bits[0] == 1) {
+
+    fsrv->trace_bits[0] = 0;
+    have_coverage = 1;
+
+  } else {
+
+    have_coverage = 0;
+
+  }
 
   if (!no_classify) { classify_counts(fsrv); }
 
@@ -493,8 +501,16 @@ static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) {
 
   }
 
-  if (fsrv->trace_bits[0] == 1) { fsrv->trace_bits[0] = 0; have_coverage = 1; }
-  else { have_coverage = 0; }
+  if (fsrv->trace_bits[0] == 1) {
+
+    fsrv->trace_bits[0] = 0;
+    have_coverage = 1;
+
+  } else {
+
+    have_coverage = 0;
+
+  }
 
   if (!no_classify) { classify_counts(fsrv); }
 

utils/afl_frida/afl-frida.c

@@ -153,7 +153,7 @@ static int enumerate_ranges(const GumRangeDetails *details,
 
 }
 
-int main(int argc, char** argv) {
+int main(int argc, char **argv) {
 
 #ifndef __APPLE__
   (void)personality(ADDR_NO_RANDOMIZE);  // disable ASLR
@@ -166,10 +166,15 @@ int main(int argc, char** argv) {
 
   void *dl = NULL;
   if (argc > 2) {
+
     dl = dlopen(argv[1], RTLD_LAZY);
+
   } else {
+
     dl = dlopen(TARGET_LIBRARY, RTLD_LAZY);
+
   }
+
   if (!dl) {
 
     if (argc > 2)
@@ -197,17 +202,18 @@ int main(int argc, char** argv) {
   // END STEP 2
 
   if (!getenv("AFL_FRIDA_TEST_INPUT")) {
+
     gum_init_embedded();
     if (!gum_stalker_is_supported()) {
-  
+
       gum_deinit_embedded();
       return 1;
-  
+
     }
-  
+
     GumStalker *stalker = gum_stalker_new();
-  
-    GumAddress     base_address;
+
+    GumAddress base_address;
     if (argc > 2)
       base_address = gum_module_find_base_address(argv[1]);
     else
@@ -215,87 +221,89 @@ int main(int argc, char** argv) {
     GumMemoryRange code_range;
     if (argc > 2)
       gum_module_enumerate_ranges(argv[1], GUM_PAGE_RX, enumerate_ranges,
-                                &code_range);
+                                  &code_range);
     else
       gum_module_enumerate_ranges(TARGET_LIBRARY, GUM_PAGE_RX, enumerate_ranges,
-                                &code_range);
-  
+                                  &code_range);
+
     guint64 code_start = code_range.base_address;
     guint64 code_end = code_range.base_address + code_range.size;
     range_t instr_range = {0, code_start, code_end};
-  
+
     printf("Frida instrumentation: base=0x%lx instrumenting=0x%lx-%lx\n",
            base_address, code_start, code_end);
     if (!code_start || !code_end) {
-  
+
       if (argc > 2)
         fprintf(stderr, "Error: no valid memory address found for %s\n",
-              argv[1]);
+                argv[1]);
       else
         fprintf(stderr, "Error: no valid memory address found for %s\n",
-              TARGET_LIBRARY);
+                TARGET_LIBRARY);
       exit(-1);
-  
+
     }
-  
+
     GumStalkerTransformer *transformer =
         gum_stalker_transformer_make_from_callback(instr_basic_block,
                                                    &instr_range, NULL);
-  
+
     // to ensure that the signatures are not optimized out
     memcpy(__afl_area_ptr, (void *)AFL_PERSISTENT, sizeof(AFL_PERSISTENT) + 1);
     memcpy(__afl_area_ptr + 32, (void *)AFL_DEFER_FORKSVR,
            sizeof(AFL_DEFER_FORKSVR) + 1);
     __afl_manual_init();
-  
+
     //
     // any expensive target library initialization that has to be done just once
     // - put that here
     //
-  
+
     gum_stalker_follow_me(stalker, transformer, NULL);
-  
+
     while (__afl_persistent_loop(UINT32_MAX) != 0) {
-  
+
       previous_pc = 0;  // Required!
-  
-  #ifdef _DEBUG
+
+#ifdef _DEBUG
       fprintf(stderr, "CLIENT crc: %016llx len: %u\n",
               hash64(__afl_fuzz_ptr, *__afl_fuzz_len), *__afl_fuzz_len);
       fprintf(stderr, "RECV:");
       for (int i = 0; i < *__afl_fuzz_len; i++)
         fprintf(stderr, "%02x", __afl_fuzz_ptr[i]);
       fprintf(stderr, "\n");
-  #endif
-  
+#endif
+
       // STEP 3: ensure the minimum length is present and setup the target
       //         function to fuzz.
-  
+
       if (*__afl_fuzz_len > 0) {
-  
+
         __afl_fuzz_ptr[*__afl_fuzz_len] = 0;  // if you need to null terminate
         (*o_function)(__afl_fuzz_ptr, *__afl_fuzz_len);
-  
+
       }
-  
+
       // END STEP 3
-  
+
     }
-  
+
     gum_stalker_unfollow_me(stalker);
-  
+
     while (gum_stalker_garbage_collect(stalker))
       g_usleep(10000);
-  
+
     g_object_unref(stalker);
     g_object_unref(transformer);
     gum_deinit_embedded();
 
   } else {
-    char buf[8*1024] = {0};
-    int count = read(0, buf, sizeof(buf));
-    buf[8*1024-1] = '\0';
+
+    char buf[8 * 1024] = {0};
+    int  count = read(0, buf, sizeof(buf));
+    buf[8 * 1024 - 1] = '\0';
     (*o_function)(buf, count);
+
   }
 
   return 0;