code format

2025-06-14 02:58:08 +00:00 · 2020-02-07 20:44:36 +01:00
parent 420b1aa859
commit aa2cb66ea2
8 changed files with 149 additions and 132 deletions
--- a/examples/qemu_persistent_hook/read_into_rdi.c
+++ b/examples/qemu_persistent_hook/read_into_rdi.c
@ -6,6 +6,7 @@
 #define h2g(x) ((uint64_t)(x)-guest_base)

 enum {
+
  R_EAX = 0,
  R_ECX = 1,
  R_EDX = 2,
@ -31,6 +32,7 @@ enum {
  R_CH = 5,
  R_DH = 6,
  R_BH = 7,
+
 };

 void afl_persistent_hook(uint64_t* regs, uint64_t guest_base) {
@ -40,3 +42,4 @@ void afl_persistent_hook(uint64_t* regs, uint64_t guest_base) {
  printf("readed %ld bytes\n", r);

 }
+
--- a/examples/qemu_persistent_hook/test.c
+++ b/examples/qemu_persistent_hook/test.c
@ -6,16 +6,15 @@ int target_func(char *buf, int size) {
  switch (buf[0]) {

    case 1:
-      if (buf[1] == '\x44') {
-        puts("a");
-      }
+      if (buf[1] == '\x44') { puts("a"); }
      break;
    case 0xff:
      if (buf[2] == '\xff') {
-        if (buf[1] == '\x44') {
-          puts("b");
-        }
+
+        if (buf[1] == '\x44') { puts("b"); }
+
      }
+
      break;
    default: break;

@ -32,3 +31,4 @@ int main() {
  target_func(data, 1024);

 }
+
--- a/qemu_mode/patches/afl-qemu-cpu-inl.h
+++ b/qemu_mode/patches/afl-qemu-cpu-inl.h
@ -250,7 +250,9 @@ static void afl_setup(void) {

 #ifdef AFL_QEMU_STATIC_BUILD

-    fprintf(stderr, "[AFL] ERROR: you cannot use AFL_QEMU_PERSISTENT_HOOK when afl-qemu-trace is static\n");
+    fprintf(stderr,
+            "[AFL] ERROR: you cannot use AFL_QEMU_PERSISTENT_HOOK when "
+            "afl-qemu-trace is static\n");
    exit(1);

 #else
@ -259,14 +261,22 @@ static void afl_setup(void) {

    void *plib = dlopen(getenv("AFL_QEMU_PERSISTENT_HOOK"), RTLD_NOW);
    if (!plib) {
-      fprintf(stderr, "[AFL] ERROR: invalid AFL_QEMU_PERSISTENT_HOOK=%s\n", getenv("AFL_QEMU_PERSISTENT_HOOK"));
+
+      fprintf(stderr, "[AFL] ERROR: invalid AFL_QEMU_PERSISTENT_HOOK=%s\n",
+              getenv("AFL_QEMU_PERSISTENT_HOOK"));
      exit(1);
+
    }

    afl_persistent_hook_ptr = dlsym(plib, "afl_persistent_hook");
    if (!afl_persistent_hook_ptr) {
-      fprintf(stderr, "[AFL] ERROR: failed to find the function \"afl_persistent_hook\" in %s\n", getenv("AFL_QEMU_PERSISTENT_HOOK"));
+
+      fprintf(stderr,
+              "[AFL] ERROR: failed to find the function "
+              "\"afl_persistent_hook\" in %s\n",
+              getenv("AFL_QEMU_PERSISTENT_HOOK"));
      exit(1);
+
    }

 #endif
@ -402,9 +412,12 @@ static void afl_forkserver(CPUState *cpu) {
    if (WIFSTOPPED(status))
      child_stopped = 1;
    else if (unlikely(first_run && is_persistent)) {
+
      fprintf(stderr, "[AFL] ERROR: no persistent iteration executed\n");
      exit(12);  // Persistent is wrong
+
    }
+
    first_run = 0;

    if (write(FORKSRV_FD + 1, &status, 4) != 4) exit(7);
--- a/qemu_mode/patches/afl-qemu-cpu-translate-inl.h
+++ b/qemu_mode/patches/afl-qemu-cpu-translate-inl.h
@ -153,14 +153,12 @@ static void afl_cmplog_64(target_ulong cur_loc, target_ulong arg1,

 }

-
 static void afl_gen_compcov(target_ulong cur_loc, TCGv_i64 arg1, TCGv_i64 arg2,
                            TCGMemOp ot, int is_imm) {

  void *func;

-  if (cur_loc > afl_end_code || cur_loc < afl_start_code)
-    return;
+  if (cur_loc > afl_end_code || cur_loc < afl_start_code) return;

  if (__afl_cmp_map) {

@ -254,7 +252,6 @@ static void log_x86_sp_content(void) {

 }*/

-
 static void callback_to_persistent_hook(void) {

  afl_persistent_hook_ptr(persistent_saved_gpr, guest_base);
@ -288,8 +285,7 @@ static void i386_restore_state_for_persistent(TCGv* cpu_regs) {

    tcg_gen_afl_call0(&afl_persistent_loop);

-    if (afl_persistent_hook_ptr)
-      tcg_gen_afl_call0(callback_to_persistent_hook);
+    if (afl_persistent_hook_ptr) tcg_gen_afl_call0(callback_to_persistent_hook);

    // restore GRP registers
    for (i = 0; i < CPU_NB_REGS; ++i) {
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@ -122,8 +122,7 @@ u8 colorization(u8* buf, u32 len, u32 exec_cksum) {
  while ((rng = pop_biggest_range(&ranges)) != NULL && stage_cur) {

    u32 s = rng->end - rng->start;
-    if (s == 0)
-      goto empty_range;
+    if (s == 0) goto empty_range;

    memcpy(backup, buf + rng->start, s);
    rand_replace(buf + rng->start, s);
@ -137,7 +136,9 @@ u8 colorization(u8* buf, u32 len, u32 exec_cksum) {
      ranges = add_range(ranges, rng->start + s / 2 + 1, rng->end);
      memcpy(buf + rng->start, backup, s);

-    } else needs_write = 1;
+    } else
+
+      needs_write = 1;

  empty_range:
    ck_free(rng);
@ -310,12 +311,14 @@ void try_to_add_to_dict(u64 v, u8 shape) {
  u8  cons_ff = 0, cons_0 = 0;
  for (k = 0; k < shape; ++k) {

-    if (b[k] == 0) ++cons_0;
-    else if (b[k] == 0xff) ++cons_0;
-    else cons_0 = cons_ff = 0;
+    if (b[k] == 0)
+      ++cons_0;
+    else if (b[k] == 0xff)
+      ++cons_0;
+    else
+      cons_0 = cons_ff = 0;

-    if (cons_0 > 1 || cons_ff > 1)
-      return;
+    if (cons_0 > 1 || cons_ff > 1) return;

  }

@ -323,6 +326,7 @@ void try_to_add_to_dict(u64 v, u8 shape) {

  u64 rev;
  switch (shape) {
+
    case 1: break;
    case 2:
      rev = SWAP16((u16)v);
@ -336,6 +340,7 @@ void try_to_add_to_dict(u64 v, u8 shape) {
      rev = SWAP64(v);
      maybe_add_auto((u8*)&rev, shape);
      break;
+
  }

 }