ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 02:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

clang format 14

Browse Source
This commit is contained in:
vanhauser-thc
2022-07-12 09:04:54 +02:00
parent 338f1ae2f8
commit b847e0f414
89 changed files with 544 additions and 521 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
frida_mode/include/instrument.h
View File

@ -5,13 +5,13 @@
#include "config.h"
extern char * instrument_debug_filename;
extern char * instrument_coverage_filename;
extern char *instrument_debug_filename;
extern char *instrument_coverage_filename;
extern gboolean instrument_tracing;
extern gboolean instrument_optimize;
extern gboolean instrument_unique;
extern guint64 instrument_hash_zero;
extern char * instrument_coverage_unstable_filename;
extern char *instrument_coverage_unstable_filename;
extern gboolean instrument_coverage_insn;
extern gboolean instrument_use_fixed_seed;
@ -35,9 +35,9 @@ GumStalkerTransformer *instrument_get_transformer(void);
gboolean instrument_is_coverage_optimize_supported(void);
void instrument_coverage_optimize_init(void);
void instrument_coverage_optimize(const cs_insn * instr,
void instrument_coverage_optimize(const cs_insn *instr,
GumStalkerOutput *output);
void instrument_coverage_optimize_insn(const cs_insn * instr,
void instrument_coverage_optimize_insn(const cs_insn *instr,
GumStalkerOutput *output);
void instrument_debug_config(void);

2
frida_mode/include/persistent.h
View File

@ -13,7 +13,7 @@ typedef void (*afl_persistent_hook_fn)(api_regs *regs, uint64_t guest_base,
extern int __afl_persistent_loop(unsigned int max_cnt);
extern unsigned int * __afl_fuzz_len;
extern unsigned int *__afl_fuzz_len;
extern unsigned char *__afl_fuzz_ptr;
extern guint64 persistent_start;

4
frida_mode/include/seccomp.h
View File

@ -401,9 +401,9 @@ enum {
typedef void (*seccomp_child_func_t)(int event_fd, void *ctx);
typedef void (*seccomp_filter_callback_t)(struct seccomp_notif * req,
typedef void (*seccomp_filter_callback_t)(struct seccomp_notif *req,
struct seccomp_notif_resp *resp,
GumReturnAddressArray * frames);
GumReturnAddressArray *frames);
void seccomp_atomic_set(volatile bool *ptr, bool val);
bool seccomp_atomic_try_set(volatile bool *ptr, bool val);

2
frida_mode/include/stats.h
View File

@ -43,7 +43,7 @@ typedef struct {
G_DECLARE_FINAL_TYPE(GumAflStalkerStats, gum_afl_stalker_stats, GUM,
AFL_STALKER_STATS, GObject)
extern char * stats_filename;
extern char *stats_filename;
extern guint64 stats_interval;
void stats_config(void);

2
frida_mode/src/asan/asan.c
View File

@ -30,7 +30,7 @@ void asan_init(void) {
static gboolean asan_exclude_module(const GumModuleDetails *details,
gpointer user_data) {
gchar * symbol_name = (gchar *)user_data;
gchar *symbol_name = (gchar *)user_data;
GumAddress address;
address = gum_module_find_export_by_name(details->name, symbol_name);

6
frida_mode/src/asan/asan_arm64.c
View File

@ -22,8 +22,8 @@ asan_storeN_t asan_storeN = NULL;
static void asan_callout(GumCpuContext *ctx, gpointer user_data) {
asan_ctx_t * asan_ctx = (asan_ctx_t *)user_data;
cs_arm64_op * operand = &asan_ctx->operand;
asan_ctx_t *asan_ctx = (asan_ctx_t *)user_data;
cs_arm64_op *operand = &asan_ctx->operand;
arm64_op_mem *mem = &operand->mem;
gsize base = 0;
gsize index = 0;
@ -59,7 +59,7 @@ void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) {
cs_arm64 arm64 = instr->detail->arm64;
cs_arm64_op *operand;
asan_ctx_t * ctx;
asan_ctx_t *ctx;
if (!asan_initialized) return;

6
frida_mode/src/asan/asan_x64.c
View File

@ -17,7 +17,7 @@ static void asan_callout(GumCpuContext *ctx, gpointer user_data) {
UNUSED_PARAMETER(user_data);
cs_x86_op * operand = (cs_x86_op *)user_data;
cs_x86_op *operand = (cs_x86_op *)user_data;
x86_op_mem *mem = &operand->mem;
gsize base = 0;
gsize index = 0;
@ -48,9 +48,9 @@ void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) {
UNUSED_PARAMETER(iterator);
cs_x86 x86 = instr->detail->x86;
cs_x86_op * operand;
cs_x86_op *operand;
x86_op_mem *mem;
cs_x86_op * ctx;
cs_x86_op *ctx;
if (!asan_initialized) return;

6
frida_mode/src/asan/asan_x86.c
View File

@ -17,7 +17,7 @@ static void asan_callout(GumCpuContext *ctx, gpointer user_data) {
UNUSED_PARAMETER(user_data);
cs_x86_op * operand = (cs_x86_op *)user_data;
cs_x86_op *operand = (cs_x86_op *)user_data;
x86_op_mem *mem = &operand->mem;
gsize base = 0;
gsize index = 0;
@ -48,9 +48,9 @@ void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) {
UNUSED_PARAMETER(iterator);
cs_x86 x86 = instr->detail->x86;
cs_x86_op * operand;
cs_x86_op *operand;
x86_op_mem *mem;
cs_x86_op * ctx;
cs_x86_op *ctx;
if (!asan_initialized) return;

10
frida_mode/src/cmplog/cmplog.c
View File

@ -13,9 +13,9 @@
#define MAX_MEMFD_SIZE (64UL << 10)
extern struct cmp_map *__afl_cmp_map;
static GArray * cmplog_ranges = NULL;
static GHashTable * hash_yes = NULL;
static GHashTable * hash_no = NULL;
static GArray *cmplog_ranges = NULL;
static GHashTable *hash_yes = NULL;
static GHashTable *hash_no = NULL;
static long page_size = 0;
static long page_offset_mask = 0;
@ -24,7 +24,7 @@ static long page_mask = 0;
static gboolean cmplog_range(const GumRangeDetails *details,
gpointer user_data) {
GArray * cmplog_ranges = (GArray *)user_data;
GArray *cmplog_ranges = (GArray *)user_data;
GumMemoryRange range = *details->range;
g_array_append_val(cmplog_ranges, range);
return TRUE;
@ -118,7 +118,7 @@ gboolean cmplog_test_addr(guint64 addr, size_t size) {
if (g_hash_table_contains(hash_yes, GSIZE_TO_POINTER(addr))) { return true; }
if (g_hash_table_contains(hash_no, GSIZE_TO_POINTER(addr))) { return false; }
void * page_addr = GSIZE_TO_POINTER(addr & page_mask);
void *page_addr = GSIZE_TO_POINTER(addr & page_mask);
size_t page_offset = addr & page_offset_mask;
/* If it spans a page, then bail */

10
frida_mode/src/cmplog/cmplog_arm64.c
View File

@ -148,7 +148,7 @@ static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) {
}
static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx,
cs_arm64_op * operand) {
cs_arm64_op *operand) {
ctx->type = operand->type;
switch (operand->type) {
@ -169,7 +169,7 @@ static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx,
}
static void cmplog_instrument_call(const cs_insn * instr,
static void cmplog_instrument_call(const cs_insn *instr,
GumStalkerIterator *iterator) {
cs_arm64 arm64 = instr->detail->arm64;
@ -247,8 +247,8 @@ static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) {
}
static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator,
cs_arm64_op * operand1,
cs_arm64_op * operand2,
cs_arm64_op *operand1,
cs_arm64_op *operand2,
size_t size) {
cmplog_pair_ctx_t *ctx = g_malloc(sizeof(cmplog_pair_ctx_t));
@ -263,7 +263,7 @@ static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator,
}
static void cmplog_instrument_cmp_sub(const cs_insn * instr,
static void cmplog_instrument_cmp_sub(const cs_insn *instr,
GumStalkerIterator *iterator) {
cs_arm64 arm64 = instr->detail->arm64;

8
frida_mode/src/cmplog/cmplog_x64.c
View File

@ -141,7 +141,7 @@ static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) {
}
static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx,
cs_x86_op * operand) {
cs_x86_op *operand) {
ctx->type = operand->type;
ctx->size = operand->size;
@ -163,7 +163,7 @@ static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx,
}
static void cmplog_instrument_call(const cs_insn * instr,
static void cmplog_instrument_call(const cs_insn *instr,
GumStalkerIterator *iterator) {
cs_x86 x86 = instr->detail->x86;
@ -230,7 +230,7 @@ static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) {
}
static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator,
cs_x86_op * operand1,
cs_x86_op *operand1,
cs_x86_op *operand2) {
cmplog_pair_ctx_t *ctx = g_malloc(sizeof(cmplog_pair_ctx_t));
@ -244,7 +244,7 @@ static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator,
}
static void cmplog_instrument_cmp_sub(const cs_insn * instr,
static void cmplog_instrument_cmp_sub(const cs_insn *instr,
GumStalkerIterator *iterator) {
cs_x86 x86 = instr->detail->x86;

8
frida_mode/src/cmplog/cmplog_x86.c
View File

@ -146,7 +146,7 @@ static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) {
}
static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx,
cs_x86_op * operand) {
cs_x86_op *operand) {
ctx->type = operand->type;
ctx->size = operand->size;
@ -168,7 +168,7 @@ static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx,
}
static void cmplog_instrument_call(const cs_insn * instr,
static void cmplog_instrument_call(const cs_insn *instr,
GumStalkerIterator *iterator) {
cs_x86 x86 = instr->detail->x86;
@ -238,7 +238,7 @@ static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) {
}
static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator,
cs_x86_op * operand1,
cs_x86_op *operand1,
cs_x86_op *operand2) {
cmplog_pair_ctx_t *ctx = g_malloc(sizeof(cmplog_pair_ctx_t));
@ -252,7 +252,7 @@ static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator,
}
static void cmplog_instrument_cmp_sub(const cs_insn * instr,
static void cmplog_instrument_cmp_sub(const cs_insn *instr,
GumStalkerIterator *iterator) {
cs_x86 x86 = instr->detail->x86;

8
frida_mode/src/instrument/instrument.c
View File

@ -28,14 +28,14 @@ guint64 instrument_hash_seed = 0;
gboolean instrument_use_fixed_seed = FALSE;
guint64 instrument_fixed_seed = 0;
char * instrument_coverage_unstable_filename = NULL;
char *instrument_coverage_unstable_filename = NULL;
gboolean instrument_coverage_insn = FALSE;
static GumStalkerTransformer *transformer = NULL;
static GumAddress previous_rip = 0;
static GumAddress previous_end = 0;
static u8 * edges_notified = NULL;
static u8 *edges_notified = NULL;
__thread guint64 instrument_previous_pc;
__thread guint64 *instrument_previous_pc_addr = NULL;
@ -149,7 +149,7 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context,
}
static void instrument_basic_block(GumStalkerIterator *iterator,
GumStalkerOutput * output,
GumStalkerOutput *output,
gpointer user_data) {
UNUSED_PARAMETER(user_data);
@ -157,7 +157,7 @@ static void instrument_basic_block(GumStalkerIterator *iterator,
const cs_insn *instr;
gboolean begin = TRUE;
gboolean excluded;
block_ctx_t * ctx = NULL;
block_ctx_t *ctx = NULL;
while (gum_stalker_iterator_next(iterator, &instr)) {

4
frida_mode/src/instrument/instrument_arm32.c
View File

@ -14,7 +14,7 @@ gboolean instrument_is_coverage_optimize_supported(void) {
}
void instrument_coverage_optimize(const cs_insn * instr,
void instrument_coverage_optimize(const cs_insn *instr,
GumStalkerOutput *output) {
UNUSED_PARAMETER(instr);
@ -23,7 +23,7 @@ void instrument_coverage_optimize(const cs_insn * instr,
}
void instrument_coverage_optimize_insn(const cs_insn * instr,
void instrument_coverage_optimize_insn(const cs_insn *instr,
GumStalkerOutput *output) {
UNUSED_PARAMETER(instr);

10
frida_mode/src/instrument/instrument_arm64.c
View File

@ -159,8 +159,8 @@ static gboolean instrument_is_deterministic(const cs_insn *from_insn) {
static void instrument_coverage_switch(GumStalkerObserver *self,
gpointer from_address,
gpointer start_address,
const cs_insn * from_insn,
gpointer * target) {
const cs_insn *from_insn,
gpointer *target) {
UNUSED_PARAMETER(self);
UNUSED_PARAMETER(from_address);
@ -218,7 +218,7 @@ static void instrument_coverage_suppress_init(void) {
if (initialized) { return; }
initialized = true;
GumStalkerObserver * observer = stalker_get_observer();
GumStalkerObserver *observer = stalker_get_observer();
GumStalkerObserverInterface *iface = GUM_STALKER_OBSERVER_GET_IFACE(observer);
iface->switch_callback = instrument_coverage_switch;
@ -257,7 +257,7 @@ static void instrument_patch_ardp(guint32 *patch, GumAddress insn,
}
void instrument_coverage_optimize(const cs_insn * instr,
void instrument_coverage_optimize(const cs_insn *instr,
GumStalkerOutput *output) {
afl_log_code code = {0};
@ -345,7 +345,7 @@ void instrument_coverage_optimize(const cs_insn * instr,
}
void instrument_coverage_optimize_insn(const cs_insn * instr,
void instrument_coverage_optimize_insn(const cs_insn *instr,
GumStalkerOutput *output) {
UNUSED_PARAMETER(instr);

12
frida_mode/src/instrument/instrument_coverage.c
View File

@ -17,7 +17,7 @@ static int unstable_coverage_fd = -1;
static int unstable_coverage_pipes[2] = {-1, -1};
static uint64_t normal_coverage_last_start = 0;
static gchar * unstable_coverage_fuzzer_stats = NULL;
static gchar *unstable_coverage_fuzzer_stats = NULL;
typedef struct {
@ -68,7 +68,7 @@ typedef struct {
static gboolean coverage_range(const GumRangeDetails *details,
gpointer user_data) {
GArray * coverage_ranges = (GArray *)user_data;
GArray *coverage_ranges = (GArray *)user_data;
coverage_range_t coverage = {0};
if (details->file == NULL) { return TRUE; }
@ -210,8 +210,8 @@ static GArray *coverage_get_modules(void) {
static void instrument_coverage_mark(void *key, void *value, void *user_data) {
UNUSED_PARAMETER(key);
coverage_mark_ctx_t * ctx = (coverage_mark_ctx_t *)user_data;
GArray * coverage_modules = ctx->modules;
coverage_mark_ctx_t *ctx = (coverage_mark_ctx_t *)user_data;
GArray *coverage_modules = ctx->modules;
normal_coverage_data_t *val = (normal_coverage_data_t *)value;
guint i;
@ -426,7 +426,7 @@ static void instrument_coverage_normal_run() {
static GArray *instrument_coverage_unstable_read_unstable_ids(void) {
gchar * contents = NULL;
gchar *contents = NULL;
gsize length = 0;
GArray *unstable_edge_ids =
g_array_sized_new(false, false, sizeof(gpointer), 100);
@ -533,7 +533,7 @@ static GHashTable *instrument_collect_unstable_blocks(
while (g_hash_table_iter_next(&iter, NULL, &value)) {
unstable_coverage_data_t *unstable = (unstable_coverage_data_t *)value;
normal_coverage_data_t * from =
normal_coverage_data_t *from =
gum_malloc0(sizeof(normal_coverage_data_t));
normal_coverage_data_t *to = gum_malloc0(sizeof(normal_coverage_data_t));
from->start = unstable->from;

12
frida_mode/src/instrument/instrument_x64.c
View File

@ -174,13 +174,13 @@ void instrument_coverage_optimize_init(void) {
static void instrument_coverage_switch(GumStalkerObserver *self,
gpointer from_address,
gpointer start_address,
const cs_insn * from_insn,
gpointer * target) {
const cs_insn *from_insn,
gpointer *target) {
UNUSED_PARAMETER(self);
UNUSED_PARAMETER(from_address);
cs_x86 * x86;
cs_x86 *x86;
cs_x86_op *op;
if (from_insn == NULL) { return; }
@ -230,7 +230,7 @@ static void instrument_coverage_suppress_init(void) {
if (initialized) { return; }
initialized = true;
GumStalkerObserver * observer = stalker_get_observer();
GumStalkerObserver *observer = stalker_get_observer();
GumStalkerObserverInterface *iface = GUM_STALKER_OBSERVER_GET_IFACE(observer);
iface->switch_callback = instrument_coverage_switch;
@ -333,7 +333,7 @@ static void instrument_coverage_write(GumAddress address,
}
void instrument_coverage_optimize(const cs_insn * instr,
void instrument_coverage_optimize(const cs_insn *instr,
GumStalkerOutput *output) {
GumX86Writer *cw = output->writer.x86;
@ -364,7 +364,7 @@ void instrument_coverage_optimize(const cs_insn * instr,
}
void instrument_coverage_optimize_insn(const cs_insn * instr,
void instrument_coverage_optimize_insn(const cs_insn *instr,
GumStalkerOutput *output) {
GumX86Writer *cw = output->writer.x86;

8
frida_mode/src/instrument/instrument_x64_cache.c
View File

@ -105,11 +105,11 @@ static gboolean instrument_cache_relocate(GumAddress old_pc, GumAddress new_pc,
}
static void instrument_cache_rewrite_branch_insn(const cs_insn * instr,
static void instrument_cache_rewrite_branch_insn(const cs_insn *instr,
GumStalkerOutput *output) {
GumX86Writer *cw = output->writer.x86;
cs_x86 * x86 = &instr->detail->x86;
cs_x86 *x86 = &instr->detail->x86;
guint8 modified[sizeof(instr->bytes)] = {0};
guint8 offset = 0;
guint8 skip = 0;
@ -295,7 +295,7 @@ static void instrument_cache_write_lookup(GumX86Writer *cw) {
void instrument_cache_jmp_call(const cs_insn *instr, GumStalkerOutput *output) {
GumX86Writer *cw = output->writer.x86;
cs_x86 * x86 = &instr->detail->x86;
cs_x86 *x86 = &instr->detail->x86;
if (x86->op_count != 1) { FFATAL("Unexpected operand count"); }
@ -362,7 +362,7 @@ void instrument_cache_jmp_call(const cs_insn *instr, GumStalkerOutput *output) {
void instrument_cache_ret(const cs_insn *instr, GumStalkerOutput *output) {
GumX86Writer *cw = output->writer.x86;
cs_x86 * x86 = &instr->detail->x86;
cs_x86 *x86 = &instr->detail->x86;
guint16 n = 0;
if (x86->op_count != 0) {

12
frida_mode/src/instrument/instrument_x86.c
View File

@ -86,14 +86,14 @@ gboolean instrument_is_coverage_optimize_supported(void) {
static void instrument_coverage_switch(GumStalkerObserver *self,
gpointer from_address,
gpointer start_address,
const cs_insn * from_insn,
gpointer * target) {
const cs_insn *from_insn,
gpointer *target) {
UNUSED_PARAMETER(self);
UNUSED_PARAMETER(from_address);
UNUSED_PARAMETER(start_address);
cs_x86 * x86;
cs_x86 *x86;
cs_x86_op *op;
if (from_insn == NULL) { return; }
@ -136,7 +136,7 @@ static void instrument_coverage_suppress_init(void) {
if (initialized) { return; }
initialized = true;
GumStalkerObserver * observer = stalker_get_observer();
GumStalkerObserver *observer = stalker_get_observer();
GumStalkerObserverInterface *iface = GUM_STALKER_OBSERVER_GET_IFACE(observer);
iface->switch_callback = instrument_coverage_switch;
@ -149,7 +149,7 @@ static void instrument_coverage_suppress_init(void) {
}
void instrument_coverage_optimize(const cs_insn * instr,
void instrument_coverage_optimize(const cs_insn *instr,
GumStalkerOutput *output) {
afl_log_code code = {0};
@ -223,7 +223,7 @@ void instrument_coverage_optimize(const cs_insn * instr,
}
void instrument_coverage_optimize_insn(const cs_insn * instr,
void instrument_coverage_optimize_insn(const cs_insn *instr,
GumStalkerOutput *output) {
UNUSED_PARAMETER(instr);

18
frida_mode/src/js/js.c
View File

@ -7,16 +7,16 @@ gboolean js_done = FALSE;
js_api_stalker_callback_t js_user_callback = NULL;
js_main_hook_t js_main_hook = NULL;
static char * js_script = NULL;
static gchar * filename = "afl.js";
static gchar * contents;
static GumScriptBackend * backend;
static GCancellable * cancellable = NULL;
static GError * error = NULL;
static GumScript * script;
static char *js_script = NULL;
static gchar *filename = "afl.js";
static gchar *contents;
static GumScriptBackend *backend;
static GCancellable *cancellable = NULL;
static GError *error = NULL;
static GumScript *script;
static GumScriptScheduler *scheduler;
static GMainContext * context;
static GMainLoop * main_loop;
static GMainContext *context;
static GMainLoop *main_loop;
static void js_msg(GumScript *script, const gchar *message, GBytes *data,
gpointer user_data) {

4
frida_mode/src/lib/lib.c
View File

@ -69,8 +69,8 @@ static void lib_read_text_section(lib_details_t *lib_details, Elf_Ehdr *hdr) {
Elf_Addr preferred_base;
Elf_Shdr *shdr;
Elf_Shdr *shstrtab;
char * shstr;
char * section_name;
char *shstr;
char *section_name;
Elf_Shdr *curr;
char text_name[] = ".text";

2
frida_mode/src/lib/lib_apple.c
View File

@ -16,7 +16,7 @@ static gboolean lib_get_main_module(const GumModuleDetails *details,
gpointer user_data) {
GumDarwinModule **ret = (GumDarwinModule **)user_data;
GumDarwinModule * module = gum_darwin_module_new_from_memory(
GumDarwinModule *module = gum_darwin_module_new_from_memory(
details->path, mach_task_self(), details->range->base_address,
GUM_DARWIN_MODULE_FLAGS_NONE, NULL);

4
frida_mode/src/main.c
View File

@ -92,7 +92,7 @@ static void embedded_init(void) {
static void afl_print_cmdline(void) {
#if defined(__linux__)
char * buffer = g_malloc0(PROC_MAX);
char *buffer = g_malloc0(PROC_MAX);
gchar *fname = g_strdup_printf("/proc/%d/cmdline", getppid());
int fd = open(fname, O_RDONLY);
@ -144,7 +144,7 @@ static void afl_print_cmdline(void) {
static void afl_print_env(void) {
char * buffer = g_malloc0(PROC_MAX);
char *buffer = g_malloc0(PROC_MAX);
gchar *fname = g_strdup_printf("/proc/%d/environ", getppid());
int fd = open(fname, O_RDONLY);

6
frida_mode/src/module.c
View File

@ -31,7 +31,7 @@ typedef struct {
gboolean found_range(const GumRangeDetails *details, gpointer user_data) {
gum_range_t range = {0};
GArray * ranges = (GArray *)user_data;
GArray *ranges = (GArray *)user_data;
range.range = *details->range;
range.protection = details->protection;
@ -45,9 +45,9 @@ gboolean found_range(const GumRangeDetails *details, gpointer user_data) {
#if defined(__linux__) && !defined(__ANDROID__)
static int on_dlclose(void *handle) {
GArray * ranges = NULL;
GArray *ranges = NULL;
struct link_map *lm = NULL;
gum_range_t * range = NULL;
gum_range_t *range = NULL;
GumAddress base;
GumAddress limit;
gpointer mem;

19
frida_mode/src/persistent/persistent_arm64.c
View File

@ -24,7 +24,7 @@ gboolean persistent_is_supported(void) {
}
static void instrument_persitent_save_regs(GumArm64Writer * cw,
static void instrument_persitent_save_regs(GumArm64Writer *cw,
persistent_ctx_t *regs) {
GumAddress regs_address = GUM_ADDRESS(regs);
@ -106,11 +106,12 @@ static void instrument_persitent_save_regs(GumArm64Writer * cw,
/* Q */
for (int i = 0; i < 16; i++) {
gum_arm64_writer_put_stp_reg_reg_reg_offset(
cw, ARM64_REG_Q0 + (i*2), ARM64_REG_Q0 + (i*2) + 1, ARM64_REG_X0,
offsetof(GumCpuContext, v[i]), GUM_INDEX_SIGNED_OFFSET);
}
gum_arm64_writer_put_stp_reg_reg_reg_offset(
cw, ARM64_REG_Q0 + (i * 2), ARM64_REG_Q0 + (i * 2) + 1, ARM64_REG_X0,
offsetof(GumCpuContext, v[i]), GUM_INDEX_SIGNED_OFFSET);
}
/* x0 & x1 */
gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3,
@ -130,7 +131,7 @@ static void instrument_persitent_save_regs(GumArm64Writer * cw,
}
static void instrument_persitent_restore_regs(GumArm64Writer * cw,
static void instrument_persitent_restore_regs(GumArm64Writer *cw,
persistent_ctx_t *regs) {
GumAddress regs_address = GUM_ADDRESS(regs);
@ -197,9 +198,11 @@ static void instrument_persitent_restore_regs(GumArm64Writer * cw,
/* Q */
for (int i = 0; i < 16; i++) {
gum_arm64_writer_put_ldp_reg_reg_reg_offset(
cw, ARM64_REG_Q0 + (i*2), ARM64_REG_Q0 + (i*2) + 1, ARM64_REG_X0,
cw, ARM64_REG_Q0 + (i * 2), ARM64_REG_Q0 + (i * 2) + 1, ARM64_REG_X0,
offsetof(GumCpuContext, v[i]), GUM_INDEX_SIGNED_OFFSET);
}
/* x2 & x3 */
@ -246,7 +249,7 @@ static void instrument_afl_persistent_loop(GumArm64Writer *cw) {
}
static void persistent_prologue_hook(GumArm64Writer * cw,
static void persistent_prologue_hook(GumArm64Writer *cw,
persistent_ctx_t *regs) {
if (persistent_hook == NULL) return;

4
frida_mode/src/persistent/persistent_x64.c
View File

@ -25,7 +25,7 @@ gboolean persistent_is_supported(void) {
}
static void instrument_persitent_save_regs(GumX86Writer * cw,
static void instrument_persitent_save_regs(GumX86Writer *cw,
persistent_ctx_t *regs) {
GumAddress regs_address = GUM_ADDRESS(regs);
@ -101,7 +101,7 @@ static void instrument_persitent_save_regs(GumX86Writer * cw,
}
static void instrument_persitent_restore_regs(GumX86Writer * cw,
static void instrument_persitent_restore_regs(GumX86Writer *cw,
persistent_ctx_t *regs) {
GumAddress regs_address = GUM_ADDRESS(regs);

28
frida_mode/src/persistent/persistent_x86.c
View File

@ -9,6 +9,7 @@
#if defined(__i386__)
typedef struct {
GumCpuContext ctx;
uint32_t eflags;
@ -19,11 +20,14 @@ static persistent_ctx_t saved_regs = {0};
static gpointer saved_ret = NULL;
gboolean persistent_is_supported(void) {
return true;
}
static void instrument_persitent_save_regs(GumX86Writer * cw,
static void instrument_persitent_save_regs(GumX86Writer *cw,
persistent_ctx_t *regs) {
GumAddress regs_address = GUM_ADDRESS(regs);
/* Should be pushing FPU here, but meh */
@ -72,10 +76,12 @@ static void instrument_persitent_save_regs(GumX86Writer * cw,
/* Pop the saved values */
gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_X86_ESP, GUM_X86_ESP, 0x8);
}
static void instrument_persitent_restore_regs(GumX86Writer * cw,
static void instrument_persitent_restore_regs(GumX86Writer *cw,
persistent_ctx_t *regs) {
GumAddress regs_address = GUM_ADDRESS(regs);
gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, regs_address);
@ -109,32 +115,42 @@ static void instrument_persitent_restore_regs(GumX86Writer * cw,
gum_x86_writer_put_popfx(cw);
gum_x86_writer_put_pop_reg(cw, GUM_X86_EAX);
gum_x86_writer_put_pop_reg(cw, GUM_X86_EBX);
}
static void instrument_exit(GumX86Writer *cw) {
gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, GUM_ADDRESS(_exit));
gum_x86_writer_put_mov_reg_u32(cw, GUM_X86_EDI, 0);
gum_x86_writer_put_push_reg(cw, GUM_X86_EDI);
gum_x86_writer_put_call_reg(cw, GUM_X86_EAX);
}
static int instrument_afl_persistent_loop_func(void) {
int ret = __afl_persistent_loop(persistent_count);
if (instrument_previous_pc_addr == NULL) {
FATAL("instrument_previous_pc_addr uninitialized");
}
*instrument_previous_pc_addr = instrument_hash_zero;
return ret;
}
static void instrument_afl_persistent_loop(GumX86Writer *cw) {
gum_x86_writer_put_call_address_with_arguments(
cw, GUM_CALL_CAPI, GUM_ADDRESS(instrument_afl_persistent_loop_func), 0);
gum_x86_writer_put_test_reg_reg(cw, GUM_X86_EAX, GUM_X86_EAX);
}
static void persistent_prologue_hook(GumX86Writer *cw, persistent_ctx_t *regs) {
if (persistent_hook == NULL) return;
gum_x86_writer_put_mov_reg_address(cw, GUM_X86_ECX,
@ -151,9 +167,11 @@ static void persistent_prologue_hook(GumX86Writer *cw, persistent_ctx_t *regs) {
cw, GUM_CALL_CAPI, GUM_ADDRESS(persistent_hook), 3, GUM_ARG_ADDRESS,
GUM_ADDRESS(&regs->ctx), GUM_ARG_REGISTER, GUM_X86_EDX, GUM_ARG_REGISTER,
GUM_X86_ECX);
}
static void instrument_persitent_save_ret(GumX86Writer *cw) {
/* Stack usage by this function */
gssize offset = (3 * 4);
@ -169,9 +187,11 @@ static void instrument_persitent_save_ret(GumX86Writer *cw) {
gum_x86_writer_put_pop_reg(cw, GUM_X86_EBX);
gum_x86_writer_put_pop_reg(cw, GUM_X86_EAX);
gum_x86_writer_put_popfx(cw);
}
void persistent_prologue_arch(GumStalkerOutput *output) {
/*
* SAVE REGS
* SAVE RET
@ -234,15 +254,19 @@ void persistent_prologue_arch(GumStalkerOutput *output) {
instrument_persitent_save_ret(cw);
if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); }
}
void persistent_epilogue_arch(GumStalkerOutput *output) {
GumX86Writer *cw = output->writer.x86;
if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); }
gum_x86_writer_put_mov_reg_address(cw, GUM_X86_EAX, GUM_ADDRESS(&saved_ret));
gum_x86_writer_put_jmp_reg_ptr(cw, GUM_X86_EAX);
}
#endif

6
frida_mode/src/prefetch.c
View File

@ -19,7 +19,7 @@
typedef struct {
size_t count;
void * entry[PREFETCH_ENTRIES];
void *entry[PREFETCH_ENTRIES];
guint8 backpatch_data[BP_SIZE];
gsize backpatch_size;
@ -173,7 +173,7 @@ static void prefetch_read_blocks(void) {
static void prefetch_read_patches(void) {
gsize offset = 0;
GumStalker * stalker = stalker_get();
GumStalker *stalker = stalker_get();
GumBackpatch *backpatch = NULL;
for (gsize remaining = prefetch_data->backpatch_size - offset;
@ -319,7 +319,7 @@ void prefetch_init(void) {
if (!prefetch_backpatch) { return; }
GumStalkerObserver * observer = stalker_get_observer();
GumStalkerObserver *observer = stalker_get_observer();
GumStalkerObserverInterface *iface = GUM_STALKER_OBSERVER_GET_IFACE(observer);
iface->notify_backpatch = gum_afl_stalker_backpatcher_notify;

32
frida_mode/src/ranges.c
View File

@ -9,7 +9,7 @@
typedef struct {
gchar * suffix;
gchar *suffix;
GumMemoryRange *range;
gboolean done;
@ -135,7 +135,7 @@ static gboolean convert_name_token_for_module(const GumModuleDetails *details,
static void convert_name_token(gchar *token, GumMemoryRange *range) {
gchar * suffix = g_strconcat("/", token, NULL);
gchar *suffix = g_strconcat("/", token, NULL);
convert_name_ctx_t ctx = {.suffix = suffix, .range = range, .done = false};
gum_process_enumerate_modules(convert_name_token_for_module, &ctx);
@ -235,7 +235,7 @@ static void print_ranges(char *key, GArray *ranges) {
static gboolean collect_module_ranges_callback(const GumRangeDetails *details,
gpointer user_data) {
GArray * ranges = (GArray *)user_data;
GArray *ranges = (GArray *)user_data;
GumMemoryRange range = *details->range;
g_array_append_val(ranges, range);
return TRUE;
@ -292,12 +292,12 @@ void ranges_add_exclude(GumMemoryRange *range) {
static GArray *collect_ranges(char *env_key) {
char * env_val;
gchar ** tokens;
char *env_val;
gchar **tokens;
int token_count;
GumMemoryRange range;
int i;
GArray * result;
GArray *result;
result = g_array_new(false, false, sizeof(GumMemoryRange));
@ -330,7 +330,7 @@ static GArray *collect_ranges(char *env_key) {
static GArray *collect_libs_ranges(void) {
GArray * result;
GArray *result;
GumMemoryRange range;
result = g_array_new(false, false, sizeof(GumMemoryRange));
@ -422,7 +422,7 @@ static gboolean intersect_range(GumMemoryRange *rr, GumMemoryRange *ra,
static GArray *intersect_ranges(GArray *a, GArray *b) {
GArray * result;
GArray *result;
GumMemoryRange *ra;
GumMemoryRange *rb;
GumMemoryRange ri;
@ -452,7 +452,7 @@ static GArray *intersect_ranges(GArray *a, GArray *b) {
static GArray *subtract_ranges(GArray *a, GArray *b) {
GArray * result;
GArray *result;
GumMemoryRange *ra;
GumAddress ral;
GumMemoryRange *rb;
@ -528,7 +528,7 @@ static GArray *subtract_ranges(GArray *a, GArray *b) {
static GArray *merge_ranges(GArray *a) {
GArray * result;
GArray *result;
GumMemoryRange rp;
GumMemoryRange *r;
@ -585,11 +585,11 @@ void ranges_config(void) {
void ranges_init(void) {
GumMemoryRange ri;
GArray * step1;
GArray * step2;
GArray * step3;
GArray * step4;
GArray * step5;
GArray *step1;
GArray *step2;
GArray *step3;
GArray *step4;
GArray *step5;
FOKF(cBLU "Ranges" cRST " - " cGRN "instrument jit:" cYEL " [%c]",
ranges_inst_jit ? 'X' : ' ');
@ -669,7 +669,7 @@ gboolean range_is_excluded(GumAddress address) {
void ranges_exclude() {
GumMemoryRange *r;
GumStalker * stalker = stalker_get();
GumStalker *stalker = stalker_get();
FVERBOSE("Excluding ranges");

6
frida_mode/src/seccomp/seccomp_callback.c
View File

@ -8,9 +8,9 @@
#include "seccomp.h"
#include "util.h"
static void seccomp_callback_filter(struct seccomp_notif * req,
static void seccomp_callback_filter(struct seccomp_notif *req,
struct seccomp_notif_resp *resp,
GumReturnAddressArray * frames) {
GumReturnAddressArray *frames) {
GumDebugSymbolDetails details = {0};
if (req->data.nr == SYS_OPENAT) {
@ -54,7 +54,7 @@ static void seccomp_callback_filter(struct seccomp_notif * req,
free(syms);
#else
void **syms = (void **)__builtin_frame_address(0);
void * framep = __builtin_frame_address(1);
void *framep = __builtin_frame_address(1);
int i = 0;
syms = framep;

2
frida_mode/src/seccomp/seccomp_child.c
View File

@ -21,7 +21,7 @@ typedef struct {
seccomp_child_func_t func;
int event_fd;
void * ctx;
void *ctx;
} seccomp_child_func_ctx_t;

4
frida_mode/src/seccomp/seccomp_filter.c
View File

@ -129,7 +129,7 @@ static volatile bool seccomp_filter_child_done = false;
static pid_t seccomp_filter_child = -1;
static GumCpuContext seccomp_filter_cpu_context = {0};
static GumReturnAddressArray seccomp_filter_frames = {.len = 0, .items = {0}};
static GumBacktracer * seccomp_filter_backtracer = NULL;
static GumBacktracer *seccomp_filter_backtracer = NULL;
static void seccomp_filter_child_handler(int sig, siginfo_t *info,
void *ucontext) {
@ -209,7 +209,7 @@ int seccomp_filter_install(pid_t child) {
void seccomp_filter_run(int fd, seccomp_filter_callback_t callback) {
struct seccomp_notif * req = NULL;
struct seccomp_notif *req = NULL;
struct seccomp_notif_resp *resp = NULL;
struct seccomp_notif_sizes sizes;

2
frida_mode/src/stalker.c
View File

@ -74,7 +74,7 @@ static gboolean stalker_exclude_self(const GumRangeDetails *details,
gpointer user_data) {
UNUSED_PARAMETER(user_data);
gchar * name;
gchar *name;
gboolean found;
GumStalker *stalker;
if (details->file == NULL) { return TRUE; }

6
frida_mode/src/stats/stats.c
View File

@ -16,7 +16,7 @@
#define MICRO_TO_SEC 1000000
char * stats_filename = NULL;
char *stats_filename = NULL;
guint64 stats_interval = 0;
static guint64 stats_interval_us = 0;
static int stats_fd = -1;
@ -41,8 +41,8 @@ void stats_write(void) {
stats_data->curr.stats_time = current_time;
GDateTime *date_time = g_date_time_new_now_local();
char * date_string = g_date_time_format(date_time, "%Y-%m-%d");
char * time_string = g_date_time_format(date_time, "%H:%M:%S");
char *date_string = g_date_time_format(date_time, "%Y-%m-%d");
char *time_string = g_date_time_format(date_time, "%H:%M:%S");
guint elapsed = (stats_data->curr.stats_time - stats_data->prev.stats_time) /
MICRO_TO_SEC;

4
frida_mode/src/stats/stats_x86_64.c
View File

@ -248,7 +248,7 @@ void stats_write_arch(stats_data_t *data) {
static x86_op_type stats_get_operand_type(const cs_insn *instr) {
cs_x86 * x86 = &instr->detail->x86;
cs_x86 *x86 = &instr->detail->x86;
cs_x86_op *operand;
if (x86->op_count != 1) {
@ -266,7 +266,7 @@ static x86_op_type stats_get_operand_type(const cs_insn *instr) {
static void stats_collect_call_imm_excluded_arch(const cs_insn *instr) {
cs_x86 * x86 = &instr->detail->x86;
cs_x86 *x86 = &instr->detail->x86;
cs_x86_op *operand = &x86->operands[0];
if (range_is_excluded(GUM_ADDRESS(operand->imm))) {

46
include/afl-fuzz.h
View File

@ -188,7 +188,7 @@ struct queue_entry {
u8 *testcase_buf; /* The testcase buffer, if loaded. */
u8 * cmplog_colorinput; /* the result buf of colorization */
u8 *cmplog_colorinput; /* the result buf of colorization */
struct tainted *taint; /* Taint information from CmpLog */
struct queue_entry *mother; /* queue entry this based on */
@ -341,18 +341,18 @@ typedef struct py_mutator {
PyObject *py_module;
PyObject *py_functions[PY_FUNC_COUNT];
void * afl_state;
void * py_data;
void *afl_state;
void *py_data;
u8 * fuzz_buf;
u8 *fuzz_buf;
size_t fuzz_size;
Py_buffer post_process_buf;
u8 * trim_buf;
u8 *trim_buf;
size_t trim_size;
u8 * havoc_buf;
u8 *havoc_buf;
size_t havoc_size;
} py_mutator_t;
@ -361,13 +361,13 @@ typedef struct py_mutator {
typedef struct MOpt_globals {
u64 * finds;
u64 * finds_v2;
u64 * cycles;
u64 * cycles_v2;
u64 * cycles_v3;
u64 *finds;
u64 *finds_v2;
u64 *cycles;
u64 *cycles_v2;
u64 *cycles_v3;
u32 is_pilot_mode;
u64 * pTime;
u64 *pTime;
u64 period;
char *havoc_stagename;
char *splice_stageformat;
@ -406,7 +406,7 @@ struct afl_pass_stat {
struct foreign_sync {
u8 * dir;
u8 *dir;
time_t mtime;
};
@ -418,7 +418,7 @@ typedef struct afl_state {
afl_forkserver_t fsrv;
sharedmem_t shm;
sharedmem_t * shm_fuzz;
sharedmem_t *shm_fuzz;
afl_env_vars_t afl_env;
char **argv; /* argv if needed */
@ -529,7 +529,7 @@ typedef struct afl_state {
*virgin_crash; /* Bits we haven't seen in crashes */
double *alias_probability; /* alias weighted probabilities */
u32 * alias_table; /* alias weighted random lookup table */
u32 *alias_table; /* alias weighted random lookup table */
u32 active_items; /* enabled entries in the queue */
u8 *var_bytes; /* Bytes that appear to be variable */
@ -643,7 +643,7 @@ typedef struct afl_state {
/* CmpLog */
char * cmplog_binary;
char *cmplog_binary;
afl_forkserver_t cmplog_fsrv; /* cmplog has its own little forkserver */
/* Custom mutators */
@ -658,7 +658,7 @@ typedef struct afl_state {
u8 cmplog_enable_arith, cmplog_enable_transform;
struct afl_pass_stat *pass_stats;
struct cmp_map * orig_cmp_map;
struct cmp_map *orig_cmp_map;
u8 describe_op_buf_256[256]; /* describe_op will use this to return a string
up to 256 */
@ -690,9 +690,9 @@ typedef struct afl_state {
u64 statsd_last_send_ms;
struct sockaddr_in statsd_server;
int statsd_sock;
char * statsd_tags_flavor;
char * statsd_tags_format;
char * statsd_metric_format;
char *statsd_tags_flavor;
char *statsd_tags_format;
char *statsd_metric_format;
int statsd_metric_format_type;
double stats_avg_exec;
@ -770,9 +770,9 @@ typedef struct afl_state {
struct custom_mutator {
const char *name;
char * name_short;
void * dh;
u8 * post_process_buf;
char *name_short;
void *dh;
u8 *post_process_buf;
u8 stacked_custom_prob, stacked_custom;
void *data; /* custom mutator data ptr */

2
include/common.h
View File

@ -49,7 +49,7 @@ void argv_cpy_free(char **argv);
char **get_cs_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv);
char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv);
char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv);
char * get_afl_env(char *env);
char *get_afl_env(char *env);
/* Extract env vars from input string and set them using setenv()
For use with AFL_TARGET_ENV, ... */

2
include/debug.h
View File

@ -192,7 +192,7 @@ static inline const char *colorfilter(const char *x) {
if (likely(disabled)) return x;
static char monochromestring[4096];
char * d = monochromestring;
char *d = monochromestring;
int in_seq = 0;
while (*x) {

8
include/forkserver.h
View File

@ -150,7 +150,7 @@ typedef struct afl_forkserver {
#ifdef AFL_PERSISTENT_RECORD
u32 persistent_record_idx; /* persistent replay cache ptr */
u32 persistent_record_cnt; /* persistent replay counter */
u8 * persistent_record_dir;
u8 *persistent_record_dir;
u8 **persistent_record_data;
u32 *persistent_record_len;
s32 persistent_record_pid;
@ -168,14 +168,14 @@ typedef struct afl_forkserver {
#ifdef __linux__
nyx_plugin_handler_t *nyx_handlers;
char * out_dir_path; /* path to the output directory */
char *out_dir_path; /* path to the output directory */
u8 nyx_mode; /* if running in nyx mode or not */
bool nyx_parent; /* create initial snapshot */
bool nyx_standalone; /* don't serialize the snapshot */
void * nyx_runner; /* nyx runner object */
void *nyx_runner; /* nyx runner object */
u32 nyx_id; /* nyx runner id (0 -> master) */
u32 nyx_bind_cpu_id; /* nyx runner cpu id */
char * nyx_aux_string;
char *nyx_aux_string;
#endif
} afl_forkserver_t;

4
include/list.h
View File

@ -43,7 +43,7 @@ typedef struct list_element {
struct list_element *prev;
struct list_element *next;
void * data;
void *data;
} element_t;
@ -102,7 +102,7 @@ static inline void list_append(list_t *list, void *el) {
#define LIST_FOREACH(list, type, block) \
do { \
\
list_t * li = (list); \
list_t *li = (list); \
element_t *head = get_head((li)); \
element_t *el_box = (head)->next; \
if (!el_box) FATAL("foreach over uninitialized list"); \

2
include/sharedmem.h
View File

@ -56,7 +56,7 @@ typedef struct sharedmem {
} sharedmem_t;
u8 * afl_shm_init(sharedmem_t *, size_t, unsigned char non_instrumented_mode);
u8 *afl_shm_init(sharedmem_t *, size_t, unsigned char non_instrumented_mode);
void afl_shm_deinit(sharedmem_t *);
#endif

46
include/xxhash.h
View File

@ -510,7 +510,7 @@ XXH_PUBLIC_API XXH_errorcode XXH32_freeState(XXH32_state_t *statePtr);
* @pre
* @p dst_state and @p src_state must not be `NULL` and must not overlap.
*/
XXH_PUBLIC_API void XXH32_copyState(XXH32_state_t * dst_state,
XXH_PUBLIC_API void XXH32_copyState(XXH32_state_t *dst_state,
const XXH32_state_t *src_state);
/*!
@ -745,7 +745,7 @@ XXH_PUBLIC_API XXH64_hash_t XXH64(const void *input, size_t length,
typedef struct XXH64_state_s XXH64_state_t; /* incomplete type */
XXH_PUBLIC_API XXH64_state_t *XXH64_createState(void);
XXH_PUBLIC_API XXH_errorcode XXH64_freeState(XXH64_state_t *statePtr);
XXH_PUBLIC_API void XXH64_copyState(XXH64_state_t * dst_state,
XXH_PUBLIC_API void XXH64_copyState(XXH64_state_t *dst_state,
const XXH64_state_t *src_state);
XXH_PUBLIC_API XXH_errorcode XXH64_reset(XXH64_state_t *statePtr,
@ -873,7 +873,7 @@ XXH_PUBLIC_API XXH64_hash_t XXH3_64bits_withSecret(const void *data, size_t len,
typedef struct XXH3_state_s XXH3_state_t;
XXH_PUBLIC_API XXH3_state_t *XXH3_createState(void);
XXH_PUBLIC_API XXH_errorcode XXH3_freeState(XXH3_state_t *statePtr);
XXH_PUBLIC_API void XXH3_copyState(XXH3_state_t * dst_state,
XXH_PUBLIC_API void XXH3_copyState(XXH3_state_t *dst_state,
const XXH3_state_t *src_state);
/*
@ -902,7 +902,7 @@ XXH_PUBLIC_API XXH_errorcode XXH3_64bits_reset_withSecret(
XXH3_state_t *statePtr, const void *secret, size_t secretSize);
XXH_PUBLIC_API XXH_errorcode XXH3_64bits_update(XXH3_state_t *statePtr,
const void * input,
const void *input,
size_t length);
XXH_PUBLIC_API XXH64_hash_t XXH3_64bits_digest(const XXH3_state_t *statePtr);
@ -955,7 +955,7 @@ XXH_PUBLIC_API XXH_errorcode XXH3_128bits_reset_withSecret(
XXH3_state_t *statePtr, const void *secret, size_t secretSize);
XXH_PUBLIC_API XXH_errorcode XXH3_128bits_update(XXH3_state_t *statePtr,
const void * input,
const void *input,
size_t length);
XXH_PUBLIC_API XXH128_hash_t XXH3_128bits_digest(const XXH3_state_t *statePtr);
@ -1229,7 +1229,7 @@ struct XXH3_state_s {
* `secretBuffer`. When customSeedSize > 0, supplying NULL as customSeed is
* undefined behavior.
*/
XXH_PUBLIC_API void XXH3_generateSecret(void * secretBuffer,
XXH_PUBLIC_API void XXH3_generateSecret(void *secretBuffer,
const void *customSeed,
size_t customSeedSize);
@ -1951,7 +1951,7 @@ static xxh_u32 XXH_readBE32(const void *ptr) {
#endif
XXH_FORCE_INLINE xxh_u32 XXH_readLE32_align(const void * ptr,
XXH_FORCE_INLINE xxh_u32 XXH_readLE32_align(const void *ptr,
XXH_alignment align) {
if (align == XXH_unaligned) {
@ -2317,7 +2317,7 @@ XXH_PUBLIC_API XXH_errorcode XXH32_freeState(XXH32_state_t *statePtr) {
}
/*! @ingroup xxh32_family */
XXH_PUBLIC_API void XXH32_copyState(XXH32_state_t * dstState,
XXH_PUBLIC_API void XXH32_copyState(XXH32_state_t *dstState,
const XXH32_state_t *srcState) {
memcpy(dstState, srcState, sizeof(*dstState));
@ -2355,7 +2355,7 @@ XXH_PUBLIC_API XXH_errorcode XXH32_update(XXH32_state_t *state,
{
const xxh_u8 * p = (const xxh_u8 *)input;
const xxh_u8 *p = (const xxh_u8 *)input;
const xxh_u8 *const bEnd = p + len;
state->total_len_32 += (XXH32_hash_t)len;
@ -2625,7 +2625,7 @@ static xxh_u64 XXH_readBE64(const void *ptr) {
#endif
XXH_FORCE_INLINE xxh_u64 XXH_readLE64_align(const void * ptr,
XXH_FORCE_INLINE xxh_u64 XXH_readLE64_align(const void *ptr,
XXH_alignment align) {
if (align == XXH_unaligned)
@ -2852,7 +2852,7 @@ XXH_PUBLIC_API XXH_errorcode XXH64_freeState(XXH64_state_t *statePtr) {
}
/*! @ingroup xxh64_family */
XXH_PUBLIC_API void XXH64_copyState(XXH64_state_t * dstState,
XXH_PUBLIC_API void XXH64_copyState(XXH64_state_t *dstState,
const XXH64_state_t *srcState) {
memcpy(dstState, srcState, sizeof(*dstState));
@ -2890,7 +2890,7 @@ XXH_PUBLIC_API XXH_errorcode XXH64_update(XXH64_state_t *state,
{
const xxh_u8 * p = (const xxh_u8 *)input;
const xxh_u8 *p = (const xxh_u8 *)input;
const xxh_u8 *const bEnd = p + len;
state->total_len += len;
@ -4268,7 +4268,7 @@ XXH_FORCE_INLINE XXH_TARGET_AVX512 void XXH3_initCustomSecret_avx512(
union {
const __m512i *cp;
void * p;
void *p;
} remote_const_void;
@ -4385,7 +4385,7 @@ XXH_FORCE_INLINE XXH_TARGET_AVX2 void XXH3_initCustomSecret_avx2(
(xxh_i64)(0U - seed64), (xxh_i64)seed64);
const __m256i *const src = (const __m256i *)((const void *)XXH3_kSecret);
__m256i * dest = (__m256i *)customSecret;
__m256i *dest = (__m256i *)customSecret;
#if defined(__GNUC__) || defined(__clang__)
/*
@ -4519,7 +4519,7 @@ XXH_FORCE_INLINE XXH_TARGET_SSE2 void XXH3_initCustomSecret_sse2(
int i;
const void *const src16 = XXH3_kSecret;
__m128i * dst16 = (__m128i *)customSecret;
__m128i *dst16 = (__m128i *)customSecret;
#if defined(__GNUC__) || defined(__clang__)
/*
* On GCC & Clang, marking 'dest' as modified will cause the compiler:
@ -4594,7 +4594,7 @@ XXH_FORCE_INLINE void XXH3_scrambleAcc_neon(void *XXH_RESTRICT acc,
{
uint64x2_t * xacc = (uint64x2_t *)acc;
uint64x2_t *xacc = (uint64x2_t *)acc;
uint8_t const *xsecret = (uint8_t const *)secret;
uint32x2_t prime = vdup_n_u32(XXH_PRIME32_1);
@ -5106,7 +5106,7 @@ XXH_FORCE_INLINE XXH64_hash_t XXH3_hashLong_64b_withSeed_internal(
/*
* It's important for performance that XXH3_hashLong is not inlined.
*/
XXH_NO_INLINE XXH64_hash_t XXH3_hashLong_64b_withSeed(const void * input,
XXH_NO_INLINE XXH64_hash_t XXH3_hashLong_64b_withSeed(const void *input,
size_t len,
XXH64_hash_t seed,
const xxh_u8 *secret,
@ -5277,7 +5277,7 @@ XXH_PUBLIC_API XXH_errorcode XXH3_freeState(XXH3_state_t *statePtr) {
}
/*! @ingroup xxh3_family */
XXH_PUBLIC_API void XXH3_copyState(XXH3_state_t * dst_state,
XXH_PUBLIC_API void XXH3_copyState(XXH3_state_t *dst_state,
const XXH3_state_t *src_state) {
memcpy(dst_state, src_state, sizeof(*dst_state));
@ -5482,8 +5482,8 @@ XXH_PUBLIC_API XXH_errorcode XXH3_64bits_update(XXH3_state_t *state,
}
XXH_FORCE_INLINE void XXH3_digest_long(XXH64_hash_t * acc,
const XXH3_state_t * state,
XXH_FORCE_INLINE void XXH3_digest_long(XXH64_hash_t *acc,
const XXH3_state_t *state,
const unsigned char *secret) {
/*
@ -5545,7 +5545,7 @@ XXH_PUBLIC_API XXH64_hash_t XXH3_64bits_digest(const XXH3_state_t *state) {
#define XXH_MIN(x, y) (((x) > (y)) ? (y) : (x))
/*! @ingroup xxh3_family */
XXH_PUBLIC_API void XXH3_generateSecret(void * secretBuffer,
XXH_PUBLIC_API void XXH3_generateSecret(void *secretBuffer,
const void *customSeed,
size_t customSeedSize) {
@ -6081,7 +6081,7 @@ XXH_PUBLIC_API XXH128_hash_t XXH3_128bits_withSecret(const void *input,
}
/*! @ingroup xxh3_family */
XXH_PUBLIC_API XXH128_hash_t XXH3_128bits_withSeed(const void * input,
XXH_PUBLIC_API XXH128_hash_t XXH3_128bits_withSeed(const void *input,
size_t len,
XXH64_hash_t seed) {
@ -6142,7 +6142,7 @@ XXH_PUBLIC_API XXH_errorcode XXH3_128bits_reset_withSeed(XXH3_state_t *statePtr,
/*! @ingroup xxh3_family */
XXH_PUBLIC_API XXH_errorcode XXH3_128bits_update(XXH3_state_t *state,
const void * input,
const void *input,
size_t len) {
return XXH3_update(state, (const xxh_u8 *)input, len, XXH3_accumulate_512,

66
instrumentation/SanitizerCoverageLTO.so.cc
View File

@ -182,7 +182,7 @@ class ModuleSanitizerCoverageLTO
private:
void instrumentFunction(Function &F, DomTreeCallback DTCallback,
PostDomTreeCallback PDTCallback);
void InjectCoverageForIndirectCalls(Function & F,
void InjectCoverageForIndirectCalls(Function &F,
ArrayRef<Instruction *> IndirCalls);
bool InjectCoverage(Function &F, ArrayRef<BasicBlock *> AllBlocks,
bool IsLeafFunc = true);
@ -211,10 +211,10 @@ class ModuleSanitizerCoverageLTO
FunctionCallee SanCovTracePC /*, SanCovTracePCGuard*/;
Type *IntptrTy, *IntptrPtrTy, *Int64Ty, *Int64PtrTy, *Int32Ty, *Int32PtrTy,
*Int16Ty, *Int8Ty, *Int8PtrTy, *Int1Ty, *Int1PtrTy;
Module * CurModule;
Module *CurModule;
std::string CurModuleUniqueId;
Triple TargetTriple;
LLVMContext * C;
LLVMContext *C;
const DataLayout *DL;
GlobalVariable *FunctionGuardArray; // for trace-pc-guard.
@ -235,20 +235,20 @@ class ModuleSanitizerCoverageLTO
uint32_t unhandled = 0;
uint32_t select_cnt = 0;
uint64_t map_addr = 0;
const char * skip_nozero = NULL;
const char * use_threadsafe_counters = nullptr;
const char *skip_nozero = NULL;
const char *use_threadsafe_counters = nullptr;
std::vector<BasicBlock *> BlockList;
DenseMap<Value *, std::string *> valueMap;
std::vector<std::string> dictionary;
IntegerType * Int8Tyi = NULL;
IntegerType * Int32Tyi = NULL;
IntegerType * Int64Tyi = NULL;
ConstantInt * Zero = NULL;
ConstantInt * One = NULL;
LLVMContext * Ct = NULL;
Module * Mo = NULL;
GlobalVariable * AFLMapPtr = NULL;
Value * MapPtrFixed = NULL;
IntegerType *Int8Tyi = NULL;
IntegerType *Int32Tyi = NULL;
IntegerType *Int64Tyi = NULL;
ConstantInt *Zero = NULL;
ConstantInt *One = NULL;
LLVMContext *Ct = NULL;
Module *Mo = NULL;
GlobalVariable *AFLMapPtr = NULL;
Value *MapPtrFixed = NULL;
std::ofstream dFile;
size_t found = 0;
// afl++ END
@ -330,12 +330,12 @@ llvmGetPassPluginInfo() {
}
PreservedAnalyses ModuleSanitizerCoverageLTO::run(Module & M,
PreservedAnalyses ModuleSanitizerCoverageLTO::run(Module &M,
ModuleAnalysisManager &MAM) {
ModuleSanitizerCoverageLTO ModuleSancov(Options);
auto &FAM = MAM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager();
auto DTCallback = [&FAM](Function &F) -> const DominatorTree * {
auto DTCallback = [&FAM](Function &F) -> const DominatorTree *{
return &FAM.getResult<DominatorTreeAnalysis>(F);
@ -380,7 +380,7 @@ bool ModuleSanitizerCoverageLTO::instrumentModule(
FunctionPCsArray = nullptr;
IntptrTy = Type::getIntNTy(*C, DL->getPointerSizeInBits());
IntptrPtrTy = PointerType::getUnqual(IntptrTy);
Type * VoidTy = Type::getVoidTy(*C);
Type *VoidTy = Type::getVoidTy(*C);
IRBuilder<> IRB(*C);
Int64PtrTy = PointerType::getUnqual(IRB.getInt64Ty());
Int32PtrTy = PointerType::getUnqual(IRB.getInt32Ty());
@ -393,7 +393,7 @@ bool ModuleSanitizerCoverageLTO::instrumentModule(
Int1Ty = IRB.getInt1Ty();
/* afl++ START */
char * ptr;
char *ptr;
LLVMContext &Ctx = M.getContext();
Ct = &Ctx;
Int8Tyi = IntegerType::getInt8Ty(Ctx);
@ -499,11 +499,11 @@ bool ModuleSanitizerCoverageLTO::instrumentModule(
for (auto &IN : BB) {
CallInst *callInst = nullptr;
CmpInst * cmpInst = nullptr;
CmpInst *cmpInst = nullptr;
if ((cmpInst = dyn_cast<CmpInst>(&IN))) {
Value * op = cmpInst->getOperand(1);
Value *op = cmpInst->getOperand(1);
ConstantInt *ilen = dyn_cast<ConstantInt>(op);
if (ilen && ilen->uge(0xffffffffffffffff) == false) {
@ -759,7 +759,7 @@ bool ModuleSanitizerCoverageLTO::instrumentModule(
if (HasStr2 == true) {
Value * op2 = callInst->getArgOperand(2);
Value *op2 = callInst->getArgOperand(2);
ConstantInt *ilen = dyn_cast<ConstantInt>(op2);
if (ilen) {
@ -866,7 +866,7 @@ bool ModuleSanitizerCoverageLTO::instrumentModule(
if (isMemcmp || isStrncmp || isStrncasecmp) {
Value * op2 = callInst->getArgOperand(2);
Value *op2 = callInst->getArgOperand(2);
ConstantInt *ilen = dyn_cast<ConstantInt>(op2);
if (ilen) {
@ -1017,7 +1017,7 @@ bool ModuleSanitizerCoverageLTO::instrumentModule(
GlobalVariable *AFLMapAddrFixed = new GlobalVariable(
M, Int64Tyi, true, GlobalValue::ExternalLinkage, 0, "__afl_map_addr");
ConstantInt *MapAddr = ConstantInt::get(Int64Tyi, map_addr);
StoreInst * StoreMapAddr = IRB.CreateStore(MapAddr, AFLMapAddrFixed);
StoreInst *StoreMapAddr = IRB.CreateStore(MapAddr, AFLMapAddrFixed);
ModuleSanitizerCoverageLTO::SetNoSanitizeMetadata(StoreMapAddr);
}
@ -1032,7 +1032,7 @@ bool ModuleSanitizerCoverageLTO::instrumentModule(
new GlobalVariable(M, Int32Tyi, true, GlobalValue::ExternalLinkage, 0,
"__afl_final_loc");
ConstantInt *const_loc = ConstantInt::get(Int32Tyi, write_loc);
StoreInst * StoreFinalLoc = IRB.CreateStore(const_loc, AFLFinalLoc);
StoreInst *StoreFinalLoc = IRB.CreateStore(const_loc, AFLFinalLoc);
ModuleSanitizerCoverageLTO::SetNoSanitizeMetadata(StoreFinalLoc);
}
@ -1159,7 +1159,7 @@ static bool isFullDominator(const BasicBlock *BB, const DominatorTree *DT) {
}
// True if block has predecessors and it postdominates all of them.
static bool isFullPostDominator(const BasicBlock * BB,
static bool isFullPostDominator(const BasicBlock *BB,
const PostDominatorTree *PDT) {
if (pred_begin(BB) == pred_end(BB)) return false;
@ -1175,8 +1175,8 @@ static bool isFullPostDominator(const BasicBlock * BB,
}
static bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB,
const DominatorTree * DT,
const PostDominatorTree * PDT,
const DominatorTree *DT,
const PostDominatorTree *PDT,
const SanitizerCoverageOptions &Options) {
// Don't insert coverage for blocks containing nothing but unreachable: we
@ -1246,7 +1246,7 @@ void ModuleSanitizerCoverageLTO::instrumentFunction(
SmallVector<Instruction *, 8> IndirCalls;
SmallVector<BasicBlock *, 16> BlocksToInstrument;
const DominatorTree * DT = DTCallback(F);
const DominatorTree *DT = DTCallback(F);
const PostDominatorTree *PDT = PDTCallback(F);
bool IsLeafFunc = true;
uint32_t skip_next = 0;
@ -1294,8 +1294,8 @@ void ModuleSanitizerCoverageLTO::instrumentFunction(
if (!skip_next && (selectInst = dyn_cast<SelectInst>(&IN))) {
uint32_t vector_cnt = 0;
Value * condition = selectInst->getCondition();
Value * result;
Value *condition = selectInst->getCondition();
Value *result;
auto t = condition->getType();
IRBuilder<> IRB(selectInst->getNextNode());
@ -1584,8 +1584,8 @@ void ModuleSanitizerCoverageLTO::InjectCoverageForIndirectCalls(
for (auto I : IndirCalls) {
IRBuilder<> IRB(I);
CallBase & CB = cast<CallBase>(*I);
Value * Callee = CB.getCalledOperand();
CallBase &CB = cast<CallBase>(*I);
Value *Callee = CB.getCalledOperand();
if (isa<InlineAsm>(Callee)) continue;
IRB.CreateCall(SanCovTracePCIndir, IRB.CreatePointerCast(Callee, IntptrTy));
@ -1593,7 +1593,7 @@ void ModuleSanitizerCoverageLTO::InjectCoverageForIndirectCalls(
}
void ModuleSanitizerCoverageLTO::InjectCoverageAtBlock(Function & F,
void ModuleSanitizerCoverageLTO::InjectCoverageAtBlock(Function &F,
BasicBlock &BB,
size_t Idx,
bool IsLeafFunc) {

50
instrumentation/SanitizerCoveragePCGUARD.so.cc
View File

@ -142,14 +142,14 @@ class ModuleSanitizerCoverageAFL
private:
void instrumentFunction(Function &F, DomTreeCallback DTCallback,
PostDomTreeCallback PDTCallback);
void InjectCoverageForIndirectCalls(Function & F,
void InjectCoverageForIndirectCalls(Function &F,
ArrayRef<Instruction *> IndirCalls);
void InjectTraceForCmp(Function &F, ArrayRef<Instruction *> CmpTraceTargets);
void InjectTraceForDiv(Function & F,
void InjectTraceForDiv(Function &F,
ArrayRef<BinaryOperator *> DivTraceTargets);
void InjectTraceForGep(Function & F,
void InjectTraceForGep(Function &F,
ArrayRef<GetElementPtrInst *> GepTraceTargets);
void InjectTraceForSwitch(Function & F,
void InjectTraceForSwitch(Function &F,
ArrayRef<Instruction *> SwitchTraceTargets);
bool InjectCoverage(Function &F, ArrayRef<BasicBlock *> AllBlocks,
bool IsLeafFunc = true);
@ -187,10 +187,10 @@ class ModuleSanitizerCoverageAFL
GlobalVariable *SanCovLowestStack;
Type *IntptrTy, *IntptrPtrTy, *Int64Ty, *Int64PtrTy, *Int32Ty, *Int32PtrTy,
*Int16Ty, *Int8Ty, *Int8PtrTy, *Int1Ty, *Int1PtrTy;
Module * CurModule;
Module *CurModule;
std::string CurModuleUniqueId;
Triple TargetTriple;
LLVMContext * C;
LLVMContext *C;
const DataLayout *DL;
GlobalVariable *FunctionGuardArray; // for trace-pc-guard.
@ -204,8 +204,8 @@ class ModuleSanitizerCoverageAFL
uint32_t instr = 0, selects = 0, unhandled = 0;
GlobalVariable *AFLMapPtr = NULL;
ConstantInt * One = NULL;
ConstantInt * Zero = NULL;
ConstantInt *One = NULL;
ConstantInt *Zero = NULL;
};
@ -287,12 +287,12 @@ llvmGetPassPluginInfo() {
#endif
PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module & M,
PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module &M,
ModuleAnalysisManager &MAM) {
ModuleSanitizerCoverageAFL ModuleSancov(Options);
auto &FAM = MAM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager();
auto DTCallback = [&FAM](Function &F) -> const DominatorTree * {
auto DTCallback = [&FAM](Function &F) -> const DominatorTree *{
return &FAM.getResult<DominatorTreeAnalysis>(F);
@ -433,7 +433,7 @@ bool ModuleSanitizerCoverageAFL::instrumentModule(
FunctionPCsArray = nullptr;
IntptrTy = Type::getIntNTy(*C, DL->getPointerSizeInBits());
IntptrPtrTy = PointerType::getUnqual(IntptrTy);
Type * VoidTy = Type::getVoidTy(*C);
Type *VoidTy = Type::getVoidTy(*C);
IRBuilder<> IRB(*C);
Int64PtrTy = PointerType::getUnqual(IRB.getInt64Ty());
Int32PtrTy = PointerType::getUnqual(IRB.getInt32Ty());
@ -612,8 +612,8 @@ bool isFullPostDominator(const BasicBlock *BB, const PostDominatorTree *PDT) {
}
bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB,
const DominatorTree * DT,
const PostDominatorTree * PDT,
const DominatorTree *DT,
const PostDominatorTree *PDT,
const SanitizerCoverageOptions &Options) {
// Don't insert coverage for blocks containing nothing but unreachable: we
@ -704,7 +704,7 @@ void ModuleSanitizerCoverageAFL::instrumentFunction(
SmallVector<BinaryOperator *, 8> DivTraceTargets;
SmallVector<GetElementPtrInst *, 8> GepTraceTargets;
const DominatorTree * DT = DTCallback(F);
const DominatorTree *DT = DTCallback(F);
const PostDominatorTree *PDT = PDTCallback(F);
bool IsLeafFunc = true;
@ -971,8 +971,8 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage(
if (!skip_next && (selectInst = dyn_cast<SelectInst>(&IN))) {
uint32_t vector_cnt = 0;
Value * condition = selectInst->getCondition();
Value * result;
Value *condition = selectInst->getCondition();
Value *result;
auto t = condition->getType();
IRBuilder<> IRB(selectInst->getNextNode());
@ -1113,7 +1113,7 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage(
/* Get CurLoc */
LoadInst *CurLoc = nullptr;
Value * MapPtrIdx = nullptr;
Value *MapPtrIdx = nullptr;
/* Load counter for CurLoc */
if (!vector_cnt) {
@ -1212,8 +1212,8 @@ void ModuleSanitizerCoverageAFL::InjectCoverageForIndirectCalls(
for (auto I : IndirCalls) {
IRBuilder<> IRB(I);
CallBase & CB = cast<CallBase>(*I);
Value * Callee = CB.getCalledOperand();
CallBase &CB = cast<CallBase>(*I);
Value *Callee = CB.getCalledOperand();
if (isa<InlineAsm>(Callee)) continue;
IRB.CreateCall(SanCovTracePCIndir, IRB.CreatePointerCast(Callee, IntptrTy));
@ -1234,7 +1234,7 @@ void ModuleSanitizerCoverageAFL::InjectTraceForSwitch(
IRBuilder<> IRB(I);
SmallVector<Constant *, 16> Initializers;
Value * Cond = SI->getCondition();
Value *Cond = SI->getCondition();
if (Cond->getType()->getScalarSizeInBits() >
Int64Ty->getScalarSizeInBits())
continue;
@ -1282,7 +1282,7 @@ void ModuleSanitizerCoverageAFL::InjectTraceForDiv(
for (auto BO : DivTraceTargets) {
IRBuilder<> IRB(BO);
Value * A1 = BO->getOperand(1);
Value *A1 = BO->getOperand(1);
if (isa<ConstantInt>(A1)) continue;
if (!A1->getType()->isIntegerTy()) continue;
uint64_t TypeSize = DL->getTypeStoreSizeInBits(A1->getType());
@ -1319,8 +1319,8 @@ void ModuleSanitizerCoverageAFL::InjectTraceForCmp(
if (ICmpInst *ICMP = dyn_cast<ICmpInst>(I)) {
IRBuilder<> IRB(ICMP);
Value * A0 = ICMP->getOperand(0);
Value * A1 = ICMP->getOperand(1);
Value *A0 = ICMP->getOperand(0);
Value *A1 = ICMP->getOperand(1);
if (!A0->getType()->isIntegerTy()) continue;
uint64_t TypeSize = DL->getTypeStoreSizeInBits(A0->getType());
int CallbackIdx = TypeSize == 8 ? 0
@ -1353,7 +1353,7 @@ void ModuleSanitizerCoverageAFL::InjectTraceForCmp(
}
void ModuleSanitizerCoverageAFL::InjectCoverageAtBlock(Function & F,
void ModuleSanitizerCoverageAFL::InjectCoverageAtBlock(Function &F,
BasicBlock &BB,
size_t Idx,
bool IsLeafFunc) {
@ -1472,7 +1472,7 @@ void ModuleSanitizerCoverageAFL::InjectCoverageAtBlock(Function & F,
if (Options.StackDepth && IsEntryBB && !IsLeafFunc) {
// Check stack depth. If it's the deepest so far, record it.
Module * M = F.getParent();
Module *M = F.getParent();
Function *GetFrameAddr = Intrinsic::getDeclaration(
M, Intrinsic::frameaddress,
IRB.getInt8PtrTy(M->getDataLayout().getAllocaAddrSpace()));

14
instrumentation/afl-compiler-rt.o.c
View File

@ -92,11 +92,11 @@ static u8 __afl_area_initial[MAP_INITIAL_SIZE];
static u8 *__afl_area_ptr_dummy = __afl_area_initial;
static u8 *__afl_area_ptr_backup = __afl_area_initial;
u8 * __afl_area_ptr = __afl_area_initial;
u8 * __afl_dictionary;
u8 * __afl_fuzz_ptr;
u8 *__afl_area_ptr = __afl_area_initial;
u8 *__afl_dictionary;
u8 *__afl_fuzz_ptr;
static u32 __afl_fuzz_len_dummy;
u32 * __afl_fuzz_len = &__afl_fuzz_len_dummy;
u32 *__afl_fuzz_len = &__afl_fuzz_len_dummy;
u32 __afl_final_loc;
u32 __afl_map_size = MAP_SIZE;
@ -399,7 +399,7 @@ static void __afl_map_shm(void) {
}
#ifdef USEMMAP
const char * shm_file_path = id_str;
const char *shm_file_path = id_str;
int shm_fd = -1;
unsigned char *shm_base = NULL;
@ -583,7 +583,7 @@ static void __afl_map_shm(void) {
}
#ifdef USEMMAP
const char * shm_file_path = id_str;
const char *shm_file_path = id_str;
int shm_fd = -1;
struct cmp_map *shm_base = NULL;
@ -689,7 +689,7 @@ static void __afl_unmap_shm(void) {
void write_error_with_location(char *text, char *filename, int linenumber) {
u8 * o = getenv("__AFL_OUT_DIR");
u8 *o = getenv("__AFL_OUT_DIR");
char *e = strerror(errno);
if (o) {

4
instrumentation/afl-gcc-cmplog-pass.so.cc
View File

@ -367,7 +367,7 @@ Set AFL_QUIET in the environment to silence it.\n\
/* This is the function GCC calls when loading a plugin. Initialize
and register further callbacks. */
int plugin_init(struct plugin_name_args * info,
int plugin_init(struct plugin_name_args *info,
struct plugin_gcc_version *version) {
if (!plugin_default_version_check(version, &gcc_version))
@ -386,7 +386,7 @@ int plugin_init(struct plugin_name_args * info,
const char *name = info->base_name;
register_callback(name, PLUGIN_INFO, NULL, &afl_cmplog_plugin);
afl_cmplog_pass * aflp = new afl_cmplog_pass(quiet);
afl_cmplog_pass *aflp = new afl_cmplog_pass(quiet);
struct register_pass_info pass_info = {
.pass = aflp,

4
instrumentation/afl-gcc-cmptrs-pass.so.cc
View File

@ -329,7 +329,7 @@ Set AFL_QUIET in the environment to silence it.\n\
/* This is the function GCC calls when loading a plugin. Initialize
and register further callbacks. */
int plugin_init(struct plugin_name_args * info,
int plugin_init(struct plugin_name_args *info,
struct plugin_gcc_version *version) {
if (!plugin_default_version_check(version, &gcc_version))
@ -348,7 +348,7 @@ int plugin_init(struct plugin_name_args * info,
const char *name = info->base_name;
register_callback(name, PLUGIN_INFO, NULL, &afl_cmptrs_plugin);
afl_cmptrs_pass * aflp = new afl_cmptrs_pass(quiet);
afl_cmptrs_pass *aflp = new afl_cmptrs_pass(quiet);
struct register_pass_info pass_info = {
.pass = aflp,

4
instrumentation/afl-gcc-common.h
View File

@ -493,6 +493,8 @@ struct afl_base_pass : gimple_opt_pass {
return return_default;
}
};
}
} // namespace

4
instrumentation/afl-gcc-pass.so.cc
View File

@ -472,7 +472,7 @@ Specify -frandom-seed for reproducible instrumentation.\n\
/* This is the function GCC calls when loading a plugin. Initialize
and register further callbacks. */
int plugin_init(struct plugin_name_args * info,
int plugin_init(struct plugin_name_args *info,
struct plugin_gcc_version *version) {
if (!plugin_default_version_check(version, &gcc_version))
@ -502,7 +502,7 @@ int plugin_init(struct plugin_name_args * info,
const char *name = info->base_name;
register_callback(name, PLUGIN_INFO, NULL, &afl_plugin);
afl_pass * aflp = new afl_pass(quiet, inst_ratio);
afl_pass *aflp = new afl_pass(quiet, inst_ratio);
struct register_pass_info pass_info = {
.pass = aflp,

10
instrumentation/afl-llvm-dict2file.so.cc
View File

@ -181,7 +181,7 @@ bool AFLdict2filePass::runOnModule(Module &M) {
#endif
DenseMap<Value *, std::string *> valueMap;
char * ptr;
char *ptr;
int found = 0;
/* Show a banner */
@ -246,11 +246,11 @@ bool AFLdict2filePass::runOnModule(Module &M) {
for (auto &IN : BB) {
CallInst *callInst = nullptr;
CmpInst * cmpInst = nullptr;
CmpInst *cmpInst = nullptr;
if ((cmpInst = dyn_cast<CmpInst>(&IN))) {
Value * op = cmpInst->getOperand(1);
Value *op = cmpInst->getOperand(1);
ConstantInt *ilen = dyn_cast<ConstantInt>(op);
/* We skip > 64 bit integers. why? first because their value is
@ -518,7 +518,7 @@ bool AFLdict2filePass::runOnModule(Module &M) {
if (HasStr2 == true) {
Value * op2 = callInst->getArgOperand(2);
Value *op2 = callInst->getArgOperand(2);
ConstantInt *ilen = dyn_cast<ConstantInt>(op2);
if (ilen) {
@ -631,7 +631,7 @@ bool AFLdict2filePass::runOnModule(Module &M) {
if (isMemcmp || isStrncmp || isStrncasecmp) {
Value * op2 = callInst->getArgOperand(2);
Value *op2 = callInst->getArgOperand(2);
ConstantInt *ilen = dyn_cast<ConstantInt>(op2);
if (ilen) {

4
instrumentation/afl-llvm-lto-instrumentlist.so.cc
View File

@ -101,7 +101,7 @@ llvmGetPassPluginInfo() {
}
PreservedAnalyses AFLcheckIfInstrument::run(Module & M,
PreservedAnalyses AFLcheckIfInstrument::run(Module &M,
ModuleAnalysisManager &MAM) {
/* Show a banner */
@ -135,7 +135,7 @@ PreservedAnalyses AFLcheckIfInstrument::run(Module & M,
DEBUGF("function %s is NOT in the instrument file list\n",
F.getName().str().c_str());
auto & Ctx = F.getContext();
auto &Ctx = F.getContext();
AttributeList Attrs = F.getAttributes();
#if LLVM_VERSION_MAJOR >= 14
AttributeList NewAttrs = Attrs.addFnAttribute(Ctx, "skipinstrument");

6
instrumentation/afl-llvm-pass.so.cc
View File

@ -251,7 +251,7 @@ bool AFLCoverage::runOnModule(Module &M) {
/* Decide instrumentation ratio */
char * inst_ratio_str = getenv("AFL_INST_RATIO");
char *inst_ratio_str = getenv("AFL_INST_RATIO");
unsigned int inst_ratio = 100;
if (inst_ratio_str) {
@ -486,7 +486,7 @@ bool AFLCoverage::runOnModule(Module &M) {
Constant *PrevLocShuffleMask = ConstantVector::get(PrevLocShuffle);
Constant * PrevCallerShuffleMask = NULL;
Constant *PrevCallerShuffleMask = NULL;
SmallVector<Constant *, 32> PrevCallerShuffle = {UndefValue::get(Int32Ty)};
if (ctx_k) {
@ -506,7 +506,7 @@ bool AFLCoverage::runOnModule(Module &M) {
// other constants we need
ConstantInt *One = ConstantInt::get(Int8Ty, 1);
Value * PrevCtx = NULL; // CTX sensitive coverage
Value *PrevCtx = NULL; // CTX sensitive coverage
LoadInst *PrevCaller = NULL; // K-CTX coverage
/* Instrument all the things! */

8
instrumentation/cmplog-instructions-pass.cc
View File

@ -156,9 +156,9 @@ Iterator Unique(Iterator first, Iterator last) {
bool CmpLogInstructions::hookInstrs(Module &M) {
std::vector<Instruction *> icomps;
LLVMContext & C = M.getContext();
LLVMContext &C = M.getContext();
Type * VoidTy = Type::getVoidTy(C);
Type *VoidTy = Type::getVoidTy(C);
IntegerType *Int8Ty = IntegerType::getInt8Ty(C);
IntegerType *Int16Ty = IntegerType::getInt16Ty(C);
IntegerType *Int32Ty = IntegerType::getInt32Ty(C);
@ -338,7 +338,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) {
IntegerType *intTyOp1 = NULL;
unsigned max_size = 0, cast_size = 0;
unsigned attr = 0, vector_cnt = 0, is_fp = 0;
CmpInst * cmpInst = dyn_cast<CmpInst>(selectcmpInst);
CmpInst *cmpInst = dyn_cast<CmpInst>(selectcmpInst);
if (!cmpInst) { continue; }
@ -666,7 +666,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) {
}
#if LLVM_MAJOR >= 11 /* use new pass manager */
PreservedAnalyses CmpLogInstructions::run(Module & M,
PreservedAnalyses CmpLogInstructions::run(Module &M,
ModuleAnalysisManager &MAM) {
#else

36
instrumentation/cmplog-routines-pass.cc
View File

@ -506,8 +506,8 @@ bool CmpLogRoutines::hookRtns(Module &M) {
IRBuilder<> IRB(ThenTerm);
std::vector<Value *> args;
Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy);
Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy);
Value *v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy);
Value *v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy);
args.push_back(v1Pcasted);
args.push_back(v2Pcasted);
@ -537,9 +537,9 @@ bool CmpLogRoutines::hookRtns(Module &M) {
IRBuilder<> IRB(ThenTerm);
std::vector<Value *> args;
Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy);
Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy);
Value * v3Pbitcast = IRB.CreateBitCast(
Value *v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy);
Value *v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy);
Value *v3Pbitcast = IRB.CreateBitCast(
v3P, IntegerType::get(C, v3P->getType()->getPrimitiveSizeInBits()));
Value *v3Pcasted =
IRB.CreateIntCast(v3Pbitcast, IntegerType::get(C, 64), false);
@ -572,8 +572,8 @@ bool CmpLogRoutines::hookRtns(Module &M) {
IRBuilder<> IRB(ThenTerm);
std::vector<Value *> args;
Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy);
Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy);
Value *v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy);
Value *v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy);
args.push_back(v1Pcasted);
args.push_back(v2Pcasted);
@ -603,9 +603,9 @@ bool CmpLogRoutines::hookRtns(Module &M) {
IRBuilder<> IRB(ThenTerm);
std::vector<Value *> args;
Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy);
Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy);
Value * v3Pbitcast = IRB.CreateBitCast(
Value *v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy);
Value *v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy);
Value *v3Pbitcast = IRB.CreateBitCast(
v3P, IntegerType::get(C, v3P->getType()->getPrimitiveSizeInBits()));
Value *v3Pcasted =
IRB.CreateIntCast(v3Pbitcast, IntegerType::get(C, 64), false);
@ -638,8 +638,8 @@ bool CmpLogRoutines::hookRtns(Module &M) {
IRBuilder<> IRB(ThenTerm);
std::vector<Value *> args;
Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy);
Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy);
Value *v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy);
Value *v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy);
args.push_back(v1Pcasted);
args.push_back(v2Pcasted);
@ -668,8 +668,8 @@ bool CmpLogRoutines::hookRtns(Module &M) {
IRBuilder<> IRB(ThenTerm);
std::vector<Value *> args;
Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy);
Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy);
Value *v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy);
Value *v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy);
args.push_back(v1Pcasted);
args.push_back(v2Pcasted);
@ -698,8 +698,8 @@ bool CmpLogRoutines::hookRtns(Module &M) {
IRBuilder<> IRB(ThenTerm);
std::vector<Value *> args;
Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy);
Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy);
Value *v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy);
Value *v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy);
args.push_back(v1Pcasted);
args.push_back(v2Pcasted);
@ -728,8 +728,8 @@ bool CmpLogRoutines::hookRtns(Module &M) {
IRBuilder<> IRB(ThenTerm);
std::vector<Value *> args;
Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy);
Value * v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy);
Value *v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy);
Value *v2Pcasted = IRB.CreatePointerCast(v2P, i8PtrTy);
args.push_back(v1Pcasted);
args.push_back(v2Pcasted);

6
instrumentation/cmplog-switches-pass.cc
View File

@ -149,9 +149,9 @@ Iterator Unique(Iterator first, Iterator last) {
bool CmplogSwitches::hookInstrs(Module &M) {
std::vector<SwitchInst *> switches;
LLVMContext & C = M.getContext();
LLVMContext &C = M.getContext();
Type * VoidTy = Type::getVoidTy(C);
Type *VoidTy = Type::getVoidTy(C);
IntegerType *Int8Ty = IntegerType::getInt8Ty(C);
IntegerType *Int16Ty = IntegerType::getInt16Ty(C);
IntegerType *Int32Ty = IntegerType::getInt32Ty(C);
@ -270,7 +270,7 @@ bool CmplogSwitches::hookInstrs(Module &M) {
for (auto &SI : switches) {
Value * Val = SI->getCondition();
Value *Val = SI->getCondition();
unsigned int max_size = Val->getType()->getIntegerBitWidth(), cast_size;
unsigned char do_cast = 0;

18
instrumentation/compare-transform-pass.so.cc
View File

@ -168,10 +168,10 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
DenseMap<Value *, std::string *> valueMap;
std::vector<CallInst *> calls;
LLVMContext & C = M.getContext();
IntegerType * Int8Ty = IntegerType::getInt8Ty(C);
IntegerType * Int32Ty = IntegerType::getInt32Ty(C);
IntegerType * Int64Ty = IntegerType::getInt64Ty(C);
LLVMContext &C = M.getContext();
IntegerType *Int8Ty = IntegerType::getInt8Ty(C);
IntegerType *Int32Ty = IntegerType::getInt32Ty(C);
IntegerType *Int64Ty = IntegerType::getInt64Ty(C);
#if LLVM_VERSION_MAJOR >= 9
FunctionCallee tolowerFn;
@ -409,7 +409,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
/* check if third operand is a constant integer
* strlen("constStr") and sizeof() are treated as constant */
Value * op2 = callInst->getArgOperand(2);
Value *op2 = callInst->getArgOperand(2);
ConstantInt *ilen = dyn_cast<ConstantInt>(op2);
if (ilen) {
@ -449,7 +449,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
*Str2P = callInst->getArgOperand(1);
StringRef Str1, Str2, ConstStr;
std::string TmpConstStr;
Value * VarStr;
Value *VarStr;
bool HasStr1 = getConstantStringInfo(Str1P, Str1);
bool HasStr2 = getConstantStringInfo(Str2P, Str2);
uint64_t constStrLen, unrollLen, constSizedLen = 0;
@ -457,7 +457,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
bool isSizedcmp = false;
bool isCaseInsensitive = false;
bool needs_null = false;
Function * Callee = callInst->getCalledFunction();
Function *Callee = callInst->getCalledFunction();
if (Callee) {
@ -616,13 +616,13 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
for (uint64_t i = 0; i < unrollLen; i++) {
BasicBlock * cur_cmp_bb = next_cmp_bb, *cur_lenchk_bb = next_lenchk_bb;
BasicBlock *cur_cmp_bb = next_cmp_bb, *cur_lenchk_bb = next_lenchk_bb;
unsigned char c;
if (cur_lenchk_bb) {
IRBuilder<> cur_lenchk_IRB(&*(cur_lenchk_bb->getFirstInsertionPt()));
Value * icmp = cur_lenchk_IRB.CreateICmpEQ(
Value *icmp = cur_lenchk_IRB.CreateICmpEQ(
sizedValue, ConstantInt::get(sizedValue->getType(), i));
cur_lenchk_IRB.CreateCondBr(icmp, end_bb, cur_cmp_bb);
cur_lenchk_bb->getTerminator()->eraseFromParent();

39
instrumentation/split-compares-pass.so.cc
View File

@ -230,9 +230,9 @@ char SplitComparesTransform::ID = 0;
/// FCMP instructions with predicate xGT or xLT and EQ
bool SplitComparesTransform::simplifyFPCompares(Module &M) {
LLVMContext & C = M.getContext();
LLVMContext &C = M.getContext();
std::vector<Instruction *> fcomps;
IntegerType * Int1Ty = IntegerType::getInt1Ty(C);
IntegerType *Int1Ty = IntegerType::getInt1Ty(C);
/* iterate over all functions, bbs and instruction and add
* all integer comparisons with >= and <= predicates to the icomps vector */
@ -362,8 +362,8 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) {
/// This function splits ICMP instructions with xGE or xLE predicates into two
/// ICMP instructions with predicate xGT or xLT and EQ
bool SplitComparesTransform::simplifyOrEqualsCompare(CmpInst * IcmpInst,
Module & M,
bool SplitComparesTransform::simplifyOrEqualsCompare(CmpInst *IcmpInst,
Module &M,
CmpWorklist &worklist) {
LLVMContext &C = M.getContext();
@ -498,7 +498,7 @@ bool SplitComparesTransform::simplifySignedCompare(CmpInst *IcmpInst, Module &M,
/* create a new basic block which is executed if the signedness bit is
* different */
CmpInst * icmp_inv_sig_cmp;
CmpInst *icmp_inv_sig_cmp;
BasicBlock *sign_bb =
BasicBlock::Create(C, "sign", end_bb->getParent(), end_bb);
if (pred == CmpInst::ICMP_SGT) {
@ -522,7 +522,7 @@ bool SplitComparesTransform::simplifySignedCompare(CmpInst *IcmpInst, Module &M,
BranchInst::Create(end_bb, sign_bb);
/* create a new bb which is executed if signedness is equal */
CmpInst * icmp_usign_cmp;
CmpInst *icmp_usign_cmp;
BasicBlock *middle_bb =
BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb);
/* we can do a normal unsigned compare now */
@ -590,6 +590,7 @@ bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M,
if (!intTyOp0) {
// not an integer type
if (!be_quiet)
fprintf(stderr, "Error: split-compare: not an integer type\n");
return false;
@ -605,11 +606,11 @@ bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M,
LLVMContext &C = M.getContext();
IntegerType *Int1Ty = IntegerType::getInt1Ty(C);
BasicBlock * bb = cmp_inst->getParent();
BasicBlock *bb = cmp_inst->getParent();
IntegerType *OldIntType = IntegerType::get(C, bitw);
IntegerType *NewIntType = IntegerType::get(C, bitw / 2);
BasicBlock * end_bb = bb->splitBasicBlock(BasicBlock::iterator(cmp_inst));
CmpInst * icmp_high, *icmp_low;
BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(cmp_inst));
CmpInst *icmp_high, *icmp_low;
/* create the comparison of the top halves of the original operands */
Value *s_op0, *op0_high, *s_op1, *op1_high;
@ -639,7 +640,7 @@ bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M,
BasicBlock *cmp_low_bb =
BasicBlock::Create(C, "" /*"injected"*/, end_bb->getParent(), end_bb);
Value * op0_low, *op1_low;
Value *op0_low, *op1_low;
IRBuilder<> Builder(cmp_low_bb);
op0_low = Builder.CreateTrunc(op0, NewIntType);
@ -700,8 +701,8 @@ bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M,
* if this is true we can go to the end if not we have to go to the
* bb which checks the lower half of the operands */
Instruction *op0_low, *op1_low;
CmpInst * icmp_inv_cmp = nullptr;
BasicBlock * inv_cmp_bb =
CmpInst *icmp_inv_cmp = nullptr;
BasicBlock *inv_cmp_bb =
BasicBlock::Create(C, "inv_cmp", end_bb->getParent(), end_bb);
if (pred == CmpInst::ICMP_UGT || pred == CmpInst::ICMP_SGT ||
pred == CmpInst::ICMP_UGE || pred == CmpInst::ICMP_SGE) {
@ -963,7 +964,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) {
// BUG FIXME TODO: u64 does not work for > 64 bit ... e.g. 80 and 128 bit
if (sizeInBits > 64) { continue; }
IntegerType * intType = IntegerType::get(C, op_size);
IntegerType *intType = IntegerType::get(C, op_size);
const unsigned int precision = sizeInBits == 32 ? 24
: sizeInBits == 64 ? 53
: sizeInBits == 128 ? 113
@ -1071,8 +1072,8 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) {
/*** now working in nonan_bb ***/
/* Treat -0.0 as equal to +0.0, that is for -0.0 make it +0.0 */
Instruction * b_op0, *b_op1;
Instruction * isMzero_op0, *isMzero_op1;
Instruction *b_op0, *b_op1;
Instruction *isMzero_op0, *isMzero_op1;
const unsigned long long MinusZero = 1UL << (sizeInBits - 1U);
const unsigned long long PlusZero = 0;
@ -1191,7 +1192,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) {
/* compare the exponents of the operands */
Instruction *icmp_exponents_equal;
Instruction *icmp_exponent_result;
BasicBlock * signequal2_bb = signequal_bb;
BasicBlock *signequal2_bb = signequal_bb;
switch (FcmpInst->getPredicate()) {
case CmpInst::FCMP_UEQ:
@ -1361,8 +1362,8 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) {
/* compare the fractions of the operands */
Instruction *icmp_fraction_result;
BasicBlock * middle2_bb = middle_bb;
PHINode * PN2 = nullptr;
BasicBlock *middle2_bb = middle_bb;
PHINode *PN2 = nullptr;
switch (FcmpInst->getPredicate()) {
case CmpInst::FCMP_UEQ:
@ -1503,7 +1504,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) {
}
#if LLVM_MAJOR >= 11
PreservedAnalyses SplitComparesTransform::run(Module & M,
PreservedAnalyses SplitComparesTransform::run(Module &M,
ModuleAnalysisManager &MAM) {
#else

16
instrumentation/split-switches-pass.so.cc
View File

@ -102,7 +102,7 @@ class SplitSwitchesTransform : public ModulePass {
struct CaseExpr {
ConstantInt *Val;
BasicBlock * BB;
BasicBlock *BB;
CaseExpr(ConstantInt *val = nullptr, BasicBlock *bb = nullptr)
: Val(val), BB(bb) {
@ -182,7 +182,7 @@ BasicBlock *SplitSwitchesTransform::switchConvert(
unsigned ValTypeBitWidth = Cases[0].Val->getBitWidth();
IntegerType *ValType =
IntegerType::get(OrigBlock->getContext(), ValTypeBitWidth);
IntegerType * ByteType = IntegerType::get(OrigBlock->getContext(), 8);
IntegerType *ByteType = IntegerType::get(OrigBlock->getContext(), 8);
unsigned BytesInValue = bytesChecked.size();
std::vector<uint8_t> setSizes;
std::vector<std::set<uint8_t> > byteSets(BytesInValue, std::set<uint8_t>());
@ -221,8 +221,8 @@ BasicBlock *SplitSwitchesTransform::switchConvert(
/* there are only smallestSize different bytes at index smallestIndex */
Instruction *Shift, *Trunc;
Function * F = OrigBlock->getParent();
BasicBlock * NewNode = BasicBlock::Create(Val->getContext(), "NodeBlock", F);
Function *F = OrigBlock->getParent();
BasicBlock *NewNode = BasicBlock::Create(Val->getContext(), "NodeBlock", F);
Shift = BinaryOperator::Create(Instruction::LShr, Val,
ConstantInt::get(ValType, smallestIndex * 8));
NewNode->getInstList().push_back(Shift);
@ -403,9 +403,9 @@ bool SplitSwitchesTransform::splitSwitches(Module &M) {
BasicBlock *CurBlock = SI->getParent();
BasicBlock *OrigBlock = CurBlock;
Function * F = CurBlock->getParent();
Function *F = CurBlock->getParent();
/* this is the value we are switching on */
Value * Val = SI->getCondition();
Value *Val = SI->getCondition();
BasicBlock *Default = SI->getDefaultDest();
unsigned bitw = Val->getType()->getIntegerBitWidth();
@ -445,7 +445,7 @@ bool SplitSwitchesTransform::splitSwitches(Module &M) {
* round up bytesChecked (in case getBitWidth() % 8 != 0) */
std::vector<bool> bytesChecked((7 + Cases[0].Val->getBitWidth()) / 8,
false);
BasicBlock * SwitchBlock =
BasicBlock *SwitchBlock =
switchConvert(Cases, bytesChecked, OrigBlock, NewDefault, Val, 0);
/* Branch to our shiny new if-then stuff... */
@ -483,7 +483,7 @@ bool SplitSwitchesTransform::splitSwitches(Module &M) {
}
#if LLVM_VERSION_MAJOR >= 11 /* use new pass manager */
PreservedAnalyses SplitSwitchesTransform::run(Module & M,
PreservedAnalyses SplitSwitchesTransform::run(Module &M,
ModuleAnalysisManager &MAM) {
#else

2
qemu_mode/libcompcov/libcompcov.so.c
View File

@ -139,7 +139,7 @@ static void __compcov_load(void) {
char *bin_name = getenv("AFL_COMPCOV_BINNAME");
procmaps_iterator *maps = pmparser_parse(-1);
procmaps_struct * maps_tmp = NULL;
procmaps_struct *maps_tmp = NULL;
while ((maps_tmp = pmparser_next(maps)) != NULL) {

4
qemu_mode/libcompcov/pmparser.h
View File

@ -32,8 +32,8 @@ implied warranty.
*/
typedef struct procmaps_struct {
void * addr_start; //< start address of the area
void * addr_end; //< end address
void *addr_start; //< start address of the area
void *addr_end; //< end address
unsigned long length; //< size of the range
char perm[5]; //< permissions rwxp

73
qemu_mode/libqasan/dlmalloc.c
View File

@ -1390,7 +1390,7 @@ DLMALLOC_EXPORT void *mspace_memalign(mspace msp, size_t alignment,
*/
DLMALLOC_EXPORT void **mspace_independent_calloc(mspace msp, size_t n_elements,
size_t elem_size,
void * chunks[]);
void *chunks[]);
/*
mspace_independent_comalloc behaves as independent_comalloc, but
@ -1399,7 +1399,7 @@ DLMALLOC_EXPORT void **mspace_independent_calloc(mspace msp, size_t n_elements,
DLMALLOC_EXPORT void **mspace_independent_comalloc(mspace msp,
size_t n_elements,
size_t sizes[],
void * chunks[]);
void *chunks[]);
/*
mspace_footprint() returns the number of bytes obtained from the
@ -2607,7 +2607,7 @@ typedef struct malloc_tree_chunk *tbinptr; /* The type of bins of trees */
struct malloc_segment {
char * base; /* base address */
char *base; /* base address */
size_t size; /* allocated size */
struct malloc_segment *next; /* ptr to next segment */
flag_t sflags; /* mmap and extern flag */
@ -2723,7 +2723,7 @@ struct malloc_state {
binmap_t treemap;
size_t dvsize;
size_t topsize;
char * least_addr;
char *least_addr;
mchunkptr dv;
mchunkptr top;
size_t trim_check;
@ -2739,7 +2739,7 @@ struct malloc_state {
MLOCK_T mutex; /* locate lock among fields that rarely change */
#endif /* USE_LOCKS */
msegment seg;
void * extp; /* Unused but available for extensions */
void *extp; /* Unused but available for extensions */
size_t exts;
};
@ -3593,7 +3593,7 @@ static void do_check_tree(mstate m, tchunkptr t) {
/* Check all the chunks in a treebin. */
static void do_check_treebin(mstate m, bindex_t i) {
tbinptr * tb = treebin_at(m, i);
tbinptr *tb = treebin_at(m, i);
tchunkptr t = *tb;
int empty = (m->treemap & (1U << i)) == 0;
if (t == 0) assert(empty);
@ -3886,11 +3886,7 @@ static void internal_malloc_stats(mstate m) {
mark_smallmap(M, I); \
else if (RTCHECK(ok_address(M, B->fd))) \
F = B->fd; \
else { \
\
CORRUPTION_ERROR_ACTION(M); \
\
} \
else { CORRUPTION_ERROR_ACTION(M); } \
B->fd = P; \
F->bk = P; \
P->fd = F; \
@ -4104,11 +4100,7 @@ static void internal_malloc_stats(mstate m) {
} \
if (RTCHECK(ok_address(M, RP))) \
*RP = 0; \
else { \
\
CORRUPTION_ERROR_ACTION(M); \
\
} \
else { CORRUPTION_ERROR_ACTION(M); } \
\
} \
\
@ -4278,7 +4270,7 @@ static mchunkptr mmap_resize(mstate m, mchunkptr oldp, size_t nb, int flags) {
size_t offset = oldp->prev_foot;
size_t oldmmsize = oldsize + offset + MMAP_FOOT_PAD;
size_t newmmsize = mmap_align(nb + SIX_SIZE_T_SIZES + CHUNK_ALIGN_MASK);
char * cp =
char *cp =
(char *)CALL_MREMAP((char *)oldp - offset, oldmmsize, newmmsize, flags);
if (cp != CMFAIL) {
@ -4412,14 +4404,14 @@ static void *prepend_alloc(mstate m, char *newbase, char *oldbase, size_t nb) {
static void add_segment(mstate m, char *tbase, size_t tsize, flag_t mmapped) {
/* Determine locations and sizes of segment, fenceposts, old top */
char * old_top = (char *)m->top;
char *old_top = (char *)m->top;
msegmentptr oldsp = segment_holding(m, old_top);
char * old_end = oldsp->base + oldsp->size;
char *old_end = oldsp->base + oldsp->size;
size_t ssize = pad_request(sizeof(struct malloc_segment));
char * rawsp = old_end - (ssize + FOUR_SIZE_T_SIZES + CHUNK_ALIGN_MASK);
char *rawsp = old_end - (ssize + FOUR_SIZE_T_SIZES + CHUNK_ALIGN_MASK);
size_t offset = align_offset(chunk2mem(rawsp));
char * asp = rawsp + offset;
char * csp = (asp < (old_top + MIN_CHUNK_SIZE)) ? old_top : asp;
char *asp = rawsp + offset;
char *csp = (asp < (old_top + MIN_CHUNK_SIZE)) ? old_top : asp;
mchunkptr sp = (mchunkptr)csp;
msegmentptr ss = (msegmentptr)(chunk2mem(sp));
mchunkptr tnext = chunk_plus_offset(sp, ssize);
@ -4473,7 +4465,7 @@ static void add_segment(mstate m, char *tbase, size_t tsize, flag_t mmapped) {
/* Get memory from system using MORECORE or MMAP */
static void *sys_alloc(mstate m, size_t nb) {
char * tbase = CMFAIL;
char *tbase = CMFAIL;
size_t tsize = 0;
flag_t mmap_flag = 0;
size_t asize; /* allocation size */
@ -4521,7 +4513,7 @@ static void *sys_alloc(mstate m, size_t nb) {
if (MORECORE_CONTIGUOUS && !use_noncontiguous(m)) {
char * br = CMFAIL;
char *br = CMFAIL;
size_t ssize = asize; /* sbrk call size */
msegmentptr ss = (m->top == 0) ? 0 : segment_holding(m, (char *)m->top);
ACQUIRE_MALLOC_GLOBAL_LOCK();
@ -4728,7 +4720,7 @@ static size_t release_unused_segments(mstate m) {
msegmentptr sp = pred->next;
while (sp != 0) {
char * base = sp->base;
char *base = sp->base;
size_t size = sp->size;
msegmentptr next = sp->next;
++nsegs;
@ -5151,7 +5143,7 @@ void *dlmalloc(size_t bytes) {
if (!PREACTION(gm)) {
void * mem;
void *mem;
size_t nb;
if (bytes <= MAX_SMALL_REQUEST) {
@ -5430,7 +5422,7 @@ void dlfree(void *mem) {
void *dlcalloc(size_t n_elements, size_t elem_size) {
void * mem;
void *mem;
size_t req = 0;
if (n_elements != 0) {
@ -5598,9 +5590,10 @@ static void *internal_memalign(mstate m, size_t alignment, size_t bytes) {
We've allocated enough total room so that this is always
possible.
*/
char * br = (char *)mem2chunk((size_t)(
((size_t)((char *)mem + alignment - SIZE_T_ONE)) & -alignment));
char * pos = ((size_t)(br - (char *)(p)) >= MIN_CHUNK_SIZE)
char *br = (char *)mem2chunk(
(size_t)(((size_t)((char *)mem + alignment - SIZE_T_ONE)) &
-alignment));
char *pos = ((size_t)(br - (char *)(p)) >= MIN_CHUNK_SIZE)
? br
: br + alignment;
mchunkptr newp = (mchunkptr)pos;
@ -5666,10 +5659,10 @@ static void **ialloc(mstate m, size_t n_elements, size_t *sizes, int opts,
size_t element_size; /* chunksize of each element, if all same */
size_t contents_size; /* total size of elements */
size_t array_size; /* request size of pointer array */
void * mem; /* malloced aggregate space */
void *mem; /* malloced aggregate space */
mchunkptr p; /* corresponding chunk */
size_t remainder_size; /* remaining bytes while splitting */
void ** marray; /* either "chunks" or malloced ptr array */
void **marray; /* either "chunks" or malloced ptr array */
mchunkptr array_chunk; /* chunk for malloced ptr array */
flag_t was_enabled; /* to disable mmap */
size_t size;
@ -5828,7 +5821,7 @@ static size_t internal_bulk_free(mstate m, void *array[], size_t nelem) {
*a = 0;
if (RTCHECK(ok_address(m, p) && ok_inuse(p))) {
void ** b = a + 1; /* try to merge with next chunk */
void **b = a + 1; /* try to merge with next chunk */
mchunkptr next = next_chunk(p);
if (b != fence && *b == chunk2mem(next)) {
@ -5865,7 +5858,7 @@ static size_t internal_bulk_free(mstate m, void *array[], size_t nelem) {
static void internal_inspect_all(mstate m,
void (*handler)(void *start, void *end,
size_t used_bytes,
void * callback_arg),
void *callback_arg),
void *arg) {
if (is_initialized(m)) {
@ -5880,7 +5873,7 @@ static void internal_inspect_all(mstate m,
mchunkptr next = next_chunk(q);
size_t sz = chunksize(q);
size_t used;
void * start;
void *start;
if (is_inuse(q)) {
used = sz - CHUNK_OVERHEAD; /* must not be mmapped */
@ -6113,7 +6106,7 @@ size_t dlbulk_free(void *array[], size_t nelem) {
#if MALLOC_INSPECT_ALL
void dlmalloc_inspect_all(void (*handler)(void *start, void *end,
size_t used_bytes,
void * callback_arg),
void *callback_arg),
void *arg) {
ensure_initialization();
@ -6253,7 +6246,7 @@ mspace create_mspace(size_t capacity, int locked) {
size_t rs = ((capacity == 0) ? mparams.granularity
: (capacity + TOP_FOOT_SIZE + msize));
size_t tsize = granularity_align(rs);
char * tbase = (char *)(CALL_MMAP(tsize));
char *tbase = (char *)(CALL_MMAP(tsize));
if (tbase != CMFAIL) {
m = init_user_mstate(tbase, tsize);
@ -6322,7 +6315,7 @@ size_t destroy_mspace(mspace msp) {
(void)DESTROY_LOCK(&ms->mutex); /* destroy before unmapped */
while (sp != 0) {
char * base = sp->base;
char *base = sp->base;
size_t size = sp->size;
flag_t flag = sp->sflags;
(void)base; /* placate people compiling -Wunused-variable */
@ -6360,7 +6353,7 @@ void *mspace_malloc(mspace msp, size_t bytes) {
if (!PREACTION(ms)) {
void * mem;
void *mem;
size_t nb;
if (bytes <= MAX_SMALL_REQUEST) {
@ -6628,7 +6621,7 @@ void mspace_free(mspace msp, void *mem) {
void *mspace_calloc(mspace msp, size_t n_elements, size_t elem_size) {
void * mem;
void *mem;
size_t req = 0;
mstate ms = (mstate)msp;
if (!ok_magic(ms)) {

30
qemu_mode/libqasan/libqasan.h
View File

@ -97,19 +97,19 @@ void __libqasan_init_malloc(void);
void __libqasan_hotpatch(void);
size_t __libqasan_malloc_usable_size(void *ptr);
void * __libqasan_malloc(size_t size);
void *__libqasan_malloc(size_t size);
void __libqasan_free(void *ptr);
void * __libqasan_calloc(size_t nmemb, size_t size);
void * __libqasan_realloc(void *ptr, size_t size);
void *__libqasan_calloc(size_t nmemb, size_t size);
void *__libqasan_realloc(void *ptr, size_t size);
int __libqasan_posix_memalign(void **ptr, size_t align, size_t len);
void * __libqasan_memalign(size_t align, size_t len);
void * __libqasan_aligned_alloc(size_t align, size_t len);
void *__libqasan_memalign(size_t align, size_t len);
void *__libqasan_aligned_alloc(size_t align, size_t len);
void * __libqasan_memcpy(void *dest, const void *src, size_t n);
void * __libqasan_memmove(void *dest, const void *src, size_t n);
void * __libqasan_memset(void *s, int c, size_t n);
void * __libqasan_memchr(const void *s, int c, size_t n);
void * __libqasan_memrchr(const void *s, int c, size_t n);
void *__libqasan_memcpy(void *dest, const void *src, size_t n);
void *__libqasan_memmove(void *dest, const void *src, size_t n);
void *__libqasan_memset(void *s, int c, size_t n);
void *__libqasan_memchr(const void *s, int c, size_t n);
void *__libqasan_memrchr(const void *s, int c, size_t n);
size_t __libqasan_strlen(const char *s);
size_t __libqasan_strnlen(const char *s, size_t len);
int __libqasan_strcmp(const char *str1, const char *str2);
@ -118,12 +118,12 @@ int __libqasan_strcasecmp(const char *str1, const char *str2);
int __libqasan_strncasecmp(const char *str1, const char *str2, size_t len);
int __libqasan_memcmp(const void *mem1, const void *mem2, size_t len);
int __libqasan_bcmp(const void *mem1, const void *mem2, size_t len);
char * __libqasan_strstr(const char *haystack, const char *needle);
char * __libqasan_strcasestr(const char *haystack, const char *needle);
void * __libqasan_memmem(const void *haystack, size_t haystack_len,
char *__libqasan_strstr(const char *haystack, const char *needle);
char *__libqasan_strcasestr(const char *haystack, const char *needle);
void *__libqasan_memmem(const void *haystack, size_t haystack_len,
const void *needle, size_t needle_len);
char * __libqasan_strchr(const char *s, int c);
char * __libqasan_strrchr(const char *s, int c);
char *__libqasan_strchr(const char *s, int c);
char *__libqasan_strrchr(const char *s, int c);
size_t __libqasan_wcslen(const wchar_t *s);
wchar_t *__libqasan_wcscpy(wchar_t *d, const wchar_t *s);
int __libqasan_wcscmp(const wchar_t *s1, const wchar_t *s2);

4
qemu_mode/libqasan/malloc.c
View File

@ -51,7 +51,7 @@ typedef struct {
struct chunk_begin {
size_t requested_size;
void * aligned_orig; // NULL if not aligned
void *aligned_orig; // NULL if not aligned
struct chunk_begin *next;
struct chunk_begin *prev;
char redzone[REDZONE_SIZE];
@ -80,7 +80,7 @@ static unsigned char __tmp_alloc_zone[TMP_ZONE_SIZE];
#else
// From dlmalloc.c
void * dlmalloc(size_t);
void *dlmalloc(size_t);
void dlfree(void *);
#define backend_malloc dlmalloc
#define backend_free dlfree

4
qemu_mode/libqasan/patch.c
View File

@ -130,8 +130,8 @@ int libc_perms;
static void find_libc(void) {
FILE * fp;
char * line = NULL;
FILE *fp;
char *line = NULL;
size_t len = 0;
ssize_t read;

4
qemu_mode/libqasan/string.c
View File

@ -28,7 +28,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
void *__libqasan_memcpy(void *dest, const void *src, size_t n) {
unsigned char * d = dest;
unsigned char *d = dest;
const unsigned char *s = src;
if (!n) return dest;
@ -47,7 +47,7 @@ void *__libqasan_memcpy(void *dest, const void *src, size_t n) {
void *__libqasan_memmove(void *dest, const void *src, size_t n) {
unsigned char * d = dest;
unsigned char *d = dest;
const unsigned char *s = src;
if (!n) return dest;

2
src/afl-analyze.c
View File

@ -626,7 +626,7 @@ static void handle_stop_sig(int sig) {
static void set_up_environment(char **argv) {
u8 * x;
u8 *x;
char *afl_preload;
char *frida_afl_preload = NULL;

4
src/afl-cc.c
View File

@ -45,7 +45,7 @@
#define LLVM_MINOR 0
#endif
static u8 * obj_path; /* Path to runtime libraries */
static u8 *obj_path; /* Path to runtime libraries */
static u8 **cc_params; /* Parameters passed to the real CC */
static u32 cc_par_cnt = 1; /* Param count, including argv0 */
static u8 clang_mode; /* Invoked as afl-clang*? */
@ -53,7 +53,7 @@ static u8 llvm_fullpath[PATH_MAX];
static u8 instrument_mode, instrument_opt_mode, ngram_size, ctx_k, lto_mode;
static u8 compiler_mode, plusplus_mode, have_instr_env = 0;
static u8 have_gcc, have_llvm, have_gcc_plugin, have_lto, have_instr_list = 0;
static u8 * lto_flag = AFL_CLANG_FLTO, *argvnull;
static u8 *lto_flag = AFL_CLANG_FLTO, *argvnull;
static u8 debug;
static u8 cwd[4096];
static u8 cmplog_mode;

8
src/afl-common.c
View File

@ -558,9 +558,9 @@ void print_suggested_envs(char *mispelled_env) {
for (j = 0; afl_environment_variables[j] != NULL; ++j) {
char * afl_env = afl_environment_variables[j] + 4;
char *afl_env = afl_environment_variables[j] + 4;
size_t afl_env_len = strlen(afl_env);
char * reduced = ck_alloc(afl_env_len + 1);
char *reduced = ck_alloc(afl_env_len + 1);
size_t start = 0;
while (start < afl_env_len) {
@ -598,7 +598,7 @@ void print_suggested_envs(char *mispelled_env) {
if (found) goto cleanup;
char * reduced = ck_alloc(env_name_len + 1);
char *reduced = ck_alloc(env_name_len + 1);
size_t start = 0;
while (start < env_name_len) {
@ -1197,7 +1197,7 @@ u8 *u_stringify_time_diff(u8 *buf, u64 cur_ms, u64 event_ms) {
u32 get_map_size(void) {
uint32_t map_size = DEFAULT_SHMEM_SIZE;
char * ptr;
char *ptr;
if ((ptr = getenv("AFL_MAP_SIZE")) || (ptr = getenv("AFL_MAPSIZE"))) {

8
src/afl-fuzz-extras.c
View File

@ -57,7 +57,7 @@ void load_extras_file(afl_state_t *afl, u8 *fname, u32 *min_len, u32 *max_len,
FILE *f;
u8 buf[MAX_LINE];
u8 * lptr;
u8 *lptr;
u32 cur_line = 0;
u8 val_bufs[2][STRINGIFY_VAL_SIZE_MAX];
@ -291,10 +291,10 @@ static void extras_check_and_sort(afl_state_t *afl, u32 min_len, u32 max_len,
void load_extras(afl_state_t *afl, u8 *dir) {
DIR * d;
DIR *d;
struct dirent *de;
u32 min_len = MAX_DICT_FILE, max_len = 0, dict_level = 0;
u8 * x;
u8 *x;
u8 val_bufs[2][STRINGIFY_VAL_SIZE_MAX];
@ -330,7 +330,7 @@ void load_extras(afl_state_t *afl, u8 *dir) {
while ((de = readdir(d))) {
struct stat st;
u8 * fn = alloc_printf("%s/%s", dir, de->d_name);
u8 *fn = alloc_printf("%s/%s", dir, de->d_name);
s32 fd;
if (lstat(fn, &st) || access(fn, R_OK)) {

20
src/afl-fuzz-init.c
View File

@ -189,7 +189,7 @@ void bind_to_free_cpu(afl_state_t *afl) {
#if defined(__linux__)
DIR * d;
DIR *d;
struct dirent *de;
d = opendir("/proc");
@ -340,8 +340,8 @@ void bind_to_free_cpu(afl_state_t *afl) {
#elif defined(__sun)
kstat_named_t *n;
kstat_ctl_t * m;
kstat_t * k;
kstat_ctl_t *m;
kstat_t *k;
cpu_stat_t cs;
u32 ncpus;
@ -657,7 +657,7 @@ void read_testcases(afl_state_t *afl, u8 *directory) {
struct dirent **nl;
s32 nl_cnt, subdirs = 1;
u32 i;
u8 * fn1, *dir = directory;
u8 *fn1, *dir = directory;
u8 val_buf[2][STRINGIFY_VAL_SIZE_MAX];
/* Auto-detect non-in-place resumption attempts. */
@ -857,7 +857,7 @@ void perform_dry_run(afl_state_t *afl) {
struct queue_entry *q;
u32 cal_failures = 0, idx;
u8 * use_mem;
u8 *use_mem;
for (idx = 0; idx < afl->queued_items; idx++) {
@ -1461,7 +1461,7 @@ void find_timeout(afl_state_t *afl) {
static u8 delete_files(u8 *path, u8 *prefix) {
DIR * d;
DIR *d;
struct dirent *d_ent;
d = opendir(path);
@ -1589,7 +1589,7 @@ dir_cleanup_failed:
static void handle_existing_out_dir(afl_state_t *afl) {
FILE *f;
u8 * fn = alloc_printf("%s/fuzzer_stats", afl->out_dir);
u8 *fn = alloc_printf("%s/fuzzer_stats", afl->out_dir);
/* See if the output directory is locked. If yes, bail out. If not,
create a lock that will persist for the lifetime of the process
@ -1882,9 +1882,9 @@ dir_cleanup_failed:
int check_main_node_exists(afl_state_t *afl) {
DIR * sd;
DIR *sd;
struct dirent *sd_ent;
u8 * fn;
u8 *fn;
sd = opendir(afl->sync_dir);
if (!sd) { return 0; }
@ -2585,7 +2585,7 @@ void check_binary(afl_state_t *afl, u8 *fname) {
if (unlikely(!fname)) { FATAL("BUG: Binary name is NULL"); }
u8 * env_path = 0;
u8 *env_path = 0;
struct stat st;
s32 fd;

4
src/afl-fuzz-mutators.c
View File

@ -74,7 +74,7 @@ void setup_custom_mutators(afl_state_t *afl) {
/* Try mutator library first */
struct custom_mutator *mutator;
u8 * fn = afl->afl_env.afl_custom_mutator_library;
u8 *fn = afl->afl_env.afl_custom_mutator_library;
u32 prev_mutator_count = 0;
if (fn) {
@ -176,7 +176,7 @@ void destroy_custom_mutators(afl_state_t *afl) {
struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
void * dh;
void *dh;
struct custom_mutator *mutator = ck_alloc(sizeof(struct custom_mutator));
mutator->name = fn;

12
src/afl-fuzz-one.c
View File

@ -1901,7 +1901,7 @@ custom_mutator_stage:
struct queue_entry *target = NULL;
u32 tid;
u8 * new_buf = NULL;
u8 *new_buf = NULL;
u32 target_len = 0;
/* check if splicing makes sense yet (enough entries) */
@ -2110,7 +2110,7 @@ havoc_stage:
if (el->stacked_custom &&
rand_below(afl, 100) < el->stacked_custom_prob) {
u8 * custom_havoc_buf = NULL;
u8 *custom_havoc_buf = NULL;
size_t new_len = el->afl_custom_havoc_mutation(
el->data, out_buf, temp_len, &custom_havoc_buf, MAX_FILE);
if (unlikely(!custom_havoc_buf)) {
@ -2823,7 +2823,7 @@ havoc_stage:
/* Get the testcase for splicing. */
struct queue_entry *target = afl->queue_buf[tid];
u32 new_len = target->len;
u8 * new_buf = queue_testcase_get(afl, target);
u8 *new_buf = queue_testcase_get(afl, target);
if ((temp_len >= 2 && r % 2) || temp_len + HAVOC_BLK_XL >= MAX_FILE) {
@ -2951,7 +2951,7 @@ retry_splicing:
struct queue_entry *target;
u32 tid, split_at;
u8 * new_buf;
u8 *new_buf;
s32 f_diff, l_diff;
/* First of all, if we've modified in_buf for havoc, let's clean that
@ -5164,7 +5164,7 @@ pacemaker_fuzzing:
/* Get the testcase for splicing. */
struct queue_entry *target = afl->queue_buf[tid];
u32 new_len = target->len;
u8 * new_buf = queue_testcase_get(afl, target);
u8 *new_buf = queue_testcase_get(afl, target);
if ((temp_len >= 2 && rand_below(afl, 2)) ||
temp_len + HAVOC_BLK_XL >= MAX_FILE) {
@ -5340,7 +5340,7 @@ pacemaker_fuzzing:
struct queue_entry *target;
u32 tid, split_at;
u8 * new_buf;
u8 *new_buf;
s32 f_diff, l_diff;
/* First of all, if we've modified in_buf for havoc, let's clean that

10
src/afl-fuzz-python.c
View File

@ -151,7 +151,7 @@ static size_t fuzz_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf,
}
static const char *custom_describe_py(void * py_mutator,
static const char *custom_describe_py(void *py_mutator,
size_t max_description_len) {
PyObject *py_args, *py_value;
@ -202,7 +202,7 @@ static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) {
py->py_module = PyImport_Import(py_name);
Py_DECREF(py_name);
PyObject * py_module = py->py_module;
PyObject *py_module = py->py_module;
PyObject **py_functions = py->py_functions;
// initialize the post process buffer; ensures it's always valid
@ -393,7 +393,7 @@ void deinit_py(void *py_mutator) {
}
struct custom_mutator *load_custom_mutator_py(afl_state_t *afl,
char * module_name) {
char *module_name) {
struct custom_mutator *mutator;
@ -497,7 +497,7 @@ struct custom_mutator *load_custom_mutator_py(afl_state_t *afl,
size_t post_process_py(void *py_mutator, u8 *buf, size_t buf_size,
u8 **out_buf) {
PyObject * py_args, *py_value;
PyObject *py_args, *py_value;
py_mutator_t *py = (py_mutator_t *)py_mutator;
// buffer returned previously must be released; initialized during init
@ -819,7 +819,7 @@ const char *introspection_py(void *py_mutator) {
} else {
char * ret;
char *ret;
size_t len;
if (!py_bytes(py_value, &ret, &len)) {

6
src/afl-fuzz-queue.c
View File

@ -77,8 +77,8 @@ void create_alias_table(afl_state_t *afl) {
afl->alias_probability = (double *)afl_realloc(
(void **)&afl->alias_probability, n * sizeof(double));
double *P = (double *)afl_realloc(AFL_BUF_PARAM(out), n * sizeof(double));
int * S = (u32 *)afl_realloc(AFL_BUF_PARAM(out_scratch), n * sizeof(u32));
int * L = (u32 *)afl_realloc(AFL_BUF_PARAM(in_scratch), n * sizeof(u32));
int *S = (u32 *)afl_realloc(AFL_BUF_PARAM(out_scratch), n * sizeof(u32));
int *L = (u32 *)afl_realloc(AFL_BUF_PARAM(in_scratch), n * sizeof(u32));
if (!P || !S || !L || !afl->alias_table || !afl->alias_probability) {
@ -410,7 +410,7 @@ static u8 check_if_text(afl_state_t *afl, struct queue_entry *q) {
if (q->len < AFL_TXT_MIN_LEN) return 0;
u8 * buf;
u8 *buf;
int fd;
u32 len = q->len, offset = 0, ascii = 0, utf8 = 0;
ssize_t comp;

18
src/afl-fuzz-redqueen.c
View File

@ -266,10 +266,10 @@ static void type_replace(afl_state_t *afl, u8 *buf, u32 len) {
static u8 colorization(afl_state_t *afl, u8 *buf, u32 len,
struct tainted **taints) {
struct range * ranges = add_range(NULL, 0, len - 1), *rng;
struct range *ranges = add_range(NULL, 0, len - 1), *rng;
struct tainted *taint = NULL;
u8 * backup = ck_alloc_nozero(len);
u8 * changed = ck_alloc_nozero(len);
u8 *backup = ck_alloc_nozero(len);
u8 *changed = ck_alloc_nozero(len);
#if defined(_DEBUG) || defined(CMPLOG_INTROSPECTION)
u64 start_time = get_cur_time();
@ -575,7 +575,7 @@ static int strntoull(const char *str, size_t sz, char **end, int base,
char buf[64];
unsigned long long ret;
const char * beg = str;
const char *beg = str;
if (!str || !sz) { return 1; }
@ -755,11 +755,11 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h,
u64 *buf_64 = (u64 *)&buf[idx];
u32 *buf_32 = (u32 *)&buf[idx];
u16 *buf_16 = (u16 *)&buf[idx];
u8 * buf_8 = &buf[idx];
u8 *buf_8 = &buf[idx];
u64 *o_buf_64 = (u64 *)&orig_buf[idx];
u32 *o_buf_32 = (u32 *)&orig_buf[idx];
u16 *o_buf_16 = (u16 *)&orig_buf[idx];
u8 * o_buf_8 = &orig_buf[idx];
u8 *o_buf_8 = &orig_buf[idx];
u32 its_len = MIN(len - idx, taint_len);
@ -780,7 +780,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h,
// reverse atoi()/strnu?toll() is expensive, so we only to it in lvl 3
if (afl->cmplog_enable_transform && (lvl & LVL3)) {
u8 * endptr;
u8 *endptr;
u8 use_num = 0, use_unum = 0;
unsigned long long unum;
long long num;
@ -1613,7 +1613,7 @@ static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf,
u32 len, u32 lvl, struct tainted *taint) {
struct cmp_header *h = &afl->shm.cmp_map->headers[key];
struct tainted * t;
struct tainted *t;
u32 i, j, idx, taint_len, loggeds;
u32 have_taint = 1;
u8 status = 0, found_one = 0;
@ -2398,7 +2398,7 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry,
static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf,
u32 len, u8 lvl, struct tainted *taint) {
struct tainted * t;
struct tainted *t;
struct cmp_header *h = &afl->shm.cmp_map->headers[key];
u32 i, j, idx, have_taint = 1, taint_len, loggeds;
u8 status = 0, found_one = 0;

8
src/afl-fuzz-run.c
View File

@ -97,8 +97,8 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) {
if (unlikely(afl->custom_mutators_count)) {
ssize_t new_size = len;
u8 * new_mem = *mem;
u8 * new_buf = NULL;
u8 *new_mem = *mem;
u8 *new_buf = NULL;
LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, {
@ -173,7 +173,7 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at,
if (unlikely(!mem_trimmed)) { PFATAL("alloc"); }
ssize_t new_size = len - skip_len;
u8 * new_mem = mem;
u8 *new_mem = mem;
bool post_process_skipped = true;
@ -573,7 +573,7 @@ abort_calibration:
void sync_fuzzers(afl_state_t *afl) {
DIR * sd;
DIR *sd;
struct dirent *sd_ent;
u32 sync_cnt = 0, synced = 0, entries = 0;
u8 path[PATH_MAX + 1 + NAME_MAX];

2
src/afl-fuzz-stats.c
View File

@ -94,7 +94,7 @@ void load_stats_file(afl_state_t *afl) {
FILE *f;
u8 buf[MAX_LINE];
u8 * lptr;
u8 *lptr;
u8 fn[PATH_MAX];
u32 lineno = 0;
snprintf(fn, PATH_MAX, "%s/fuzzer_stats", afl->out_dir);

10
src/afl-fuzz.c
View File

@ -383,9 +383,9 @@ static int stricmp(char const *a, char const *b) {
static void fasan_check_afl_preload(char *afl_preload) {
char first_preload[PATH_MAX + 1] = {0};
char * separator = strchr(afl_preload, ':');
char *separator = strchr(afl_preload, ':');
size_t first_preload_len = PATH_MAX;
char * basename;
char *basename;
char clang_runtime_prefix[] = "libclang_rt.asan";
if (separator != NULL && (separator - afl_preload) < PATH_MAX) {
@ -429,7 +429,7 @@ static void fasan_check_afl_preload(char *afl_preload) {
nyx_plugin_handler_t *afl_load_libnyx_plugin(u8 *libnyx_binary) {
void * handle;
void *handle;
nyx_plugin_handler_t *plugin = calloc(1, sizeof(nyx_plugin_handler_t));
ACTF("Trying to load libnyx.so plugin...");
@ -498,8 +498,8 @@ int main(int argc, char **argv_orig, char **envp) {
u8 *extras_dir[4];
u8 mem_limit_given = 0, exit_1 = 0, debug = 0,
extras_dir_cnt = 0 /*, have_p = 0*/;
char * afl_preload;
char * frida_afl_preload = NULL;
char *afl_preload;
char *frida_afl_preload = NULL;
char **use_argv;
struct timeval tv;

6
src/afl-showmap.c
View File

@ -98,7 +98,7 @@ static volatile u8 stop_soon, /* Ctrl-C pressed? */
static sharedmem_t shm;
static afl_forkserver_t *fsrv;
static sharedmem_t * shm_fuzz;
static sharedmem_t *shm_fuzz;
/* Classify tuple counts. Instead of mapping to individual bits, as in
afl-fuzz.c, we map to more user-friendly numbers between 1 and 8. */
@ -138,7 +138,7 @@ static void kill_child() {
static void classify_counts(afl_forkserver_t *fsrv) {
u8 * mem = fsrv->trace_bits;
u8 *mem = fsrv->trace_bits;
const u8 *map = binary_mode ? count_class_binary : count_class_human;
u32 i = map_size;
@ -166,7 +166,7 @@ static void classify_counts(afl_forkserver_t *fsrv) {
}
static sharedmem_t *deinit_shmem(afl_forkserver_t *fsrv,
sharedmem_t * shm_fuzz) {
sharedmem_t *shm_fuzz) {
afl_shm_deinit(shm_fuzz);
fsrv->support_shmem_fuzz = 0;

6
src/afl-tmin.c
View File

@ -86,7 +86,7 @@ static volatile u8 stop_soon; /* Ctrl-C pressed? */
static afl_forkserver_t *fsrv;
static sharedmem_t shm;
static sharedmem_t * shm_fuzz;
static sharedmem_t *shm_fuzz;
/*
* forkserver section
@ -121,7 +121,7 @@ static void kill_child() {
}
static sharedmem_t *deinit_shmem(afl_forkserver_t *fsrv,
sharedmem_t * shm_fuzz) {
sharedmem_t *shm_fuzz) {
afl_shm_deinit(shm_fuzz);
fsrv->support_shmem_fuzz = 0;
@ -642,7 +642,7 @@ static void handle_stop_sig(int sig) {
static void set_up_environment(afl_forkserver_t *fsrv, char **argv) {
u8 * x;
u8 *x;
char *afl_preload;
char *frida_afl_preload = NULL;

10
utils/afl_network_proxy/afl-network-client.c
View File

@ -109,7 +109,7 @@ static void __afl_map_shm(void) {
if (id_str) {
#ifdef USEMMAP
const char * shm_file_path = id_str;
const char *shm_file_path = id_str;
int shm_fd = -1;
unsigned char *shm_base = NULL;
@ -209,13 +209,13 @@ static void __afl_end_testcase(int status) {
int main(int argc, char *argv[]) {
u8 * interface, *buf, *ptr;
u8 *interface, *buf, *ptr;
s32 s = -1;
struct addrinfo hints, *hres, *aip;
u32 * lenptr, max_len = 65536;
u32 *lenptr, max_len = 65536;
#ifdef USE_DEFLATE
u8 * buf2;
u32 * lenptr1, *lenptr2, buf2_len, compress_len;
u8 *buf2;
u32 *lenptr1, *lenptr2, buf2_len, compress_len;
size_t decompress_len;
#endif

6
utils/afl_network_proxy/afl-network-server.c
View File

@ -60,7 +60,7 @@
#ifdef USE_DEFLATE
#include <libdeflate.h>
struct libdeflate_compressor * compressor;
struct libdeflate_compressor *compressor;
struct libdeflate_decompressor *decompressor;
#endif
@ -387,8 +387,8 @@ int main(int argc, char **argv_orig, char **envp) {
struct sockaddr_in6 serveraddr, clientaddr;
int addrlen = sizeof(clientaddr);
char str[INET6_ADDRSTRLEN];
char ** argv = argv_cpy_dup(argc, argv_orig);
u8 * send_buf;
char **argv = argv_cpy_dup(argc, argv_orig);
u8 *send_buf;
#ifdef USE_DEFLATE
u32 *lenptr;
#endif

2
utils/afl_proxy/afl-proxy.c
View File

@ -112,7 +112,7 @@ static void __afl_map_shm(void) {
if (id_str) {
#ifdef USEMMAP
const char * shm_file_path = id_str;
const char *shm_file_path = id_str;
int shm_fd = -1;
unsigned char *shm_base = NULL;

16
utils/afl_untracer/afl-untracer.c
View File

@ -108,8 +108,8 @@ __thread u32 do_exit;
static pid_t pid = 65537;
static pthread_t __afl_thread;
static u8 __afl_dummy[MAP_SIZE];
static u8 * __afl_area_ptr = __afl_dummy;
static u8 * inputfile; // this will point to argv[1]
static u8 *__afl_area_ptr = __afl_dummy;
static u8 *inputfile; // this will point to argv[1]
static u32 len;
static library_list_t liblist[MAX_LIB_COUNT];
@ -177,7 +177,7 @@ void read_library_information(void) {
#elif defined(__FreeBSD__)
int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_VMMAP, getpid()};
char * buf, *start, *end;
char *buf, *start, *end;
size_t miblen = sizeof(mib) / sizeof(mib[0]);
size_t len;
@ -261,7 +261,7 @@ library_list_t *find_library(char *name) {
for (size_t i = 0; i < all_image_infos->infoArrayCount; i++) {
const char * image_name = image_infos[i].imageFilePath;
const char *image_name = image_infos[i].imageFilePath;
mach_vm_address_t image_load_address =
(mach_vm_address_t)image_infos[i].imageLoadAddress;
if (strstr(image_name, name)) {
@ -347,7 +347,7 @@ static void __afl_map_shm(void) {
if (id_str) {
#ifdef USEMMAP
const char * shm_file_path = id_str;
const char *shm_file_path = id_str;
int shm_fd = -1;
unsigned char *shm_base = NULL;
@ -468,10 +468,10 @@ void setup_trap_instrumentation(void) {
library_list_t *lib_base = NULL;
size_t lib_size = 0;
u8 * lib_addr;
char * line = NULL;
u8 *lib_addr;
char *line = NULL;
size_t nread, len = 0;
char * filename = getenv("AFL_UNTRACER_FILE");
char *filename = getenv("AFL_UNTRACER_FILE");
if (!filename) filename = getenv("TRAPFUZZ_FILE");
if (!filename) FATAL("AFL_UNTRACER_FILE environment variable not set");

2
utils/aflpp_driver/aflpp_driver.c
View File

@ -58,7 +58,7 @@ $AFL_HOME/afl-fuzz -i IN -o OUT ./a.out
#endif
int __afl_sharedmem_fuzzing = 1;
extern unsigned int * __afl_fuzz_len;
extern unsigned int *__afl_fuzz_len;
extern unsigned char *__afl_fuzz_ptr;
// libFuzzer interface is thin, so we don't include any libFuzzer headers.

6
utils/libdislocator/libdislocator.so.c
View File

@ -171,7 +171,7 @@ static u32 alloc_canary;
static void *__dislocator_alloc(size_t len) {
u8 * ret, *base;
u8 *ret, *base;
size_t tlen;
int flags, protflags, fd, sp;
@ -488,7 +488,7 @@ void *reallocarray(void *ptr, size_t elem_len, size_t elem_cnt) {
const size_t elem_lim = 1UL << (sizeof(size_t) * 4);
const size_t elem_tot = elem_len * elem_cnt;
void * ret = NULL;
void *ret = NULL;
if ((elem_len >= elem_lim || elem_cnt >= elem_lim) && elem_len > 0 &&
elem_cnt > (SIZE_MAX / elem_len)) {
@ -535,7 +535,7 @@ __attribute__((constructor)) void __dislocator_init(void) {
if (tmp) {
char * tok;
char *tok;
unsigned long long mmem = strtoull(tmp, &tok, 10);
if (*tok != '\0' || errno == ERANGE || mmem > SIZE_MAX / 1024 / 1024)
FATAL("Bad value for AFL_LD_LIMIT_MB");

2
utils/libtokencap/libtokencap.so.c
View File

@ -171,7 +171,7 @@ static void __tokencap_load_mappings(void) {
int mib[] = {CTL_VM, VM_PROC, VM_PROC_MAP, __tokencap_pid,
sizeof(struct kinfo_vmentry)};
#endif
char * buf, *low, *high;
char *buf, *low, *high;
size_t miblen = sizeof(mib) / sizeof(mib[0]);
size_t len;

6
utils/qbdi_mode/template.cpp
View File

@ -123,7 +123,7 @@ void afl_maybe_log(unsigned long cur_loc) {
char *read_file(char *path, unsigned long *length) {
unsigned long len;
char * buf;
char *buf;
FILE *fp = fopen(path, "rb");
fseek(fp, 0, SEEK_END);
@ -142,7 +142,7 @@ QBDI_NOINLINE int fuzz_func() {
if (afl_setup()) { afl_forkserver(); }
unsigned long len = 0;
char * data = read_file(input_pathname, &len);
char *data = read_file(input_pathname, &len);
// printf("In fuzz_func\n");
p_target_func(data, len);
@ -152,7 +152,7 @@ QBDI_NOINLINE int fuzz_func() {
static QBDI::VMAction bbcallback(QBDI::VMInstanceRef vm,
const QBDI::VMState *state,
QBDI::GPRState * gprState,
QBDI::GPRState *gprState,
QBDI::FPRState *fprState, void *data) {
// errno = SAVED_ERRNO;