ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-11 09:41:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

code cleanups (shadowed vars, (un)signed type mismatches, format types, etc.)

Browse Source
This commit is contained in:
hexcoder- 2021-01-04 20:40:53 +01:00
parent 5c22472616
commit c6e038fe25
18 changed files with 144 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
include/afl-fuzz.h
View File

@ -573,7 +573,7 @@ typedef struct afl_state {
u8 stage_name_buf[STAGE_BUF_SIZE]; /* reused stagename buf with len 64 */
s32 stage_cur, stage_max; /* Stage progression */
u32 stage_cur, stage_max; /* Stage progression */
s32 splicing_with; /* Splicing with which test case? */
u32 main_node_id, main_node_max; /* Main instance job splitting */
@ -648,7 +648,7 @@ typedef struct afl_state {
double last_avg_execs_saved;
/* foreign sync */
#define FOREIGN_SYNCS_MAX 32
#define FOREIGN_SYNCS_MAX 32U
u8 foreign_sync_cnt;
struct foreign_sync foreign_syncs[FOREIGN_SYNCS_MAX];

46
include/config.h
View File

@ -80,11 +80,11 @@
/* Default timeout for fuzzed code (milliseconds). This is the upper bound,
also used for detecting hangs; the actual value is auto-scaled: */
#define EXEC_TIMEOUT 1000
#define EXEC_TIMEOUT 1000U
/* Timeout rounding factor when auto-scaling (milliseconds): */
#define EXEC_TM_ROUND 20
#define EXEC_TM_ROUND 20U
/* 64bit arch MACRO */
#if (defined(__x86_64__) || defined(__arm64__) || defined(__aarch64__))
@ -93,48 +93,48 @@
/* Default memory limit for child process (MB) 0 = disabled : */
#define MEM_LIMIT 0
#define MEM_LIMIT 0U
/* Default memory limit when running in QEMU mode (MB) 0 = disabled : */
#define MEM_LIMIT_QEMU 0
#define MEM_LIMIT_QEMU 0U
/* Default memory limit when running in Unicorn mode (MB) 0 = disabled : */
#define MEM_LIMIT_UNICORN 0
#define MEM_LIMIT_UNICORN 0U
/* Number of calibration cycles per every new test case (and for test
cases that show variable behavior): */
#define CAL_CYCLES 8
#define CAL_CYCLES_LONG 40
#define CAL_CYCLES 8U
#define CAL_CYCLES_LONG 40U
/* Number of subsequent timeouts before abandoning an input file: */
#define TMOUT_LIMIT 250
#define TMOUT_LIMIT 250U
/* Maximum number of unique hangs or crashes to record: */
#define KEEP_UNIQUE_HANG 500
#define KEEP_UNIQUE_CRASH 5000
#define KEEP_UNIQUE_HANG 500U
#define KEEP_UNIQUE_CRASH 5000U
/* Baseline number of random tweaks during a single 'havoc' stage: */
#define HAVOC_CYCLES 256
#define HAVOC_CYCLES_INIT 1024
#define HAVOC_CYCLES 256U
#define HAVOC_CYCLES_INIT 1024U
/* Maximum multiplier for the above (should be a power of two, beware
of 32-bit int overflows): */
#define HAVOC_MAX_MULT 64
#define HAVOC_MAX_MULT_MOPT 64
#define HAVOC_MAX_MULT 64U
#define HAVOC_MAX_MULT_MOPT 64U
/* Absolute minimum number of havoc cycles (after all adjustments): */
#define HAVOC_MIN 12
#define HAVOC_MIN 12U
/* Power Schedule Divisor */
#define POWER_BETA 1
#define POWER_BETA 1U
#define MAX_FACTOR (POWER_BETA * 32)
/* Maximum stacking for havoc-stage tweaks. The actual value is calculated
@ -146,19 +146,19 @@
In other words, the default (n = 4) produces 2, 4, 8, 16
stacked tweaks: */
#define HAVOC_STACK_POW2 4
#define HAVOC_STACK_POW2 4U
/* Caps on block sizes for cloning and deletion operations. Each of these
ranges has a 33% probability of getting picked, except for the first
two cycles where smaller blocks are favored: */
#define HAVOC_BLK_SMALL 32
#define HAVOC_BLK_MEDIUM 128
#define HAVOC_BLK_LARGE 1500
#define HAVOC_BLK_SMALL 32U
#define HAVOC_BLK_MEDIUM 128U
#define HAVOC_BLK_LARGE 1500U
/* Extra-large blocks, selected very rarely (<5% of the time): */
#define HAVOC_BLK_XL 32768
#define HAVOC_BLK_XL 32768U
/* Probabilities of skipping non-favored entries in the queue, expressed as
percentages: */
@ -188,11 +188,11 @@
/* Maximum size of input file, in bytes (keep under 100MB): */
#define MAX_FILE (1 * 1024 * 1024)
#define MAX_FILE (1 * 1024 * 1024U)
/* The same, for the test case minimizer: */
#define TMIN_MAX_FILE (10 * 1024 * 1024)
#define TMIN_MAX_FILE (10 * 1024 * 1024U)
/* Block normalization steps for afl-tmin: */

4
src/afl-analyze.c
View File

@ -903,8 +903,8 @@ static void usage(u8 *argv0) {
"Execution control settings:\n"
" -f file - input file read by the tested program (stdin)\n"
" -t msec - timeout for each run (%d ms)\n"
" -m megs - memory limit for child process (%d MB)\n"
" -t msec - timeout for each run (%u ms)\n"
" -m megs - memory limit for child process (%u MB)\n"
" -Q - use binary-only instrumentation (QEMU mode)\n"
" -U - use unicorn-based instrumentation (Unicorn mode)\n"
" -W - use qemu-based instrumentation with Wine (Wine "

74
src/afl-cc.c
View File

@ -120,8 +120,10 @@ char compiler_mode_string[7][12] = {
u8 *getthecwd() {
static u8 fail[] = "";
if (getcwd(cwd, sizeof(cwd)) == NULL) return fail;
if (getcwd(cwd, sizeof(cwd)) == NULL) {
static u8 fail[] = "";
return fail;
}
return cwd;
}
@ -654,9 +656,9 @@ static void edit_params(u32 argc, char **argv, char **envp) {
}
u32 idx;
if (lto_mode && argc > 1) {
u32 idx;
for (idx = 1; idx < argc; idx++) {
if (!strncasecmp(argv[idx], "-fpic", 5)) have_pic = 1;
@ -1208,12 +1210,12 @@ int main(int argc, char **argv, char **envp) {
if (getenv("AFL_LLVM_INSTRUMENT")) {
u8 *ptr = strtok(getenv("AFL_LLVM_INSTRUMENT"), ":,;");
u8 *ptr2 = strtok(getenv("AFL_LLVM_INSTRUMENT"), ":,;");
while (ptr) {
while (ptr2) {
if (strncasecmp(ptr, "afl", strlen("afl")) == 0 ||
strncasecmp(ptr, "classic", strlen("classic")) == 0) {
if (strncasecmp(ptr2, "afl", strlen("afl")) == 0 ||
strncasecmp(ptr2, "classic", strlen("classic")) == 0) {
if (instrument_mode == INSTRUMENT_LTO) {
@ -1229,8 +1231,8 @@ int main(int argc, char **argv, char **envp) {
}
if (strncasecmp(ptr, "pc-guard", strlen("pc-guard")) == 0 ||
strncasecmp(ptr, "pcguard", strlen("pcguard")) == 0) {
if (strncasecmp(ptr2, "pc-guard", strlen("pc-guard")) == 0 ||
strncasecmp(ptr2, "pcguard", strlen("pcguard")) == 0) {
if (!instrument_mode || instrument_mode == INSTRUMENT_PCGUARD)
instrument_mode = INSTRUMENT_PCGUARD;
@ -1241,8 +1243,8 @@ int main(int argc, char **argv, char **envp) {
}
// this is a hidden option
if (strncasecmp(ptr, "llvmnative", strlen("llvmnative")) == 0 ||
strncasecmp(ptr, "llvm-native", strlen("llvm-native")) == 0) {
if (strncasecmp(ptr2, "llvmnative", strlen("llvmnative")) == 0 ||
strncasecmp(ptr2, "llvm-native", strlen("llvm-native")) == 0) {
if (!instrument_mode || instrument_mode == INSTRUMENT_LLVMNATIVE)
instrument_mode = INSTRUMENT_LLVMNATIVE;
@ -1252,8 +1254,8 @@ int main(int argc, char **argv, char **envp) {
}
if (strncasecmp(ptr, "cfg", strlen("cfg")) == 0 ||
strncasecmp(ptr, "instrim", strlen("instrim")) == 0) {
if (strncasecmp(ptr2, "cfg", strlen("cfg")) == 0 ||
strncasecmp(ptr2, "instrim", strlen("instrim")) == 0) {
if (instrument_mode == INSTRUMENT_LTO) {
@ -1269,7 +1271,7 @@ int main(int argc, char **argv, char **envp) {
}
if (strncasecmp(ptr, "lto", strlen("lto")) == 0) {
if (strncasecmp(ptr2, "lto", strlen("lto")) == 0) {
lto_mode = 1;
if (!instrument_mode || instrument_mode == INSTRUMENT_LTO)
@ -1280,7 +1282,7 @@ int main(int argc, char **argv, char **envp) {
}
if (strcasecmp(ptr, "gcc") == 0) {
if (strcasecmp(ptr2, "gcc") == 0) {
if (!instrument_mode || instrument_mode == INSTRUMENT_GCC)
instrument_mode = INSTRUMENT_GCC;
@ -1291,7 +1293,7 @@ int main(int argc, char **argv, char **envp) {
}
if (strcasecmp(ptr, "clang") == 0) {
if (strcasecmp(ptr2, "clang") == 0) {
if (!instrument_mode || instrument_mode == INSTRUMENT_CLANG)
instrument_mode = INSTRUMENT_CLANG;
@ -1302,29 +1304,29 @@ int main(int argc, char **argv, char **envp) {
}
if (strncasecmp(ptr, "ctx", strlen("ctx")) == 0) {
if (strncasecmp(ptr2, "ctx", strlen("ctx")) == 0) {
instrument_opt_mode |= INSTRUMENT_OPT_CTX;
setenv("AFL_LLVM_CTX", "1", 1);
}
if (strncasecmp(ptr, "ngram", strlen("ngram")) == 0) {
if (strncasecmp(ptr2, "ngram", strlen("ngram")) == 0) {
ptr += strlen("ngram");
while (*ptr && (*ptr < '0' || *ptr > '9'))
ptr++;
ptr2 += strlen("ngram");
while (*ptr2 && (*ptr2 < '0' || *ptr2 > '9'))
ptr2++;
if (!*ptr) {
if (!*ptr2) {
if ((ptr = getenv("AFL_LLVM_NGRAM_SIZE")) == NULL)
if ((ptr2 = getenv("AFL_LLVM_NGRAM_SIZE")) == NULL)
FATAL(
"you must set the NGRAM size with (e.g. for value 2) "
"AFL_LLVM_INSTRUMENT=ngram-2");
}
ngram_size = atoi(ptr);
ngram_size = atoi(ptr2);
if (ngram_size < 2 || ngram_size > NGRAM_SIZE_MAX)
FATAL(
"NGRAM instrumentation option must be between 2 and "
@ -1332,12 +1334,12 @@ int main(int argc, char **argv, char **envp) {
"(%u)",
NGRAM_SIZE_MAX);
instrument_opt_mode |= (INSTRUMENT_OPT_NGRAM);
ptr = alloc_printf("%u", ngram_size);
setenv("AFL_LLVM_NGRAM_SIZE", ptr, 1);
ptr2 = alloc_printf("%u", ngram_size);
setenv("AFL_LLVM_NGRAM_SIZE", ptr2, 1);
}
ptr = strtok(NULL, ":,;");
ptr2 = strtok(NULL, ":,;");
}
@ -1448,20 +1450,28 @@ int main(int argc, char **argv, char **envp) {
" The best is LTO but it often needs RANLIB and AR settings outside "
"of afl-cc.\n\n");
#if LLVM_MAJOR > 10 || (LLVM_MAJOR == 10 && LLVM_MINOR > 0)
#define NATIVE_MSG \
" NATIVE: use llvm's native PCGUARD instrumentation (less " \
"performant)\n"
#else
#define NATIVE_MSG ""
#endif
SAYF(
"Sub-Modes: (set via env AFL_LLVM_INSTRUMENT, afl-cc selects the best "
"available)\n"
" PCGUARD: Dominator tree instrumentation (best!) (README.llvm.md)\n"
#if LLVM_MAJOR > 10 || (LLVM_MAJOR == 10 && LLVM_MINOR > 0)
" NATIVE: use llvm's native PCGUARD instrumentation (less "
"performant)\n"
#endif
NATIVE_MSG
" CLASSIC: decision target instrumentation (README.llvm.md)\n"
" CTX: CLASSIC + callee context (instrumentation/README.ctx.md)\n"
" NGRAM-x: CLASSIC + previous path "
"((instrumentation/README.ngram.md)\n"
" INSTRIM: Dominator tree (for LLVM <= 6.0) "
"(instrumentation/README.instrim.md)\n\n");
#undef NATIVE_MSG
SAYF(
"Features: (see documentation links)\n"
@ -1625,7 +1635,7 @@ int main(int argc, char **argv, char **envp) {
if (!instrument_mode) {
instrument_mode = INSTRUMENT_CFG;
ptr = instrument_mode_string[instrument_mode];
//ptr = instrument_mode_string[instrument_mode];
}

20
src/afl-common.c
View File

@ -696,16 +696,16 @@ u8 *stringify_mem_size(u8 *buf, size_t len, u64 val) {
u8 *stringify_time_diff(u8 *buf, size_t len, u64 cur_ms, u64 event_ms) {
u64 delta;
s32 t_d, t_h, t_m, t_s;
u8 val_buf[STRINGIFY_VAL_SIZE_MAX];
if (!event_ms) {
snprintf(buf, len, "none seen yet");
} else {
u64 delta;
s32 t_d, t_h, t_m, t_s;
u8 val_buf[STRINGIFY_VAL_SIZE_MAX];
delta = cur_ms - event_ms;
t_d = delta / 1000 / 60 / 60 / 24;
@ -858,16 +858,16 @@ u8 *u_stringify_mem_size(u8 *buf, u64 val) {
u8 *u_stringify_time_diff(u8 *buf, u64 cur_ms, u64 event_ms) {
u64 delta;
s32 t_d, t_h, t_m, t_s;
u8 val_buf[STRINGIFY_VAL_SIZE_MAX];
if (!event_ms) {
sprintf(buf, "none seen yet");
} else {
u64 delta;
s32 t_d, t_h, t_m, t_s;
u8 val_buf[STRINGIFY_VAL_SIZE_MAX];
delta = cur_ms - event_ms;
t_d = delta / 1000 / 60 / 60 / 24;
@ -895,8 +895,8 @@ u32 get_map_size(void) {
map_size = atoi(ptr);
if (map_size < 8 || map_size > (1 << 29)) {
FATAL("illegal AFL_MAP_SIZE %u, must be between %u and %u", map_size, 8,
1 << 29);
FATAL("illegal AFL_MAP_SIZE %u, must be between %u and %u", map_size, 8U,
1U << 29);
}

4
src/afl-forkserver.c
View File

@ -213,7 +213,7 @@ restart_select:
static void afl_fauxsrv_execv(afl_forkserver_t *fsrv, char **argv) {
unsigned char tmp[4] = {0, 0, 0, 0};
pid_t child_pid = -1;
pid_t child_pid;
if (!be_quiet) { ACTF("Using Fauxserver:"); }
@ -1104,7 +1104,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
"Unable to communicate with fork server. Some possible reasons:\n\n"
" - You've run out of memory. Use -m to increase the the memory "
"limit\n"
" to something higher than %lld.\n"
" to something higher than %llu.\n"
" - The binary or one of the libraries it uses manages to "
"create\n"
" threads before the forkserver initializes.\n"

2
src/afl-fuzz-bitmap.c
View File

@ -703,7 +703,7 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
if (!classified) {
classify_counts(&afl->fsrv);
classified = 1;
// classified = 1;
}

6
src/afl-fuzz-extras.c
View File

@ -266,7 +266,7 @@ static void extras_check_and_sort(afl_state_t *afl, u32 min_len, u32 max_len,
if (afl->extras_cnt > afl->max_det_extras) {
WARNF("More than %d tokens - will use them probabilistically.",
WARNF("More than %u tokens - will use them probabilistically.",
afl->max_det_extras);
}
@ -431,7 +431,6 @@ void dedup_extras(afl_state_t *afl) {
/* Adds a new extra / dict entry. */
void add_extra(afl_state_t *afl, u8 *mem, u32 len) {
u8 val_bufs[2][STRINGIFY_VAL_SIZE_MAX];
u32 i, found = 0;
for (i = 0; i < afl->extras_cnt; i++) {
@ -451,6 +450,7 @@ void add_extra(afl_state_t *afl, u8 *mem, u32 len) {
if (len > MAX_DICT_FILE) {
u8 val_bufs[2][STRINGIFY_VAL_SIZE_MAX];
WARNF("Extra '%.*s' is too big (%s, limit is %s), skipping file!", (int)len,
mem, stringify_mem_size(val_bufs[0], sizeof(val_bufs[0]), len),
stringify_mem_size(val_bufs[1], sizeof(val_bufs[1]), MAX_DICT_FILE));
@ -481,7 +481,7 @@ void add_extra(afl_state_t *afl, u8 *mem, u32 len) {
if (afl->extras_cnt == afl->max_det_extras + 1) {
WARNF("More than %d tokens - will use them probabilistically.",
WARNF("More than %u tokens - will use them probabilistically.",
afl->max_det_extras);
}

28
src/afl-fuzz-mutators.c
View File

@ -316,16 +316,20 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf,
/* Initialize trimming in the custom mutator */
afl->stage_cur = 0;
afl->stage_max = mutator->afl_custom_init_trim(mutator->data, in_buf, q->len);
if (unlikely(afl->stage_max) < 0) {
s32 retval = mutator->afl_custom_init_trim(mutator->data, in_buf, q->len);
if (unlikely(retval) < 0) {
FATAL("custom_init_trim error ret: %d", afl->stage_max);
FATAL("custom_init_trim error ret: %d", retval);
} else {
afl->stage_max = retval;
}
if (afl->not_on_tty && afl->debug) {
SAYF("[Custom Trimming] START: Max %d iterations, %u bytes", afl->stage_max,
SAYF("[Custom Trimming] START: Max %u iterations, %u bytes", afl->stage_max,
q->len);
}
@ -343,7 +347,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf,
if (unlikely(!retbuf)) {
FATAL("custom_trim failed (ret %zd)", retlen);
FATAL("custom_trim failed (ret %zu)", retlen);
} else if (unlikely(retlen > orig_len)) {
@ -409,7 +413,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf,
if (afl->not_on_tty && afl->debug) {
SAYF("[Custom Trimming] SUCCESS: %d/%d iterations (now at %u bytes)",
SAYF("[Custom Trimming] SUCCESS: %u/%u iterations (now at %u bytes)",
afl->stage_cur, afl->stage_max, q->len);
}
@ -417,16 +421,20 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf,
} else {
/* Tell the custom mutator that the trimming was unsuccessful */
afl->stage_cur = mutator->afl_custom_post_trim(mutator->data, 0);
if (unlikely(afl->stage_cur < 0)) {
s32 retval2 = mutator->afl_custom_post_trim(mutator->data, 0);
if (unlikely(retval2 < 0)) {
FATAL("Error ret in custom_post_trim: %d", afl->stage_cur);
FATAL("Error ret in custom_post_trim: %d", retval2);
} else {
afl->stage_cur = retval2;
}
if (afl->not_on_tty && afl->debug) {
SAYF("[Custom Trimming] FAILURE: %d/%d iterations", afl->stage_cur,
SAYF("[Custom Trimming] FAILURE: %u/%u iterations", afl->stage_cur,
afl->stage_max);
}

24
src/afl-fuzz-one.c
View File

@ -368,7 +368,7 @@ static void locate_diffs(u8 *ptr1, u8 *ptr2, u32 len, s32 *first, s32 *last) {
u8 fuzz_one_original(afl_state_t *afl) {
s32 len, temp_len;
u32 len, temp_len;
u32 j;
u32 i;
u8 *in_buf, *out_buf, *orig_in, *ex_tmp, *eff_map = 0;
@ -545,7 +545,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
else
orig_perf = perf_score = calculate_score(afl, afl->queue_cur);
if (unlikely(perf_score <= 0)) { goto abandon_entry; }
if (unlikely(perf_score == 0)) { goto abandon_entry; }
if (unlikely(afl->shm.cmplog_mode && !afl->queue_cur->fully_colorized)) {
@ -902,7 +902,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
orig_hit_cnt = new_hit_cnt;
for (i = 0; (s32)i < len - 1; ++i) {
for (i = 0; i < len - 1; ++i) {
/* Let's consult the effector map... */
@ -945,7 +945,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
orig_hit_cnt = new_hit_cnt;
for (i = 0; (s32)i < len - 3; ++i) {
for (i = 0; i < len - 3; ++i) {
/* Let's consult the effector map... */
if (!eff_map[EFF_APOS(i)] && !eff_map[EFF_APOS(i + 1)] &&
@ -1405,7 +1405,7 @@ skip_arith:
orig_hit_cnt = new_hit_cnt;
for (i = 0; (s32)i < len - 1; ++i) {
for (i = 0; i < len - 1; ++i) {
u16 orig = *(u16 *)(out_buf + i);
@ -1493,7 +1493,7 @@ skip_arith:
orig_hit_cnt = new_hit_cnt;
for (i = 0; (s32)i < len - 3; i++) {
for (i = 0; i < len - 3; i++) {
u32 orig = *(u32 *)(out_buf + i);
@ -1850,7 +1850,7 @@ custom_mutator_stage:
if (unlikely(!mutated_buf)) {
FATAL("Error in custom_fuzz. Size returned: %zd", mutated_size);
FATAL("Error in custom_fuzz. Size returned: %zu", mutated_size);
}
@ -2026,7 +2026,7 @@ havoc_stage:
el->data, out_buf, temp_len, &custom_havoc_buf, MAX_FILE);
if (unlikely(!custom_havoc_buf)) {
FATAL("Error in custom_havoc (return %zd)", new_len);
FATAL("Error in custom_havoc (return %zu)", new_len);
}
@ -2458,7 +2458,7 @@ havoc_stage:
u32 use_extra = rand_below(afl, afl->a_extras_cnt);
u32 extra_len = afl->a_extras[use_extra].len;
if ((s32)extra_len > temp_len) { break; }
if (extra_len > temp_len) { break; }
u32 insert_at = rand_below(afl, temp_len - extra_len + 1);
#ifdef INTROSPECTION
@ -2476,7 +2476,7 @@ havoc_stage:
u32 use_extra = rand_below(afl, afl->extras_cnt);
u32 extra_len = afl->extras[use_extra].len;
if ((s32)extra_len > temp_len) { break; }
if (extra_len > temp_len) { break; }
u32 insert_at = rand_below(afl, temp_len - extra_len + 1);
#ifdef INTROSPECTION
@ -2577,7 +2577,7 @@ havoc_stage:
u32 copy_from, copy_to, copy_len;
copy_len = choose_block_len(afl, new_len - 1);
if ((s32)copy_len > temp_len) copy_len = temp_len;
if (copy_len > temp_len) copy_len = temp_len;
copy_from = rand_below(afl, new_len - copy_len + 1);
copy_to = rand_below(afl, temp_len - copy_len + 1);
@ -2952,7 +2952,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
else
orig_perf = perf_score = calculate_score(afl, afl->queue_cur);
if (unlikely(perf_score <= 0)) { goto abandon_entry; }
if (unlikely(perf_score == 0)) { goto abandon_entry; }
if (unlikely(afl->shm.cmplog_mode && !afl->queue_cur->fully_colorized)) {

5
src/afl-fuzz-queue.c
View File

@ -489,11 +489,12 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) {
void destroy_queue(afl_state_t *afl) {
struct queue_entry *q;
u32 i;
for (i = 0; i < afl->queued_paths; i++) {
struct queue_entry *q;
q = afl->queue_buf[i];
ck_free(q->fname);
ck_free(q->trace_mini);
@ -996,7 +997,7 @@ inline void queue_testcase_retake(afl_state_t *afl, struct queue_entry *q,
if (unlikely(!q->testcase_buf)) {
PFATAL("Unable to malloc '%s' with len %d", q->fname, len);
PFATAL("Unable to malloc '%s' with len %u", q->fname, len);
}

9
src/afl-fuzz-redqueen.c
View File

@ -445,6 +445,9 @@ static void try_to_add_to_dict(afl_state_t *afl, u64 v, u8 shape) {
u32 k;
u8 cons_ff = 0, cons_0 = 0;
if (shape > sizeof(v)) FATAL("shape is greater than %zu, please report!", sizeof(v));
for (k = 0; k < shape; ++k) {
if (b[k] == 0) {
@ -453,7 +456,7 @@ static void try_to_add_to_dict(afl_state_t *afl, u64 v, u8 shape) {
} else if (b[k] == 0xff) {
++cons_0;
++cons_ff;
} else {
@ -667,12 +670,12 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u32 len) {
u8 status = 0;
// opt not in the paper
u32 fails = 0;
// u32 fails = 0;
u8 found_one = 0;
for (i = 0; i < loggeds; ++i) {
fails = 0;
u32 fails = 0;
struct cmpfn_operands *o =
&((struct cmpfn_operands *)afl->shm.cmp_map->log[key])[i];

2
src/afl-fuzz-run.c
View File

@ -682,7 +682,7 @@ void sync_fuzzers(afl_state_t *afl) {
// same time. If so, the first temporary main node running again will demote
// themselves so this is not an issue
u8 path[PATH_MAX];
// u8 path2[PATH_MAX];
afl->is_main_node = 1;
sprintf(path, "%s/is_main_node", afl->out_dir);
int fd = open(path, O_CREAT | O_RDWR, 0644);

8
src/afl-fuzz-stats.c
View File

@ -31,7 +31,6 @@
void write_setup_file(afl_state_t *afl, u32 argc, char **argv) {
char *val;
u8 fn[PATH_MAX];
snprintf(fn, PATH_MAX, "%s/fuzzer_setup", afl->out_dir);
FILE *f = create_ffile(fn);
@ -44,6 +43,7 @@ void write_setup_file(afl_state_t *afl, u32 argc, char **argv) {
for (i = 0; i < s_afl_env; ++i) {
char *val;
if ((val = getenv(afl_environment_variables[i])) != NULL) {
fprintf(f, "%s=%s\n", afl_environment_variables[i], val);
@ -228,7 +228,7 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability,
if (afl->virgin_bits[i] != 0xff) {
fprintf(f, " %d[%02x]", i, afl->virgin_bits[i]);
fprintf(f, " %u[%02x]", i, afl->virgin_bits[i]);
}
@ -238,7 +238,7 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability,
fprintf(f, "var_bytes :");
for (i = 0; i < afl->fsrv.map_size; i++) {
if (afl->var_bytes[i]) { fprintf(f, " %d", i); }
if (afl->var_bytes[i]) { fprintf(f, " %u", i); }
}
@ -1163,7 +1163,7 @@ void show_init_stats(afl_state_t *afl) {
} else {
ACTF("-t option specified. We'll use an exec timeout of %d ms.",
ACTF("-t option specified. We'll use an exec timeout of %u ms.",
afl->fsrv.exec_tmout);
}

8
src/afl-fuzz.c
View File

@ -99,8 +99,8 @@ static void usage(u8 *argv0, int more_help) {
" lin, quad> -- see docs/power_schedules.md\n"
" -f file - location read by the fuzzed program (default: stdin "
"or @@)\n"
" -t msec - timeout for each run (auto-scaled, 50-%d ms)\n"
" -m megs - memory limit for child process (%d MB, 0 = no limit)\n"
" -t msec - timeout for each run (auto-scaled, 50-%u ms)\n"
" -m megs - memory limit for child process (%u MB, 0 = no limit)\n"
" -Q - use binary-only instrumentation (QEMU mode)\n"
" -U - use unicorn-based instrumentation (Unicorn mode)\n"
" -W - use qemu-based instrumentation with Wine (Wine "
@ -299,7 +299,7 @@ int main(int argc, char **argv_orig, char **envp) {
s32 opt, i, auto_sync = 0 /*, user_set_cache = 0*/;
u64 prev_queued = 0;
u32 sync_interval_cnt = 0, seek_to = 0, show_help = 0, map_size = MAP_SIZE;
u32 sync_interval_cnt = 0, seek_to = 0, show_help = 0, map_size = get_map_size();
u8 *extras_dir[4];
u8 mem_limit_given = 0, exit_1 = 0, debug = 0,
extras_dir_cnt = 0 /*, have_p = 0*/;
@ -326,7 +326,7 @@ int main(int argc, char **argv_orig, char **envp) {
if (get_afl_env("AFL_DEBUG")) { debug = afl->debug = 1; }
map_size = get_map_size();
// map_size = get_map_size();
afl_state_init(afl, map_size);
afl->debug = debug;
afl_fsrv_init(&afl->fsrv);

6
src/afl-ld-lto.c
View File

@ -187,7 +187,7 @@ static void edit_params(int argc, char **argv) {
if (debug)
DEBUGF(
"passthrough=%s instrim=%d, gold_pos=%d, gold_present=%s "
"passthrough=%s instrim=%u, gold_pos=%u, gold_present=%s "
"inst_present=%s rt_present=%s rt_lto_present=%s\n",
passthrough ? "true" : "false", instrim, gold_pos,
gold_present ? "true" : "false", inst_present ? "true" : "false",
@ -253,10 +253,10 @@ static void edit_params(int argc, char **argv) {
int main(int argc, char **argv) {
s32 pid, i, status;
u8 * ptr;
// u8 * ptr;
char thecwd[PATH_MAX];
if ((ptr = getenv("AFL_LD_CALLER")) != NULL) {
if (getenv("AFL_LD_CALLER") != NULL) {
FATAL("ld loop detected! Set AFL_REAL_LD!\n");

12
src/afl-showmap.c
View File

@ -662,7 +662,7 @@ static void usage(u8 *argv0) {
"Execution control settings:\n"
" -t msec - timeout for each run (none)\n"
" -m megs - memory limit for child process (%d MB)\n"
" -m megs - memory limit for child process (%u MB)\n"
" -Q - use binary-only instrumentation (QEMU mode)\n"
" -U - use Unicorn-based instrumentation (Unicorn mode)\n"
" -W - use qemu-based instrumentation with Wine (Wine mode)\n"
@ -1014,7 +1014,7 @@ int main(int argc, char **argv_orig, char **envp) {
DIR * dir_in, *dir_out = NULL;
struct dirent *dir_ent;
int done = 0;
// int done = 0;
u8 infile[PATH_MAX], outfile[PATH_MAX];
u8 wait_for_gdb = 0;
#if !defined(DT_REG)
@ -1090,11 +1090,11 @@ int main(int argc, char **argv_orig, char **envp) {
if (get_afl_env("AFL_DEBUG")) {
int i = optind;
int j = optind;
DEBUGF("%s:", fsrv->target_path);
while (argv[i] != NULL) {
while (argv[j] != NULL) {
SAYF(" \"%s\"", argv[i++]);
SAYF(" \"%s\"", argv[j++]);
}
@ -1143,7 +1143,7 @@ int main(int argc, char **argv_orig, char **envp) {
if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz)
shm_fuzz = deinit_shmem(fsrv, shm_fuzz);
while (done == 0 && (dir_ent = readdir(dir_in))) {
while ((dir_ent = readdir(dir_in))) {
if (dir_ent->d_name[0] == '.') {

4
src/afl-tmin.c
View File

@ -835,8 +835,8 @@ static void usage(u8 *argv0) {
"Execution control settings:\n"
" -f file - input file read by the tested program (stdin)\n"
" -t msec - timeout for each run (%d ms)\n"
" -m megs - memory limit for child process (%d MB)\n"
" -t msec - timeout for each run (%u ms)\n"
" -m megs - memory limit for child process (%u MB)\n"
" -Q - use binary-only instrumentation (QEMU mode)\n"
" -U - use unicorn-based instrumentation (Unicorn mode)\n"
" -W - use qemu-based instrumentation with Wine (Wine "