unified pointer placement

2025-06-13 02:28:09 +00:00 · 2020-03-10 22:04:05 +01:00
parent 2832cb643d
commit cc1d6b33b1
46 changed files with 1040 additions and 1043 deletions
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@ -32,12 +32,12 @@

 void timeout_handle(union sigval timer_data) {

-  pid_t        child_pid = timer_data.sival_int;
+  pid_t child_pid = timer_data.sival_int;
  if (child_pid > 0) kill(child_pid, SIGKILL);

 }

-u8 run_target(afl_state_t* afl, u32 timeout) {
+u8 run_target(afl_state_t *afl, u32 timeout) {

  // static struct itimerval it;
  struct sigevent          timer_signal_event;
@ -146,7 +146,7 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
      /* Use a distinctive bitmap value to tell the parent about execv()
         falling through. */

-      *(u32*)afl->fsrv.trace_bits = EXEC_FAIL_SIG;
+      *(u32 *)afl->fsrv.trace_bits = EXEC_FAIL_SIG;
      exit(0);

    }
@ -181,11 +181,7 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
  timer_signal_event.sigev_value.sival_int = afl->fsrv.child_pid;
  timer_status = timer_create(CLOCK_MONOTONIC, &timer_signal_event, &timer);

-  if (timer_status == -1) {
-
-    FATAL("Failed to create Timer");
-
-  }
+  if (timer_status == -1) { FATAL("Failed to create Timer"); }

  timer_period.it_value.tv_sec = (timeout / 1000);
  timer_period.it_value.tv_nsec = (timeout % 1000) * 1000000;
@ -203,13 +199,12 @@ u8 run_target(afl_state_t* afl, u32 timeout) {

    } else {

-    FATAL("Failed to set the timer to the given timeout");
+      FATAL("Failed to set the timer to the given timeout");

    }

  }

-
  /* The SIGALRM handler simply kills the afl->fsrv.child_pid and sets
   * afl->fsrv.child_timed_out. */

@ -221,6 +216,7 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
      PFATAL("waitpid() failed");

    }
+
  } else {

    s32 res;
@ -261,11 +257,7 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
                            timer_period.it_value.tv_nsec / 1000000);
  if (afl->slowest_exec_ms < exec_ms) afl->slowest_exec_ms = exec_ms;

-  if (exec_ms >= timeout) {
-
-    afl->fsrv.child_timed_out = 1;
-
-  }
+  if (exec_ms >= timeout) { afl->fsrv.child_timed_out = 1; }

  timer_period.it_value.tv_sec = 0;
  timer_period.it_value.tv_nsec = 0;
@ -289,12 +281,12 @@ u8 run_target(afl_state_t* afl, u32 timeout) {

  MEM_BARRIER();

-  tb4 = *(u32*)afl->fsrv.trace_bits;
+  tb4 = *(u32 *)afl->fsrv.trace_bits;

 #ifdef WORD_SIZE_64
-  classify_counts((u64*)afl->fsrv.trace_bits);
+  classify_counts((u64 *)afl->fsrv.trace_bits);
 #else
-  classify_counts((u32*)afl->fsrv.trace_bits);
+  classify_counts((u32 *)afl->fsrv.trace_bits);
 #endif                                                     /* ^WORD_SIZE_64 */

  prev_timed_out = afl->fsrv.child_timed_out;
@ -327,9 +319,9 @@ u8 run_target(afl_state_t* afl, u32 timeout) {

  return FAULT_NONE;

-  handle_stop_soon:
-    timer_delete(timer);
-    return 0;
+handle_stop_soon:
+  timer_delete(timer);
+  return 0;

 }

@ -337,13 +329,13 @@ u8 run_target(afl_state_t* afl, u32 timeout) {
   old file is unlinked and a new one is created. Otherwise, afl->fsrv.out_fd is
   rewound and truncated. */

-void write_to_testcase(afl_state_t* afl, void* mem, u32 len) {
+void write_to_testcase(afl_state_t *afl, void *mem, u32 len) {

  s32 fd = afl->fsrv.out_fd;

 #ifdef _AFL_DOCUMENT_MUTATIONS
  s32   doc_fd;
-  char* fn = alloc_printf("%s/mutations/%09u:%s", afl->out_dir,
+  char *fn = alloc_printf("%s/mutations/%09u:%s", afl->out_dir,
                          afl->document_counter++, describe_op(0));
  if (fn != NULL) {

@ -382,7 +374,7 @@ void write_to_testcase(afl_state_t* afl, void* mem, u32 len) {

  if (afl->mutator && afl->mutator->afl_custom_pre_save) {

-    u8*    new_data;
+    u8 *new_data;
    size_t new_size =
        afl->mutator->afl_custom_pre_save(afl, mem, len, &new_data);
    ck_write(fd, new_data, new_size, afl->fsrv.out_file);
@ -407,7 +399,7 @@ void write_to_testcase(afl_state_t* afl, void* mem, u32 len) {

 /* The same, but with an adjustable gap. Used for trimming. */

-static void write_with_gap(afl_state_t* afl, void* mem, u32 len, u32 skip_at,
+static void write_with_gap(afl_state_t *afl, void *mem, u32 len, u32 skip_at,
                           u32 skip_len) {

  s32 fd = afl->fsrv.out_fd;
@ -434,7 +426,7 @@ static void write_with_gap(afl_state_t* afl, void* mem, u32 len, u32 skip_at,

  if (skip_at) ck_write(fd, mem, skip_at, afl->fsrv.out_file);

-  u8* memu8 = mem;
+  u8 *memu8 = mem;
  if (tail_len)
    ck_write(fd, memu8 + skip_at + skip_len, tail_len, afl->fsrv.out_file);

@ -453,7 +445,7 @@ static void write_with_gap(afl_state_t* afl, void* mem, u32 len, u32 skip_at,
   to warn about flaky or otherwise problematic test cases early on; and when
   new paths are discovered to detect variable behavior and so on. */

-u8 calibrate_case(afl_state_t* afl, struct queue_entry* q, u8* use_mem,
+u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
                  u32 handicap, u8 from_queue) {

  static u8 first_trace[MAP_SIZE];
@ -465,7 +457,7 @@ u8 calibrate_case(afl_state_t* afl, struct queue_entry* q, u8* use_mem,

  s32 old_sc = afl->stage_cur, old_sm = afl->stage_max;
  u32 use_tmout = afl->fsrv.exec_tmout;
-  u8* old_sn = afl->stage_name;
+  u8 *old_sn = afl->stage_name;

  /* Be a bit more generous about timeouts when resuming sessions, or when
     trying to calibrate already-added finds. This helps avoid trouble due
@ -612,11 +604,11 @@ abort_calibration:

 /* Grab interesting test cases from other fuzzers. */

-void sync_fuzzers(afl_state_t* afl) {
+void sync_fuzzers(afl_state_t *afl) {

-  DIR*           sd;
-  struct dirent* sd_ent;
-  u32            sync_cnt = 0;
+  DIR *sd;
+  struct dirent *sd_ent;
+  u32 sync_cnt = 0;

  sd = opendir(afl->sync_dir);
  if (!sd) PFATAL("Unable to open '%s'", afl->sync_dir);
@ -631,10 +623,10 @@ void sync_fuzzers(afl_state_t* afl) {

    static u8 stage_tmp[128];

-    DIR*           qd;
-    struct dirent* qd_ent;
-    u8 *           qd_path, *qd_synced_path;
-    u32            min_accept = 0, next_min_accept;
+    DIR *qd;
+    struct dirent *qd_ent;
+    u8 *qd_path, *qd_synced_path;
+    u32 min_accept = 0, next_min_accept;

    s32 id_fd;

@ -679,8 +671,8 @@ void sync_fuzzers(afl_state_t* afl) {

    while ((qd_ent = readdir(qd))) {

-      u8*         path;
-      s32         fd;
+      u8 *path;
+      s32 fd;
      struct stat st;

      if (qd_ent->d_name[0] == '.' ||
@ -713,7 +705,7 @@ void sync_fuzzers(afl_state_t* afl) {
      if (st.st_size && st.st_size <= MAX_FILE) {

        u8  fault;
-        u8* mem = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
+        u8 *mem = mmap(0, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);

        if (mem == MAP_FAILED) PFATAL("Unable to mmap '%s'", path);

@ -760,7 +752,7 @@ void sync_fuzzers(afl_state_t* afl) {
   trimmer uses power-of-two increments somewhere between 1/16 and 1/1024 of
   file size, to keep the stage short and sweet. */

-u8 trim_case(afl_state_t* afl, struct queue_entry* q, u8* in_buf) {
+u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {

  /* Custom mutator trimmer */
  if (afl->mutator && afl->mutator->afl_custom_trim)
@ -896,7 +888,7 @@ abort_trimming:
   error conditions, returning 1 if it's time to bail out. This is
   a helper function for fuzz_one(). */

-u8 common_fuzz_stuff(afl_state_t* afl, u8* out_buf, u32 len) {
+u8 common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) {

  u8 fault;