ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 11:08:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

small enhancements and code-format

Browse Source
This commit is contained in:
van Hauser
2020-04-02 16:41:33 +02:00
parent 5602a09cc6
commit e8e6dbf839
4 changed files with 40 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
include/afl-fuzz.h
View File

@ -935,13 +935,13 @@ u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len,
static inline u32 rand_below(afl_state_t *afl, u32 limit) { static inline u32 rand_below(afl_state_t *afl, u32 limit) {
#ifdef HAVE_ARC4RANDOM #ifdef HAVE_ARC4RANDOM
if (afl->fixed_seed) { return random() % limit; } if (unlikely(afl->fixed_seed)) { return random() % limit; }
/* The boundary not being necessarily a power of 2, /* The boundary not being necessarily a power of 2,
we need to ensure the result uniformity. */ we need to ensure the result uniformity. */
return arc4random_uniform(limit); return arc4random_uniform(limit);
#else #else
if (!afl->fixed_seed && unlikely(!afl->rand_cnt--)) { if (unlikely(!afl->rand_cnt--) && likely(!afl->fixed_seed)) {
ck_read(afl->fsrv.dev_urandom_fd, &afl->rand_seed, sizeof(afl->rand_seed), ck_read(afl->fsrv.dev_urandom_fd, &afl->rand_seed, sizeof(afl->rand_seed),
"/dev/urandom"); "/dev/urandom");
@ -957,7 +957,7 @@ static inline u32 rand_below(afl_state_t *afl, u32 limit) {
static inline u32 get_rand_seed(afl_state_t *afl) { static inline u32 get_rand_seed(afl_state_t *afl) {
if (afl->fixed_seed) return (u32)afl->init_seed; if (unlikely(afl->fixed_seed)) return (u32)afl->init_seed;
return afl->rand_seed[0]; return afl->rand_seed[0];
} }

35
include/list.h
View File

@ -98,24 +98,23 @@ static inline void list_append(list_t *list, void *el) {
A return from this block will return from calling func. A return from this block will return from calling func.
*/ */
#define LIST_FOREACH(list, type, block) \ #define LIST_FOREACH(list, type, block) \
do { \ do { \
\ \
list_t * li = (list); \ list_t * li = (list); \
element_t *head = get_head((li)); \ element_t *head = get_head((li)); \
element_t *el_box = (head)->next; \ element_t *el_box = (head)->next; \
if (!el_box) FATAL("foreach over uninitialized list"); \ if (!el_box) FATAL("foreach over uninitialized list"); \
while (el_box != head) { \ while (el_box != head) { \
\ \
__attribute__((unused)) \ __attribute__((unused)) type *el = (type *)((el_box)->data); \
type *el = (type *)((el_box)->data); \ /* get next so el_box can be unlinked */ \
/* get next so el_box can be unlinked */ \ element_t *next = el_box->next; \
element_t *next = el_box->next; \ {block}; \
{block}; \ el_box = next; \
el_box = next; \ \
\ } \
} \ \
\
} while (0); } while (0);
/* In foreach: remove the current el from the list */ /* In foreach: remove the current el from the list */

26
src/afl-fuzz-stats.c
View File

@ -36,6 +36,7 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability,
u8 fn[PATH_MAX]; u8 fn[PATH_MAX];
s32 fd; s32 fd;
FILE * f; FILE * f;
uint32_t t_bytes = count_non_255_bytes(afl->virgin_bits);
snprintf(fn, PATH_MAX, "%s/fuzzer_stats", afl->out_dir); snprintf(fn, PATH_MAX, "%s/fuzzer_stats", afl->out_dir);
@ -97,6 +98,8 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability,
"exec_timeout : %u\n" "exec_timeout : %u\n"
"slowest_exec_ms : %u\n" "slowest_exec_ms : %u\n"
"peak_rss_mb : %lu\n" "peak_rss_mb : %lu\n"
"var_byte_count : %u\n"
"found_edges : %u\n"
"afl_banner : %s\n" "afl_banner : %s\n"
"afl_version : " VERSION "afl_version : " VERSION
"\n" "\n"
@ -119,9 +122,10 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability,
#else #else
(unsigned long int)(rus.ru_maxrss >> 10), (unsigned long int)(rus.ru_maxrss >> 10),
#endif #endif
afl->use_banner, afl->unicorn_mode ? "unicorn" : "", afl->var_byte_count, t_bytes, afl->use_banner,
afl->qemu_mode ? "qemu " : "", afl->dumb_mode ? " dumb " : "", afl->unicorn_mode ? "unicorn" : "", afl->qemu_mode ? "qemu " : "",
afl->no_forkserver ? "no_fsrv " : "", afl->crash_mode ? "crash " : "", afl->dumb_mode ? " dumb " : "", afl->no_forkserver ? "no_fsrv " : "",
afl->crash_mode ? "crash " : "",
afl->persistent_mode ? "persistent " : "", afl->persistent_mode ? "persistent " : "",
afl->deferred_mode ? "deferred " : "", afl->deferred_mode ? "deferred " : "",
(afl->unicorn_mode || afl->qemu_mode || afl->dumb_mode || (afl->unicorn_mode || afl->qemu_mode || afl->dumb_mode ||
@ -257,7 +261,7 @@ void show_stats(afl_state_t *afl) {
t_byte_ratio = ((double)t_bytes * 100) / MAP_SIZE; t_byte_ratio = ((double)t_bytes * 100) / MAP_SIZE;
if (t_bytes) if (t_bytes)
stab_ratio = 100 - ((double)afl->var_byte_count) * 100 / t_bytes; stab_ratio = 100 - (((double)afl->var_byte_count) * 100) / t_bytes;
else else
stab_ratio = 100; stab_ratio = 100;
@ -361,9 +365,9 @@ void show_stats(afl_state_t *afl) {
/* Lord, forgive me this. */ /* Lord, forgive me this. */
SAYF(SET_G1 bSTG bLT bH bSTOP cCYA SAYF(SET_G1 bSTG bLT bH bSTOP cCYA
" process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA
" overall results " bSTG bH2 bH2 bRT "\n"); " overall results " bSTG bH2 bH2 bRT "\n");
if (afl->dumb_mode) { if (afl->dumb_mode) {
@ -445,9 +449,9 @@ void show_stats(afl_state_t *afl) {
" uniq hangs : " cRST "%-6s" bSTG bV "\n", " uniq hangs : " cRST "%-6s" bSTG bV "\n",
time_tmp, tmp); time_tmp, tmp);
SAYF(bVR bH bSTOP cCYA SAYF(bVR bH bSTOP cCYA
" cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA " cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA
" map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); " map coverage " bSTG bH bHT bH20 bH2 bVL "\n");
/* This gets funny because we want to print several variable-length variables /* This gets funny because we want to print several variable-length variables
together, but then cram them into a fixed-width field - so we need to together, but then cram them into a fixed-width field - so we need to
@ -476,9 +480,9 @@ void show_stats(afl_state_t *afl) {
SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp); SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp);
SAYF(bVR bH bSTOP cCYA SAYF(bVR bH bSTOP cCYA
" stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA " stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA
" findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n");
sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored), sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored),
((double)afl->queued_favored) * 100 / afl->queued_paths); ((double)afl->queued_favored) * 100 / afl->queued_paths);
@ -552,7 +556,7 @@ void show_stats(afl_state_t *afl) {
/* Aaaalmost there... hold on! */ /* Aaaalmost there... hold on! */
SAYF(bVR bH cCYA bSTOP SAYF(bVR bH cCYA bSTOP
" fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA
" path geometry " bSTG bH5 bH2 bVL "\n"); " path geometry " bSTG bH5 bH2 bVL "\n");

6
src/afl-fuzz.c
View File

@ -691,6 +691,7 @@ int main(int argc, char **argv_orig, char **envp) {
if (afl->fixed_seed) OKF("Running with fixed seed: %u", (u32)afl->init_seed); if (afl->fixed_seed) OKF("Running with fixed seed: %u", (u32)afl->init_seed);
srandom((u32)afl->init_seed); srandom((u32)afl->init_seed);
srand((u32)afl->init_seed); // in case it is a different implementation
if (afl->use_radamsa) { if (afl->use_radamsa) {
@ -721,11 +722,14 @@ int main(int argc, char **argv_orig, char **envp) {
} }
#if defined(__SANITIZE_ADDRESS__) #if defined(__SANITIZE_ADDRESS__)
if (afl->fsrv.mem_limit) { if (afl->fsrv.mem_limit) {
WARNF("in the ASAN build we disable all memory limits"); WARNF("in the ASAN build we disable all memory limits");
afl->fsrv.mem_limit = 0; afl->fsrv.mem_limit = 0;
} }
#endif #endif
setup_signal_handlers(); setup_signal_handlers();