code format

2025-06-06 15:21:32 +00:00 · 2025-02-10 13:29:22 +01:00 · 2025-02-10 13:29:22 +01:00 · ecaddc09e8
commit ecaddc09e8
parent 287edf2754
15 changed files with 70 additions and 43 deletions
--- a/include/asanfuzz.h
+++ b/include/asanfuzz.h
@ -7,9 +7,9 @@
   Forkserver design by Jann Horn <jannhorn@googlemail.com>
   Now maintained by Marc Heuse <mh@mh-sec.de>,
-                     Heiko Eißfeldt <heiko.eissfeldt@hexco.de>,
+                     Dominik Maier <mail@dmnk.co>,
                     Andrea Fioraldi <andreafioraldi@gmail.com>,
-                     Dominik Maier <mail@dmnk.co>
+                     Heiko Eissfeldt <heiko.eissfeldt@hexco.de>
   Copyright 2016, 2017 Google Inc. All rights reserved.
   Copyright 2019-2023 AFLplusplus Project. All rights reserved.
@ -36,9 +36,13 @@
 #define NON_COV_INCREASE_BUG (1 << 5)
 enum SanitizerAbstraction {
-  SIMPLIFY_TRACE = 0, // Feed all unique trace to sanitizers, the most sensitive
+
  SIMPLIFY_TRACE = 0,  // Feed all unique trace to sanitizers, the
                       // most sensitive
  UNIQUE_TRACE,
-  COVERAGE_INCREASE // Feed all coverage increasing cases to sanitizers, the least sensitive
+  COVERAGE_INCREASE  // Feed all coverage increasing cases to sanitizers, the
                     // least sensitive
 };
 /* Execs the child */
--- a/include/common.h
+++ b/include/common.h
@ -76,8 +76,9 @@ u8 *find_afl_binary(u8 *own_loc, u8 *fname);
 int parse_afl_kill_signal(u8 *numeric_signal_as_str, int default_signal);
 /* Configure the signals that are used to kill the forkserver
-   and the forked children. If `afl_kill_signal_env` or `afl_fsrv_kill_signal_env`
+   and the forked children. If `afl_kill_signal_env` or
-   is NULL, the appropriate values are read from the environment. */
+   `afl_fsrv_kill_signal_env` is NULL, the appropriate values are read from the
   environment. */
 void configure_afl_kill_signals(afl_forkserver_t *fsrv,
                                char             *afl_kill_signal_env,
                                char             *afl_fsrv_kill_signal_env,
--- a/include/config.h
+++ b/include/config.h
@ -97,7 +97,7 @@
 /* Maximum allowed fails per CMP value. Default: 96 */
 #define CMPLOG_FAIL_MAX 96
-/* 
+/*
 * Effective fuzzing with selective feeding inputs
 */
--- a/include/coverage-64.h
+++ b/include/coverage-64.h
@ -74,7 +74,7 @@ inline void classify_counts(afl_forkserver_t *fsrv) {
 inline static void classify_counts_mem(u64 *mem, u32 size) {
-  u32  i = (size >> 3);
+  u32 i = (size >> 3);
  while (i--) {
--- a/include/envs.h
+++ b/include/envs.h
@ -118,8 +118,7 @@ static char *afl_environment_variables[] = {
    "AFL_CFISAN_VERBOSE", "AFL_USE_LSAN", "AFL_WINE_PATH", "AFL_NO_SNAPSHOT",
    "AFL_EXPAND_HAVOC_NOW", "AFL_USE_FASAN", "AFL_USE_QASAN",
    "AFL_PRINT_FILENAMES", "AFL_PIZZA_MODE", "AFL_NO_FASTRESUME",
-    "AFL_SAN_ABSTRACTION", "AFL_SAN_NO_INST", "AFL_SAN_RECOVER", NULL
+    "AFL_SAN_ABSTRACTION", "AFL_SAN_NO_INST", "AFL_SAN_RECOVER", NULL};
 };
 extern char *afl_environment_variables[];
--- a/include/forkserver.h
+++ b/include/forkserver.h
@ -159,7 +159,8 @@ typedef struct afl_forkserver {
  bool debug;                           /* debug mode?                      */
-  u8 san_but_not_instrumented;          /* Is it sanitizer enabled but not instrumented? */
+  u8 san_but_not_instrumented; /* Is it sanitizer enabled but not instrumented?
                                */
  bool uses_crash_exitcode;             /* Custom crash exitcode specified? */
  u8   crash_exitcode;                  /* The crash exitcode specified     */
--- a/instrumentation/SanitizerCoverageLTO.so.cc
+++ b/instrumentation/SanitizerCoverageLTO.so.cc
@ -326,15 +326,18 @@ class ModuleSanitizerCoverageLTOLegacyPass : public ModulePass {
                  .getPostDomTree();
    };
-    
+
    if (!getenv("AFL_SAN_NO_INST")) {
      return ModuleSancov.instrumentModule(M, DTCallback, PDTCallback);
    } else {
-      if (getenv("AFL_DEBUG")) {
+
-        DEBUGF("Instrument disabled\n");
+      if (getenv("AFL_DEBUG")) { DEBUGF("Instrument disabled\n"); }
      }
      return false;
    }
  }
 private:
@ -387,12 +390,14 @@ PreservedAnalyses ModuleSanitizerCoverageLTO::run(Module                &M,
  };
  if (!getenv("AFL_SAN_NO_INST")) {
    if (ModuleSancov.instrumentModule(M, DTCallback, PDTCallback))
      return PreservedAnalyses::none();
  } else {
-    if (debug) {
+
-      DEBUGF("Instrument disabled\n");
+    if (debug) { DEBUGF("Instrument disabled\n"); }
-    }
+
  }
  return PreservedAnalyses::all();
--- a/instrumentation/SanitizerCoveragePCGUARD.so.cc
+++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc
@ -262,15 +262,19 @@ PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module                &M,
  };
  // TODO: Support LTO or llvm classic?
-  // Note we still need afl-compiler-rt so we just disable the instrumentation here.
+  // Note we still need afl-compiler-rt so we just disable the instrumentation
  // here.
  if (!getenv("AFL_SAN_NO_INST")) {
    if (ModuleSancov.instrumentModule(M, DTCallback, PDTCallback))
      return PreservedAnalyses::none();
  } else {
-    if (getenv("AFL_DEBUG")) {
+
-      DEBUGF("Instrument disabled\n");
+    if (getenv("AFL_DEBUG")) { DEBUGF("Instrument disabled\n"); }
-    }
+
  }
  return PreservedAnalyses::all();
 }
--- a/instrumentation/afl-llvm-pass.so.cc
+++ b/instrumentation/afl-llvm-pass.so.cc
@ -225,18 +225,20 @@ bool AFLCoverage::runOnModule(Module &M) {
 #if LLVM_VERSION_MAJOR >= 11                        /* use new pass manager */
  if (getenv("AFL_SAN_NO_INST")) {
-    if (debug) {
+
-      fprintf(stderr, "Instrument disabled\n");
+    if (debug) { fprintf(stderr, "Instrument disabled\n"); }
    }
    return PreservedAnalyses::all();
  }
 #else
  if (getenv("AFL_SAN_NO_INST")) {
-    if (debug) {
+
-      fprintf(stderr, "Instrument disabled\n");
+    if (debug) { fprintf(stderr, "Instrument disabled\n"); }
    }
    return true;
  }
 #endif
  if ((isatty(2) && !getenv("AFL_QUIET")) || getenv("AFL_DEBUG") != NULL) {
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@ -1918,10 +1918,12 @@ fsrv_run_result_t __attribute__((hot)) afl_fsrv_run_target(
     must prevent any earlier operations from venturing into that
     territory. */
-  /* If the binary is not instrumented, we don't care about the coverage. Make it a bit faster */
+  /* If the binary is not instrumented, we don't care about the coverage. Make
   * it a bit faster */
  if (!fsrv->san_but_not_instrumented) {
 #ifdef __linux__
-  if (likely(!fsrv->nyx_mode)) {
+    if (likely(!fsrv->nyx_mode)) {
      memset(fsrv->trace_bits, 0, fsrv->map_size);
      MEM_BARRIER();
@ -1932,6 +1934,7 @@ fsrv_run_result_t __attribute__((hot)) afl_fsrv_run_target(
    memset(fsrv->trace_bits, 0, fsrv->map_size);
    MEM_BARRIER();
 #endif
  }
  /* we have the fork server (or faux server) up and running
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@ -543,8 +543,8 @@ u8 __attribute__((hot)) save_if_interesting(afl_state_t *afl, void *mem,
      simplify_trace(afl, afl->san_fsrvs[0].trace_bits);
      // Note: Original SAND implementation used XXHASH32
-      cksum_simplified = hash32(afl->san_fsrvs[0].trace_bits,
+      cksum_simplified =
-                                      afl->fsrv.map_size, HASH_CONST);
+          hash32(afl->san_fsrvs[0].trace_bits, afl->fsrv.map_size, HASH_CONST);
      if (unlikely(!bitmap_read(afl->simplified_n_fuzz, cksum_simplified))) {
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@ -2328,16 +2328,20 @@ void setup_dirs_fds(afl_state_t *afl) {
    afl->fsrv.plot_file = fdopen(fd, "w");
    if (!afl->fsrv.plot_file) { PFATAL("fdopen() failed"); }
-    fprintf(
+    fprintf(afl->fsrv.plot_file,
-        afl->fsrv.plot_file,
+            "# relative_time, cycles_done, cur_item, corpus_count, "
-        "# relative_time, cycles_done, cur_item, corpus_count, "
+            "pending_total, pending_favs, map_size, saved_crashes, "
-        "pending_total, pending_favs, map_size, saved_crashes, "
+            "saved_hangs, max_depth, execs_per_sec, total_execs, edges_found, "
-        "saved_hangs, max_depth, execs_per_sec, total_execs, edges_found, total_crashes, servers_count");
+            "total_crashes, servers_count");
    if (afl->san_binary_length) {
      for (u8 i = 0; i < afl->san_binary_length; i++) {
        fprintf(afl->fsrv.plot_file, ", sand_fsrv%u_exec", i);
      }
    }
    fprintf(afl->fsrv.plot_file, "\n");
--- a/src/afl-fuzz-sanfuzz.c
+++ b/src/afl-fuzz-sanfuzz.c
@ -32,7 +32,8 @@
 void sanfuzz_exec_child(afl_forkserver_t *fsrv, char **argv) {
-  if (!fsrv->qemu_mode && !fsrv->frida_mode && argv[0] != fsrv->asanfuzz_binary) {
+  if (!fsrv->qemu_mode && !fsrv->frida_mode &&
      argv[0] != fsrv->asanfuzz_binary) {
    argv[0] = fsrv->asanfuzz_binary;
@ -40,4 +41,5 @@ void sanfuzz_exec_child(afl_forkserver_t *fsrv, char **argv) {
  execv(fsrv->target_path, argv);
-}
+}
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@ -2249,7 +2249,9 @@ int main(int argc, char **argv_orig, char **envp) {
  // so that we won't overwrite target_path.
  // Lazymio: why does cmplog fsrv even work?!
  for (u8 i = 0; i < afl->san_binary_length; i++) {
    check_binary(afl, afl->san_binary[i]);
  }
  check_binary(afl, argv[optind]);
@ -3611,11 +3613,10 @@ stop_fuzzing:
    ck_free(afl->san_fsrvs[i].trace_bits);
    afl_fsrv_deinit(&afl->san_fsrvs[i]);
  }
-  if (afl->cmplog_binary) {
+  if (afl->cmplog_binary) { afl_fsrv_deinit(&afl->cmplog_fsrv); }
    afl_fsrv_deinit(&afl->cmplog_fsrv);
  }
  /* remove tmpfile */
  if (!afl->in_place_resume && afl->fsrv.out_file) {
--- a/src/afl-performance.c
+++ b/src/afl-performance.c
@ -423,4 +423,5 @@ char *sha1_hex_for_file(const char *fname, u32 len) {
  ck_free(tmp);
  return hex;
-}
+}