Post process fix (for #1699)

include/afl-fuzz.h

@@ -893,7 +893,7 @@ struct custom_mutator {
    * @param[in] buf Buffer containing the test case to be executed
    * @param[in] buf_size Size of the test case
    * @param[out] out_buf Pointer to the buffer storing the test case after
-   *     processing. External library should allocate memory for out_buf.
+   *     processing. The external library should allocate memory for out_buf.
    *     It can chose to alter buf in-place, if the space is large enough.
    * @return Size of the output buffer.
    */
@@ -1148,7 +1148,7 @@ int  statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen);
 /* Run */
 
 void sync_fuzzers(afl_state_t *);
-u32  write_to_testcase(afl_state_t *, void **, u32, u32);
+u32  write_to_testcase(afl_state_t *, void *, u32, u32);
 u8   calibrate_case(afl_state_t *, struct queue_entry *, u8 *, u32, u8);
 u8   trim_case(afl_state_t *, struct queue_entry *, u8 *);
 u8   common_fuzz_stuff(afl_state_t *, u8 *, u32);

src/afl-fuzz-cmplog.c

@@ -52,15 +52,15 @@ void cmplog_exec_child(afl_forkserver_t *fsrv, char **argv) {
 u8 common_fuzz_cmplog_stuff(afl_state_t *afl, u8 *out_buf, u32 len) {
 
   u8  fault;
-  u32 tmp_len = write_to_testcase(afl, (void **)&out_buf, len, 0);
+  u32 tmp_len = write_to_testcase(afl, (void *)out_buf, len, 0);
 
   if (likely(tmp_len)) {
 
     len = tmp_len;
 
   } else {
 
-    len = write_to_testcase(afl, (void **)&out_buf, len, 1);
+    len = write_to_testcase(afl, (void *)out_buf, len, 1);
 
   }
 

src/afl-fuzz-init.c

@@ -623,7 +623,7 @@ void read_foreign_testcases(afl_state_t *afl, int first) {
 
         }
 
-        u32 len = write_to_testcase(afl, (void **)&mem, st.st_size, 1);
+        u32 len = write_to_testcase(afl, (void *)mem, st.st_size, 1);
         fault = fuzz_run_target(afl, &afl->fsrv, afl->fsrv.exec_tmout);
         afl->syncing_party = foreign_name;
         afl->queued_imported += save_if_interesting(afl, mem, len, fault);

src/afl-fuzz-mutators.c

@@ -519,7 +519,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf,
 
     if (likely(retlen)) {
 
-      retlen = write_to_testcase(afl, (void **)&retbuf, retlen, 0);
+      retlen = write_to_testcase(afl, (void *)retbuf, retlen, 0);
 
       if (unlikely(!retlen)) {
 

src/afl-fuzz-run.c

@@ -74,14 +74,14 @@ fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) {
    rewound and truncated. */
 
 u32 __attribute__((hot))
-write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) {
+write_to_testcase(afl_state_t *afl, void *mem, u32 len, u32 fix) {
 
   u8 sent = 0;
 
   if (unlikely(afl->custom_mutators_count)) {
 
     ssize_t new_size = len;
-    u8     *new_mem = *mem;
+    u8     *new_mem = mem;
     u8     *new_buf = NULL;
 
     LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, {
@@ -133,15 +133,15 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) {
 
     }
 
-    if (new_mem != *mem) { *mem = new_mem; }
+    if (new_mem != mem) { mem = new_mem; }
 
     if (unlikely(afl->custom_mutators_count)) {
 
       LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, {
 
         if (el->afl_custom_fuzz_send) {
 
-          el->afl_custom_fuzz_send(el->data, *mem, new_size);
+          el->afl_custom_fuzz_send(el->data, mem, new_size);
           sent = 1;
 
         }
@@ -153,7 +153,7 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) {
     if (likely(!sent)) {
 
       /* everything as planned. use the potentially new data. */
-      afl_fsrv_write_to_testcase(&afl->fsrv, *mem, new_size);
+      afl_fsrv_write_to_testcase(&afl->fsrv, mem, new_size);
       len = new_size;
 
     }
@@ -176,7 +176,7 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) {
 
         if (el->afl_custom_fuzz_send) {
 
-          el->afl_custom_fuzz_send(el->data, *mem, len);
+          el->afl_custom_fuzz_send(el->data, mem, len);
           sent = 1;
 
         }
@@ -188,7 +188,7 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) {
     if (likely(!sent)) {
 
       /* boring uncustom. */
-      afl_fsrv_write_to_testcase(&afl->fsrv, *mem, len);
+      afl_fsrv_write_to_testcase(&afl->fsrv, mem, len);
 
     }
 
@@ -204,7 +204,7 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) {
   if ((doc_fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, DEFAULT_PERMISSION)) >=
       0) {
 
-    if (write(doc_fd, *mem, len) != len)
+    if (write(doc_fd, mem, len) != len)
       PFATAL("write to mutation file failed: %s", fn);
     close(doc_fd);
 
@@ -435,7 +435,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
   /* we need a dummy run if this is LTO + cmplog */
   if (unlikely(afl->shm.cmplog_mode)) {
 
-    (void)write_to_testcase(afl, (void **)&use_mem, q->len, 1);
+    (void)write_to_testcase(afl, (void *)use_mem, q->len, 1);
 
     fault = fuzz_run_target(afl, &afl->fsrv, use_tmout);
 
@@ -478,7 +478,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
 
     u64 cksum;
 
-    (void)write_to_testcase(afl, (void **)&use_mem, q->len, 1);
+    (void)write_to_testcase(afl, (void *)use_mem, q->len, 1);
 
     fault = fuzz_run_target(afl, &afl->fsrv, use_tmout);
 
@@ -789,7 +789,7 @@ void sync_fuzzers(afl_state_t *afl) {
         /* See what happens. We rely on save_if_interesting() to catch major
            errors and save the test case. */
 
-        (void)write_to_testcase(afl, (void **)&mem, st.st_size, 1);
+        (void)write_to_testcase(afl, (void *)mem, st.st_size, 1);
 
         fault = fuzz_run_target(afl, &afl->fsrv, afl->fsrv.exec_tmout);
 
@@ -1032,7 +1032,7 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) {
 
   u8 fault;
 
-  if (unlikely(len = write_to_testcase(afl, (void **)&out_buf, len, 0)) == 0) {
+  if (unlikely(len = write_to_testcase(afl, (void *)out_buf, len, 0)) == 0) {
 
     return 0;