From e4899b03594f277c4b797506bd65b1b2f6bf2c3f Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Wed, 12 Apr 2023 18:59:03 +0200 Subject: [PATCH] Post process fix (for #1699) --- include/afl-fuzz.h | 4 ++-- src/afl-fuzz-cmplog.c | 4 ++-- src/afl-fuzz-init.c | 2 +- src/afl-fuzz-mutators.c | 2 +- src/afl-fuzz-run.c | 24 ++++++++++++------------ 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 7ff3315bfd..a784731e2a 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -893,7 +893,7 @@ struct custom_mutator { * @param[in] buf Buffer containing the test case to be executed * @param[in] buf_size Size of the test case * @param[out] out_buf Pointer to the buffer storing the test case after - * processing. External library should allocate memory for out_buf. + * processing. The external library should allocate memory for out_buf. * It can chose to alter buf in-place, if the space is large enough. * @return Size of the output buffer. */ @@ -1148,7 +1148,7 @@ int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen); /* Run */ void sync_fuzzers(afl_state_t *); -u32 write_to_testcase(afl_state_t *, void **, u32, u32); +u32 write_to_testcase(afl_state_t *, void *, u32, u32); u8 calibrate_case(afl_state_t *, struct queue_entry *, u8 *, u32, u8); u8 trim_case(afl_state_t *, struct queue_entry *, u8 *); u8 common_fuzz_stuff(afl_state_t *, u8 *, u32); diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c index 3e6432cac6..0fc4dd832f 100644 --- a/src/afl-fuzz-cmplog.c +++ b/src/afl-fuzz-cmplog.c @@ -52,7 +52,7 @@ void cmplog_exec_child(afl_forkserver_t *fsrv, char **argv) { u8 common_fuzz_cmplog_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { u8 fault; - u32 tmp_len = write_to_testcase(afl, (void **)&out_buf, len, 0); + u32 tmp_len = write_to_testcase(afl, (void *)out_buf, len, 0); if (likely(tmp_len)) { @@ -60,7 +60,7 @@ u8 common_fuzz_cmplog_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { } else { - len = write_to_testcase(afl, (void **)&out_buf, len, 1); + len = write_to_testcase(afl, (void *)out_buf, len, 1); } diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 01d1e82ece..95c843d8ba 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -623,7 +623,7 @@ void read_foreign_testcases(afl_state_t *afl, int first) { } - u32 len = write_to_testcase(afl, (void **)&mem, st.st_size, 1); + u32 len = write_to_testcase(afl, (void *)mem, st.st_size, 1); fault = fuzz_run_target(afl, &afl->fsrv, afl->fsrv.exec_tmout); afl->syncing_party = foreign_name; afl->queued_imported += save_if_interesting(afl, mem, len, fault); diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index 64dbe7c61a..bd23788253 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -519,7 +519,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, if (likely(retlen)) { - retlen = write_to_testcase(afl, (void **)&retbuf, retlen, 0); + retlen = write_to_testcase(afl, (void *)retbuf, retlen, 0); if (unlikely(!retlen)) { diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index f5425011aa..15dadb9c1c 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -74,14 +74,14 @@ fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { rewound and truncated. */ u32 __attribute__((hot)) -write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { +write_to_testcase(afl_state_t *afl, void *mem, u32 len, u32 fix) { u8 sent = 0; if (unlikely(afl->custom_mutators_count)) { ssize_t new_size = len; - u8 *new_mem = *mem; + u8 *new_mem = mem; u8 *new_buf = NULL; LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { @@ -133,7 +133,7 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { } - if (new_mem != *mem) { *mem = new_mem; } + if (new_mem != mem) { mem = new_mem; } if (unlikely(afl->custom_mutators_count)) { @@ -141,7 +141,7 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { if (el->afl_custom_fuzz_send) { - el->afl_custom_fuzz_send(el->data, *mem, new_size); + el->afl_custom_fuzz_send(el->data, mem, new_size); sent = 1; } @@ -153,7 +153,7 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { if (likely(!sent)) { /* everything as planned. use the potentially new data. */ - afl_fsrv_write_to_testcase(&afl->fsrv, *mem, new_size); + afl_fsrv_write_to_testcase(&afl->fsrv, mem, new_size); len = new_size; } @@ -176,7 +176,7 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { if (el->afl_custom_fuzz_send) { - el->afl_custom_fuzz_send(el->data, *mem, len); + el->afl_custom_fuzz_send(el->data, mem, len); sent = 1; } @@ -188,7 +188,7 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { if (likely(!sent)) { /* boring uncustom. */ - afl_fsrv_write_to_testcase(&afl->fsrv, *mem, len); + afl_fsrv_write_to_testcase(&afl->fsrv, mem, len); } @@ -204,7 +204,7 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { if ((doc_fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, DEFAULT_PERMISSION)) >= 0) { - if (write(doc_fd, *mem, len) != len) + if (write(doc_fd, mem, len) != len) PFATAL("write to mutation file failed: %s", fn); close(doc_fd); @@ -435,7 +435,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, /* we need a dummy run if this is LTO + cmplog */ if (unlikely(afl->shm.cmplog_mode)) { - (void)write_to_testcase(afl, (void **)&use_mem, q->len, 1); + (void)write_to_testcase(afl, (void *)use_mem, q->len, 1); fault = fuzz_run_target(afl, &afl->fsrv, use_tmout); @@ -478,7 +478,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, u64 cksum; - (void)write_to_testcase(afl, (void **)&use_mem, q->len, 1); + (void)write_to_testcase(afl, (void *)use_mem, q->len, 1); fault = fuzz_run_target(afl, &afl->fsrv, use_tmout); @@ -789,7 +789,7 @@ void sync_fuzzers(afl_state_t *afl) { /* See what happens. We rely on save_if_interesting() to catch major errors and save the test case. */ - (void)write_to_testcase(afl, (void **)&mem, st.st_size, 1); + (void)write_to_testcase(afl, (void *)mem, st.st_size, 1); fault = fuzz_run_target(afl, &afl->fsrv, afl->fsrv.exec_tmout); @@ -1032,7 +1032,7 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { u8 fault; - if (unlikely(len = write_to_testcase(afl, (void **)&out_buf, len, 0)) == 0) { + if (unlikely(len = write_to_testcase(afl, (void *)out_buf, len, 0)) == 0) { return 0;