Makefile: indent everything with clang-format
diff --git a/linux/arch.c b/linux/arch.c
index 5d890ff..695c3f3 100644
--- a/linux/arch.c
+++ b/linux/arch.c
@@ -60,7 +60,7 @@
/* Size of remote pid cmdline char buffer */
#define _HF_PROC_CMDLINE_SZ 8192
-static inline bool arch_shouldAttach(honggfuzz_t * hfuzz, fuzzer_t * fuzzer)
+static inline bool arch_shouldAttach(honggfuzz_t* hfuzz, fuzzer_t* fuzzer)
{
if (hfuzz->persistent && fuzzer->linux.attachedPid == fuzzer->pid) {
return false;
@@ -76,10 +76,11 @@
#if defined(__has_feature)
#if __has_feature(address_sanitizer)
-__attribute__ ((no_sanitize("address"))) __attribute__ ((no_sanitize("memory")))
-#endif /* if __has_feature(address_sanitizer) */
-#endif /* if defined(__has_feature) */
-static int arch_cloneFunc(void *arg UNUSED)
+__attribute__((no_sanitize("address"))) __attribute__((no_sanitize("memory")))
+#endif /* if __has_feature(address_sanitizer) */
+#endif /* if defined(__has_feature) */
+static int
+arch_cloneFunc(void* arg UNUSED)
{
longjmp(env, 1);
abort();
@@ -95,7 +96,7 @@
}
if (setjmp(env) == 0) {
- void *stack_mid = &arch_clone_stack[sizeof(arch_clone_stack) / 2];
+ void* stack_mid = &arch_clone_stack[sizeof(arch_clone_stack) / 2];
/* Parent */
return clone(arch_cloneFunc, stack_mid, flags, NULL, NULL, NULL);
}
@@ -103,7 +104,7 @@
return 0;
}
-pid_t arch_fork(honggfuzz_t * hfuzz, fuzzer_t * fuzzer UNUSED)
+pid_t arch_fork(honggfuzz_t* hfuzz, fuzzer_t* fuzzer UNUSED)
{
pid_t pid = hfuzz->linux.useClone ? arch_clone(CLONE_UNTRACED | SIGCHLD) : fork();
if (pid == -1) {
@@ -119,7 +120,7 @@
return pid;
}
-bool arch_launchChild(honggfuzz_t * hfuzz, char *fileName)
+bool arch_launchChild(honggfuzz_t* hfuzz, char* fileName)
{
if ((hfuzz->linux.cloneFlags & CLONE_NEWNET) && (nsIfaceUp("lo") == false)) {
LOG_W("Cannot bring interface 'lo' up");
@@ -150,19 +151,19 @@
PLOG_D("personality(ADDR_NO_RANDOMIZE) failed");
}
#define ARGS_MAX 512
- char *args[ARGS_MAX + 2];
+ char* args[ARGS_MAX + 2];
char argData[PATH_MAX] = { 0 };
int x = 0;
for (x = 0; x < ARGS_MAX && hfuzz->cmdline[x]; x++) {
if (!hfuzz->fuzzStdin && !hfuzz->persistent
&& strcmp(hfuzz->cmdline[x], _HF_FILE_PLACEHOLDER) == 0) {
- args[x] = (char *)fileName;
+ args[x] = (char*)fileName;
} else if (!hfuzz->fuzzStdin && !hfuzz->persistent
- && strstr(hfuzz->cmdline[x], _HF_FILE_PLACEHOLDER)) {
- const char *off = strstr(hfuzz->cmdline[x], _HF_FILE_PLACEHOLDER);
+ && strstr(hfuzz->cmdline[x], _HF_FILE_PLACEHOLDER)) {
+ const char* off = strstr(hfuzz->cmdline[x], _HF_FILE_PLACEHOLDER);
snprintf(argData, PATH_MAX, "%.*s%s", (int)(off - hfuzz->cmdline[x]),
- hfuzz->cmdline[x], fileName);
+ hfuzz->cmdline[x], fileName);
args[x] = argData;
} else {
args[x] = hfuzz->cmdline[x];
@@ -184,7 +185,7 @@
}
#if defined(__NR_execveat)
syscall(__NR_execveat, hfuzz->linux.exeFd, "", args, environ, AT_EMPTY_PATH);
-#endif /* defined__NR_execveat) */
+#endif /* defined__NR_execveat) */
execve(args[0], args, environ);
int errno_cpy = errno;
alarm(1);
@@ -194,7 +195,7 @@
return false;
}
-void arch_prepareParentAfterFork(honggfuzz_t * hfuzz, fuzzer_t * fuzzer)
+void arch_prepareParentAfterFork(honggfuzz_t* hfuzz, fuzzer_t* fuzzer)
{
arch_perfClose(hfuzz, fuzzer);
@@ -221,7 +222,7 @@
}
}
-void arch_prepareParent(honggfuzz_t * hfuzz, fuzzer_t * fuzzer)
+void arch_prepareParent(honggfuzz_t* hfuzz, fuzzer_t* fuzzer)
{
pid_t ptracePid = (hfuzz->linux.pid > 0) ? hfuzz->linux.pid : fuzzer->pid;
pid_t childPid = fuzzer->pid;
@@ -247,7 +248,7 @@
} else {
if (kill(hfuzz->linux.pid, 0) == -1) {
PLOG_F("Liveness of PID %d read from file questioned - abort",
- hfuzz->linux.pid);
+ hfuzz->linux.pid);
} else {
LOG_D("Monitor PID has been updated (pid=%d)", hfuzz->linux.pid);
ptracePid = hfuzz->linux.pid;
@@ -269,7 +270,7 @@
}
}
-static bool arch_checkWait(honggfuzz_t * hfuzz, fuzzer_t * fuzzer)
+static bool arch_checkWait(honggfuzz_t* hfuzz, fuzzer_t* fuzzer)
{
pid_t ptracePid = (hfuzz->linux.pid > 0) ? hfuzz->linux.pid : fuzzer->pid;
pid_t childPid = fuzzer->pid;
@@ -294,7 +295,7 @@
char statusStr[4096];
LOG_D("PID '%d' returned with status: %s", pid,
- subproc_StatusToStr(status, statusStr, sizeof(statusStr)));
+ subproc_StatusToStr(status, statusStr, sizeof(statusStr)));
if (hfuzz->persistent && pid == fuzzer->persistentPid
&& (WIFEXITED(status) || WIFSIGNALED(status))) {
@@ -302,7 +303,7 @@
fuzzer->persistentPid = 0;
if (ATOMIC_GET(hfuzz->terminating) == false) {
LOG_W("Persistent mode: PID %d exited with status: %s", pid,
- subproc_StatusToStr(status, statusStr, sizeof(statusStr)));
+ subproc_StatusToStr(status, statusStr, sizeof(statusStr)));
}
return true;
}
@@ -322,7 +323,7 @@
}
__thread sigset_t sset_io_chld;
-void arch_reapChild(honggfuzz_t * hfuzz, fuzzer_t * fuzzer)
+void arch_reapChild(honggfuzz_t* hfuzz, fuzzer_t* fuzzer)
{
static const struct timespec ts = {
.tv_sec = 0L,
@@ -349,14 +350,13 @@
pid_t ptracePid = (hfuzz->linux.pid > 0) ? hfuzz->linux.pid : fuzzer->pid;
char crashReport[PATH_MAX];
snprintf(crashReport, sizeof(crashReport), "%s/%s.%d", hfuzz->workDir, kLOGPREFIX,
- ptracePid);
+ ptracePid);
if (files_exists(crashReport)) {
if (fuzzer->backtrace) {
unlink(crashReport);
} else {
- LOG_W
- ("Un-handled ASan report due to compiler-rt internal error - retry with '%s' (%s)",
- crashReport, fuzzer->fileName);
+ LOG_W("Un-handled ASan report due to compiler-rt internal error - retry with '%s' (%s)",
+ crashReport, fuzzer->fileName);
/* Try to parse report file */
arch_traceExitAnalyze(hfuzz, ptracePid, fuzzer);
@@ -368,7 +368,7 @@
sancov_Analyze(hfuzz, fuzzer);
}
-bool arch_archInit(honggfuzz_t * hfuzz)
+bool arch_archInit(honggfuzz_t* hfuzz)
{
/* Make %'d work */
setlocale(LC_NUMERIC, "");
@@ -382,13 +382,13 @@
return false;
}
- const char *(*gvs) (void) = dlsym(RTLD_DEFAULT, "gnu_get_libc_version");
+ const char* (*gvs)(void) = dlsym(RTLD_DEFAULT, "gnu_get_libc_version");
for (;;) {
if (!gvs) {
LOG_W("Unknown libc implementation. Using clone() instead of fork()");
break;
}
- const char *gversion = gvs();
+ const char* gversion = gvs();
int major, minor;
if (sscanf(gversion, "%d.%d", &major, &minor) != 2) {
LOG_W("Unknown glibc version:'%s'. Using clone() instead of fork()", gversion);
@@ -398,7 +398,8 @@
LOG_W("Your glibc version:'%s' will most likely result in malloc()-related "
"deadlocks. Min. version 2.24 (Or, Ubuntu's 2.23-0ubuntu6) suggested. "
"See https://sourceware.org/bugzilla/show_bug.cgi?id=19431 for explanation. "
- "Using clone() instead of fork()", gversion);
+ "Using clone() instead of fork()",
+ gversion);
break;
}
LOG_D("Glibc version:'%s', OK", gversion);
@@ -408,7 +409,7 @@
if (hfuzz->dynFileMethod != _HF_DYNFILE_NONE) {
unsigned long major = 0, minor = 0;
- char *p = NULL;
+ char* p = NULL;
/*
* Check that Linux kernel is compatible
@@ -482,12 +483,12 @@
hfuzz->linux.pidCmd = malloc(_HF_PROC_CMDLINE_SZ * sizeof(char));
if (!hfuzz->linux.pidCmd) {
- PLOG_E("malloc(%zu) failed", (size_t) _HF_PROC_CMDLINE_SZ);
+ PLOG_E("malloc(%zu) failed", (size_t)_HF_PROC_CMDLINE_SZ);
return false;
}
- ssize_t sz = files_readFileToBufMax(procCmd, (uint8_t *) hfuzz->linux.pidCmd,
- _HF_PROC_CMDLINE_SZ - 1);
+ ssize_t sz = files_readFileToBufMax(procCmd, (uint8_t*)hfuzz->linux.pidCmd,
+ _HF_PROC_CMDLINE_SZ - 1);
if (sz < 1) {
LOG_E("Couldn't read '%s'", procCmd);
free(hfuzz->linux.pidCmd);
@@ -495,7 +496,7 @@
}
/* Make human readable */
- for (size_t i = 0; i < ((size_t) sz - 1); i++) {
+ for (size_t i = 0; i < ((size_t)sz - 1); i++) {
if (hfuzz->linux.pidCmd[i] == '\0') {
hfuzz->linux.pidCmd[i] = ' ';
}
@@ -523,7 +524,7 @@
return true;
}
-bool arch_archThreadInit(honggfuzz_t * hfuzz UNUSED, fuzzer_t * fuzzer UNUSED)
+bool arch_archThreadInit(honggfuzz_t* hfuzz UNUSED, fuzzer_t* fuzzer UNUSED)
{
fuzzer->linux.perfMmapBuf = NULL;
fuzzer->linux.perfMmapAux = NULL;
diff --git a/linux/bfd.c b/linux/bfd.c
index f8ab29a..497af79 100644
--- a/linux/bfd.c
+++ b/linux/bfd.c
@@ -41,9 +41,9 @@
#include "libcommon/util.h"
typedef struct {
- bfd *bfdh;
- asection *section;
- asymbol **syms;
+ bfd* bfdh;
+ asection* section;
+ asymbol** syms;
} bfd_t;
/*
@@ -56,7 +56,7 @@
static pthread_mutex_t arch_bfd_mutex = PTHREAD_MUTEX_INITIALIZER;
-static bool arch_bfdInit(pid_t pid, bfd_t * bfdParams)
+static bool arch_bfdInit(pid_t pid, bfd_t* bfdParams)
{
char fname[PATH_MAX];
snprintf(fname, sizeof(fname), "/proc/%d/exe", pid);
@@ -76,7 +76,7 @@
return false;
}
- bfdParams->syms = (asymbol **) util_Malloc(storage_needed);
+ bfdParams->syms = (asymbol**)util_Malloc(storage_needed);
bfd_canonicalize_symtab(bfdParams->bfdh, bfdParams->syms);
if ((bfdParams->section = bfd_get_section_by_name(bfdParams->bfdh, ".text")) == NULL) {
@@ -87,7 +87,7 @@
return true;
}
-static void arch_bfdDestroy(bfd_t * bfdParams)
+static void arch_bfdDestroy(bfd_t* bfdParams)
{
if (bfdParams->syms) {
free(bfdParams->syms);
@@ -97,7 +97,7 @@
}
}
-void arch_bfdResolveSyms(pid_t pid, funcs_t * funcs, size_t num)
+void arch_bfdResolveSyms(pid_t pid, funcs_t* funcs, size_t num)
{
/* Guess what? libbfd is not multi-threading safe */
MX_SCOPED_LOCK(&arch_bfd_mutex);
@@ -113,12 +113,13 @@
if (arch_bfdInit(pid, &bfdParams) == false) {
return;
}
- defer {
+ defer
+ {
arch_bfdDestroy(&bfdParams);
};
- const char *func;
- const char *file;
+ const char* func;
+ const char* file;
unsigned int line;
for (unsigned int i = 0; i < num; i++) {
snprintf(funcs[i].func, sizeof(funcs->func), "[UNKNOWN]");
@@ -129,15 +130,14 @@
if ((offset < 0 || (unsigned long)offset > bfdParams.section->size)) {
continue;
}
- if (bfd_find_nearest_line
- (bfdParams.bfdh, bfdParams.section, bfdParams.syms, offset, &file, &func, &line)) {
+ if (bfd_find_nearest_line(bfdParams.bfdh, bfdParams.section, bfdParams.syms, offset, &file, &func, &line)) {
snprintf(funcs[i].func, sizeof(funcs->func), "%s", func);
funcs[i].line = line;
}
}
}
-static int arch_bfdFPrintF(void *buf, const char *fmt, ...)
+static int arch_bfdFPrintF(void* buf, const char* fmt, ...)
{
va_list args;
va_start(args, fmt);
@@ -147,7 +147,7 @@
return ret;
}
-void arch_bfdDisasm(pid_t pid, uint8_t * mem, size_t size, char *instr)
+void arch_bfdDisasm(pid_t pid, uint8_t* mem, size_t size, char* instr)
{
MX_SCOPED_LOCK(&arch_bfd_mutex);
@@ -155,12 +155,13 @@
char fname[PATH_MAX];
snprintf(fname, sizeof(fname), "/proc/%d/exe", pid);
- bfd *bfdh = bfd_openr(fname, NULL);
+ bfd* bfdh = bfd_openr(fname, NULL);
if (bfdh == NULL) {
LOG_W("bfd_openr('/proc/%d/exe') failed", pid);
return;
}
- defer {
+ defer
+ {
bfd_close(bfdh);
};
@@ -169,11 +170,10 @@
return;
}
#if defined(_HF_BFD_GE_2_29)
- disassembler_ftype disassemble =
- disassembler(bfd_get_arch(bfdh), bfd_little_endian(bfdh) ? FALSE : TRUE, 0, NULL);
+ disassembler_ftype disassemble = disassembler(bfd_get_arch(bfdh), bfd_little_endian(bfdh) ? FALSE : TRUE, 0, NULL);
#else
disassembler_ftype disassemble = disassembler(bfdh);
-#endif // defined(_HD_BFD_GE_2_29)
+#endif // defined(_HD_BFD_GE_2_29)
if (disassemble == NULL) {
LOG_W("disassembler() failed");
return;
diff --git a/linux/bfd.h b/linux/bfd.h
index d0e9b78..e483b39 100644
--- a/linux/bfd.h
+++ b/linux/bfd.h
@@ -35,7 +35,7 @@
#define PACKAGE 1
#define PACKAGE_VERSION 1
-extern void arch_bfdResolveSyms(pid_t pid, funcs_t * funcs, size_t num);
-extern void arch_bfdDisasm(pid_t pid, uint8_t * mem, size_t size, char *instr);
+extern void arch_bfdResolveSyms(pid_t pid, funcs_t* funcs, size_t num);
+extern void arch_bfdDisasm(pid_t pid, uint8_t* mem, size_t size, char* instr);
#endif
diff --git a/linux/perf.c b/linux/perf.c
index 339f4bb..bf05c09 100644
--- a/linux/perf.c
+++ b/linux/perf.c
@@ -53,9 +53,9 @@
static int32_t perfIntelBtsPerfType = -1;
#if defined(PERF_ATTR_SIZE_VER5)
-static inline void arch_perfBtsCount(honggfuzz_t * hfuzz, fuzzer_t * fuzzer)
+static inline void arch_perfBtsCount(honggfuzz_t* hfuzz, fuzzer_t* fuzzer)
{
- struct perf_event_mmap_page *pem = (struct perf_event_mmap_page *)fuzzer->linux.perfMmapBuf;
+ struct perf_event_mmap_page* pem = (struct perf_event_mmap_page*)fuzzer->linux.perfMmapBuf;
struct bts_branch {
uint64_t from;
uint64_t to;
@@ -63,15 +63,15 @@
};
uint64_t aux_head = ATOMIC_GET(pem->aux_head);
- struct bts_branch *br = (struct bts_branch *)fuzzer->linux.perfMmapAux;
- for (; br < ((struct bts_branch *)(fuzzer->linux.perfMmapAux + aux_head)); br++) {
+ struct bts_branch* br = (struct bts_branch*)fuzzer->linux.perfMmapAux;
+ for (; br < ((struct bts_branch*)(fuzzer->linux.perfMmapAux + aux_head)); br++) {
/*
* Kernel sometimes reports branches from the kernel (iret), we are not interested in that as it
* makes the whole concept of unique branch counting less predictable
*/
if (hfuzz->linux.kernelOnly == false
&& (__builtin_expect(br->from > 0xFFFFFFFF00000000, false)
- || __builtin_expect(br->to > 0xFFFFFFFF00000000, false))) {
+ || __builtin_expect(br->to > 0xFFFFFFFF00000000, false))) {
LOG_D("Adding branch %#018" PRIx64 " - %#018" PRIx64, br->from, br->to);
continue;
}
@@ -87,12 +87,12 @@
}
}
}
-#endif /* defined(PERF_ATTR_SIZE_VER5) */
+#endif /* defined(PERF_ATTR_SIZE_VER5) */
-static inline void arch_perfMmapParse(honggfuzz_t * hfuzz UNUSED, fuzzer_t * fuzzer UNUSED)
+static inline void arch_perfMmapParse(honggfuzz_t* hfuzz UNUSED, fuzzer_t* fuzzer UNUSED)
{
#if defined(PERF_ATTR_SIZE_VER5)
- struct perf_event_mmap_page *pem = (struct perf_event_mmap_page *)fuzzer->linux.perfMmapBuf;
+ struct perf_event_mmap_page* pem = (struct perf_event_mmap_page*)fuzzer->linux.perfMmapBuf;
if (pem->aux_head == pem->aux_tail) {
return;
}
@@ -106,18 +106,18 @@
if (hfuzz->dynFileMethod & _HF_DYNFILE_IPT_BLOCK) {
arch_ptAnalyze(hfuzz, fuzzer);
}
-#endif /* defined(PERF_ATTR_SIZE_VER5) */
+#endif /* defined(PERF_ATTR_SIZE_VER5) */
}
-static long perf_event_open(struct perf_event_attr *hw_event, pid_t pid, int cpu, int group_fd,
- unsigned long flags)
+static long perf_event_open(struct perf_event_attr* hw_event, pid_t pid, int cpu, int group_fd,
+ unsigned long flags)
{
- return syscall(__NR_perf_event_open, hw_event, (uintptr_t) pid, (uintptr_t) cpu,
- (uintptr_t) group_fd, (uintptr_t) flags);
+ return syscall(__NR_perf_event_open, hw_event, (uintptr_t)pid, (uintptr_t)cpu,
+ (uintptr_t)group_fd, (uintptr_t)flags);
}
-static bool arch_perfCreate(honggfuzz_t * hfuzz, fuzzer_t * fuzzer UNUSED, pid_t pid,
- dynFileMethod_t method, int *perfFd)
+static bool arch_perfCreate(honggfuzz_t* hfuzz, fuzzer_t* fuzzer UNUSED, pid_t pid,
+ dynFileMethod_t method, int* perfFd)
{
LOG_D("Enabling PERF for PID=%d method=%x", pid, method);
@@ -190,21 +190,20 @@
return true;
}
#if defined(PERF_ATTR_SIZE_VER5)
- fuzzer->linux.perfMmapBuf =
- mmap(NULL, _HF_PERF_MAP_SZ + getpagesize(), PROT_READ | PROT_WRITE, MAP_SHARED, *perfFd, 0);
+ fuzzer->linux.perfMmapBuf = mmap(NULL, _HF_PERF_MAP_SZ + getpagesize(), PROT_READ | PROT_WRITE, MAP_SHARED, *perfFd, 0);
if (fuzzer->linux.perfMmapBuf == MAP_FAILED) {
fuzzer->linux.perfMmapBuf = NULL;
PLOG_W("mmap(mmapBuf) failed, sz=%zu, try increasing the kernel.perf_event_mlock_kb "
- "sysctl (up to even 300000000)", (size_t) _HF_PERF_MAP_SZ + getpagesize());
+ "sysctl (up to even 300000000)",
+ (size_t)_HF_PERF_MAP_SZ + getpagesize());
close(*perfFd);
return false;
}
- struct perf_event_mmap_page *pem = (struct perf_event_mmap_page *)fuzzer->linux.perfMmapBuf;
+ struct perf_event_mmap_page* pem = (struct perf_event_mmap_page*)fuzzer->linux.perfMmapBuf;
pem->aux_offset = pem->data_offset + pem->data_size;
pem->aux_size = _HF_PERF_AUX_SZ;
- fuzzer->linux.perfMmapAux =
- mmap(NULL, pem->aux_size, PROT_READ, MAP_SHARED, *perfFd, pem->aux_offset);
+ fuzzer->linux.perfMmapAux = mmap(NULL, pem->aux_size, PROT_READ, MAP_SHARED, *perfFd, pem->aux_offset);
if (fuzzer->linux.perfMmapAux == MAP_FAILED) {
munmap(fuzzer->linux.perfMmapBuf, _HF_PERF_MAP_SZ + getpagesize());
@@ -214,14 +213,14 @@
close(*perfFd);
return false;
}
-#else /* defined(PERF_ATTR_SIZE_VER5) */
+#else /* defined(PERF_ATTR_SIZE_VER5) */
LOG_F("Your <linux/perf_event.h> includes are too old to support Intel PT/BTS");
-#endif /* defined(PERF_ATTR_SIZE_VER5) */
+#endif /* defined(PERF_ATTR_SIZE_VER5) */
return true;
}
-bool arch_perfOpen(pid_t pid, honggfuzz_t * hfuzz, fuzzer_t * fuzzer)
+bool arch_perfOpen(pid_t pid, honggfuzz_t* hfuzz, fuzzer_t* fuzzer)
{
if (hfuzz->dynFileMethod == _HF_DYNFILE_NONE) {
return true;
@@ -235,16 +234,14 @@
}
}
if (hfuzz->dynFileMethod & _HF_DYNFILE_BRANCH_COUNT) {
- if (arch_perfCreate
- (hfuzz, fuzzer, pid, _HF_DYNFILE_BRANCH_COUNT, &fuzzer->linux.cpuBranchFd)
+ if (arch_perfCreate(hfuzz, fuzzer, pid, _HF_DYNFILE_BRANCH_COUNT, &fuzzer->linux.cpuBranchFd)
== false) {
LOG_E("Cannot set up perf for PID=%d (_HF_DYNFILE_BRANCH_COUNT)", pid);
goto out;
}
}
if (hfuzz->dynFileMethod & _HF_DYNFILE_BTS_EDGE) {
- if (arch_perfCreate(hfuzz, fuzzer, pid, _HF_DYNFILE_BTS_EDGE, &fuzzer->linux.cpuIptBtsFd) ==
- false) {
+ if (arch_perfCreate(hfuzz, fuzzer, pid, _HF_DYNFILE_BTS_EDGE, &fuzzer->linux.cpuIptBtsFd) == false) {
LOG_E("Cannot set up perf for PID=%d (_HF_DYNFILE_BTS_EDGE)", pid);
goto out;
}
@@ -259,7 +256,7 @@
return true;
- out:
+out:
close(fuzzer->linux.cpuInstrFd);
close(fuzzer->linux.cpuBranchFd);
close(fuzzer->linux.cpuIptBtsFd);
@@ -267,7 +264,7 @@
return false;
}
-void arch_perfClose(honggfuzz_t * hfuzz, fuzzer_t * fuzzer)
+void arch_perfClose(honggfuzz_t* hfuzz, fuzzer_t* fuzzer)
{
if (hfuzz->dynFileMethod == _HF_DYNFILE_NONE) {
return;
@@ -300,7 +297,7 @@
}
}
-bool arch_perfEnable(honggfuzz_t * hfuzz, fuzzer_t * fuzzer)
+bool arch_perfEnable(honggfuzz_t* hfuzz, fuzzer_t* fuzzer)
{
if (hfuzz->dynFileMethod == _HF_DYNFILE_NONE) {
return true;
@@ -322,19 +319,19 @@
return true;
}
-static void arch_perfMmapReset(fuzzer_t * fuzzer)
+static void arch_perfMmapReset(fuzzer_t* fuzzer)
{
- struct perf_event_mmap_page *pem = (struct perf_event_mmap_page *)fuzzer->linux.perfMmapBuf;
+ struct perf_event_mmap_page* pem = (struct perf_event_mmap_page*)fuzzer->linux.perfMmapBuf;
ATOMIC_SET(pem->data_head, 0);
ATOMIC_SET(pem->data_tail, 0);
#if defined(PERF_ATTR_SIZE_VER5)
ATOMIC_SET(pem->aux_head, 0);
ATOMIC_SET(pem->aux_tail, 0);
-#endif /* defined(PERF_ATTR_SIZE_VER5) */
+#endif /* defined(PERF_ATTR_SIZE_VER5) */
wmb();
}
-void arch_perfAnalyze(honggfuzz_t * hfuzz, fuzzer_t * fuzzer)
+void arch_perfAnalyze(honggfuzz_t* hfuzz, fuzzer_t* fuzzer)
{
if (hfuzz->dynFileMethod == _HF_DYNFILE_NONE) {
return;
@@ -343,7 +340,7 @@
uint64_t instrCount = 0;
if (hfuzz->dynFileMethod & _HF_DYNFILE_INSTR_COUNT) {
ioctl(fuzzer->linux.cpuInstrFd, PERF_EVENT_IOC_DISABLE, 0);
- if (files_readFromFd(fuzzer->linux.cpuInstrFd, (uint8_t *) & instrCount, sizeof(instrCount))
+ if (files_readFromFd(fuzzer->linux.cpuInstrFd, (uint8_t*)&instrCount, sizeof(instrCount))
!= sizeof(instrCount)) {
PLOG_E("read(perfFd='%d') failed", fuzzer->linux.cpuInstrFd);
}
@@ -353,8 +350,8 @@
uint64_t branchCount = 0;
if (hfuzz->dynFileMethod & _HF_DYNFILE_BRANCH_COUNT) {
ioctl(fuzzer->linux.cpuBranchFd, PERF_EVENT_IOC_DISABLE, 0);
- if (files_readFromFd(fuzzer->linux.cpuBranchFd, (uint8_t *) & branchCount,
- sizeof(branchCount))
+ if (files_readFromFd(fuzzer->linux.cpuBranchFd, (uint8_t*)&branchCount,
+ sizeof(branchCount))
!= sizeof(branchCount)) {
PLOG_E("read(perfFd='%d') failed", fuzzer->linux.cpuBranchFd);
}
@@ -374,21 +371,20 @@
fuzzer->linux.hwCnts.cpuBranchCnt = branchCount;
}
-bool arch_perfInit(honggfuzz_t * hfuzz UNUSED)
+bool arch_perfInit(honggfuzz_t* hfuzz UNUSED)
{
uint8_t buf[PATH_MAX + 1];
- ssize_t sz =
- files_readFileToBufMax("/sys/bus/event_source/devices/intel_pt/type", buf, sizeof(buf) - 1);
+ ssize_t sz = files_readFileToBufMax("/sys/bus/event_source/devices/intel_pt/type", buf, sizeof(buf) - 1);
if (sz > 0) {
buf[sz] = '\0';
- perfIntelPtPerfType = (int32_t) strtoul((char *)buf, NULL, 10);
+ perfIntelPtPerfType = (int32_t)strtoul((char*)buf, NULL, 10);
LOG_D("perfIntelPtPerfType = %" PRIu32, perfIntelPtPerfType);
}
sz = files_readFileToBufMax("/sys/bus/event_source/devices/intel_bts/type", buf,
- sizeof(buf) - 1);
+ sizeof(buf) - 1);
if (sz > 0) {
buf[sz] = '\0';
- perfIntelBtsPerfType = (int32_t) strtoul((char *)buf, NULL, 10);
+ perfIntelBtsPerfType = (int32_t)strtoul((char*)buf, NULL, 10);
LOG_D("perfIntelBtsPerfType = %" PRIu32, perfIntelBtsPerfType);
}
return true;
diff --git a/linux/perf.h b/linux/perf.h
index ec1d898..9593134 100644
--- a/linux/perf.h
+++ b/linux/perf.h
@@ -26,10 +26,10 @@
#include "honggfuzz.h"
-extern bool arch_perfInit(honggfuzz_t * hfuzz);
-extern bool arch_perfOpen(pid_t pid, honggfuzz_t * hfuzz, fuzzer_t * fuzzer);
-extern void arch_perfClose(honggfuzz_t * hfuzz, fuzzer_t * fuzzer);
-extern bool arch_perfEnable(honggfuzz_t * hfuzz, fuzzer_t * fuzzer);
-extern void arch_perfAnalyze(honggfuzz_t * hfuzz, fuzzer_t * fuzzer);
+extern bool arch_perfInit(honggfuzz_t* hfuzz);
+extern bool arch_perfOpen(pid_t pid, honggfuzz_t* hfuzz, fuzzer_t* fuzzer);
+extern void arch_perfClose(honggfuzz_t* hfuzz, fuzzer_t* fuzzer);
+extern bool arch_perfEnable(honggfuzz_t* hfuzz, fuzzer_t* fuzzer);
+extern void arch_perfAnalyze(honggfuzz_t* hfuzz, fuzzer_t* fuzzer);
#endif
diff --git a/linux/pt.c b/linux/pt.c
index 3482fd0..09d4d0e 100644
--- a/linux/pt.c
+++ b/linux/pt.c
@@ -71,12 +71,12 @@
*
* - we have seen an IP update.
*/
- uint32_t have_ip:1;
+ uint32_t have_ip : 1;
/* - the IP has been suppressed in the last update. */
- uint32_t suppressed:1;
+ uint32_t suppressed : 1;
};
-inline static void pt_last_ip_init(struct pt_last_ip *last_ip)
+inline static void pt_last_ip_init(struct pt_last_ip* last_ip)
{
if (!last_ip)
return;
@@ -86,7 +86,7 @@
last_ip->suppressed = 0;
}
-inline static int pt_last_ip_query(uint64_t * ip, const struct pt_last_ip *last_ip)
+inline static int pt_last_ip_query(uint64_t* ip, const struct pt_last_ip* last_ip)
{
if (!last_ip)
return -pte_invalid;
@@ -120,9 +120,9 @@
return val & signbit ? val | mask : val & ~mask;
}
-inline static int pt_last_ip_update_ip(struct pt_last_ip *last_ip,
- const struct pt_packet_ip *packet,
- const struct pt_config *config)
+inline static int pt_last_ip_update_ip(struct pt_last_ip* last_ip,
+ const struct pt_packet_ip* packet,
+ const struct pt_config* config)
{
(void)config;
@@ -171,9 +171,9 @@
return -pte_bad_packet;
}
-inline static void perf_ptAnalyzePkt(honggfuzz_t * hfuzz, fuzzer_t * fuzzer,
- struct pt_packet *packet, struct pt_config *ptc,
- struct pt_last_ip *last_ip)
+inline static void perf_ptAnalyzePkt(honggfuzz_t* hfuzz, fuzzer_t* fuzzer,
+ struct pt_packet* packet, struct pt_config* ptc,
+ struct pt_last_ip* last_ip)
{
switch (packet->type) {
case ppt_tip:
@@ -205,9 +205,9 @@
return;
}
-void arch_ptAnalyze(honggfuzz_t * hfuzz, fuzzer_t * fuzzer)
+void arch_ptAnalyze(honggfuzz_t* hfuzz, fuzzer_t* fuzzer)
{
- struct perf_event_mmap_page *pem = (struct perf_event_mmap_page *)fuzzer->linux.perfMmapBuf;
+ struct perf_event_mmap_page* pem = (struct perf_event_mmap_page*)fuzzer->linux.perfMmapBuf;
uint64_t aux_tail = ATOMIC_GET(pem->aux_tail);
uint64_t aux_head = ATOMIC_GET(pem->aux_head);
@@ -222,11 +222,12 @@
LOG_F("pt_errata() failed: %s", pt_errstr(errcode));
}
- struct pt_packet_decoder *ptd = pt_pkt_alloc_decoder(&ptc);
+ struct pt_packet_decoder* ptd = pt_pkt_alloc_decoder(&ptc);
if (ptd == NULL) {
LOG_F("pt_pkt_alloc_decoder() failed");
}
- defer {
+ defer
+ {
pt_pkt_free_decoder(ptd);
};
@@ -252,12 +253,11 @@
}
}
-#else /* _HF_LINUX_INTEL_PT_LIB */
+#else /* _HF_LINUX_INTEL_PT_LIB */
-void arch_ptAnalyze(honggfuzz_t * hfuzz UNUSED, fuzzer_t * fuzzer UNUSED)
+void arch_ptAnalyze(honggfuzz_t* hfuzz UNUSED, fuzzer_t* fuzzer UNUSED)
{
- LOG_F
- ("The program has not been linked against the Intel's Processor Trace Library (libipt.so)");
+ LOG_F("The program has not been linked against the Intel's Processor Trace Library (libipt.so)");
}
-#endif /* _HF_LINUX_INTEL_PT_LIB */
+#endif /* _HF_LINUX_INTEL_PT_LIB */
diff --git a/linux/pt.h b/linux/pt.h
index 4a389cc..51c9799 100644
--- a/linux/pt.h
+++ b/linux/pt.h
@@ -26,6 +26,6 @@
#include "honggfuzz.h"
-extern void arch_ptAnalyze(honggfuzz_t * hfuzz, fuzzer_t * fuzzer);
+extern void arch_ptAnalyze(honggfuzz_t* hfuzz, fuzzer_t* fuzzer);
-#endif /* _HF_LINUX_INTEL_PT_LIB */
+#endif /* _HF_LINUX_INTEL_PT_LIB */
diff --git a/linux/trace.c b/linux/trace.c
index 37aef28..7840dc8 100644
--- a/linux/trace.c
+++ b/linux/trace.c
@@ -139,23 +139,23 @@
uint64_t gs;
};
#define HEADERS_STRUCT struct user_regs_struct_64
-#endif /* defined(__i386__) || defined(__x86_64__) */
+#endif /* defined(__i386__) || defined(__x86_64__) */
#if defined(__arm__) || defined(__aarch64__)
#ifndef ARM_pc
-#ifdef __ANDROID__ /* Building with NDK headers */
+#ifdef __ANDROID__ /* Building with NDK headers */
#define ARM_pc uregs[15]
-#else /* Building with glibc headers */
+#else /* Building with glibc headers */
#define ARM_pc 15
#endif
-#endif /* ARM_pc */
+#endif /* ARM_pc */
#ifndef ARM_cpsr
-#ifdef __ANDROID__ /* Building with NDK headers */
+#ifdef __ANDROID__ /* Building with NDK headers */
#define ARM_cpsr uregs[16]
-#else /* Building with glibc headers */
+#else /* Building with glibc headers */
#define ARM_cpsr 16
#endif
-#endif /* ARM_cpsr */
+#endif /* ARM_cpsr */
struct user_regs_struct_32 {
uint32_t uregs[18];
};
@@ -167,7 +167,7 @@
uint64_t pstate;
};
#define HEADERS_STRUCT struct user_regs_struct_64
-#endif /* defined(__arm__) || defined(__aarch64__) */
+#endif /* defined(__arm__) || defined(__aarch64__) */
#if defined(__powerpc64__) || defined(__powerpc__)
#define HEADERS_STRUCT struct pt_regs
@@ -217,7 +217,7 @@
uint64_t zero2;
uint64_t zero3;
};
-#endif /* defined(__powerpc64__) || defined(__powerpc__) */
+#endif /* defined(__powerpc64__) || defined(__powerpc__) */
#if defined(__mips__) || defined(__mips64__)
struct user_regs_struct {
@@ -231,7 +231,7 @@
uint64_t cp0_cause;
};
#define HEADERS_STRUCT struct user_regs_struct
-#endif /* defined(__mips__) || defined(__mips64__) */
+#endif /* defined(__mips__) || defined(__mips64__) */
#if defined(__ANDROID__)
/*
@@ -241,15 +241,15 @@
#define PTRACE_GETREGS_AVAILABLE 1
#else
#define PTRACE_GETREGS_AVAILABLE 0
-#endif /* defined(PTRACE_GETREGS) */
-#endif /* defined(__ANDROID__) */
+#endif /* defined(PTRACE_GETREGS) */
+#endif /* defined(__ANDROID__) */
/* *INDENT-OFF* */
static struct {
const char* descr;
bool important;
} arch_sigs[_NSIG + 1] = {
- [0 ...(_NSIG)].important = false,
+ [0 ...(_NSIG)].important = false,
[0 ...(_NSIG)].descr = "UNKNOWN",
[SIGTRAP].important = false,
@@ -283,12 +283,12 @@
#ifndef SI_FROMUSER
#define SI_FROMUSER(siptr) ((siptr)->si_code <= 0)
-#endif /* SI_FROMUSER */
+#endif /* SI_FROMUSER */
-extern const char *sys_sigabbrev[];
+extern const char* sys_sigabbrev[];
static __thread char arch_signame[32];
-static const char *arch_sigName(int signo)
+static const char* arch_sigName(int signo)
{
if (signo < 0 || signo > _NSIG) {
snprintf(arch_signame, sizeof(arch_signame), "UNKNOWN-%d", signo);
@@ -307,10 +307,10 @@
snprintf(arch_signame, sizeof(arch_signame), "SIG%s", sys_sigabbrev[signo]);
}
return arch_signame;
-#endif /* __ANDROID__ */
+#endif /* __ANDROID__ */
}
-static size_t arch_getProcMem(pid_t pid, uint8_t * buf, size_t len, REG_TYPE pc)
+static size_t arch_getProcMem(pid_t pid, uint8_t* buf, size_t len, REG_TYPE pc)
{
/*
* Let's try process_vm_readv first
@@ -320,10 +320,10 @@
.iov_len = len,
};
const struct iovec remote_iov = {
- .iov_base = (void *)(uintptr_t) pc,
+ .iov_base = (void*)(uintptr_t)pc,
.iov_len = len,
};
- if (process_vm_readv(pid, &local_iov, 1, &remote_iov, 1, 0) == (ssize_t) len) {
+ if (process_vm_readv(pid, &local_iov, 1, &remote_iov, 1, 0) == (ssize_t)len) {
return len;
}
// Debug if failed since it shouldn't happen very often
@@ -337,7 +337,7 @@
size_t memsz = 0;
for (int x = 0; x < cnt; x++) {
- uint8_t *addr = (uint8_t *) (uintptr_t) pc + (int)(x * sizeof(long));
+ uint8_t* addr = (uint8_t*)(uintptr_t)pc + (int)(x * sizeof(long));
long ret = ptrace(PTRACE_PEEKDATA, pid, addr, NULL);
if (errno != 0) {
@@ -351,7 +351,7 @@
return memsz;
}
-static size_t arch_getPC(pid_t pid, REG_TYPE * pc, REG_TYPE * status_reg UNUSED)
+static size_t arch_getPC(pid_t pid, REG_TYPE* pc, REG_TYPE* status_reg UNUSED)
{
/*
* Some old ARM android kernels are failing with PTRACE_GETREGS to extract
@@ -389,7 +389,7 @@
* 32-bit
*/
if (pt_iov.iov_len == sizeof(struct user_regs_struct_32)) {
- struct user_regs_struct_32 *r32 = (struct user_regs_struct_32 *)®s;
+ struct user_regs_struct_32* r32 = (struct user_regs_struct_32*)®s;
*pc = r32->eip;
*status_reg = r32->eflags;
return pt_iov.iov_len;
@@ -399,21 +399,21 @@
* 64-bit
*/
if (pt_iov.iov_len == sizeof(struct user_regs_struct_64)) {
- struct user_regs_struct_64 *r64 = (struct user_regs_struct_64 *)®s;
+ struct user_regs_struct_64* r64 = (struct user_regs_struct_64*)®s;
*pc = r64->ip;
*status_reg = r64->flags;
return pt_iov.iov_len;
}
LOG_W("Unknown registers structure size: '%zd'", pt_iov.iov_len);
return 0;
-#endif /* defined(__i386__) || defined(__x86_64__) */
+#endif /* defined(__i386__) || defined(__x86_64__) */
#if defined(__arm__) || defined(__aarch64__)
/*
* 32-bit
*/
if (pt_iov.iov_len == sizeof(struct user_regs_struct_32)) {
- struct user_regs_struct_32 *r32 = (struct user_regs_struct_32 *)®s;
+ struct user_regs_struct_32* r32 = (struct user_regs_struct_32*)®s;
#ifdef __ANDROID__
*pc = r32->ARM_pc;
*status_reg = r32->ARM_cpsr;
@@ -428,21 +428,21 @@
* 64-bit
*/
if (pt_iov.iov_len == sizeof(struct user_regs_struct_64)) {
- struct user_regs_struct_64 *r64 = (struct user_regs_struct_64 *)®s;
+ struct user_regs_struct_64* r64 = (struct user_regs_struct_64*)®s;
*pc = r64->pc;
*status_reg = r64->pstate;
return pt_iov.iov_len;
}
LOG_W("Unknown registers structure size: '%zd'", pt_iov.iov_len);
return 0;
-#endif /* defined(__arm__) || defined(__aarch64__) */
+#endif /* defined(__arm__) || defined(__aarch64__) */
#if defined(__powerpc64__) || defined(__powerpc__)
/*
* 32-bit
*/
if (pt_iov.iov_len == sizeof(struct user_regs_struct_32)) {
- struct user_regs_struct_32 *r32 = (struct user_regs_struct_32 *)®s;
+ struct user_regs_struct_32* r32 = (struct user_regs_struct_32*)®s;
*pc = r32->nip;
return pt_iov.iov_len;
}
@@ -451,25 +451,25 @@
* 64-bit
*/
if (pt_iov.iov_len == sizeof(struct user_regs_struct_64)) {
- struct user_regs_struct_64 *r64 = (struct user_regs_struct_64 *)®s;
+ struct user_regs_struct_64* r64 = (struct user_regs_struct_64*)®s;
*pc = r64->nip;
return pt_iov.iov_len;
}
LOG_W("Unknown registers structure size: '%zd'", pt_iov.iov_len);
return 0;
-#endif /* defined(__powerpc64__) || defined(__powerpc__) */
+#endif /* defined(__powerpc64__) || defined(__powerpc__) */
#if defined(__mips__) || defined(__mips64__)
*pc = regs.cp0_epc;
return pt_iov.iov_len;
-#endif /* defined(__mips__) || defined(__mips64__) */
+#endif /* defined(__mips__) || defined(__mips64__) */
LOG_D("Unknown/unsupported CPU architecture");
return 0;
}
-static void arch_getInstrStr(pid_t pid, REG_TYPE * pc, char *instr)
+static void arch_getInstrStr(pid_t pid, REG_TYPE* pc, char* instr)
{
/*
* We need a value aligned to 8
@@ -517,12 +517,12 @@
return;
}
- cs_insn *insn;
+ cs_insn* insn;
size_t count = cs_disasm(handle, buf, sizeof(buf), *pc, 0, &insn);
if (count < 1) {
LOG_W("Couldn't disassemble the assembler instructions' stream: '%s'",
- cs_strerror(cs_errno(handle)));
+ cs_strerror(cs_errno(handle)));
cs_close(&handle);
return;
}
@@ -530,7 +530,7 @@
snprintf(instr, _HF_INSTR_SZ, "%s %s", insn[0].mnemonic, insn[0].op_str);
cs_free(insn, count);
cs_close(&handle);
-#endif /* defined(__ANDROID__) */
+#endif /* defined(__ANDROID__) */
for (int x = 0; instr[x] && x < _HF_INSTR_SZ; x++) {
if (instr[x] == '/' || instr[x] == '\\' || isspace(instr[x])
@@ -542,8 +542,8 @@
return;
}
-static void arch_hashCallstack(honggfuzz_t * hfuzz, fuzzer_t * fuzzer, funcs_t * funcs,
- size_t funcCnt, bool enableMasking)
+static void arch_hashCallstack(honggfuzz_t* hfuzz, fuzzer_t* fuzzer, funcs_t* funcs,
+ size_t funcCnt, bool enableMasking)
{
uint64_t hash = 0;
for (size_t i = 0; i < funcCnt && i < hfuzz->linux.numMajorFrames; i++) {
@@ -551,7 +551,7 @@
* Convert PC to char array to be compatible with hash function
*/
char pcStr[REGSIZEINCHAR] = { 0 };
- snprintf(pcStr, REGSIZEINCHAR, REG_PD REG_PM, (REG_TYPE) (long)funcs[i].pc);
+ snprintf(pcStr, REGSIZEINCHAR, REG_PD REG_PM, (REG_TYPE)(long)funcs[i].pc);
/*
* Hash the last three nibbles
@@ -572,36 +572,36 @@
}
static void
-arch_traceGenerateReport(pid_t pid, fuzzer_t * fuzzer, funcs_t * funcs, size_t funcCnt,
- siginfo_t * si, const char *instr)
+arch_traceGenerateReport(pid_t pid, fuzzer_t* fuzzer, funcs_t* funcs, size_t funcCnt,
+ siginfo_t* si, const char* instr)
{
fuzzer->report[0] = '\0';
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "ORIG_FNAME: %s\n",
- fuzzer->origFileName);
+ fuzzer->origFileName);
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "FUZZ_FNAME: %s\n",
- fuzzer->crashFileName);
+ fuzzer->crashFileName);
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "PID: %d\n", pid);
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "SIGNAL: %s (%d)\n",
- arch_sigName(si->si_signo), si->si_signo);
+ arch_sigName(si->si_signo), si->si_signo);
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "FAULT ADDRESS: %p\n",
- SI_FROMUSER(si) ? NULL : si->si_addr);
+ SI_FROMUSER(si) ? NULL : si->si_addr);
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "INSTRUCTION: %s\n", instr);
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "STACK HASH: %016llx\n",
- fuzzer->backtrace);
+ fuzzer->backtrace);
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "STACK:\n");
for (size_t i = 0; i < funcCnt; i++) {
#ifdef __HF_USE_CAPSTONE__
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), " <" REG_PD REG_PM "> ",
- (REG_TYPE) (long)funcs[i].pc);
+ (REG_TYPE)(long)funcs[i].pc);
if (funcs[i].func[0] != '\0')
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "[%s() + 0x%x at %s]\n",
- funcs[i].func, funcs[i].line, funcs[i].mapName);
+ funcs[i].func, funcs[i].line, funcs[i].mapName);
else
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "[]\n");
#else
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report),
- " <" REG_PD REG_PM "> [%s():%u at %s]\n", (REG_TYPE) (long)funcs[i].pc,
- funcs[i].func, funcs[i].line, funcs[i].mapName);
+ " <" REG_PD REG_PM "> [%s():%u at %s]\n", (REG_TYPE)(long)funcs[i].pc,
+ funcs[i].func, funcs[i].line, funcs[i].mapName);
#endif
}
@@ -609,14 +609,14 @@
#if defined(__aarch64__)
if (funcCnt == 0) {
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), " !ERROR: If 32bit fuzz target"
- " in aarch64 system, try ARM 32bit build\n");
+ " in aarch64 system, try ARM 32bit build\n");
}
#endif
return;
}
-static void arch_traceAnalyzeData(honggfuzz_t * hfuzz, pid_t pid, fuzzer_t * fuzzer)
+static void arch_traceAnalyzeData(honggfuzz_t* hfuzz, pid_t pid, fuzzer_t* fuzzer)
{
REG_TYPE pc = 0, status_reg = 0;
size_t pcRegSz = arch_getPC(pid, &pc, &status_reg);
@@ -628,8 +628,9 @@
/*
* Unwind and resolve symbols
*/
- funcs_t *funcs = util_Malloc(_HF_MAX_FUNCS * sizeof(funcs_t));
- defer {
+ funcs_t* funcs = util_Malloc(_HF_MAX_FUNCS * sizeof(funcs_t));
+ defer
+ {
free(funcs);
};
memset(funcs, 0, _HF_MAX_FUNCS * sizeof(funcs_t));
@@ -648,7 +649,7 @@
if (funcCnt == 0) {
if (pc) {
/* Manually update major frame PC & frames counter */
- funcs[0].pc = (void *)(uintptr_t) pc;
+ funcs[0].pc = (void*)(uintptr_t)pc;
funcCnt = 1;
} else {
return;
@@ -661,7 +662,7 @@
arch_hashCallstack(hfuzz, fuzzer, funcs, funcCnt, false);
}
-static void arch_traceSaveData(honggfuzz_t * hfuzz, pid_t pid, fuzzer_t * fuzzer)
+static void arch_traceSaveData(honggfuzz_t* hfuzz, pid_t pid, fuzzer_t* fuzzer)
{
REG_TYPE pc = 0;
@@ -679,19 +680,20 @@
arch_getInstrStr(pid, &pc, instr);
LOG_D("Pid: %d, signo: %d, errno: %d, code: %d, addr: %p, pc: %" REG_PM ", instr: '%s'", pid,
- si.si_signo, si.si_errno, si.si_code, si.si_addr, pc, instr);
+ si.si_signo, si.si_errno, si.si_code, si.si_addr, pc, instr);
if (!SI_FROMUSER(&si) && pc && si.si_addr < hfuzz->linux.ignoreAddr) {
LOG_I("'%s' is interesting (%s), but the si.si_addr is %p (below %p), skipping",
- fuzzer->fileName, arch_sigName(si.si_signo), si.si_addr, hfuzz->linux.ignoreAddr);
+ fuzzer->fileName, arch_sigName(si.si_signo), si.si_addr, hfuzz->linux.ignoreAddr);
return;
}
/*
* Unwind and resolve symbols
*/
- funcs_t *funcs = util_Malloc(_HF_MAX_FUNCS * sizeof(funcs_t));
- defer {
+ funcs_t* funcs = util_Malloc(_HF_MAX_FUNCS * sizeof(funcs_t));
+ defer
+ {
free(funcs);
};
memset(funcs, 0, _HF_MAX_FUNCS * sizeof(funcs_t));
@@ -711,7 +713,7 @@
if (funcCnt == 0) {
if (pc) {
/* Manually update major frame PC & frames counter */
- funcs[0].pc = (void *)(uintptr_t) pc;
+ funcs[0].pc = (void*)(uintptr_t)pc;
funcCnt = 1;
} else {
saveUnique = false;
@@ -771,8 +773,8 @@
* of the status of uniqueness flag.
*/
if (hfuzz->linux.symsWl) {
- char *wlSymbol = arch_btContainsSymbol(hfuzz->linux.symsWlCnt, hfuzz->linux.symsWl,
- funcCnt, funcs);
+ char* wlSymbol = arch_btContainsSymbol(hfuzz->linux.symsWlCnt, hfuzz->linux.symsWl,
+ funcCnt, funcs);
if (wlSymbol != NULL) {
saveUnique = false;
LOG_D("Whitelisted symbol '%s' found, skipping blacklist checks", wlSymbol);
@@ -782,8 +784,7 @@
* Check if stackhash is blacklisted
*/
if (hfuzz->blacklist
- && (fastArray64Search(hfuzz->blacklist, hfuzz->blacklistCnt, fuzzer->backtrace) !=
- -1)) {
+ && (fastArray64Search(hfuzz->blacklist, hfuzz->blacklistCnt, fuzzer->backtrace) != -1)) {
LOG_I("Blacklisted stack hash '%" PRIx64 "', skipping", fuzzer->backtrace);
ATOMIC_POST_INC(hfuzz->blCrashesCnt);
return;
@@ -792,8 +793,8 @@
/*
* Check if backtrace contains blacklisted symbol
*/
- char *blSymbol = arch_btContainsSymbol(hfuzz->linux.symsBlCnt, hfuzz->linux.symsBl,
- funcCnt, funcs);
+ char* blSymbol = arch_btContainsSymbol(hfuzz->linux.symsBlCnt, hfuzz->linux.symsBl,
+ funcCnt, funcs);
if (blSymbol != NULL) {
LOG_I("Blacklisted symbol '%s' found, skipping", blSymbol);
ATOMIC_POST_INC(hfuzz->blCrashesCnt);
@@ -804,7 +805,7 @@
/* If non-blacklisted crash detected, zero set two MSB */
ATOMIC_POST_ADD(hfuzz->dynFileIterExpire, _HF_DYNFILE_SUB_MASK);
- void *sig_addr = si.si_addr;
+ void* sig_addr = si.si_addr;
if (hfuzz->linux.disableRandomization == false) {
pc = 0UL;
sig_addr = NULL;
@@ -818,19 +819,19 @@
/* If dry run mode, copy file with same name into workspace */
if (hfuzz->origFlipRate == 0.0L && hfuzz->useVerifier) {
snprintf(fuzzer->crashFileName, sizeof(fuzzer->crashFileName), "%s/%s",
- hfuzz->workDir, fuzzer->origFileName);
+ hfuzz->workDir, fuzzer->origFileName);
} else if (saveUnique) {
snprintf(fuzzer->crashFileName, sizeof(fuzzer->crashFileName),
- "%s/%s.PC.%" REG_PM ".STACK.%" PRIx64 ".CODE.%d.ADDR.%p.INSTR.%s.%s",
- hfuzz->workDir, arch_sigName(si.si_signo), pc, fuzzer->backtrace,
- si.si_code, sig_addr, instr, hfuzz->fileExtn);
+ "%s/%s.PC.%" REG_PM ".STACK.%" PRIx64 ".CODE.%d.ADDR.%p.INSTR.%s.%s",
+ hfuzz->workDir, arch_sigName(si.si_signo), pc, fuzzer->backtrace,
+ si.si_code, sig_addr, instr, hfuzz->fileExtn);
} else {
char localtmstr[PATH_MAX];
util_getLocalTime("%F.%H:%M:%S", localtmstr, sizeof(localtmstr), time(NULL));
snprintf(fuzzer->crashFileName, sizeof(fuzzer->crashFileName),
- "%s/%s.PC.%" REG_PM ".STACK.%" PRIx64 ".CODE.%d.ADDR.%p.INSTR.%s.%s.%d.%s",
- hfuzz->workDir, arch_sigName(si.si_signo), pc, fuzzer->backtrace,
- si.si_code, sig_addr, instr, localtmstr, pid, hfuzz->fileExtn);
+ "%s/%s.PC.%" REG_PM ".STACK.%" PRIx64 ".CODE.%d.ADDR.%p.INSTR.%s.%s.%d.%s",
+ hfuzz->workDir, arch_sigName(si.si_signo), pc, fuzzer->backtrace,
+ si.si_code, sig_addr, instr, localtmstr, pid, hfuzz->fileExtn);
}
if (files_exists(fuzzer->crashFileName)) {
@@ -841,7 +842,7 @@
}
if (files_writeBufToFile(fuzzer->crashFileName, fuzzer->dynamicFile, fuzzer->dynamicFileSz,
- O_CREAT | O_EXCL | O_WRONLY | O_CLOEXEC)
+ O_CREAT | O_EXCL | O_WRONLY | O_CLOEXEC)
== false) {
LOG_E("Couldn't copy '%s' to '%s'", fuzzer->fileName, fuzzer->crashFileName);
return;
@@ -857,22 +858,24 @@
}
/* TODO: Add report parsing support for other sanitizers too */
-static int arch_parseAsanReport(honggfuzz_t * hfuzz, pid_t pid, funcs_t * funcs, void **crashAddr,
- char **op)
+static int arch_parseAsanReport(honggfuzz_t* hfuzz, pid_t pid, funcs_t* funcs, void** crashAddr,
+ char** op)
{
char crashReport[PATH_MAX] = { 0 };
- const char *const crashReportCpy = crashReport;
+ const char* const crashReportCpy = crashReport;
snprintf(crashReport, sizeof(crashReport), "%s/%s.%d", hfuzz->workDir, kLOGPREFIX, pid);
- FILE *fReport = fopen(crashReport, "rb");
+ FILE* fReport = fopen(crashReport, "rb");
if (fReport == NULL) {
PLOG_D("Couldn't open '%s' - R/O mode", crashReport);
return -1;
}
- defer {
+ defer
+ {
fclose(fReport);
};
- defer {
+ defer
+ {
unlink(crashReportCpy);
};
@@ -887,7 +890,8 @@
char *lineptr = NULL, *cAddr = NULL;
size_t n = 0;
- defer {
+ defer
+ {
free(lineptr);
};
for (;;) {
@@ -904,16 +908,16 @@
cAddr = strstr(lineptr, "address 0x");
if (cAddr) {
cAddr = cAddr + strlen("address ");
- char *endOff = strchr(cAddr, ' ');
+ char* endOff = strchr(cAddr, ' ');
cAddr[endOff - cAddr] = '\0';
- *crashAddr = (void *)((size_t) strtoull(cAddr, NULL, 16));
+ *crashAddr = (void*)((size_t)strtoull(cAddr, NULL, 16));
} else {
*crashAddr = 0x0;
}
}
continue;
} else {
- char *pLineLC = lineptr;
+ char* pLineLC = lineptr;
/* Trim leading spaces */
while (*pLineLC != '\0' && isspace(*pLineLC)) {
++pLineLC;
@@ -950,24 +954,22 @@
* Frames have following format:
#0 0xaa860177 (/system/lib/libc.so+0x196177)
*/
- char *savePtr = NULL;
+ char* savePtr = NULL;
strtok_r(pLineLC, " ", &savePtr);
- funcs[frameIdx].pc =
- (void *)((size_t) strtoull(strtok_r(NULL, " ", &savePtr), NULL, 16));
+ funcs[frameIdx].pc = (void*)((size_t)strtoull(strtok_r(NULL, " ", &savePtr), NULL, 16));
/* DSO & code offset parsing */
- char *targetStr = strtok_r(NULL, " ", &savePtr);
- char *startOff = strchr(targetStr, '(') + 1;
- char *plusOff = strchr(targetStr, '+');
- char *endOff = strrchr(targetStr, ')');
+ char* targetStr = strtok_r(NULL, " ", &savePtr);
+ char* startOff = strchr(targetStr, '(') + 1;
+ char* plusOff = strchr(targetStr, '+');
+ char* endOff = strrchr(targetStr, ')');
targetStr[endOff - startOff] = '\0';
if ((startOff == NULL) || (endOff == NULL) || (plusOff == NULL)) {
LOG_D("Invalid ASan report entry (%s)", lineptr);
} else {
- size_t dsoSz =
- MIN(sizeof(funcs[frameIdx].mapName), (size_t) (plusOff - startOff));
+ size_t dsoSz = MIN(sizeof(funcs[frameIdx].mapName), (size_t)(plusOff - startOff));
memcpy(funcs[frameIdx].mapName, startOff, dsoSz);
- char *codeOff = targetStr + (plusOff - startOff) + 1;
+ char* codeOff = targetStr + (plusOff - startOff) + 1;
funcs[frameIdx].line = strtoull(codeOff, NULL, 16);
}
@@ -985,11 +987,11 @@
* a raised signal. Such case is the ASan fuzzing for Android. Crash file name maintains
* the same format for compatibility with post campaign tools.
*/
-static void arch_traceExitSaveData(honggfuzz_t * hfuzz, pid_t pid, fuzzer_t * fuzzer)
+static void arch_traceExitSaveData(honggfuzz_t* hfuzz, pid_t pid, fuzzer_t* fuzzer)
{
REG_TYPE pc = 0;
- void *crashAddr = 0;
- char *op = "UNKNOWN";
+ void* crashAddr = 0;
+ char* op = "UNKNOWN";
pid_t targetPid = (hfuzz->linux.pid > 0) ? hfuzz->linux.pid : fuzzer->pid;
/* Save only the first hit for each worker */
@@ -1011,8 +1013,9 @@
/* If sanitizer produces reports with stack traces (e.g. ASan), they're parsed manually */
int funcCnt = 0;
- funcs_t *funcs = util_Malloc(_HF_MAX_FUNCS * sizeof(funcs_t));
- defer {
+ funcs_t* funcs = util_Malloc(_HF_MAX_FUNCS * sizeof(funcs_t));
+ defer
+ {
free(funcs);
};
memset(funcs, 0, _HF_MAX_FUNCS * sizeof(funcs_t));
@@ -1036,13 +1039,13 @@
/* Since crash address is available, apply ignoreAddr filters */
if (crashAddr < hfuzz->linux.ignoreAddr) {
LOG_I("'%s' is interesting, but the crash addr is %p (below %p), skipping",
- fuzzer->fileName, crashAddr, hfuzz->linux.ignoreAddr);
+ fuzzer->fileName, crashAddr, hfuzz->linux.ignoreAddr);
return;
}
/* If frames successfully recovered, calculate stack hash & populate crash PC */
arch_hashCallstack(hfuzz, fuzzer, funcs, funcCnt, false);
- pc = (uintptr_t) funcs[0].pc;
+ pc = (uintptr_t)funcs[0].pc;
/*
* Check if stackhash is blacklisted
@@ -1057,30 +1060,29 @@
/* If dry run mode, copy file with same name into workspace */
if (hfuzz->origFlipRate == 0.0L && hfuzz->useVerifier) {
snprintf(fuzzer->crashFileName, sizeof(fuzzer->crashFileName), "%s/%s",
- hfuzz->workDir, fuzzer->origFileName);
+ hfuzz->workDir, fuzzer->origFileName);
} else {
/* Keep the crashes file name format identical */
if (fuzzer->backtrace != 0ULL && hfuzz->saveUnique) {
snprintf(fuzzer->crashFileName, sizeof(fuzzer->crashFileName),
- "%s/%s.PC.%" REG_PM ".STACK.%" PRIx64 ".CODE.%s.ADDR.%p.INSTR.%s.%s",
- hfuzz->workDir, "SAN", pc, fuzzer->backtrace,
- op, crashAddr, "[UNKNOWN]", hfuzz->fileExtn);
+ "%s/%s.PC.%" REG_PM ".STACK.%" PRIx64 ".CODE.%s.ADDR.%p.INSTR.%s.%s",
+ hfuzz->workDir, "SAN", pc, fuzzer->backtrace,
+ op, crashAddr, "[UNKNOWN]", hfuzz->fileExtn);
} else {
/* If no stack hash available, all crashes treated as unique */
char localtmstr[PATH_MAX];
util_getLocalTime("%F.%H:%M:%S", localtmstr, sizeof(localtmstr), time(NULL));
snprintf(fuzzer->crashFileName, sizeof(fuzzer->crashFileName),
- "%s/%s.PC.%" REG_PM ".STACK.%" PRIx64 ".CODE.%s.ADDR.%p.INSTR.%s.%s.%s",
- hfuzz->workDir, "SAN", pc, fuzzer->backtrace,
- op, crashAddr, "[UNKNOWN]", localtmstr, hfuzz->fileExtn);
+ "%s/%s.PC.%" REG_PM ".STACK.%" PRIx64 ".CODE.%s.ADDR.%p.INSTR.%s.%s.%s",
+ hfuzz->workDir, "SAN", pc, fuzzer->backtrace,
+ op, crashAddr, "[UNKNOWN]", localtmstr, hfuzz->fileExtn);
}
}
bool dstFileExists = false;
- if (files_copyFile
- (fuzzer->fileName, fuzzer->crashFileName, &dstFileExists, true /* try_link */ )) {
+ if (files_copyFile(fuzzer->fileName, fuzzer->crashFileName, &dstFileExists, true /* try_link */)) {
LOG_I("Ok, that's interesting, saved '%s' as '%s'", fuzzer->fileName,
- fuzzer->crashFileName);
+ fuzzer->crashFileName);
/* Increase unique crashes counters */
ATOMIC_POST_INC(hfuzz->uniqueCrashesCnt);
@@ -1106,22 +1108,22 @@
fuzzer->report[0] = '\0';
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "EXIT_CODE: %s\n", HF_SAN_EXIT_CODE);
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "ORIG_FNAME: %s\n",
- fuzzer->origFileName);
+ fuzzer->origFileName);
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "FUZZ_FNAME: %s\n",
- fuzzer->crashFileName);
+ fuzzer->crashFileName);
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "PID: %d\n", pid);
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "OPERATION: %s\n", op);
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "FAULT ADDRESS: %p\n", crashAddr);
if (funcCnt > 0) {
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "STACK HASH: %016llx\n",
- fuzzer->backtrace);
+ fuzzer->backtrace);
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "STACK:\n");
for (int i = 0; i < funcCnt; i++) {
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), " <" REG_PD REG_PM "> ",
- (REG_TYPE) (long)funcs[i].pc);
+ (REG_TYPE)(long)funcs[i].pc);
if (funcs[i].mapName[0] != '\0') {
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "[%s + 0x%x]\n",
- funcs[i].mapName, funcs[i].line);
+ funcs[i].mapName, funcs[i].line);
} else {
util_ssnprintf(fuzzer->report, sizeof(fuzzer->report), "[]\n");
}
@@ -1129,13 +1131,14 @@
}
}
-static void arch_traceExitAnalyzeData(honggfuzz_t * hfuzz, pid_t pid, fuzzer_t * fuzzer)
+static void arch_traceExitAnalyzeData(honggfuzz_t* hfuzz, pid_t pid, fuzzer_t* fuzzer)
{
- void *crashAddr = 0;
- char *op = "UNKNOWN";
+ void* crashAddr = 0;
+ char* op = "UNKNOWN";
int funcCnt = 0;
- funcs_t *funcs = util_Malloc(_HF_MAX_FUNCS * sizeof(funcs_t));
- defer {
+ funcs_t* funcs = util_Malloc(_HF_MAX_FUNCS * sizeof(funcs_t));
+ defer
+ {
free(funcs);
};
memset(funcs, 0, _HF_MAX_FUNCS * sizeof(funcs_t));
@@ -1156,7 +1159,7 @@
arch_hashCallstack(hfuzz, fuzzer, funcs, funcCnt, false);
}
-void arch_traceExitAnalyze(honggfuzz_t * hfuzz, pid_t pid, fuzzer_t * fuzzer)
+void arch_traceExitAnalyze(honggfuzz_t* hfuzz, pid_t pid, fuzzer_t* fuzzer)
{
if (fuzzer->mainWorker) {
/* Main fuzzing threads */
@@ -1168,31 +1171,30 @@
}
#define __WEVENT(status) ((status & 0xFF0000) >> 16)
-static void arch_traceEvent(honggfuzz_t * hfuzz, fuzzer_t * fuzzer, int status, pid_t pid)
+static void arch_traceEvent(honggfuzz_t* hfuzz, fuzzer_t* fuzzer, int status, pid_t pid)
{
LOG_D("PID: %d, Ptrace event: %d", pid, __WEVENT(status));
switch (__WEVENT(status)) {
- case PTRACE_EVENT_EXIT:{
- unsigned long event_msg;
- if (ptrace(PTRACE_GETEVENTMSG, pid, NULL, &event_msg) == -1) {
- PLOG_E("ptrace(PTRACE_GETEVENTMSG,%d) failed", pid);
- return;
- }
-
- if (WIFEXITED(event_msg)) {
- LOG_D("PID: %d exited with exit_code: %lu", pid,
- (unsigned long)WEXITSTATUS(event_msg));
- if (WEXITSTATUS(event_msg) == (unsigned long)HF_SAN_EXIT_CODE) {
- arch_traceExitAnalyze(hfuzz, pid, fuzzer);
- }
- } else if (WIFSIGNALED(event_msg)) {
- LOG_D("PID: %d terminated with signal: %lu", pid,
- (unsigned long)WTERMSIG(event_msg));
- } else {
- LOG_D("PID: %d exited with unknown status: %lu", pid, event_msg);
- }
+ case PTRACE_EVENT_EXIT: {
+ unsigned long event_msg;
+ if (ptrace(PTRACE_GETEVENTMSG, pid, NULL, &event_msg) == -1) {
+ PLOG_E("ptrace(PTRACE_GETEVENTMSG,%d) failed", pid);
+ return;
}
- break;
+
+ if (WIFEXITED(event_msg)) {
+ LOG_D("PID: %d exited with exit_code: %lu", pid,
+ (unsigned long)WEXITSTATUS(event_msg));
+ if (WEXITSTATUS(event_msg) == (unsigned long)HF_SAN_EXIT_CODE) {
+ arch_traceExitAnalyze(hfuzz, pid, fuzzer);
+ }
+ } else if (WIFSIGNALED(event_msg)) {
+ LOG_D("PID: %d terminated with signal: %lu", pid,
+ (unsigned long)WTERMSIG(event_msg));
+ } else {
+ LOG_D("PID: %d exited with unknown status: %lu", pid, event_msg);
+ }
+ } break;
default:
break;
}
@@ -1200,7 +1202,7 @@
ptrace(PTRACE_CONT, pid, 0, 0);
}
-void arch_traceAnalyze(honggfuzz_t * hfuzz, int status, pid_t pid, fuzzer_t * fuzzer)
+void arch_traceAnalyze(honggfuzz_t* hfuzz, int status, pid_t pid, fuzzer_t* fuzzer)
{
/*
* It's a ptrace event, deal with it elsewhere
@@ -1254,7 +1256,7 @@
return;
}
- abort(); /* NOTREACHED */
+ abort(); /* NOTREACHED */
}
static bool arch_listThreads(int tasks[], size_t thrSz, int pid)
@@ -1273,18 +1275,19 @@
}
size_t count = 0;
- DIR *dir = opendir(path);
+ DIR* dir = opendir(path);
if (!dir) {
PLOG_E("Couldn't open dir '%s'", path);
return false;
}
- defer {
+ defer
+ {
closedir(dir);
};
for (;;) {
errno = 0;
- struct dirent *res = readdir(dir);
+ struct dirent* res = readdir(dir);
if (res == NULL && errno != 0) {
PLOG_E("Couldn't read contents of '%s'", path);
return false;
@@ -1294,7 +1297,7 @@
break;
}
- pid_t pid = (pid_t) strtol(res->d_name, (char **)NULL, 10);
+ pid_t pid = (pid_t)strtol(res->d_name, (char**)NULL, 10);
if (pid == 0) {
LOG_D("The following dir entry couldn't be converted to pid_t '%s'", res->d_name);
continue;
@@ -1336,7 +1339,7 @@
}
#define MAX_THREAD_IN_TASK 4096
-bool arch_traceAttach(honggfuzz_t * hfuzz, pid_t pid)
+bool arch_traceAttach(honggfuzz_t* hfuzz, pid_t pid)
{
/*
* It should be present since, at least, Linux kernel 3.8, but
@@ -1344,7 +1347,7 @@
*/
#if !defined(PTRACE_O_EXITKILL)
#define PTRACE_O_EXITKILL (1 << 20)
-#endif /* !defined(PTRACE_O_EXITKILL) */
+#endif /* !defined(PTRACE_O_EXITKILL) */
long seize_options = PTRACE_O_TRACECLONE | PTRACE_O_TRACEFORK | PTRACE_O_TRACEVFORK;
if (hfuzz->linux.pid == 0) {
seize_options |= PTRACE_O_EXITKILL;
@@ -1409,7 +1412,7 @@
}
}
-void arch_traceSignalsInit(honggfuzz_t * hfuzz)
+void arch_traceSignalsInit(honggfuzz_t* hfuzz)
{
/* Default is true for all platforms except Android */
arch_sigs[SIGABRT].important = hfuzz->monitorSIGABRT;
diff --git a/linux/trace.h b/linux/trace.h
index 0b40cc0..373a34d 100644
--- a/linux/trace.h
+++ b/linux/trace.h
@@ -28,19 +28,19 @@
#include "honggfuzz.h"
-#define _HF_DYNFILE_SUB_MASK 0xFFFUL // Zero-set two MSB
+#define _HF_DYNFILE_SUB_MASK 0xFFFUL // Zero-set two MSB
/* Constant prefix used for single frame crashes stackhash masking */
#define _HF_SINGLE_FRAME_MASK 0xBADBAD0000000000
extern bool arch_traceWaitForPidStop(pid_t pid);
-extern bool arch_traceEnable(honggfuzz_t * hfuzz);
-extern void arch_traceAnalyze(honggfuzz_t * hfuzz, int status, pid_t pid, fuzzer_t * fuzzer);
-extern void arch_traceExitAnalyze(honggfuzz_t * hfuzz, pid_t pid, fuzzer_t * fuzzer);
-extern bool arch_traceAttach(honggfuzz_t * hfuzz, pid_t pid);
+extern bool arch_traceEnable(honggfuzz_t* hfuzz);
+extern void arch_traceAnalyze(honggfuzz_t* hfuzz, int status, pid_t pid, fuzzer_t* fuzzer);
+extern void arch_traceExitAnalyze(honggfuzz_t* hfuzz, pid_t pid, fuzzer_t* fuzzer);
+extern bool arch_traceAttach(honggfuzz_t* hfuzz, pid_t pid);
extern void arch_traceDetach(pid_t pid);
-extern void arch_traceGetCustomPerf(honggfuzz_t * hfuzz, pid_t pid, uint64_t * cnt);
-extern void arch_traceSetCustomPerf(honggfuzz_t * hfuzz, pid_t pid, uint64_t cnt);
-extern void arch_traceSignalsInit(honggfuzz_t * hfuzz);
+extern void arch_traceGetCustomPerf(honggfuzz_t* hfuzz, pid_t pid, uint64_t* cnt);
+extern void arch_traceSetCustomPerf(honggfuzz_t* hfuzz, pid_t pid, uint64_t cnt);
+extern void arch_traceSignalsInit(honggfuzz_t* hfuzz);
#endif
diff --git a/linux/unwind.c b/linux/unwind.c
index 7a276e0..c110bb3 100644
--- a/linux/unwind.c
+++ b/linux/unwind.c
@@ -38,18 +38,18 @@
*/
// libunwind error codes used for debugging
-static const char *UNW_ER[] = {
- "UNW_ESUCCESS", /* no error */
- "UNW_EUNSPEC", /* unspecified (general) error */
- "UNW_ENOMEM", /* out of memory */
- "UNW_EBADREG", /* bad register number */
- "UNW_EREADONLYREG", /* attempt to write read-only register */
- "UNW_ESTOPUNWIND", /* stop unwinding */
- "UNW_EINVALIDIP", /* invalid IP */
- "UNW_EBADFRAME", /* bad frame */
- "UNW_EINVAL", /* unsupported operation or bad value */
- "UNW_EBADVERSION", /* unwind info has unsupported version */
- "UNW_ENOINFO" /* no unwind info found */
+static const char* UNW_ER[] = {
+ "UNW_ESUCCESS", /* no error */
+ "UNW_EUNSPEC", /* unspecified (general) error */
+ "UNW_ENOMEM", /* out of memory */
+ "UNW_EBADREG", /* bad register number */
+ "UNW_EREADONLYREG", /* attempt to write read-only register */
+ "UNW_ESTOPUNWIND", /* stop unwinding */
+ "UNW_EINVALIDIP", /* invalid IP */
+ "UNW_EBADFRAME", /* bad frame */
+ "UNW_EINVAL", /* unsupported operation or bad value */
+ "UNW_EBADVERSION", /* unwind info has unsupported version */
+ "UNW_ENOINFO" /* no unwind info found */
};
typedef struct {
@@ -62,9 +62,9 @@
char name[PATH_MAX];
} procMap_t;
-static procMap_t *arch_parsePidMaps(pid_t pid, size_t * mapsCount)
+static procMap_t* arch_parsePidMaps(pid_t pid, size_t* mapsCount)
{
- FILE *f = NULL;
+ FILE* f = NULL;
char fProcMaps[PATH_MAX] = { 0 };
snprintf(fProcMaps, PATH_MAX, "/proc/%d/maps", pid);
@@ -72,12 +72,13 @@
PLOG_E("Couldn't open '%s' - R/O mode", fProcMaps);
return 0;
}
- defer {
+ defer
+ {
fclose(f);
};
*mapsCount = 0;
- procMap_t *mapsList = malloc(sizeof(procMap_t));
+ procMap_t* mapsList = malloc(sizeof(procMap_t));
if (mapsList == NULL) {
PLOG_W("malloc(size='%zu')", sizeof(procMap_t));
return NULL;
@@ -91,8 +92,8 @@
mapsList[*mapsCount].name[0] = '\0';
sscanf(buf, "%lx-%lx %5s %lx %7s %ld %s", &mapsList[*mapsCount].start,
- &mapsList[*mapsCount].end, mapsList[*mapsCount].perms, &mapsList[*mapsCount].offset,
- mapsList[*mapsCount].dev, &mapsList[*mapsCount].inode, mapsList[*mapsCount].name);
+ &mapsList[*mapsCount].end, mapsList[*mapsCount].perms, &mapsList[*mapsCount].offset,
+ mapsList[*mapsCount].dev, &mapsList[*mapsCount].inode, mapsList[*mapsCount].name);
*mapsCount += 1;
if ((mapsList = realloc(mapsList, (*mapsCount + 1) * sizeof(procMap_t))) == NULL) {
@@ -105,7 +106,7 @@
return mapsList;
}
-static char *arch_searchMaps(unsigned long addr, size_t mapsCnt, procMap_t * mapsList)
+static char* arch_searchMaps(unsigned long addr, size_t mapsCnt, procMap_t* mapsList)
{
for (size_t i = 0; i < mapsCnt; i++) {
if (addr >= mapsList[i].start && addr <= mapsList[i].end) {
@@ -121,11 +122,12 @@
}
#ifndef __ANDROID__
-size_t arch_unwindStack(pid_t pid, funcs_t * funcs)
+size_t arch_unwindStack(pid_t pid, funcs_t* funcs)
{
size_t num_frames = 0, mapsCnt = 0;
- procMap_t *mapsList = arch_parsePidMaps(pid, &mapsCnt);
- defer {
+ procMap_t* mapsList = arch_parsePidMaps(pid, &mapsCnt);
+ defer
+ {
free(mapsList);
};
@@ -134,16 +136,18 @@
LOG_E("[pid='%d'] unw_create_addr_space failed", pid);
return num_frames;
}
- defer {
+ defer
+ {
unw_destroy_addr_space(as);
};
- void *ui = _UPT_create(pid);
+ void* ui = _UPT_create(pid);
if (ui == NULL) {
LOG_E("[pid='%d'] _UPT_create failed", pid);
return num_frames;
}
- defer {
+ defer
+ {
_UPT_destroy(ui);
};
@@ -156,13 +160,13 @@
for (num_frames = 0; unw_step(&c) > 0 && num_frames < _HF_MAX_FUNCS; num_frames++) {
unw_word_t ip;
- char *mapName = NULL;
+ char* mapName = NULL;
ret = unw_get_reg(&c, UNW_REG_IP, &ip);
if (ret < 0) {
LOG_E("[pid='%d'] [%zd] failed to read IP (%s)", pid, num_frames, UNW_ER[-ret]);
funcs[num_frames].pc = 0;
} else {
- funcs[num_frames].pc = (void *)(uintptr_t) ip;
+ funcs[num_frames].pc = (void*)(uintptr_t)ip;
}
if (mapsCnt > 0 && (mapName = arch_searchMaps(ip, mapsCnt, mapsList)) != NULL) {
memcpy(funcs[num_frames].mapName, mapName, sizeof(funcs[num_frames].mapName));
@@ -174,12 +178,13 @@
return num_frames;
}
-#else /* !defined(__ANDROID__) */
-size_t arch_unwindStack(pid_t pid, funcs_t * funcs)
+#else /* !defined(__ANDROID__) */
+size_t arch_unwindStack(pid_t pid, funcs_t* funcs)
{
size_t num_frames = 0, mapsCnt = 0;
- procMap_t *mapsList = arch_parsePidMaps(pid, &mapsCnt);
- defer {
+ procMap_t* mapsList = arch_parsePidMaps(pid, &mapsCnt);
+ defer
+ {
free(mapsList);
};
@@ -188,16 +193,18 @@
LOG_E("[pid='%d'] unw_create_addr_space failed", pid);
return num_frames;
}
- defer {
+ defer
+ {
unw_destroy_addr_space(as);
};
- struct UPT_info *ui = (struct UPT_info *)_UPT_create(pid);
+ struct UPT_info* ui = (struct UPT_info*)_UPT_create(pid);
if (ui == NULL) {
LOG_E("[pid='%d'] _UPT_create failed", pid);
return num_frames;
}
- defer {
+ defer
+ {
_UPT_destroy(ui);
};
@@ -209,7 +216,7 @@
}
do {
- char *mapName = NULL;
+ char* mapName = NULL;
unw_word_t pc = 0, offset = 0;
char buf[_HF_FUNC_NAME_SZ] = { 0 };
@@ -232,15 +239,15 @@
ret = unw_get_proc_name(&cursor, buf, sizeof(buf), &offset);
if (ret < 0) {
LOG_D("[pid='%d'] [%zd] unw_get_proc_name() failed (%s)", pid, num_frames,
- UNW_ER[-ret]);
+ UNW_ER[-ret]);
buf[0] = '\0';
}
- skip_frame_info:
+ skip_frame_info:
// Compared to bfd, line var plays the role of offset from func_name
// Reports format is adjusted accordingly to reflect in saved file
funcs[num_frames].line = offset;
- funcs[num_frames].pc = (void *)pc;
+ funcs[num_frames].pc = (void*)pc;
memcpy(funcs[num_frames].func, buf, sizeof(funcs[num_frames].func));
if (mapsCnt > 0 && (mapName = arch_searchMaps(pc, mapsCnt, mapsList)) != NULL) {
memcpy(funcs[num_frames].mapName, mapName, sizeof(funcs[num_frames].mapName));
@@ -255,14 +262,14 @@
return num_frames;
}
-#endif /* defined(__ANDROID__) */
+#endif /* defined(__ANDROID__) */
/*
* Nested loop not most efficient approach, although it's assumed that list is
* usually target specific and thus small.
*/
-char *arch_btContainsSymbol(size_t symbolsListSz, char **symbolsList, size_t num_frames,
- funcs_t * funcs)
+char* arch_btContainsSymbol(size_t symbolsListSz, char** symbolsList, size_t num_frames,
+ funcs_t* funcs)
{
for (size_t frame = 0; frame < num_frames; frame++) {
size_t len = strlen(funcs[frame].func);
@@ -271,7 +278,7 @@
if (strlen(funcs[frame].func) > 0) {
for (size_t i = 0; i < symbolsListSz; i++) {
/* Wildcard symbol string special case */
- char *wOff = strchr(symbolsList[i], '*');
+ char* wOff = strchr(symbolsList[i], '*');
if (wOff) {
/* Length always > 3 as checked at input file parsing step */
len = wOff - symbolsList[i] - 1;
diff --git a/linux/unwind.h b/linux/unwind.h
index c5d3027..104cdfd 100644
--- a/linux/unwind.h
+++ b/linux/unwind.h
@@ -28,11 +28,11 @@
#include <sys/types.h>
/* String buffer size for function names in stack traces produced from libunwind */
-#define _HF_FUNC_NAME_SZ 256 // Should be alright for mangled C++ procs too
+#define _HF_FUNC_NAME_SZ 256 // Should be alright for mangled C++ procs too
#define _HF_MAX_FUNCS 80
typedef struct {
- void *pc;
+ void* pc;
/* If ASan custom parsing, function not available without symbolication */
char func[_HF_FUNC_NAME_SZ];
@@ -51,8 +51,8 @@
size_t line;
} funcs_t;
-extern size_t arch_unwindStack(pid_t pid, funcs_t * funcs);
-extern char *arch_btContainsSymbol(size_t symbolsListSz, char **symbolsList, size_t num_frames,
- funcs_t * funcs);
+extern size_t arch_unwindStack(pid_t pid, funcs_t* funcs);
+extern char* arch_btContainsSymbol(size_t symbolsListSz, char** symbolsList, size_t num_frames,
+ funcs_t* funcs);
#endif
