Lines Matching +full:android +full:- +full:libbacktrace
2 american fuzzy lop++ - instrumentation bootstrap
3 ------------------------------------------------
6 Copyright 2019-2024 AFLplusplus Project. All rights reserved.
12 https://www.apache.org/licenses/LICENSE-2.0
32 #include "android-ashmem.h"
37 #include "llvm-alternative-coverage.h"
65 #include "llvm/Config/llvm-config.h"
69 #include "snapshot-inl.h"
72 /* This is a somewhat ugly hack for the experimental 'trace-pc-guard' mode.
74 the LLVM-generated runtime initialization pass, not before. */
227 child_pid = -1; in at_exit()
290 int shm_fd = -1; in __afl_map_shm_fuzz()
294 if (shm_fd == -1) { in __afl_map_shm_fuzz()
313 if (!map || map == (void *)-1) { in __afl_map_shm_fuzz()
359 exit(-1); in __afl_map_shm()
381 exit(-1); in __afl_map_shm()
408 exit(-1); in __afl_map_shm()
415 fcntl(FORKSRV_FD, F_GETFD) == -1 || in __afl_map_shm()
416 fcntl(FORKSRV_FD + 1, F_GETFD) == -1)) { in __afl_map_shm()
421 "DEBUG: running not inside afl-fuzz, disabling shared memory " in __afl_map_shm()
472 early-stage __afl_area_initial region that is needed to allow some really in __afl_map_shm()
509 int shm_fd = -1; in __afl_map_shm()
514 if (shm_fd == -1) { in __afl_map_shm()
537 shm_fd = -1; in __afl_map_shm()
574 if (!__afl_area_ptr || __afl_area_ptr == (void *)-1) { in __afl_map_shm()
599 MAP_FIXED_NOREPLACE | MAP_SHARED | MAP_ANONYMOUS, -1, 0); in __afl_map_shm()
629 exit(-1); in __afl_map_shm()
697 int shm_fd = -1; in __afl_map_shm()
702 if (shm_fd == -1) { in __afl_map_shm()
716 shm_fd = -1; in __afl_map_shm()
733 if (!__afl_cmp_map || __afl_cmp_map == (void *)-1) { in __afl_map_shm()
886 write_error("read to afl-fuzz"); in __afl_start_snapshots()
932 len -= ret; in __afl_start_snapshots()
960 write_error("reading from afl-fuzz"); in __afl_start_snapshots()
994 condition and afl-fuzz already issued SIGKILL, write off the old in __afl_start_snapshots()
1025 //(void)nice(-20); // does not seem to improve in __afl_start_snapshots()
1061 write_error("write to afl-fuzz"); in __afl_start_snapshots()
1083 write_error("writing to afl-fuzz"); in __afl_start_snapshots()
1199 len -= ret; in __afl_start_forkserver()
1228 // write_error("read from afl-fuzz"); in __afl_start_forkserver()
1262 condition and afl-fuzz already issued SIGKILL, write off the old in __afl_start_forkserver()
1293 //(void)nice(-20); in __afl_start_forkserver()
1318 write_error("write to afl-fuzz"); in __afl_start_forkserver()
1340 write_error("writing to afl-fuzz"); in __afl_start_forkserver()
1374 } else if (--cycle_cnt) { in __afl_persistent_loop()
1431 /* Initialization of the forkserver - latest possible */
1467 /* Initialization of the shmem - earliest possible because of LTO fixed mem. */
1493 fprintf(stderr, "DEBUG: AFL++ afl-compiler-rt" VERSION "\n"); in __afl_auto_second()
1510 MAP_FIXED_NOREPLACE | MAP_SHARED | MAP_ANONYMOUS, -1, 0); in __afl_auto_second()
1514 if (ptr && (ssize_t)ptr != -1) { in __afl_auto_second()
1526 /* preset __afl_area_ptr #1 - at constructor level 0 global variables have
1539 if (ptr && (ssize_t)ptr != -1) { in __afl_auto_first()
1550 /* The following stuff deals with supporting -fsanitize-coverage=trace-pc-guard.
1551 It remains non-operational in the traditional, plugin-backed LLVM mode.
1552 For more info about 'trace-pc-guard', see README.llvm.md.
1560 // edge IDs belong - uncomment, recompile+install llvm_mode, recompile in __sanitizer_cov_trace_pc_guard()
1561 // the target. libunwind and libbacktrace are better solutions. in __sanitizer_cov_trace_pc_guard()
1562 // Set AFL_DEBUG_CHILD=1 and run afl-fuzz with 2>file to capture in __sanitizer_cov_trace_pc_guard()
1653 while (i < max_module_len - 1 && in afl_read_pc_filter_file()
1678 size_t upper_bound = __afl_filter_pcs_size - 1; in locate_in_pcs()
1682 size_t current_index = lower_bound + (upper_bound - lower_bound) / 2; in locate_in_pcs()
1703 upper_bound = current_index - 1; in locate_in_pcs()
1734 getpid(), dlinfo.dli_fname, pcs_end - pcs_beg); in __sanitizer_cov_pcs_init()
1739 while (last_module_info && last_module_info->next) { in __sanitizer_cov_pcs_init()
1741 last_module_info = last_module_info->next; in __sanitizer_cov_pcs_init()
1753 if (strcmp(dlinfo.dli_fname, last_module_info->name)) { in __sanitizer_cov_pcs_init()
1761 dlinfo.dli_fname, last_module_info->name); in __sanitizer_cov_pcs_init()
1766 last_module_info->pcs_beg = pcs_beg; in __sanitizer_cov_pcs_init()
1767 last_module_info->pcs_end = pcs_end; in __sanitizer_cov_pcs_init()
1774 // This is a much faster PC filter based on pre-symbolized input data in __sanitizer_cov_pcs_init()
1785 // pre-loaded code, then this will also map all of our delayed previous in __sanitizer_cov_pcs_init()
1789 mod_info = mod_info->next) { in __sanitizer_cov_pcs_init()
1791 if (mod_info->mapped) { continue; } in __sanitizer_cov_pcs_init()
1793 if (!mod_info->start) { in __sanitizer_cov_pcs_init()
1796 "ERROR: __sanitizer_cov_pcs_init called with mod_info->start == " in __sanitizer_cov_pcs_init()
1798 mod_info->name); in __sanitizer_cov_pcs_init()
1803 PCTableEntry *start = (PCTableEntry *)(mod_info->pcs_beg); in __sanitizer_cov_pcs_init()
1804 PCTableEntry *end = (PCTableEntry *)(mod_info->pcs_end); in __sanitizer_cov_pcs_init()
1806 if (!*mod_info->stop) { continue; } in __sanitizer_cov_pcs_init()
1812 if (*mod_info->start + in_module_index >= __afl_map_size) { in __sanitizer_cov_pcs_init()
1817 *mod_info->start, *mod_info->stop, __afl_map_size, in __sanitizer_cov_pcs_init()
1818 mod_info->name); in __sanitizer_cov_pcs_init()
1823 u32 orig_start_index = *mod_info->start; in __sanitizer_cov_pcs_init()
1825 uintptr_t PC = start->PC; in __sanitizer_cov_pcs_init()
1828 // for x86/x86-64. Needs more work for ARM and other archs. in __sanitizer_cov_pcs_init()
1829 PC = PC - 1; in __sanitizer_cov_pcs_init()
1832 PC = PC - mod_info->base_address; in __sanitizer_cov_pcs_init()
1843 // This function is a part of the sanitizer run-time. in __sanitizer_cov_pcs_init()
1845 __sanitizer_symbolize_pc((void *)start->PC, "%p %F %L", PcDescr, in __sanitizer_cov_pcs_init()
1854 PcDescr, (void *)start->PC, in __sanitizer_cov_pcs_init()
1855 *(mod_info->start + in_module_index)); in __sanitizer_cov_pcs_init()
1861 *(mod_info->start + in_module_index) = 0; in __sanitizer_cov_pcs_init()
1867 if (__afl_filter_pcs && strstr(mod_info->name, __afl_filter_pcs_module)) { in __sanitizer_cov_pcs_init()
1881 *(mod_info->start + in_module_index) = 0; in __sanitizer_cov_pcs_init()
1892 mod_info->mapped = 1; in __sanitizer_cov_pcs_init()
1899 mod_info->name, in_module_index); in __sanitizer_cov_pcs_init()
1910 ID of 0 as a special value to indicate non-instrumented bits. That may
1932 "DEBUG: Running __sanitizer_cov_trace_pc_guard_init: %p-%p (%lu edges) " in __sanitizer_cov_trace_pc_guard_init()
1934 start, stop, (unsigned long)(stop - start), in __sanitizer_cov_trace_pc_guard_init()
1956 while (last_module_info && last_module_info->next) { in __sanitizer_cov_trace_pc_guard_init()
1958 last_module_info = last_module_info->next; in __sanitizer_cov_trace_pc_guard_init()
1964 mod_info->id = last_module_info ? last_module_info->id + 1 : 0; in __sanitizer_cov_trace_pc_guard_init()
1965 mod_info->name = strdup(dlinfo.dli_fname); in __sanitizer_cov_trace_pc_guard_init()
1966 mod_info->base_address = (uintptr_t)dlinfo.dli_fbase; in __sanitizer_cov_trace_pc_guard_init()
1967 mod_info->start = NULL; in __sanitizer_cov_trace_pc_guard_init()
1968 mod_info->stop = NULL; in __sanitizer_cov_trace_pc_guard_init()
1969 mod_info->pcs_beg = NULL; in __sanitizer_cov_trace_pc_guard_init()
1970 mod_info->pcs_end = NULL; in __sanitizer_cov_trace_pc_guard_init()
1971 mod_info->mapped = 0; in __sanitizer_cov_trace_pc_guard_init()
1972 mod_info->next = NULL; in __sanitizer_cov_trace_pc_guard_init()
1976 last_module_info->next = mod_info; in __sanitizer_cov_trace_pc_guard_init()
2008 fprintf(stderr, "[-] ERROR: Invalid AFL_INST_RATIO (must be 1-100).\n"); in __sanitizer_cov_trace_pc_guard_init()
2023 "[-] FATAL: forkserver is already up, but an instrumented dlopen() " in __sanitizer_cov_trace_pc_guard_init()
2025 "be able to fuzz them or LD_PRELOAD to run outside of afl-fuzz.\n" in __sanitizer_cov_trace_pc_guard_init()
2067 /* Make sure that the first element in the range is always set - we use that in __sanitizer_cov_trace_pc_guard_init()
2092 if (!mod_info->start) { in __sanitizer_cov_trace_pc_guard_init()
2094 mod_info->start = orig_start; in __sanitizer_cov_trace_pc_guard_init()
2095 mod_info->stop = stop - 1; in __sanitizer_cov_trace_pc_guard_init()
2102 *(mod_info->start), *(mod_info->stop)); in __sanitizer_cov_trace_pc_guard_init()
2126 __afl_final_loc - __afl_map_size); in __sanitizer_cov_trace_pc_guard_init()
2155 k = (uintptr_t)(default_hash((u8 *)&k, sizeof(uintptr_t)) & (CMP_MAP_W - 1)); in __cmplog_ins_hook1()
2159 if (__afl_cmp_map->headers[k].type != CMP_TYPE_INS) { in __cmplog_ins_hook1()
2161 __afl_cmp_map->headers[k].type = CMP_TYPE_INS; in __cmplog_ins_hook1()
2163 __afl_cmp_map->headers[k].hits = 1; in __cmplog_ins_hook1()
2164 __afl_cmp_map->headers[k].shape = 0; in __cmplog_ins_hook1()
2168 hits = __afl_cmp_map->headers[k].hits++; in __cmplog_ins_hook1()
2172 __afl_cmp_map->headers[k].attribute = attr; in __cmplog_ins_hook1()
2174 hits &= CMP_MAP_H - 1; in __cmplog_ins_hook1()
2175 __afl_cmp_map->log[k][hits].v0 = arg1; in __cmplog_ins_hook1()
2176 __afl_cmp_map->log[k][hits].v1 = arg2; in __cmplog_ins_hook1()
2187 k = (uintptr_t)(default_hash((u8 *)&k, sizeof(uintptr_t)) & (CMP_MAP_W - 1)); in __cmplog_ins_hook2()
2191 if (__afl_cmp_map->headers[k].type != CMP_TYPE_INS) { in __cmplog_ins_hook2()
2193 __afl_cmp_map->headers[k].type = CMP_TYPE_INS; in __cmplog_ins_hook2()
2195 __afl_cmp_map->headers[k].hits = 1; in __cmplog_ins_hook2()
2196 __afl_cmp_map->headers[k].shape = 1; in __cmplog_ins_hook2()
2200 hits = __afl_cmp_map->headers[k].hits++; in __cmplog_ins_hook2()
2202 if (!__afl_cmp_map->headers[k].shape) { in __cmplog_ins_hook2()
2204 __afl_cmp_map->headers[k].shape = 1; in __cmplog_ins_hook2()
2210 __afl_cmp_map->headers[k].attribute = attr; in __cmplog_ins_hook2()
2212 hits &= CMP_MAP_H - 1; in __cmplog_ins_hook2()
2213 __afl_cmp_map->log[k][hits].v0 = arg1; in __cmplog_ins_hook2()
2214 __afl_cmp_map->log[k][hits].v1 = arg2; in __cmplog_ins_hook2()
2225 k = (uintptr_t)(default_hash((u8 *)&k, sizeof(uintptr_t)) & (CMP_MAP_W - 1)); in __cmplog_ins_hook4()
2229 if (__afl_cmp_map->headers[k].type != CMP_TYPE_INS) { in __cmplog_ins_hook4()
2231 __afl_cmp_map->headers[k].type = CMP_TYPE_INS; in __cmplog_ins_hook4()
2233 __afl_cmp_map->headers[k].hits = 1; in __cmplog_ins_hook4()
2234 __afl_cmp_map->headers[k].shape = 3; in __cmplog_ins_hook4()
2238 hits = __afl_cmp_map->headers[k].hits++; in __cmplog_ins_hook4()
2240 if (__afl_cmp_map->headers[k].shape < 3) { in __cmplog_ins_hook4()
2242 __afl_cmp_map->headers[k].shape = 3; in __cmplog_ins_hook4()
2248 __afl_cmp_map->headers[k].attribute = attr; in __cmplog_ins_hook4()
2250 hits &= CMP_MAP_H - 1; in __cmplog_ins_hook4()
2251 __afl_cmp_map->log[k][hits].v0 = arg1; in __cmplog_ins_hook4()
2252 __afl_cmp_map->log[k][hits].v1 = arg2; in __cmplog_ins_hook4()
2263 k = (uintptr_t)(default_hash((u8 *)&k, sizeof(uintptr_t)) & (CMP_MAP_W - 1)); in __cmplog_ins_hook8()
2267 if (__afl_cmp_map->headers[k].type != CMP_TYPE_INS) { in __cmplog_ins_hook8()
2269 __afl_cmp_map->headers[k].type = CMP_TYPE_INS; in __cmplog_ins_hook8()
2271 __afl_cmp_map->headers[k].hits = 1; in __cmplog_ins_hook8()
2272 __afl_cmp_map->headers[k].shape = 7; in __cmplog_ins_hook8()
2276 hits = __afl_cmp_map->headers[k].hits++; in __cmplog_ins_hook8()
2278 if (__afl_cmp_map->headers[k].shape < 7) { in __cmplog_ins_hook8()
2280 __afl_cmp_map->headers[k].shape = 7; in __cmplog_ins_hook8()
2286 __afl_cmp_map->headers[k].attribute = attr; in __cmplog_ins_hook8()
2288 hits &= CMP_MAP_H - 1; in __cmplog_ins_hook8()
2289 __afl_cmp_map->log[k][hits].v0 = arg1; in __cmplog_ins_hook8()
2290 __afl_cmp_map->log[k][hits].v1 = arg2; in __cmplog_ins_hook8()
2306 k = (uintptr_t)(default_hash((u8 *)&k, sizeof(uintptr_t)) & (CMP_MAP_W - 1)); in __cmplog_ins_hookN()
2310 if (__afl_cmp_map->headers[k].type != CMP_TYPE_INS) { in __cmplog_ins_hookN()
2312 __afl_cmp_map->headers[k].type = CMP_TYPE_INS; in __cmplog_ins_hookN()
2314 __afl_cmp_map->headers[k].hits = 1; in __cmplog_ins_hookN()
2315 __afl_cmp_map->headers[k].shape = size; in __cmplog_ins_hookN()
2319 hits = __afl_cmp_map->headers[k].hits++; in __cmplog_ins_hookN()
2321 if (__afl_cmp_map->headers[k].shape < size) { in __cmplog_ins_hookN()
2323 __afl_cmp_map->headers[k].shape = size; in __cmplog_ins_hookN()
2329 __afl_cmp_map->headers[k].attribute = attr; in __cmplog_ins_hookN()
2331 hits &= CMP_MAP_H - 1; in __cmplog_ins_hookN()
2332 __afl_cmp_map->log[k][hits].v0 = (u64)arg1; in __cmplog_ins_hookN()
2333 __afl_cmp_map->log[k][hits].v1 = (u64)arg2; in __cmplog_ins_hookN()
2337 __afl_cmp_map->log[k][hits].v0_128 = (u64)(arg1 >> 64); in __cmplog_ins_hookN()
2338 __afl_cmp_map->log[k][hits].v1_128 = (u64)(arg2 >> 64); in __cmplog_ins_hookN()
2349 k = (uintptr_t)(default_hash((u8 *)&k, sizeof(uintptr_t)) & (CMP_MAP_W - 1)); in __cmplog_ins_hook16()
2353 if (__afl_cmp_map->headers[k].type != CMP_TYPE_INS) { in __cmplog_ins_hook16()
2355 __afl_cmp_map->headers[k].type = CMP_TYPE_INS; in __cmplog_ins_hook16()
2357 __afl_cmp_map->headers[k].hits = 1; in __cmplog_ins_hook16()
2358 __afl_cmp_map->headers[k].shape = 15; in __cmplog_ins_hook16()
2362 hits = __afl_cmp_map->headers[k].hits++; in __cmplog_ins_hook16()
2364 if (__afl_cmp_map->headers[k].shape < 15) { in __cmplog_ins_hook16()
2366 __afl_cmp_map->headers[k].shape = 15; in __cmplog_ins_hook16()
2372 __afl_cmp_map->headers[k].attribute = attr; in __cmplog_ins_hook16()
2374 hits &= CMP_MAP_H - 1; in __cmplog_ins_hook16()
2375 __afl_cmp_map->log[k][hits].v0 = (u64)arg1; in __cmplog_ins_hook16()
2376 __afl_cmp_map->log[k][hits].v1 = (u64)arg2; in __cmplog_ins_hook16()
2377 __afl_cmp_map->log[k][hits].v0_128 = (u64)(arg1 >> 64); in __cmplog_ins_hook16()
2378 __afl_cmp_map->log[k][hits].v1_128 = (u64)(arg2 >> 64); in __cmplog_ins_hook16()
2455 (CMP_MAP_W - 1)); in __sanitizer_cov_trace_switch()
2459 if (__afl_cmp_map->headers[k].type != CMP_TYPE_INS) { in __sanitizer_cov_trace_switch()
2461 __afl_cmp_map->headers[k].type = CMP_TYPE_INS; in __sanitizer_cov_trace_switch()
2463 __afl_cmp_map->headers[k].hits = 1; in __sanitizer_cov_trace_switch()
2464 __afl_cmp_map->headers[k].shape = 7; in __sanitizer_cov_trace_switch()
2468 hits = __afl_cmp_map->headers[k].hits++; in __sanitizer_cov_trace_switch()
2470 if (__afl_cmp_map->headers[k].shape < 7) { in __sanitizer_cov_trace_switch()
2472 __afl_cmp_map->headers[k].shape = 7; in __sanitizer_cov_trace_switch()
2478 __afl_cmp_map->headers[k].attribute = 1; in __sanitizer_cov_trace_switch()
2480 hits &= CMP_MAP_H - 1; in __sanitizer_cov_trace_switch()
2481 __afl_cmp_map->log[k][hits].v0 = val; in __sanitizer_cov_trace_switch()
2482 __afl_cmp_map->log[k][hits].v1 = cases[i + 2]; in __sanitizer_cov_trace_switch()
2495 // If it is mapped as X-only, we have a problem, so maybe we should add a check
2502 long r = _kern_write(__afl_dummy_fd[1], -1, ptr, len); in area_is_valid()
2516 char *page = (char *)((uintptr_t)p & ~(page_size - 1)) + page_size; in area_is_valid()
2527 // or not, neither by SYS_write nor msync() :-( in area_is_valid()
2528 return (int)(page - p); in area_is_valid()
2550 k = (uintptr_t)(default_hash((u8 *)&k, sizeof(uintptr_t)) & (CMP_MAP_W - 1)); in __cmplog_rtn_hook_strn()
2554 if (__afl_cmp_map->headers[k].type != CMP_TYPE_RTN) { in __cmplog_rtn_hook_strn()
2556 __afl_cmp_map->headers[k].type = CMP_TYPE_RTN; in __cmplog_rtn_hook_strn()
2557 __afl_cmp_map->headers[k].hits = 1; in __cmplog_rtn_hook_strn()
2558 __afl_cmp_map->headers[k].shape = l - 1; in __cmplog_rtn_hook_strn()
2563 hits = __afl_cmp_map->headers[k].hits++; in __cmplog_rtn_hook_strn()
2565 if (__afl_cmp_map->headers[k].shape < l) { in __cmplog_rtn_hook_strn()
2567 __afl_cmp_map->headers[k].shape = l - 1; in __cmplog_rtn_hook_strn()
2573 struct cmpfn_operands *cmpfn = (struct cmpfn_operands *)__afl_cmp_map->log[k]; in __cmplog_rtn_hook_strn()
2574 hits &= CMP_MAP_RTN_H - 1; in __cmplog_rtn_hook_strn()
2596 k = (uintptr_t)(default_hash((u8 *)&k, sizeof(uintptr_t)) & (CMP_MAP_W - 1)); in __cmplog_rtn_hook_str()
2600 if (__afl_cmp_map->headers[k].type != CMP_TYPE_RTN) { in __cmplog_rtn_hook_str()
2602 __afl_cmp_map->headers[k].type = CMP_TYPE_RTN; in __cmplog_rtn_hook_str()
2603 __afl_cmp_map->headers[k].hits = 1; in __cmplog_rtn_hook_str()
2604 __afl_cmp_map->headers[k].shape = l - 1; in __cmplog_rtn_hook_str()
2609 hits = __afl_cmp_map->headers[k].hits++; in __cmplog_rtn_hook_str()
2611 if (__afl_cmp_map->headers[k].shape < l) { in __cmplog_rtn_hook_str()
2613 __afl_cmp_map->headers[k].shape = l - 1; in __cmplog_rtn_hook_str()
2619 struct cmpfn_operands *cmpfn = (struct cmpfn_operands *)__afl_cmp_map->log[k]; in __cmplog_rtn_hook_str()
2620 hits &= CMP_MAP_RTN_H - 1; in __cmplog_rtn_hook_str()
2655 k = (uintptr_t)(default_hash((u8 *)&k, sizeof(uintptr_t)) & (CMP_MAP_W - 1)); in __cmplog_rtn_hook()
2659 if (__afl_cmp_map->headers[k].type != CMP_TYPE_RTN) { in __cmplog_rtn_hook()
2661 __afl_cmp_map->headers[k].type = CMP_TYPE_RTN; in __cmplog_rtn_hook()
2662 __afl_cmp_map->headers[k].hits = 1; in __cmplog_rtn_hook()
2663 __afl_cmp_map->headers[k].shape = len - 1; in __cmplog_rtn_hook()
2668 hits = __afl_cmp_map->headers[k].hits++; in __cmplog_rtn_hook()
2670 if (__afl_cmp_map->headers[k].shape < len) { in __cmplog_rtn_hook()
2672 __afl_cmp_map->headers[k].shape = len - 1; in __cmplog_rtn_hook()
2678 struct cmpfn_operands *cmpfn = (struct cmpfn_operands *)__afl_cmp_map->log[k]; in __cmplog_rtn_hook()
2679 hits &= CMP_MAP_RTN_H - 1; in __cmplog_rtn_hook()
2720 k = (uintptr_t)(default_hash((u8 *)&k, sizeof(uintptr_t)) & (CMP_MAP_W - 1)); in __cmplog_rtn_hook_n()
2724 if (__afl_cmp_map->headers[k].type != CMP_TYPE_RTN) { in __cmplog_rtn_hook_n()
2726 __afl_cmp_map->headers[k].type = CMP_TYPE_RTN; in __cmplog_rtn_hook_n()
2727 __afl_cmp_map->headers[k].hits = 1; in __cmplog_rtn_hook_n()
2728 __afl_cmp_map->headers[k].shape = l - 1; in __cmplog_rtn_hook_n()
2733 hits = __afl_cmp_map->headers[k].hits++; in __cmplog_rtn_hook_n()
2735 if (__afl_cmp_map->headers[k].shape < l) { in __cmplog_rtn_hook_n()
2737 __afl_cmp_map->headers[k].shape = l - 1; in __cmplog_rtn_hook_n()
2743 struct cmpfn_operands *cmpfn = (struct cmpfn_operands *)__afl_cmp_map->log[k]; in __cmplog_rtn_hook_n()
2744 hits &= CMP_MAP_RTN_H - 1; in __cmplog_rtn_hook_n()