ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 02:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

wipe overflow data

Browse Source
This commit is contained in:
vanhauser-thc
2021-10-31 12:40:32 +01:00
parent 639d108512
commit 01d266f2b4
2 changed files with 22 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/cmplog.h
View File

@ -48,7 +48,8 @@ struct cmp_header {
unsigned shape : 5; unsigned shape : 5;
unsigned type : 2; unsigned type : 2;
unsigned attribute : 4; unsigned attribute : 4;
unsigned reserved : 5; unsigned overflow : 1;
unsigned reserved : 4;
} __attribute__((packed)); } __attribute__((packed));

28
instrumentation/afl-compiler-rt.o.c
View File

@ -1935,9 +1935,12 @@ void __cmplog_rtn_hook_n(u8 *ptr1, u8 *ptr2, u64 len) {
struct cmpfn_operands *cmpfn = (struct cmpfn_operands *)__afl_cmp_map->log[k]; struct cmpfn_operands *cmpfn = (struct cmpfn_operands *)__afl_cmp_map->log[k];
hits &= CMP_MAP_RTN_H - 1; hits &= CMP_MAP_RTN_H - 1;
if (unlikely(reset && !hits)) {
__builtin_memset(cmpfn, 0, sizeof(struct cmpfn_operands)); if (unlikely(reset && !hits)) { __afl_cmp_map->headers[k].overflow = 1; }
if (unlikely(__afl_cmp_map->headers[k].overflow)) {
__builtin_memset((char *)&cmpfn[hits], 0, sizeof(struct cmpfn_operands));
} }
@ -1988,9 +1991,12 @@ void __cmplog_rtn_hook_strn(u8 *ptr1, u8 *ptr2, u64 len) {
struct cmpfn_operands *cmpfn = (struct cmpfn_operands *)__afl_cmp_map->log[k]; struct cmpfn_operands *cmpfn = (struct cmpfn_operands *)__afl_cmp_map->log[k];
hits &= CMP_MAP_RTN_H - 1; hits &= CMP_MAP_RTN_H - 1;
if (unlikely(reset && !hits)) {
__builtin_memset(cmpfn, 0, sizeof(struct cmpfn_operands)); if (unlikely(reset && !hits)) { __afl_cmp_map->headers[k].overflow = 1; }
if (unlikely(__afl_cmp_map->headers[k].overflow)) {
__builtin_memset((char *)&cmpfn[hits], 0, sizeof(struct cmpfn_operands));
} }
@ -2043,9 +2049,12 @@ void __cmplog_rtn_hook_str(u8 *ptr1, u8 *ptr2) {
struct cmpfn_operands *cmpfn = (struct cmpfn_operands *)__afl_cmp_map->log[k]; struct cmpfn_operands *cmpfn = (struct cmpfn_operands *)__afl_cmp_map->log[k];
hits &= CMP_MAP_RTN_H - 1; hits &= CMP_MAP_RTN_H - 1;
if (unlikely(reset && !hits)) {
__builtin_memset(cmpfn, 0, sizeof(struct cmpfn_operands)); if (unlikely(reset && !hits)) { __afl_cmp_map->headers[k].overflow = 1; }
if (unlikely(__afl_cmp_map->headers[k].overflow)) {
__builtin_memset((char *)&cmpfn[hits], 0, sizeof(struct cmpfn_operands));
} }
@ -2106,9 +2115,12 @@ void __cmplog_rtn_hook(u8 *ptr1, u8 *ptr2) {
struct cmpfn_operands *cmpfn = (struct cmpfn_operands *)__afl_cmp_map->log[k]; struct cmpfn_operands *cmpfn = (struct cmpfn_operands *)__afl_cmp_map->log[k];
hits &= CMP_MAP_RTN_H - 1; hits &= CMP_MAP_RTN_H - 1;
if (unlikely(reset && !hits)) {
__builtin_memset(cmpfn, 0, sizeof(struct cmpfn_operands)); if (unlikely(reset && !hits)) { __afl_cmp_map->headers[k].overflow = 1; }
if (unlikely(__afl_cmp_map->headers[k].overflow)) {
__builtin_memset((char *)&cmpfn[hits], 0, sizeof(struct cmpfn_operands));
} }