ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 19:38:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

switch order of shmem fuzz

Browse Source
This commit is contained in:
van Hauser
2020-06-03 16:19:09 +02:00
parent dd0ca7335f
commit 031e4300a5
3 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
llvm_mode/afl-llvm-rt.o.c
View File

@ -138,18 +138,19 @@ static void __afl_map_shm_fuzz() {
} }
__afl_fuzz_ptr = mmap(0, MAX_FILE, PROT_READ, MAP_SHARED, shm_fd, 0); __afl_fuzz_len_shmem =
(u32 *)mmap(0, MAX_FILE, PROT_READ, MAP_SHARED, shm_fd, 0);
#else #else
u32 shm_id = atoi(id_str); u32 shm_id = atoi(id_str);
__afl_fuzz_ptr = shmat(shm_id, NULL, 0); __afl_fuzz_len_shmem = (u32 *)shmat(shm_id, NULL, 0);
#endif #endif
/* Whooooops. */ /* Whooooops. */
if (__afl_fuzz_ptr == (void *)-1) { if (__afl_fuzz_len_shmem == (void *)-1) {
fprintf(stderr, "Error: could not access fuzzing shared memory\n"); fprintf(stderr, "Error: could not access fuzzing shared memory\n");
exit(1); exit(1);
@ -166,7 +167,7 @@ static void __afl_map_shm_fuzz() {
} }
__afl_fuzz_len_shmem = (u32 *)(__afl_fuzz_ptr + MAX_FILE); __afl_fuzz_ptr = (u8 *)(__afl_fuzz_len_shmem + sizeof(int));
} }

4
qemu_mode/patches/afl-qemu-cpu-inl.h
View File

@ -147,8 +147,8 @@ static void afl_map_shm_fuzz(void) {
if (id_str) { if (id_str) {
u32 shm_id = atoi(id_str); u32 shm_id = atoi(id_str);
shared_buf = shmat(shm_id, NULL, 0); shared_buf_len = (u32 *)shmat(shm_id, NULL, 0);
shared_buf_len = (u32 *)(shared_buf + MAX_FILE); shared_buf = (u8 *)(shared_buf_len + sizeof(int));
/* Whooooops. */ /* Whooooops. */

6
src/afl-fuzz-init.c
View File

@ -1960,8 +1960,8 @@ void setup_testcase_shmem(afl_state_t *afl) {
afl->shm_fuzz = ck_alloc(sizeof(sharedmem_t)); afl->shm_fuzz = ck_alloc(sizeof(sharedmem_t));
// we need to set the non-instrumented mode to not overwrite the SHM_ENV_VAR // we need to set the non-instrumented mode to not overwrite the SHM_ENV_VAR
if ((afl->fsrv.shmem_fuzz = if ((afl->fsrv.shmem_fuzz_len =
afl_shm_init(afl->shm_fuzz, MAX_FILE + sizeof(int), 1))) { (u32 *)afl_shm_init(afl->shm_fuzz, MAX_FILE + sizeof(int), 1))) {
#ifdef USEMMAP #ifdef USEMMAP
setenv(SHM_FUZZ_ENV_VAR, afl->shm_fuzz->g_shm_file_path, 1); setenv(SHM_FUZZ_ENV_VAR, afl->shm_fuzz->g_shm_file_path, 1);
@ -1972,7 +1972,7 @@ void setup_testcase_shmem(afl_state_t *afl) {
ck_free(shm_str); ck_free(shm_str);
#endif #endif
afl->fsrv.support_shmem_fuzz = 1; afl->fsrv.support_shmem_fuzz = 1;
afl->fsrv.shmem_fuzz_len = (u32 *)(afl->fsrv.shmem_fuzz + MAX_FILE); afl->fsrv.shmem_fuzz = (u8 *)(afl->fsrv.shmem_fuzz + sizeof(int));
} else { } else {