ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-13 18:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1504 from AFLplusplus/dev

Browse Source 
pcguard off-by-one fix
This commit is contained in:
van Hauser
2022-08-26 23:52:44 +02:00
committed by GitHub
parent 413e68ab6d 2775271b17
commit 147654f871
2 changed files with 14 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/Changelog.md
View File

@ -17,6 +17,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
- default calibration cycles set to 7 from 8, and only add 5 cycles - default calibration cycles set to 7 from 8, and only add 5 cycles
to variables queue items instead of 12. to variables queue items instead of 12.
- afl-cc: - afl-cc:
- fixed off-by-one bug in our pcguard implemenation, thanks for
@toka for reporting
- better handling of -fsanitize=..,...,.. lists - better handling of -fsanitize=..,...,.. lists
- fix gcc_mode cmplog - fix gcc_mode cmplog
- obtain the map size of a target with setting AFL_DUMP_MAP_SIZE=1 - obtain the map size of a target with setting AFL_DUMP_MAP_SIZE=1

20
instrumentation/SanitizerCoveragePCGUARD.so.cc
View File

@ -850,7 +850,8 @@ void ModuleSanitizerCoverageAFL::CreateFunctionLocalArrays(
bool ModuleSanitizerCoverageAFL::InjectCoverage( bool ModuleSanitizerCoverageAFL::InjectCoverage(
Function &F, ArrayRef<BasicBlock *> AllBlocks, bool IsLeafFunc) { Function &F, ArrayRef<BasicBlock *> AllBlocks, bool IsLeafFunc) {
uint32_t cnt_cov = 0, cnt_sel = 0, cnt_sel_inc = 0; uint32_t cnt_cov = 0, cnt_sel = 0, cnt_sel_inc = 0;
static uint32_t first = 1;
for (auto &BB : F) { for (auto &BB : F) {
@ -876,9 +877,11 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage(
} }
if (FuncName.compare(StringRef("__afl_coverage_interesting"))) continue; if (!FuncName.compare(StringRef("__afl_coverage_interesting"))) {
cnt_cov++; cnt_cov++;
}
} }
@ -917,7 +920,8 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage(
} }
/* Create PCGUARD array */ /* Create PCGUARD array */
CreateFunctionLocalArrays(F, AllBlocks, cnt_cov + cnt_sel_inc); CreateFunctionLocalArrays(F, AllBlocks, first + cnt_cov + cnt_sel_inc);
if (first) { first = 0; }
selects += cnt_sel; selects += cnt_sel;
uint32_t special = 0, local_selects = 0, skip_next = 0; uint32_t special = 0, local_selects = 0, skip_next = 0;
@ -1103,10 +1107,10 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage(
ModuleSanitizerCoverageAFL::SetNoSanitizeMetadata(MapPtr); ModuleSanitizerCoverageAFL::SetNoSanitizeMetadata(MapPtr);
/* /*
std::string errMsg; std::string errMsg;
raw_string_ostream os(errMsg); raw_string_ostream os(errMsg);
result->print(os); result->print(os);
fprintf(stderr, "X: %s\n", os.str().c_str()); fprintf(stderr, "X: %s\n", os.str().c_str());
*/ */
while (1) { while (1) {