fix

2025-06-09 16:51:34 +00:00 · 2022-01-21 10:13:37 +01:00 · 2022-01-21 10:13:37 +01:00 · 22da04f077
commit 22da04f077
parent 5933e787f9
5 changed files with 31 additions and 31 deletions
--- a/nyx_mode/QEMU-Nyx
+++ b/nyx_mode/QEMU-Nyx
@ -1 +1 @@
-Subproject commit 902306beb01d858dcbcbaf0e1be26ce9dd0f293f
+Subproject commit d5a7011ad20ba5ba91f1371f9d40154035d5d768
--- a/nyx_mode/libnyx
+++ b/nyx_mode/libnyx
@ -1 +1 @@
-Subproject commit a5ae4c13e11de776779444eb69932802e102d7c4
+Subproject commit ecbcb2d7234fef0b5e1db8ca6019e6137ee0582d
--- a/nyx_mode/packer
+++ b/nyx_mode/packer
@ -1 +1 @@
-Subproject commit 8842549b5612a890258dcef812276cfdb62b76c7
+Subproject commit f91742ce6c51eee133b5675edd68f39202785db1
--- a/src/afl-cc.c
+++ b/src/afl-cc.c
@ -767,15 +767,13 @@ static void edit_params(u32 argc, char **argv, char **envp) {
      u8 *afllib = find_object("libAFLDriver.a", argv[0]);

      if (!be_quiet)
-        WARNF(
-            "Found erroneous '-fsanitize=fuzzer', trying to replace with "
-            "libAFLDriver.a");
+        OKF("Found '-fsanitize=fuzzer', replacing with libAFLDriver.a");

      if (!afllib) {

        WARNF(
-            "Cannot find 'libAFLDriver.a' to replace a wrong "
-            "'-fsanitize=fuzzer' in the flags - this will fail!");
+            "Cannot find 'libAFLDriver.a' to replace '-fsanitize=fuzzer' in "
+            "the flags - this will fail!");

      } else {

--- a/utils/aflpp_driver/aflpp_driver.c
+++ b/utils/aflpp_driver/aflpp_driver.c
@ -84,6 +84,8 @@ __attribute__((weak)) void __asan_unpoison_memory_region(

 }

+__attribute__((weak)) void *__asan_region_is_poisoned(void *beg, size_t size);
+
 // Notify AFL about persistent mode.
 static volatile char AFL_PERSISTENT[] = "##SIG_AFL_PERSISTENT##";
 int                  __afl_persistent_loop(unsigned int);
@ -328,45 +330,45 @@ int main(int argc, char **argv) {
  __asan_poison_memory_region(__afl_fuzz_ptr, MAX_FILE);
  size_t prev_length = 0;

-  int num_runs = 0;
-  while (__afl_persistent_loop(N)) {
+  // for speed only insert asan functions if the target is linked with asan
+  if (__asan_region_is_poisoned) {

-    size_t length = *__afl_fuzz_len;
+    while (__afl_persistent_loop(N)) {

-#ifdef _DEBUG
-    fprintf(stderr, "CLIENT crc: %016llx len: %u\n",
-            hash64(__afl_fuzz_ptr, *__afl_fuzz_len, 0xa5b35705),
-            *__afl_fuzz_len);
-    fprintf(stderr, "RECV:");
-    for (int i = 0; i < *__afl_fuzz_len; i++)
-      fprintf(stderr, "%02x", __afl_fuzz_ptr[i]);
-    fprintf(stderr, "\n");
-#endif
+      size_t length = *__afl_fuzz_len;

-    if (length) {
+      if (likely(length)) {

-      if (length < prev_length) {
+        if (length < prev_length) {

-        __asan_poison_memory_region(__afl_fuzz_ptr + length,
-                                    prev_length - length);
+          __asan_poison_memory_region(__afl_fuzz_ptr + length,
+                                      prev_length - length);

-      } else {
+        } else if (length > prev_length) {

-        __asan_unpoison_memory_region(__afl_fuzz_ptr + prev_length,
-                                      length - prev_length);
+          __asan_unpoison_memory_region(__afl_fuzz_ptr + prev_length,
+                                        length - prev_length);
+
+        }
+
+        prev_length = length;
+        LLVMFuzzerTestOneInput(__afl_fuzz_ptr, length);

      }

-      prev_length = length;
+    }

-      num_runs++;
-      LLVMFuzzerTestOneInput(__afl_fuzz_ptr, length);
+  } else {
+
+    while (__afl_persistent_loop(N)) {
+
+      LLVMFuzzerTestOneInput(__afl_fuzz_ptr, *__afl_fuzz_len);

    }

  }

-  printf("%s: successfully executed %d input(s)\n", argv[0], num_runs);
+  return 0;

 }