fix shmem persistent mode

2025-06-16 20:08:07 +00:00 · 2020-06-04 02:37:05 +02:00
parent e11922e5cc
commit 35ddec7aeb
5 changed files with 15 additions and 15 deletions
--- a/llvm_mode/afl-llvm-rt.o.c
+++ b/llvm_mode/afl-llvm-rt.o.c
@ -77,9 +77,8 @@ u8                  __afl_area_initial[MAP_SIZE];
 u8 * __afl_area_ptr = __afl_area_initial;
 u8 * __afl_dictionary;
 u8 * __afl_fuzz_ptr;
-u32  __afl_fuzz_len;
 u32  __afl_fuzz_len_dummy;
-u32 *__afl_fuzz_len_shmem = &__afl_fuzz_len_dummy;
+u32 *__afl_fuzz_len = &__afl_fuzz_len_dummy;

 u32 __afl_final_loc;
 u32 __afl_map_size = MAP_SIZE;
@ -138,19 +137,19 @@ static void __afl_map_shm_fuzz() {

    }

-    __afl_fuzz_len_shmem =
+    __afl_fuzz_len =
        (u32 *)mmap(0, MAX_FILE, PROT_READ, MAP_SHARED, shm_fd, 0);

 #else
    u32 shm_id = atoi(id_str);

-    __afl_fuzz_len_shmem = (u32 *)shmat(shm_id, NULL, 0);
+    __afl_fuzz_len = (u32 *)shmat(shm_id, NULL, 0);

 #endif

    /* Whooooops. */

-    if (__afl_fuzz_len_shmem == (void *)-1) {
+    if (__afl_fuzz_len == (void *)-1) {

      fprintf(stderr, "Error: could not access fuzzing shared memory\n");
      exit(1);
@ -167,7 +166,7 @@ static void __afl_map_shm_fuzz() {

  }

-  __afl_fuzz_ptr = (u8 *)(__afl_fuzz_len_shmem + sizeof(int));
+  __afl_fuzz_ptr = (u8 *)(__afl_fuzz_len + sizeof(int));

 }

@ -457,7 +456,7 @@ static void __afl_start_snapshots(void) {
      s32 fd_doc = open(fn, O_WRONLY | O_CREAT | O_TRUNC, 0600);
      if (fd_doc >= 0) {

-        if (write(fd_doc, __afl_fuzz_ptr, __afl_fuzz_len) != __afl_fuzz_len) {
+        if (write(fd_doc, __afl_fuzz_ptr, *__afl_fuzz_len) != *__afl_fuzz_len) {

          fprintf(stderr, "write of mutation file failed: %s\n", fn);
          unlink(fn);
@ -657,7 +656,7 @@ static void __afl_start_forkserver(void) {
      s32 fd_doc = open(fn, O_WRONLY | O_CREAT | O_TRUNC, 0600);
      if (fd_doc >= 0) {

-        if (write(fd_doc, __afl_fuzz_ptr, __afl_fuzz_len) != __afl_fuzz_len) {
+        if (write(fd_doc, __afl_fuzz_ptr, *__afl_fuzz_len) != *__afl_fuzz_len) {

          fprintf(stderr, "write of mutation file failed: %s\n", fn);
          unlink(fn);
@ -770,8 +769,6 @@ int __afl_persistent_loop(unsigned int max_cnt) {

      raise(SIGSTOP);

-      __afl_fuzz_len = *__afl_fuzz_len_shmem;
-
      __afl_area_ptr[0] = 1;
      memset(__afl_prev_loc, 0, NGRAM_SIZE_MAX * sizeof(PREV_LOC_T));