From b408fdffcc317f865a1379f802cb6e80bf862f62 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 18 Apr 2020 19:54:54 +0200 Subject: [PATCH 1/4] fix compilation use CFLAGS_FLTO for afl-gotcpu also (thanks Marc) --- GNUmakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/GNUmakefile b/GNUmakefile index 11dfa803..6efc1328 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -316,7 +316,7 @@ afl-analyze: src/afl-analyze.c src/afl-common.o src/afl-sharedmem.o $(COMM_HDR) $(CC) $(CFLAGS) $(CFLAGS_FLTO) src/$@.c src/afl-common.o src/afl-sharedmem.o -o $@ $(LDFLAGS) afl-gotcpu: src/afl-gotcpu.c src/afl-common.o $(COMM_HDR) | test_x86 - $(CC) $(CFLAGS) src/$@.c src/afl-common.o -o $@ $(LDFLAGS) + $(CC) $(CFLAGS) $(CFLAGS_FLTO) src/$@.c src/afl-common.o -o $@ $(LDFLAGS) # document all mutations and only do one run (use with only one input file!) From e90194093ebb73abbbda7c225878b68ae5bc03e7 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Mon, 20 Apr 2020 07:58:48 +0200 Subject: [PATCH 2/4] Revert "fix compilation use CFLAGS_FLTO for afl-gotcpu also (thanks Marc)" This reverts commit b408fdffcc317f865a1379f802cb6e80bf862f62. --- GNUmakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/GNUmakefile b/GNUmakefile index 6efc1328..11dfa803 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -316,7 +316,7 @@ afl-analyze: src/afl-analyze.c src/afl-common.o src/afl-sharedmem.o $(COMM_HDR) $(CC) $(CFLAGS) $(CFLAGS_FLTO) src/$@.c src/afl-common.o src/afl-sharedmem.o -o $@ $(LDFLAGS) afl-gotcpu: src/afl-gotcpu.c src/afl-common.o $(COMM_HDR) | test_x86 - $(CC) $(CFLAGS) $(CFLAGS_FLTO) src/$@.c src/afl-common.o -o $@ $(LDFLAGS) + $(CC) $(CFLAGS) src/$@.c src/afl-common.o -o $@ $(LDFLAGS) # document all mutations and only do one run (use with only one input file!) From e6fccdd9c1804e66db13e4b0d5faccc5a83d4116 Mon Sep 17 00:00:00 2001 From: David Mendenhall Date: Mon, 20 Apr 2020 14:24:47 -0700 Subject: [PATCH 3/4] Move comment about adding 8 bytes to buffer length to the line where we actually add 8 bytes Remove defunct TODO for posix_memalign as the function now exists Add wrapper for malloc_usable_size --- libdislocator/libdislocator.so.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/libdislocator/libdislocator.so.c b/libdislocator/libdislocator.so.c index 1fbfe9d6..72d280e6 100644 --- a/libdislocator/libdislocator.so.c +++ b/libdislocator/libdislocator.so.c @@ -183,6 +183,9 @@ static void *__dislocator_alloc(size_t len) { else rlen = len; + /* We will also store buffer length and a canary below the actual buffer, so + let's add 8 bytes for that. */ + tlen = (1 + PG_COUNT(rlen + 8)) * PAGE_SIZE; flags = MAP_PRIVATE | MAP_ANONYMOUS; fd = -1; @@ -200,9 +203,6 @@ static void *__dislocator_alloc(size_t len) { (void)sp; #endif - /* We will also store buffer length and a canary below the actual buffer, so - let's add 8 bytes for that. */ - ret = (u8 *)mmap(NULL, tlen, PROT_READ | PROT_WRITE, flags, fd, 0); #if defined(USEHUGEPAGE) /* We try one more time with regular call */ @@ -296,10 +296,6 @@ void *calloc(size_t elem_len, size_t elem_cnt) { } -/* TODO: add a wrapper for posix_memalign, otherwise apps who use it, - will fail when freeing the memory. -*/ - /* The wrapper for malloc(). Roughly the same, also clobbers the returned memory (unlike calloc(), malloc() is not guaranteed to return zeroed memory). */ @@ -468,6 +464,12 @@ void *reallocarray(void *ptr, size_t elem_len, size_t elem_cnt) { } +size_t malloc_usable_size(void *ptr) { + + return PTR_L(ptr); + +} + __attribute__((constructor)) void __dislocator_init(void) { u8 *tmp = (u8 *)getenv("AFL_LD_LIMIT_MB"); @@ -492,4 +494,3 @@ __attribute__((constructor)) void __dislocator_init(void) { align_allocations = !!getenv("AFL_ALIGNED_ALLOC"); } - From 441b64b467e17d62056c3cf7eae9e9a381644db7 Mon Sep 17 00:00:00 2001 From: David Mendenhall Date: Mon, 20 Apr 2020 15:00:48 -0700 Subject: [PATCH 4/4] add NULL check to malloc_usable_size --- libdislocator/libdislocator.so.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libdislocator/libdislocator.so.c b/libdislocator/libdislocator.so.c index 72d280e6..19e84d9f 100644 --- a/libdislocator/libdislocator.so.c +++ b/libdislocator/libdislocator.so.c @@ -466,7 +466,7 @@ void *reallocarray(void *ptr, size_t elem_len, size_t elem_cnt) { size_t malloc_usable_size(void *ptr) { - return PTR_L(ptr); + return ptr ? PTR_L(ptr) : 0; }