ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-23 14:34:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix compare-transform for strn?casecmp

Browse Source
This commit is contained in:
van Hauser
2020-05-24 01:59:08 +02:00
parent 38df6eb3a9
commit 68e66fa920
4 changed files with 26 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/Changelog.md
View File

@ -27,6 +27,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
- added AFL_LLVM_LAF_ALL, sets all laf-intel settings
- LTO whitelist functionality rewritten, now main, _init etc functions
need not to be whitelisted anymore
- fixed crash in compare-transform-pass when strcasemp/strncasecmp was
tried to be instrumented
- fixed afl-gcc/afl-as that could break on fast systems reusing pids in
the same second
- added lots of dictionaries from oss-fuzz, go-fuzz and Jakub Wilk

24
llvm_mode/afl-clang-fast.c
View File

@ -220,6 +220,20 @@ static void edit_params(u32 argc, char **argv, char **envp) {
afl-clang-lto(++)
*/
if (lto_mode) {
if (getenv("AFL_LLVM_WHITELIST") != NULL) {
cc_params[cc_par_cnt++] = "-Xclang";
cc_params[cc_par_cnt++] = "-load";
cc_params[cc_par_cnt++] = "-Xclang";
cc_params[cc_par_cnt++] =
alloc_printf("%s/afl-llvm-lto-whitelist.so", obj_path);
}
}
// laf
if (getenv("LAF_SPLIT_SWITCHES") || getenv("AFL_LLVM_LAF_SPLIT_SWITCHES")) {
@ -289,16 +303,6 @@ static void edit_params(u32 argc, char **argv, char **envp) {
if (lto_mode) {
if (getenv("AFL_LLVM_WHITELIST") != NULL) {
cc_params[cc_par_cnt++] = "-Xclang";
cc_params[cc_par_cnt++] = "-load";
cc_params[cc_par_cnt++] = "-Xclang";
cc_params[cc_par_cnt++] =
alloc_printf("%s/afl-llvm-lto-whitelist.so", obj_path);
}
cc_params[cc_par_cnt++] = alloc_printf("-fuse-ld=%s", AFL_REAL_LD);
cc_params[cc_par_cnt++] = "-Wl,--allow-multiple-definition";
if (instrument_mode == INSTRUMENT_CFG)

10
llvm_mode/compare-transform-pass.so.cc
View File

@ -438,9 +438,13 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
for (uint64_t i = 0; i < constLen; i++) {
BasicBlock *cur_bb = next_bb;
BasicBlock * cur_bb = next_bb;
unsigned char c;
char c = isCaseInsensitive ? tolower(ConstStr[i]) : ConstStr[i];
if (isCaseInsensitive)
c = (unsigned char)(tolower((int)ConstStr[i]) & 0xff);
else
c = (unsigned char)ConstStr[i];
BasicBlock::iterator IP = next_bb->getFirstInsertionPt();
IRBuilder<> IRB(&*IP);
@ -448,9 +452,11 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
Value *v = ConstantInt::get(Int64Ty, i);
Value *ele = IRB.CreateInBoundsGEP(VarStr, v, "empty");
Value *load = IRB.CreateLoad(ele);
if (isCaseInsensitive) {
// load >= 'A' && load <= 'Z' ? load | 0x020 : load
load = IRB.CreateZExt(load, Int32Ty);
std::vector<Value *> args;
args.push_back(load);
load = IRB.CreateCall(tolowerFn, args, "tmp");

2
test/test-compcov.c
View File

@ -39,6 +39,8 @@ int main(int argc, char **argv) {
printf("short local var memcmp works!\n");
else if (memcmp(global_cmpval, input, sizeof(global_cmpval)) == 0)
printf("global var memcmp works!\n");
else if (strncasecmp("-h", input, 2) == 0)
printf("this is not the help you are looking for\n");
else
printf("I do not know your string\n");