fix cmplog rtn

include/envs.h

@@ -50,6 +50,7 @@ static char *afl_environment_variables[] = {
     "AFL_FAST_CAL",
     "AFL_FORCE_UI",
     "AFL_FUZZER_ARGS",  // oss-fuzz
+    "AFL_GDB",
     "AFL_GCC_ALLOWLIST",
     "AFL_GCC_DENYLIST",
     "AFL_GCC_BLOCKLIST",

instrumentation/afl-compiler-rt.o.c

@@ -1730,18 +1730,18 @@ __attribute__((weak)) void *__asan_region_is_poisoned(void *beg, size_t size) {
 // to avoid to call it on .text addresses
 static int area_is_valid(void *ptr, size_t len) {
 
-  if (unlikely(__asan_region_is_poisoned(ptr, len))) { return 0; }
+  if (unlikely(!ptr || __asan_region_is_poisoned(ptr, len))) { return 0; }
 
-  long r = syscall(__afl_dummy_fd[1], SYS_write, ptr, len);
+  long r = syscall(SYS_write, __afl_dummy_fd[1], ptr, len);
 
   if (unlikely(r <= 0 || r > len)) {  // fail - maybe hitting asan boundary?
 
     char *p = (char *)ptr;
     long  page_size = sysconf(_SC_PAGE_SIZE);
     char *page = (char *)((uintptr_t)p & ~(page_size - 1)) + page_size;
-    if (page < p + len) { return 0; }  // no isnt, return fail
-    len -= (p + len - page);
-    r = syscall(__afl_dummy_fd[1], SYS_write, p, len);
+    if (page >= p + len) { return 0; }  // no isnt, return fail
+    len = page - p - len;
+    r = syscall(SYS_write, __afl_dummy_fd[1], p, len);
 
   }
 

src/afl-common.c

@@ -150,10 +150,12 @@ void argv_cpy_free(char **argv) {
 char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
 
   if (unlikely(getenv("AFL_QEMU_CUSTOM_BIN"))) {
+
     WARNF(
         "AFL_QEMU_CUSTOM_BIN is enabled. "
         "You must run your target under afl-qemu-trace on your own!");
     return argv;
+
   }
 
   if (!unlikely(own_loc)) { FATAL("BUG: param own_loc is NULL"); }

utils/aflpp_driver/aflpp_driver.c

@@ -208,6 +208,16 @@ int main(int argc, char **argv) {
       "======================================================\n",
       argv[0], argv[0]);
 
+  if (getenv("AFL_GDB")) {
+
+    char cmd[64];
+    snprintf(cmd, sizeof(cmd), "cat /proc/%d/maps", getpid());
+    system(cmd);
+    fprintf(stderr, "DEBUG: aflpp_driver pid is %d\n", getpid());
+    sleep(1);
+
+  }
+
   output_file = stderr;
   maybe_duplicate_stderr();
   maybe_close_fd_mask();