fix warnings and an llvm cmplog+lto panic

2025-06-10 01:01:33 +00:00 · 2021-02-01 22:59:41 +01:00 · 2021-02-01 22:59:41 +01:00 · 90fdafa1ad
commit 90fdafa1ad
parent b9f469e12f
5 changed files with 69 additions and 62 deletions
--- a/instrumentation/afl-compiler-rt.o.c
+++ b/instrumentation/afl-compiler-rt.o.c
@ -1169,7 +1169,8 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) {
  if (getenv("AFL_DEBUG")) {
-    fprintf(stderr, "Running __sanitizer_cov_trace_pc_guard_init: %p-%p (%lu edges)\n",
+    fprintf(stderr,
            "Running __sanitizer_cov_trace_pc_guard_init: %p-%p (%lu edges)\n",
            start, stop, stop - start);
  }
@ -1448,45 +1449,38 @@ void __cmplog_ins_hook16(uint128_t arg1, uint128_t arg2, uint8_t attr) {
 #endif
-#if defined(__APPLE__)
+void __sanitizer_cov_trace_cmp1(uint8_t arg1, uint8_t arg2) {
  #pragma weak __sanitizer_cov_trace_const_cmp1 = __cmplog_ins_hook1
  #pragma weak __sanitizer_cov_trace_const_cmp2 = __cmplog_ins_hook2
  #pragma weak __sanitizer_cov_trace_const_cmp4 = __cmplog_ins_hook4
  #pragma weak __sanitizer_cov_trace_const_cmp8 = __cmplog_ins_hook8
  #pragma weak __sanitizer_cov_trace_const_cmp16 = __cmplog_ins_hook16
-  #pragma weak __sanitizer_cov_trace_cmp1 = __cmplog_ins_hook1
+  __cmplog_ins_hook1(arg1, arg2, 0);
-  #pragma weak __sanitizer_cov_trace_cmp2 = __cmplog_ins_hook2
+
-  #pragma weak __sanitizer_cov_trace_cmp4 = __cmplog_ins_hook4
+}
-  #pragma weak __sanitizer_cov_trace_cmp8 = __cmplog_ins_hook8
+
-  #pragma weak __sanitizer_cov_trace_cmp16 = __cmplog_ins_hook16
+void __sanitizer_cov_trace_cmp2(uint16_t arg1, uint16_t arg2) {
-#else
+
-void __sanitizer_cov_trace_const_cmp1(uint8_t arg1, uint8_t arg2)
+  __cmplog_ins_hook2(arg1, arg2, 0);
-    __attribute__((alias("__cmplog_ins_hook1")));
+
-void __sanitizer_cov_trace_const_cmp2(uint16_t arg1, uint16_t arg2)
+}
-    __attribute__((alias("__cmplog_ins_hook2")));
+
-void __sanitizer_cov_trace_const_cmp4(uint32_t arg1, uint32_t arg2)
+void __sanitizer_cov_trace_cmp4(uint32_t arg1, uint32_t arg2) {
-    __attribute__((alias("__cmplog_ins_hook4")));
+
-void __sanitizer_cov_trace_const_cmp8(uint64_t arg1, uint64_t arg2)
+  __cmplog_ins_hook4(arg1, arg2, 0);
-    __attribute__((alias("__cmplog_ins_hook8")));
+
-  #ifdef WORD_SIZE_64
+}
-void __sanitizer_cov_trace_const_cmp16(uint128_t arg1, uint128_t arg2)
+
-    __attribute__((alias("__cmplog_ins_hook16")));
+void __sanitizer_cov_trace_cmp8(uint64_t arg1, uint64_t arg2) {
-  #endif
+
  __cmplog_ins_hook8(arg1, arg2, 0);
 }
 void __sanitizer_cov_trace_cmp1(uint8_t arg1, uint8_t arg2)
    __attribute__((alias("__cmplog_ins_hook1")));
 void __sanitizer_cov_trace_cmp2(uint16_t arg1, uint16_t arg2)
    __attribute__((alias("__cmplog_ins_hook2")));
 void __sanitizer_cov_trace_cmp4(uint32_t arg1, uint32_t arg2)
    __attribute__((alias("__cmplog_ins_hook4")));
 void __sanitizer_cov_trace_cmp8(uint64_t arg1, uint64_t arg2)
    __attribute__((alias("__cmplog_ins_hook8")));
 #ifdef WORD_SIZE_64
-void __sanitizer_cov_trace_cmp16(uint128_t arg1, uint128_t arg2)
+void __sanitizer_cov_trace_cmp16(uint128_t arg1, uint128_t arg2) {
-    __attribute__((alias("__cmplog_ins_hook16")));
+
  __cmplog_ins_hook16(arg1, arg2, 0);
 }
 #endif
 #endif                                                /* defined(__APPLE__) */
 void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases) {
--- a/instrumentation/cmplog-instructions-pass.cc
+++ b/instrumentation/cmplog-instructions-pass.cc
@ -277,8 +277,12 @@ bool CmpLogInstructions::hookInstrs(Module &M) {
      if (max_size % 8) {
        // bitcast from i6 to i8 panics llvm, so ...
        continue;
        /*
                max_size = (((max_size / 8) + 1) * 8);
                do_cast = 1;
        */
      }
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@ -2439,7 +2439,8 @@ u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len) {
  afl->stage_max = 0;
  afl->stage_cur = 0;
-  u32 lvl = (afl->queue_cur->colorized ? 0 : LVL1) + (afl->cmplog_lvl == CMPLOG_LVL_MAX ? LVL3 : 0);
+  u32 lvl = (afl->queue_cur->colorized ? 0 : LVL1) +
            (afl->cmplog_lvl == CMPLOG_LVL_MAX ? LVL3 : 0);
 #ifdef COMBINE
  u8 *cbuf = afl_realloc((void **)&afl->in_scratch_buf, len + 128);
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@ -123,7 +123,8 @@ static void usage(u8 *argv0, int more_help) {
      "it.\n"
      "                  if using QEMU, just use -c 0.\n"
      "  -l cmplog_level - set the complexity/intensivity of CmpLog.\n"
-      "                  Values: 1 (basic), 2 (larger files) and 3 (transform)\n\n"
+      "                  Values: 1 (basic), 2 (larger files) and 3 "
      "(transform)\n\n"
      "Fuzzing behavior settings:\n"
      "  -Z            - sequential queue selection instead of weighted "
@ -1556,17 +1557,19 @@ int main(int argc, char **argv_orig, char **envp) {
        afl->virgin_tmout = ck_realloc(afl->virgin_tmout, new_map_size);
        afl->virgin_crash = ck_realloc(afl->virgin_crash, new_map_size);
        afl->var_bytes = ck_realloc(afl->var_bytes, new_map_size);
-        afl->top_rated = ck_realloc(afl->top_rated, new_map_size * sizeof(void *));
+        afl->top_rated =
            ck_realloc(afl->top_rated, new_map_size * sizeof(void *));
        afl->clean_trace = ck_realloc(afl->clean_trace, new_map_size);
-        afl->clean_trace_custom = ck_realloc(afl->clean_trace_custom, new_map_size);
+        afl->clean_trace_custom =
            ck_realloc(afl->clean_trace_custom, new_map_size);
        afl->first_trace = ck_realloc(afl->first_trace, new_map_size);
        afl->map_tmp_buf = ck_realloc(afl->map_tmp_buf, new_map_size);
        afl_fsrv_kill(&afl->fsrv);
        afl_shm_deinit(&afl->shm);
        afl->fsrv.map_size = new_map_size;
-        afl->fsrv.trace_bits = afl_shm_init(&afl->shm, new_map_size,
+        afl->fsrv.trace_bits =
-                                            afl->non_instrumented_mode);
+            afl_shm_init(&afl->shm, new_map_size, afl->non_instrumented_mode);
        setenv("AFL_NO_AUTODICT", "1", 1);  // loaded already
        afl_fsrv_start(&afl->fsrv, afl->argv, &afl->stop_soon,
                       afl->afl_env.afl_debug_child);
@ -1608,9 +1611,11 @@ int main(int argc, char **argv_orig, char **envp) {
        afl->virgin_tmout = ck_realloc(afl->virgin_tmout, new_map_size);
        afl->virgin_crash = ck_realloc(afl->virgin_crash, new_map_size);
        afl->var_bytes = ck_realloc(afl->var_bytes, new_map_size);
-        afl->top_rated = ck_realloc(afl->top_rated, new_map_size * sizeof(void *));
+        afl->top_rated =
            ck_realloc(afl->top_rated, new_map_size * sizeof(void *));
        afl->clean_trace = ck_realloc(afl->clean_trace, new_map_size);
-        afl->clean_trace_custom = ck_realloc(afl->clean_trace_custom, new_map_size);
+        afl->clean_trace_custom =
            ck_realloc(afl->clean_trace_custom, new_map_size);
        afl->first_trace = ck_realloc(afl->first_trace, new_map_size);
        afl->map_tmp_buf = ck_realloc(afl->map_tmp_buf, new_map_size);
@ -1619,8 +1624,8 @@ int main(int argc, char **argv_orig, char **envp) {
        afl_shm_deinit(&afl->shm);
        afl->cmplog_fsrv.map_size = new_map_size;  // non-cmplog stays the same
-        afl->fsrv.trace_bits = afl_shm_init(&afl->shm, new_map_size,
+        afl->fsrv.trace_bits =
-                                            afl->non_instrumented_mode);
+            afl_shm_init(&afl->shm, new_map_size, afl->non_instrumented_mode);
        setenv("AFL_NO_AUTODICT", "1", 1);  // loaded already
        afl_fsrv_start(&afl->fsrv, afl->argv, &afl->stop_soon,
                       afl->afl_env.afl_debug_child);
@ -1786,6 +1791,7 @@ int main(int argc, char **argv_orig, char **envp) {
                afl->limit_time_puppet = 0;
              }
              */
              afl->expand_havoc = 2;
              if (afl->cmplog_lvl && afl->cmplog_lvl < 2) afl->cmplog_lvl = 2;
--- a/src/afl-ld-lto.c
+++ b/src/afl-ld-lto.c
@ -83,7 +83,7 @@ static void edit_params(int argc, char **argv) {
  if (!passthrough) {
-    for (i = 1; i < argc; i++) {
+    for (i = 1; i < (u32)argc; i++) {
      if (strstr(argv[i], "/afl-llvm-rt-lto.o") != NULL) rt_lto_present = 1;
      if (strstr(argv[i], "/afl-llvm-rt.o") != NULL) rt_present = 1;
@ -91,7 +91,7 @@ static void edit_params(int argc, char **argv) {
    }
-    for (i = 1; i < argc && !gold_pos; i++) {
+    for (i = 1; i < (u32)argc && !gold_pos; i++) {
      if (strcmp(argv[i], "-plugin") == 0) {
@ -100,7 +100,9 @@ static void edit_params(int argc, char **argv) {
          if (strcasestr(argv[i], "LLVMgold.so") != NULL)
            gold_present = gold_pos = i + 1;
-        } else if (i < argc && strcasestr(argv[i + 1], "LLVMgold.so") != NULL) {
+        } else if (i < (u32)argc &&
                   strcasestr(argv[i + 1], "LLVMgold.so") != NULL) {
          gold_present = gold_pos = i + 2;
@ -112,7 +114,7 @@ static void edit_params(int argc, char **argv) {
    if (!gold_pos) {
-      for (i = 1; i + 1 < argc && !gold_pos; i++) {
+      for (i = 1; i + 1 < (u32)argc && !gold_pos; i++) {
        if (argv[i][0] != '-') {
@ -198,7 +200,7 @@ static void edit_params(int argc, char **argv) {
        gold_present ? "true" : "false", inst_present ? "true" : "false",
        rt_present ? "true" : "false", rt_lto_present ? "true" : "false");
-  for (i = 1; i < argc; i++) {
+  for (i = 1; i < (u32)argc; i++) {
    if (ld_param_cnt >= MAX_PARAM_COUNT)
      FATAL(
@ -324,7 +326,7 @@ int main(int argc, char **argv) {
  if (debug) {
    DEBUGF("cd \"%s\";", thecwd);
-    for (i = 0; i < ld_param_cnt; i++)
+    for (i = 0; i < (s32)ld_param_cnt; i++)
      SAYF(" \"%s\"", ld_params[i]);
    SAYF("\n");