added test and debug

2025-06-12 10:08:07 +00:00 · 2019-07-20 13:12:19 +02:00
parent 5ac5d91c6b
commit c7887abb64
3 changed files with 79 additions and 2 deletions
--- a/qemu_mode/libcompcov/Makefile
+++ b/qemu_mode/libcompcov/Makefile
@ -21,7 +21,7 @@ VERSION     = $(shell grep '^\#define VERSION ' ../config.h | cut -d '"' -f2)
 CFLAGS      ?= -O3 -funroll-loops
 CFLAGS      += -Wall -Wno-unused-result -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign
-all: libcompcov.so
+all: libcompcov.so compcovtest
 libcompcov.so: libcompcov.so.c ../../config.h
 	$(CC) $(CFLAGS) -shared -fPIC $< -o $@ $(LDFLAGS)
@ -30,7 +30,10 @@ libcompcov.so: libcompcov.so.c ../../config.h
 clean:
 	rm -f *.o *.so *~ a.out core core.[1-9][0-9]*
-	rm -f libcompcov.so
+	rm -f libcompcov.so compcovtest
 compcovtest:	compcovtest.cc
 	$(CXX) $< -o $@ 
 install: all
 	install -m 755 libcompcov.so $${DESTDIR}$(HELPER_PATH)
--- a/qemu_mode/libcompcov/compcovtest.cc
+++ b/qemu_mode/libcompcov/compcovtest.cc
@ -0,0 +1,63 @@
 /////////////////////////////////////////////////////////////////////////
 //
 // Author: Mateusz Jurczyk (mjurczyk@google.com)
 //
 // Copyright 2019 Google LLC
 // 
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 // 
 // https://www.apache.org/licenses/LICENSE-2.0
 // 
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 // solution: echo -ne 'The quick brown fox jumps over the lazy dog\xbe\xba\xfe\xca\xbe\xba\xfe\xca\xde\xc0\xad\xde\xef\xbe' | ./compcovtest
 #include <cstdint>
 #include <cstdio>
 #include <cstdlib>
 #include <cstring>
 int main() {
  char buffer[44] = { /* zero padding */ };
  fread(buffer, 1, sizeof(buffer) - 1, stdin);
  if (memcmp(&buffer[0], "The quick brown fox ", 20) != 0 ||
      strncmp(&buffer[20], "jumps over ", 11) != 0 ||
      strcmp(&buffer[31], "the lazy dog") != 0) {
    return 1;
  }
  uint64_t x = 0;
  fread(&x, sizeof(x), 1, stdin);
  if (x != 0xCAFEBABECAFEBABE) {
    return 2;
  }
  uint32_t y = 0;
  fread(&y, sizeof(y), 1, stdin);
  if (y != 0xDEADC0DE) {
    return 3;
  }
  uint16_t z = 0;
  fread(&z, sizeof(z), 1, stdin);
  switch (z) {
    case 0xBEEF:
      break;
    default:
      return 4;
  }
  printf("Puzzle solved, congrats!\n");
  abort();
  return 0;
 }
--- a/qemu_mode/libcompcov/libcompcov.so.c
+++ b/qemu_mode/libcompcov/libcompcov.so.c
@ -45,6 +45,8 @@ static void *__compcov_code_start,
 static u8 *__compcov_afl_map;
 static int debug_fd = -1;
 static size_t __strlen2(const char *s1, const char *s2, size_t max_length) {
  // from https://github.com/googleprojectzero/CompareCoverage
@ -108,6 +110,12 @@ static void __compcov_trace(u64 cur_loc, const u8* v0, const u8* v1, size_t n) {
  size_t i;
  if (debug_fd != 1) {
    char debugbuf[4096];
    snprintf(debugbuf, sizeof(debugbuf), "0x%llx %s %s %lu\n", cur_loc, v0 == NULL ? "(null)" : (char*)v0, v1 == NULL ? "(null)" : (char*)v1, n);
    write(debug_fd, debugbuf, strlen(debugbuf));
  }
  for (i = 0; i < n && v0[i] == v1[i]; ++i) {
    __compcov_afl_map[cur_loc +i]++;
@ -301,6 +309,9 @@ int memcmp(const void* mem1, const void* mem2, size_t len) {
 __attribute__((constructor)) void __compcov_init(void) {
  if (getenv("AFL_QEMU_COMPCOV_DEBUG") != NULL)
    debug_fd = open("compcov.debug", O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, 0644);
  __compcov_load();
 }