fix regression in class lookup

2025-06-14 11:08:06 +00:00 · 2021-08-31 23:54:06 +02:00
parent fe5b2c355f
commit d4a8a9df69
5 changed files with 12 additions and 15 deletions
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@ -13,6 +13,9 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
    - added AFL_IGNORE_PROBLEMS plus checks to identify and abort on
      incorrect LTO usage setups and enhanced the READMEs for better
      information on how to deal with instrumenting libraries
+    - fix a regression introduced in 3.10 that resulted in less
+      coverage being detected. thanks to Collin May for reporting!
+
  - afl-cc:
    - fix for shared linking on MacOS
    - llvm and LTO mode verified to work with new llvm 14-dev
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@ -143,17 +143,9 @@ u32 count_non_255_bytes(afl_state_t *afl, u8 *mem) {
   and replacing it with 0x80 or 0x01 depending on whether the tuple
   is hit or not. Called on every new crash or timeout, should be
   reasonably fast. */
-#define TIMES4(x) x, x, x, x
-#define TIMES8(x) TIMES4(x), TIMES4(x)
-#define TIMES16(x) TIMES8(x), TIMES8(x)
-#define TIMES32(x) TIMES16(x), TIMES16(x)
-#define TIMES64(x) TIMES32(x), TIMES32(x)
-#define TIMES255(x)                                                      \
-  TIMES64(x), TIMES64(x), TIMES64(x), TIMES32(x), TIMES16(x), TIMES8(x), \
-      TIMES4(x), x, x, x
 const u8 simplify_lookup[256] = {

-    [0] = 1, [1] = TIMES255(128)
+    [0] = 1, [1 ... 255] = 128

 };

@ -167,11 +159,11 @@ const u8 count_class_lookup8[256] = {
    [1] = 1,
    [2] = 2,
    [3] = 4,
-    [4] = TIMES4(8),
-    [8] = TIMES8(16),
-    [16] = TIMES16(32),
-    [32] = TIMES32(64),
-    [128] = TIMES64(128)
+    [4 ... 7] = 8,
+    [8 ... 15] = 16,
+    [16 ... 31] = 32,
+    [32 ... 127] = 64,
+    [128 ... 255] = 128

 };

--- a/test/test-compcov.c
+++ b/test/test-compcov.c
@ -43,6 +43,7 @@ int main(int argc, char **argv) {
    printf("This will only crash with libdislocator: %s\n", buf);

  } else if (*(unsigned int *)input == 0xabadcafe)
+
    printf("GG you eat cmp tokens for breakfast!\n");
  else if (memcmp(cmpval, input, 8) == 0)
    printf("local var memcmp works!\n");
--- a/unicorn_mode/unicornafl
+++ b/unicorn_mode/unicornafl
--- a/utils/plot_ui/afl-plot-ui.c
+++ b/utils/plot_ui/afl-plot-ui.c
@ -170,3 +170,4 @@ static void plot_toggled(GtkWidget *caller, gpointer data) {
  }

 }
+