ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-10 17:21:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix afl-cc (#1968)

Browse Source 
- Check if too many cmdline params here, each time before insert a new param.
 - Check if it is "-fsanitize=..." before we do sth.
 - Remove improper param_st transfer.
This commit is contained in:
Sonic 2024-01-25 16:57:50 +08:00 committed by GitHub
parent ba28c4982b
commit d88c97ad28
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 37 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

93
src/afl-cc.c
View File

@ -192,15 +192,11 @@ u8 *find_object(aflcc_state_t *, u8 *obj);
void find_built_deps(aflcc_state_t *);
static inline void limit_params(aflcc_state_t *aflcc, u32 add) {
if (aflcc->cc_par_cnt + add >= MAX_PARAMS_NUM)
FATAL("Too many command line parameters, please increase MAX_PARAMS_NUM.");
}
static inline void insert_param(aflcc_state_t *aflcc, u8 *param) {
if (unlikely(aflcc->cc_par_cnt + 1 >= MAX_PARAMS_NUM))
FATAL("Too many command line parameters, please increase MAX_PARAMS_NUM.");
aflcc->cc_params[aflcc->cc_par_cnt++] = param;
}
@ -1572,7 +1568,7 @@ void add_defs_fortify(aflcc_state_t *aflcc, u8 action) {
break;
}
aflcc->have_fortify = 1;
}
@ -1672,41 +1668,42 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) {
param_st final_ = PARAM_MISS;
if (strstr(cur_argv, "=address") || strstr(cur_argv, ",address")) {
// MACRO START
#define HAVE_SANITIZER_SCAN_KEEP(v, k) \
do { \
\
if (strstr(cur_argv, "=" STRINGIFY(k)) || \
strstr(cur_argv, "," STRINGIFY(k))) { \
\
if (scan) { \
\
aflcc->have_##v = 1; \
final_ = PARAM_SCAN; \
\
} else { \
\
final_ = PARAM_KEEP; \
\
} \
\
} \
\
} while (0)
aflcc->have_asan = 1;
// MACRO END
if (!strncmp(cur_argv, "-fsanitize=", strlen("-fsanitize="))) {
HAVE_SANITIZER_SCAN_KEEP(asan, address);
HAVE_SANITIZER_SCAN_KEEP(msan, memory);
HAVE_SANITIZER_SCAN_KEEP(ubsan, undefined);
HAVE_SANITIZER_SCAN_KEEP(tsan, thread);
HAVE_SANITIZER_SCAN_KEEP(lsan, leak);
HAVE_SANITIZER_SCAN_KEEP(cfisan, cfi);
}
if (strstr(cur_argv, "=memory") || strstr(cur_argv, ",memory")) {
aflcc->have_msan = 1;
}
if (strstr(cur_argv, "=undefined") || strstr(cur_argv, ",undefined")) {
aflcc->have_ubsan = 1;
}
if (strstr(cur_argv, "=thread") || strstr(cur_argv, ",thread")) {
aflcc->have_tsan = 1;
}
if (strstr(cur_argv, "=leak") || strstr(cur_argv, ",leak")) {
aflcc->have_lsan = 1;
}
if (strstr(cur_argv, "=cfi") || strstr(cur_argv, ",cfi")) {
aflcc->have_cfisan = 1;
}
#undef HAVE_SANITIZER_SCAN_KEEP
if (!strncmp(cur_argv, "-fsanitize-coverage-", 20) &&
strstr(cur_argv, "list=")) {
@ -1718,7 +1715,7 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) {
} else {
final_ = PARAM_KEEP; // may be set to DROP next
final_ = PARAM_KEEP;
}
@ -1787,20 +1784,6 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) {
}
if (final_ == PARAM_MISS) {
if (scan) {
final_ = PARAM_SCAN;
} else {
final_ = PARAM_KEEP;
}
}
if (final_ == PARAM_KEEP) insert_param(aflcc, cur_argv);
return final_;
@ -2880,8 +2863,6 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) {
static void process_params(aflcc_state_t *aflcc, u8 scan, u32 argc,
char **argv) {
limit_params(aflcc, argc);
// for (u32 x = 0; x < argc; ++x) fprintf(stderr, "[%u] %s\n", x, argv[x]);
/* Process the argument list. */