ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-11 09:41:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix failures for some sized string instrumentations

Browse Source
This commit is contained in:
vanhauser-thc 2021-07-07 12:19:05 +02:00
parent 405382cbdd
commit f1bcd378a2
5 changed files with 37 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/Changelog.md
View File

@ -20,6 +20,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
- afl-cc:
- Update to COMPCOV/laf-intel that speeds up the instrumentation
process a lot - thanks to Michael Rodler/f0rki for the PR!
- Fix for failures for some sized string instrumentations
- Fix to instrument global namespace functions in c++
- Fix for llvm 13
- support partial linking

12
instrumentation/SanitizerCoverageLTO.so.cc
View File

@ -759,6 +759,12 @@ bool ModuleSanitizerCoverage::instrumentModule(
uint64_t literalLength = Str2.size();
uint64_t optLength = ilen->getZExtValue();
if (optLength > literalLength + 1) {
optLength = Str2.length() + 1;
}
if (literalLength + 1 == optLength) {
Str2.append("\0", 1); // add null byte
@ -862,6 +868,12 @@ bool ModuleSanitizerCoverage::instrumentModule(
uint64_t literalLength = optLen;
optLen = ilen->getZExtValue();
if (optLen > thestring.length() + 1) {
optLen = thestring.length() + 1;
}
if (optLen < 2) { continue; }
if (literalLength + 1 == optLen) { // add null byte
thestring.append("\0", 1);

13
instrumentation/afl-llvm-dict2file.so.cc
View File

@ -428,6 +428,12 @@ bool AFLdict2filePass::runOnModule(Module &M) {
uint64_t literalLength = Str2.length();
uint64_t optLength = ilen->getZExtValue();
if (optLength > literalLength + 1) {
optLength = Str2.length() + 1;
}
if (literalLength + 1 == optLength) {
Str2.append("\0", 1); // add null byte
@ -534,7 +540,12 @@ bool AFLdict2filePass::runOnModule(Module &M) {
uint64_t literalLength = optLen;
optLen = ilen->getZExtValue();
if (optLen > thestring.length()) { optLen = thestring.length(); }
if (optLen > thestring.length() + 1) {
optLen = thestring.length() + 1;
}
if (optLen < 2) { continue; }
if (literalLength + 1 == optLen) { // add null byte
thestring.append("\0", 1);

7
instrumentation/afl-llvm-lto-instrumentation.so.cc
View File

@ -546,6 +546,12 @@ bool AFLLTOPass::runOnModule(Module &M) {
uint64_t literalLength = Str2.size();
uint64_t optLength = ilen->getZExtValue();
if (optLength > literalLength + 1) {
optLength = Str2.length() + 1;
}
if (literalLength + 1 == optLength) {
Str2.append("\0", 1); // add null byte
@ -649,6 +655,7 @@ bool AFLLTOPass::runOnModule(Module &M) {
uint64_t literalLength = optLen;
optLen = ilen->getZExtValue();
if (optLen > literalLength + 1) { optLen = literalLength + 1; }
if (optLen < 2) { continue; }
if (literalLength + 1 == optLen) { // add null byte
thestring.append("\0", 1);

19
instrumentation/compare-transform-pass.so.cc
View File

@ -313,27 +313,18 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
ConstantInt *ilen = dyn_cast<ConstantInt>(op2);
if (ilen) {
uint64_t len = ilen->getZExtValue();
// if len is zero this is a pointless call but allow real
// implementation to worry about that
if (len < 2) continue;
if (ilen->getZExtValue() < 2) { continue; }
if (isMemcmp) {
// if size of compare is larger than constant string this is
// likely a bug but allow real implementation to worry about
// that
uint64_t literalLength = HasStr1 ? Str1.size() : Str2.size();
if (literalLength + 1 < ilen->getZExtValue()) continue;
}
} else if (isMemcmp)
} else if (isMemcmp) {
// this *may* supply a len greater than the constant string at
// runtime so similarly we don't want to have to handle that
continue;
}
}
calls.push_back(callInst);
@ -421,7 +412,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
}
if (TmpConstStr.length() < 2 ||
(TmpConstStr.length() == 2 && !TmpConstStr[1])) {
(TmpConstStr.length() == 2 && TmpConstStr[1] == 0)) {
continue;