ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 20:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

cmplog fix for qemu and frida

Browse Source
This commit is contained in:
vanhauser-thc
2021-06-22 22:05:28 +02:00
parent 56851fa499
commit ff4d45eed2
3 changed files with 13 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/Changelog.md
View File

@ -25,10 +25,12 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
- support partial linking - support partial linking
- We do support llvm versions from 3.8 to 5.0 again - We do support llvm versions from 3.8 to 5.0 again
- frida_mode: - frida_mode:
- fix for cmplog - several fixes for cmplog
- remove need for AFL_FRIDA_PERSISTENT_RETADDR_OFFSET - remove need for AFL_FRIDA_PERSISTENT_RETADDR_OFFSET
- feature parity of aarch64 with intel now (persistent, cmplog, - feature parity of aarch64 with intel now (persistent, cmplog,
in-memory testcases, asan) in-memory testcases, asan)
- qemu_mode:
- performance fix when cmplog was used
- afl_analyze: - afl_analyze:
- fix timeout handling - fix timeout handling
- add forkserver support for better performance - add forkserver support for better performance

17
instrumentation/afl-compiler-rt.o.c
View File

@ -617,6 +617,7 @@ static void __afl_unmap_shm(void) {
#endif #endif
__afl_cmp_map = NULL; __afl_cmp_map = NULL;
__afl_cmp_map_backup = NULL;
} }
@ -1684,7 +1685,7 @@ void __cmplog_ins_hookN(uint128_t arg1, uint128_t arg2, uint8_t attr,
void __cmplog_ins_hook16(uint128_t arg1, uint128_t arg2, uint8_t attr) { void __cmplog_ins_hook16(uint128_t arg1, uint128_t arg2, uint8_t attr) {
if (unlikely(!__afl_cmp_map)) return; if (likely(!__afl_cmp_map)) return;
uintptr_t k = (uintptr_t)__builtin_return_address(0); uintptr_t k = (uintptr_t)__builtin_return_address(0);
k = (k >> 4) ^ (k << 8); k = (k >> 4) ^ (k << 8);
@ -1788,7 +1789,7 @@ void __sanitizer_cov_trace_const_cmp16(uint128_t arg1, uint128_t arg2) {
void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases) { void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases) {
if (unlikely(!__afl_cmp_map)) return; if (likely(!__afl_cmp_map)) return;
for (uint64_t i = 0; i < cases[0]; i++) { for (uint64_t i = 0; i < cases[0]; i++) {
@ -1885,7 +1886,7 @@ void __cmplog_rtn_hook(u8 *ptr1, u8 *ptr2) {
fprintf(stderr, "\n"); fprintf(stderr, "\n");
*/ */
if (unlikely(!__afl_cmp_map)) return; if (likely(!__afl_cmp_map)) return;
// fprintf(stderr, "RTN1 %p %p\n", ptr1, ptr2); // fprintf(stderr, "RTN1 %p %p\n", ptr1, ptr2);
int l1, l2; int l1, l2;
if ((l1 = area_is_valid(ptr1, 32)) <= 0 || if ((l1 = area_is_valid(ptr1, 32)) <= 0 ||
@ -1969,7 +1970,7 @@ static u8 *get_llvm_stdstring(u8 *string) {
void __cmplog_rtn_gcc_stdstring_cstring(u8 *stdstring, u8 *cstring) { void __cmplog_rtn_gcc_stdstring_cstring(u8 *stdstring, u8 *cstring) {
if (unlikely(!__afl_cmp_map)) return; if (likely(!__afl_cmp_map)) return;
if (area_is_valid(stdstring, 32) <= 0 || area_is_valid(cstring, 32) <= 0) if (area_is_valid(stdstring, 32) <= 0 || area_is_valid(cstring, 32) <= 0)
return; return;
@ -1979,7 +1980,7 @@ void __cmplog_rtn_gcc_stdstring_cstring(u8 *stdstring, u8 *cstring) {
void __cmplog_rtn_gcc_stdstring_stdstring(u8 *stdstring1, u8 *stdstring2) { void __cmplog_rtn_gcc_stdstring_stdstring(u8 *stdstring1, u8 *stdstring2) {
if (unlikely(!__afl_cmp_map)) return; if (likely(!__afl_cmp_map)) return;
if (area_is_valid(stdstring1, 32) <= 0 || area_is_valid(stdstring2, 32) <= 0) if (area_is_valid(stdstring1, 32) <= 0 || area_is_valid(stdstring2, 32) <= 0)
return; return;
@ -1990,7 +1991,7 @@ void __cmplog_rtn_gcc_stdstring_stdstring(u8 *stdstring1, u8 *stdstring2) {
void __cmplog_rtn_llvm_stdstring_cstring(u8 *stdstring, u8 *cstring) { void __cmplog_rtn_llvm_stdstring_cstring(u8 *stdstring, u8 *cstring) {
if (unlikely(!__afl_cmp_map)) return; if (likely(!__afl_cmp_map)) return;
if (area_is_valid(stdstring, 32) <= 0 || area_is_valid(cstring, 32) <= 0) if (area_is_valid(stdstring, 32) <= 0 || area_is_valid(cstring, 32) <= 0)
return; return;
@ -2000,7 +2001,7 @@ void __cmplog_rtn_llvm_stdstring_cstring(u8 *stdstring, u8 *cstring) {
void __cmplog_rtn_llvm_stdstring_stdstring(u8 *stdstring1, u8 *stdstring2) { void __cmplog_rtn_llvm_stdstring_stdstring(u8 *stdstring1, u8 *stdstring2) {
if (unlikely(!__afl_cmp_map)) return; if (likely(!__afl_cmp_map)) return;
if (area_is_valid(stdstring1, 32) <= 0 || area_is_valid(stdstring2, 32) <= 0) if (area_is_valid(stdstring1, 32) <= 0 || area_is_valid(stdstring2, 32) <= 0)
return; return;
@ -2034,7 +2035,7 @@ void __afl_coverage_on() {
if (likely(__afl_selective_coverage && __afl_selective_coverage_temp)) { if (likely(__afl_selective_coverage && __afl_selective_coverage_temp)) {
__afl_area_ptr = __afl_area_ptr_backup; __afl_area_ptr = __afl_area_ptr_backup;
__afl_cmp_map = __afl_cmp_map_backup; if (__afl_cmp_map_backup) { __afl_cmp_map = __afl_cmp_map_backup; }
} }

3
src/afl-forkserver.c
View File

@ -418,8 +418,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
struct rlimit r; struct rlimit r;
if (!fsrv->cmplog_binary && fsrv->qemu_mode == false && if (!fsrv->cmplog_binary) {
fsrv->frida_mode == false) {
unsetenv(CMPLOG_SHM_ENV_VAR); // we do not want that in non-cmplog fsrv unsetenv(CMPLOG_SHM_ENV_VAR); // we do not want that in non-cmplog fsrv