diff options
| author | van Hauser <vh@thc.org> | 2020-06-03 16:19:09 +0200 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2020-06-03 16:19:09 +0200 |
| commit | 031e4300a581e196961cdc49836c284f23313635 (patch) | |
| tree | 7a331b4b0f53eb59c49a8f2b63e717fce77129f9 | |
| parent | dd0ca7335ff93090def7be7fd0b46e9f71375004 (diff) | |
| download | afl++-031e4300a581e196961cdc49836c284f23313635.tar.gz | |
switch order of shmem fuzz
| -rw-r--r-- | llvm_mode/afl-llvm-rt.o.c | 9 | ||||
| -rw-r--r-- | qemu_mode/patches/afl-qemu-cpu-inl.h | 4 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 6 |
3 files changed, 10 insertions, 9 deletions
diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c index 963de6e6..c6b49e36 100644 --- a/llvm_mode/afl-llvm-rt.o.c +++ b/llvm_mode/afl-llvm-rt.o.c @@ -138,18 +138,19 @@ static void __afl_map_shm_fuzz() { } - __afl_fuzz_ptr = mmap(0, MAX_FILE, PROT_READ, MAP_SHARED, shm_fd, 0); + __afl_fuzz_len_shmem = + (u32 *)mmap(0, MAX_FILE, PROT_READ, MAP_SHARED, shm_fd, 0); #else u32 shm_id = atoi(id_str); - __afl_fuzz_ptr = shmat(shm_id, NULL, 0); + __afl_fuzz_len_shmem = (u32 *)shmat(shm_id, NULL, 0); #endif /* Whooooops. */ - if (__afl_fuzz_ptr == (void *)-1) { + if (__afl_fuzz_len_shmem == (void *)-1) { fprintf(stderr, "Error: could not access fuzzing shared memory\n"); exit(1); @@ -166,7 +167,7 @@ static void __afl_map_shm_fuzz() { } - __afl_fuzz_len_shmem = (u32 *)(__afl_fuzz_ptr + MAX_FILE); + __afl_fuzz_ptr = (u8 *)(__afl_fuzz_len_shmem + sizeof(int)); } diff --git a/qemu_mode/patches/afl-qemu-cpu-inl.h b/qemu_mode/patches/afl-qemu-cpu-inl.h index 78f607aa..d3893066 100644 --- a/qemu_mode/patches/afl-qemu-cpu-inl.h +++ b/qemu_mode/patches/afl-qemu-cpu-inl.h @@ -147,8 +147,8 @@ static void afl_map_shm_fuzz(void) { if (id_str) { u32 shm_id = atoi(id_str); - shared_buf = shmat(shm_id, NULL, 0); - shared_buf_len = (u32 *)(shared_buf + MAX_FILE); + shared_buf_len = (u32 *)shmat(shm_id, NULL, 0); + shared_buf = (u8 *)(shared_buf_len + sizeof(int)); /* Whooooops. */ diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index a30bf3f2..b39fd9b2 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1960,8 +1960,8 @@ void setup_testcase_shmem(afl_state_t *afl) { afl->shm_fuzz = ck_alloc(sizeof(sharedmem_t)); // we need to set the non-instrumented mode to not overwrite the SHM_ENV_VAR - if ((afl->fsrv.shmem_fuzz = - afl_shm_init(afl->shm_fuzz, MAX_FILE + sizeof(int), 1))) { + if ((afl->fsrv.shmem_fuzz_len = + (u32 *)afl_shm_init(afl->shm_fuzz, MAX_FILE + sizeof(int), 1))) { #ifdef USEMMAP setenv(SHM_FUZZ_ENV_VAR, afl->shm_fuzz->g_shm_file_path, 1); @@ -1972,7 +1972,7 @@ void setup_testcase_shmem(afl_state_t *afl) { ck_free(shm_str); #endif afl->fsrv.support_shmem_fuzz = 1; - afl->fsrv.shmem_fuzz_len = (u32 *)(afl->fsrv.shmem_fuzz + MAX_FILE); + afl->fsrv.shmem_fuzz = (u8 *)(afl->fsrv.shmem_fuzz + sizeof(int)); } else { |