diff options
| author | vanhauser-thc <vh@thc.org> | 2021-12-13 15:45:41 +0100 |
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2021-12-13 15:45:52 +0100 |
| commit | 57bc3c07018463ad6d069850be9f2bce5c450dd6 (patch) | |
| tree | 33e18cbac06349963166cdf9e5f5d3fac8c8d2d1 | |
| parent | 630272bac5a01373ab45d90fcba879f0e6d42561 (diff) | |
| download | afl++-57bc3c07018463ad6d069850be9f2bce5c450dd6.tar.gz | |
fix qemu/unicorn oob
| -rw-r--r-- | docs/Changelog.md | 2 | ||||
| -rw-r--r-- | src/afl-sharedmem.c | 3 |
2 files changed, 5 insertions, 0 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md index e9b62dc0..00502efe 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -34,6 +34,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. - better banner - more effective cmplog mode - more often update the UI when in input2stage mode + - qemu_mode/unicorn_mode: fixed OOB write when using libcompcov, + thanks to kotee4ko for reporting! - frida_mode: - better performance, bug fixes - David Carlier added Android support :) diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index 7fb8f821..09941d61 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -242,6 +242,9 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, #else u8 *shm_str; + // handle qemu/unicorn compcov map overwrite + if (map_size == MAP_SIZE) { map_size += 8; } + shm->shm_id = shmget(IPC_PRIVATE, map_size, IPC_CREAT | IPC_EXCL | DEFAULT_PERMISSION); if (shm->shm_id < 0) { |