diff options
| author | vanhauser-thc <vh@thc.org> | 2021-11-23 19:34:21 +0100 |
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2021-11-23 19:34:21 +0100 |
| commit | 11f89ab785f0b74c0862c46406f81007ac5cf3ba (patch) | |
| tree | 0350e6b7e1060b48474ca828264e6b87af789c2b | |
| parent | 39e2003630220bf2567a9f9d1babd0b32604a8c3 (diff) | |
| download | afl++-11f89ab785f0b74c0862c46406f81007ac5cf3ba.tar.gz | |
do not add zero byte on string compares with len
| -rw-r--r-- | instrumentation/SanitizerCoverageLTO.so.cc | 11 | ||||
| -rw-r--r-- | instrumentation/afl-llvm-dict2file.so.cc | 19 | ||||
| -rw-r--r-- | instrumentation/compare-transform-pass.so.cc | 1 | ||||
| -rw-r--r-- | instrumentation/split-switches-pass.so.cc | 4 |
4 files changed, 24 insertions, 11 deletions
diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index 4e25221a..dbe4672c 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -922,13 +922,16 @@ bool ModuleSanitizerCoverage::instrumentModule( // was not already added if (!isMemcmp) { - if (addedNull == false && thestring[optLen - 1] != '\0') { + /* + if (addedNull == false && thestring[optLen - 1] != + '\0') { - thestring.append("\0", 1); // add null byte - optLen++; + thestring.append("\0", 1); // add null byte + optLen++; - } + } + */ if (!isStdString) { // ensure we do not have garbage diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc index 7c04c0c5..d4f36b2c 100644 --- a/instrumentation/afl-llvm-dict2file.so.cc +++ b/instrumentation/afl-llvm-dict2file.so.cc @@ -603,18 +603,27 @@ bool AFLdict2filePass::runOnModule(Module &M) { // was not already added if (!isMemcmp) { - if (addedNull == false && thestring[optLen - 1] != '\0') { + /* + if (addedNull == false && thestring[optLen - 1] != '\0') + { - thestring.append("\0", 1); // add null byte - optLen++; + thestring.append("\0", 1); // add null byte + optLen++; - } + } + + */ if (!isStdString) { // ensure we do not have garbage size_t offset = thestring.find('\0', 0); - if (offset + 1 < optLen) optLen = offset + 1; + if (offset && offset < opLen && offset + 1 < optLen) { + + optLen = offset + 1; + + } + thestring = thestring.substr(0, optLen); } diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc index b05da71c..5db9c409 100644 --- a/instrumentation/compare-transform-pass.so.cc +++ b/instrumentation/compare-transform-pass.so.cc @@ -442,6 +442,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, bool isSizedcmp = false; bool isCaseInsensitive = false; Function * Callee = callInst->getCalledFunction(); + if (Callee) { isMemcmp = Callee->getName().compare("memcmp") == 0; diff --git a/instrumentation/split-switches-pass.so.cc b/instrumentation/split-switches-pass.so.cc index 7bff2789..e0a96ac9 100644 --- a/instrumentation/split-switches-pass.so.cc +++ b/instrumentation/split-switches-pass.so.cc @@ -507,9 +507,9 @@ bool SplitSwitchesTransform::runOnModule(Module &M) { #if LLVM_VERSION_MAJOR >= 11 /* use new pass manager */ /* if (modified) { - + PA.abandon<XX_Manager>(); - + }*/ return PA; |