diff options
| author | Your <you@example.com> | 2023-01-31 06:23:00 +0000 |
|---|---|---|
| committer | Your <you@example.com> | 2023-01-31 06:23:00 +0000 |
| commit | 31727f36a8438cc3274b9a87c5ceab420ddf34e5 (patch) | |
| tree | 65ae3af4d97943e5364c1515c6abf0e9768694f6 | |
| parent | b81bc8eb6f3cb77437aae45f9e77522140b560c9 (diff) | |
| download | afl++-31727f36a8438cc3274b9a87c5ceab420ddf34e5.tar.gz | |
Changes to revert broken branch suppression fix
| -rw-r--r-- | frida_mode/src/instrument/instrument_arm64.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index 39e32b12..77aa8c1d 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -196,7 +196,15 @@ static void instrument_coverage_switch(GumStalkerObserver *self, insn = instrument_disassemble(from_insn); deterministic = instrument_is_deterministic(insn); cs_free(insn, 1); - if (!deterministic) { return; } + + /* + * If the branch is deterministic, then we should start execution at the + * begining of the block. From here, we will branch and skip the coverage + * code and jump right to the target code of the instrumented block. + * Otherwise, if the branch is non-deterministic, then we need to branch + * part way into the block to where the coverage instrumentation starts. + */ + if (deterministic) { return; } /* * Since each block is prefixed with a restoration prologue, we need to be |