better unicode support

author: vanhauser-thc <vh@thc.org> 2021-03-02 16:24:43 +0100
committer: vanhauser-thc <vh@thc.org> 2021-03-02 16:24:43 +0100
commit: 333509bb0a56be9bd2e236f0e2f37d4af2dd7d59 (patch)
tree: 011f0afcfa23a1fc88b587a7a5be6c3981dd02dd
parent: c269c3977ccb96710a2488b19c72bae51832a827 (diff)
download: afl++-333509bb0a56be9bd2e236f0e2f37d4af2dd7d59.tar.gz
5 files changed, 38 insertions, 18 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md
index f5742d24..01240b2a 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -10,7 +10,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
 
 ### Version ++3.11a (dev)
   - afl-cc
-    - fixed for a crash that can occur with ASAN + CMPLOG together
+    - fixed for a crash that can occur with ASAN + CMPLOG together plus
+      better support for unicode (thanks to @stbergmann for reporting!)
 
 ### Version ++3.10c (release)
   - Mac OS ARM64 support
diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc
index 942d5357..849b6eef 100644
--- a/instrumentation/SanitizerCoverageLTO.so.cc
+++ b/instrumentation/SanitizerCoverageLTO.so.cc
@@ -872,17 +872,21 @@ bool ModuleSanitizerCoverage::instrumentModule(
             // was not already added
             if (!isMemcmp) {
 
-              if (addedNull == false) {
+              if (addedNull == false && thestring[optLen - 1] != '\0') {
 
                 thestring.append("\0", 1);  // add null byte
                 optLen++;
 
               }
 
-              // ensure we do not have garbage
-              size_t offset = thestring.find('\0', 0);
-              if (offset + 1 < optLen) optLen = offset + 1;
-              thestring = thestring.substr(0, optLen);
+              if (!isStdString) {
+
+                // ensure we do not have garbage
+                size_t offset = thestring.find('\0', 0);
+                if (offset + 1 < optLen) optLen = offset + 1;
+                thestring = thestring.substr(0, optLen);
+
+              }
 
             }
 
diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc
index 1c365da8..885aa035 100644
--- a/instrumentation/afl-llvm-dict2file.so.cc
+++ b/instrumentation/afl-llvm-dict2file.so.cc
@@ -543,17 +543,21 @@ bool AFLdict2filePass::runOnModule(Module &M) {
           // was not already added
           if (!isMemcmp) {
 
-            if (addedNull == false) {
+            if (addedNull == false && thestring[optLen - 1] != '\0') {
 
               thestring.append("\0", 1);  // add null byte
               optLen++;
 
             }
 
-            // ensure we do not have garbage
-            size_t offset = thestring.find('\0', 0);
-            if (offset + 1 < optLen) optLen = offset + 1;
-            thestring = thestring.substr(0, optLen);
+            if (!isStdString) {
+
+              // ensure we do not have garbage
+              size_t offset = thestring.find('\0', 0);
+              if (offset + 1 < optLen) optLen = offset + 1;
+              thestring = thestring.substr(0, optLen);
+
+            }
 
           }
 
diff --git a/instrumentation/afl-llvm-lto-instrumentation.so.cc b/instrumentation/afl-llvm-lto-instrumentation.so.cc
index 1f21b917..ef270a1f 100644
--- a/instrumentation/afl-llvm-lto-instrumentation.so.cc
+++ b/instrumentation/afl-llvm-lto-instrumentation.so.cc
@@ -658,17 +658,21 @@ bool AFLLTOPass::runOnModule(Module &M) {
             // was not already added
             if (!isMemcmp) {
 
-              if (addedNull == false) {
+              if (addedNull == false && thestring[optLen - 1] != '\0') {
 
                 thestring.append("\0", 1);  // add null byte
                 optLen++;
 
               }
 
-              // ensure we do not have garbage
-              size_t offset = thestring.find('\0', 0);
-              if (offset + 1 < optLen) optLen = offset + 1;
-              thestring = thestring.substr(0, optLen);
+              if (!isStdString) {
+
+                // ensure we do not have garbage
+                size_t offset = thestring.find('\0', 0);
+                if (offset + 1 < optLen) optLen = offset + 1;
+                thestring = thestring.substr(0, optLen);
+
+              }
 
             }
 
diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc
index 84301493..a85522a2 100644
--- a/instrumentation/compare-transform-pass.so.cc
+++ b/instrumentation/compare-transform-pass.so.cc
@@ -421,14 +421,21 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
     }
 
     // add null termination character implicit in c strings
-    TmpConstStr.append("\0", 1);
+    if (TmpConstStr[TmpConstStr.length() - 1] != 0) {
+
+      TmpConstStr.append("\0", 1);
+
+    }
 
     // in the unusual case the const str has embedded null
     // characters, the string comparison functions should terminate
     // at the first null
-    if (!isMemcmp)
+    if (!isMemcmp) {
+
       TmpConstStr.assign(TmpConstStr, 0, TmpConstStr.find('\0') + 1);
 
+    }
+
     constStrLen = TmpConstStr.length();
     // prefer use of StringRef (in comparison to std::string a StringRef has
     // built-in runtime bounds checking, which makes debugging easier)
author	vanhauser-thc <vh@thc.org>	2021-03-02 16:24:43 +0100
committer	vanhauser-thc <vh@thc.org>	2021-03-02 16:24:43 +0100
commit	333509bb0a56be9bd2e236f0e2f37d4af2dd7d59 (patch)
tree	011f0afcfa23a1fc88b587a7a5be6c3981dd02dd
parent	c269c3977ccb96710a2488b19c72bae51832a827 (diff)
download	afl++-333509bb0a56be9bd2e236f0e2f37d4af2dd7d59.tar.gz