better handling of -fsanitize=..,...,.. lists

author: vanhauser-thc <vh@thc.org> 2022-08-14 14:40:26 +0200
committer: vanhauser-thc <vh@thc.org> 2022-08-14 14:40:26 +0200
commit: 4e980713851c522436b6a6813f27dd95dd4e5fae (patch)
tree: de2f852e543043d1b78e8bd468b5559475904687
parent: 1a3b463c4cceabc38b7de83f67813e841153b536 (diff)
download: afl++-4e980713851c522436b6a6813f27dd95dd4e5fae.tar.gz
2 files changed, 98 insertions, 13 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md
index 2ce1d85c..d07cef54 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -14,6 +14,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
     - added AFL_NO_STARTUP_CALIBRATION to start fuzzing at once instead
       of calibrating all initial seeds first. Good for large queues
       and long execution times, especially in CIs.
+  - afl-cc:
+    - better handling of -fsanitize=..,...,.. lists
   - qemu_mode:
     - added AFL_QEMU_TRACK_UNSTABLE to log the addresses of unstable
       edges (together with AFL_DEBUG=1 afl-fuzz). thanks to
diff --git a/src/afl-cc.c b/src/afl-cc.c
index 6def3ee7..cae6d949 100644
--- a/src/afl-cc.c
+++ b/src/afl-cc.c
@@ -51,7 +51,7 @@ static u32  cc_par_cnt = 1;            /* Param count, including argv0      */
 static u8   clang_mode;                /* Invoked as afl-clang*?            */
 static u8   llvm_fullpath[PATH_MAX];
 static u8   instrument_mode, instrument_opt_mode, ngram_size, ctx_k, lto_mode;
-static u8   compiler_mode, plusplus_mode, have_instr_env = 0;
+static u8   compiler_mode, plusplus_mode, have_instr_env = 0, need_aflpplib = 0;
 static u8   have_gcc, have_llvm, have_gcc_plugin, have_lto, have_instr_list = 0;
 static u8  *lto_flag = AFL_CLANG_FLTO, *argvnull;
 static u8   debug;
@@ -310,6 +310,69 @@ static u8 *find_object(u8 *obj, u8 *argv0) {
 
 }
 
+void parse_fsanitize(char *string) {
+
+  char *p, *ptr = string + strlen("-fsanitize=");
+  char *new = malloc(strlen(string) + 1);
+  char *tmp = malloc(strlen(ptr));
+  u32   count = 0, len, ende = 0;
+  strcpy(new, "-fsanitize=");
+
+  do {
+
+    p = strchr(ptr, ',');
+    if (!p) {
+
+      p = ptr + strlen(ptr) + 1;
+      ende = 1;
+
+    }
+
+    len = p - ptr;
+    if (len) {
+
+      strncpy(tmp, ptr, len);
+      tmp[len] = 0;
+      // fprintf(stderr, "Found: %s\n", tmp);
+      ptr += len + 1;
+      if (*tmp) {
+
+        u32 copy = 1;
+        if (!strcmp(tmp, "fuzzer")) {
+
+          need_aflpplib = 1;
+          copy = 0;
+
+        } else if (!strncmp(tmp, "fuzzer", 6)) {
+
+          copy = 0;
+
+        }
+
+        if (copy) {
+
+          if (count) { strcat(new, ","); }
+          strcat(new, tmp);
+          ++count;
+
+        }
+
+      }
+
+    } else {
+
+      ptr++;                                    /*fprintf(stderr, "NO!\n"); */
+
+    }
+
+  } while (!ende);
+
+  strcpy(string, new);
+  // fprintf(stderr, "string: %s\n", string);
+  // fprintf(stderr, "new: %s\n", new);
+
+}
+
 /* Copy argv to cc_params, making the necessary edits. */
 
 static void edit_params(u32 argc, char **argv, char **envp) {
@@ -779,20 +842,35 @@ static void edit_params(u32 argc, char **argv, char **envp) {
 
     }
 
-    if ((!strncmp(cur, "-fsanitize=fuzzer-", strlen("-fsanitize=fuzzer-")) ||
-         !strncmp(cur, "-fsanitize-coverage", strlen("-fsanitize-coverage"))) &&
-        (strncmp(cur, "sanitize-coverage-allow",
-                 strlen("sanitize-coverage-allow")) &&
-         strncmp(cur, "sanitize-coverage-deny",
-                 strlen("sanitize-coverage-deny")) &&
-         instrument_mode != INSTRUMENT_LLVMNATIVE)) {
+    if (!strncmp(cur, "-fsanitize-coverage-", 20) && strstr(cur, "list=")) {
+
+      have_instr_list = 1;
+
+    }
+
+    if (!strncmp(cur, "-fsanitize=", strlen("-fsanitize=")) &&
+        strchr(cur, ',')) {
+
+      parse_fsanitize(cur);
+      if (!cur || strlen(cur) <= strlen("-fsanitize=")) { continue; }
+
+    } else if ((!strncmp(cur, "-fsanitize=fuzzer-",
+
+                         strlen("-fsanitize=fuzzer-")) ||
+                !strncmp(cur, "-fsanitize-coverage",
+                         strlen("-fsanitize-coverage"))) &&
+               (strncmp(cur, "sanitize-coverage-allow",
+                        strlen("sanitize-coverage-allow")) &&
+                strncmp(cur, "sanitize-coverage-deny",
+                        strlen("sanitize-coverage-deny")) &&
+                instrument_mode != INSTRUMENT_LLVMNATIVE)) {
 
       if (!be_quiet) { WARNF("Found '%s' - stripping!", cur); }
       continue;
 
     }
 
-    if (!strcmp(cur, "-fsanitize=fuzzer")) {
+    if (need_aflpplib || !strcmp(cur, "-fsanitize=fuzzer")) {
 
       u8 *afllib = find_object("libAFLDriver.a", argv[0]);
 
@@ -823,7 +901,15 @@ static void edit_params(u32 argc, char **argv, char **envp) {
 
       }
 
-      continue;
+      if (need_aflpplib) {
+
+        need_aflpplib = 0;
+
+      } else {
+
+        continue;
+
+      }
 
     }
 
@@ -831,9 +917,6 @@ static void edit_params(u32 argc, char **argv, char **envp) {
     if (!strcmp(cur, "armv7a-linux-androideabi")) bit_mode = 32;
     if (!strcmp(cur, "-m64")) bit_mode = 64;
 
-    if (!strncmp(cur, "-fsanitize-coverage-", 20) && strstr(cur, "list="))
-      have_instr_list = 1;
-
     if (!strcmp(cur, "-fsanitize=address") || !strcmp(cur, "-fsanitize=memory"))
       asan_set = 1;
author	vanhauser-thc <vh@thc.org>	2022-08-14 14:40:26 +0200
committer	vanhauser-thc <vh@thc.org>	2022-08-14 14:40:26 +0200
commit	4e980713851c522436b6a6813f27dd95dd4e5fae (patch)
tree	de2f852e543043d1b78e8bd468b5559475904687
parent	1a3b463c4cceabc38b7de83f67813e841153b536 (diff)
download	afl++-4e980713851c522436b6a6813f27dd95dd4e5fae.tar.gz