fix pcguard vector select instrumentation

author: vanhauser-thc <vh@thc.org> 2022-08-03 10:06:52 +0200
committer: vanhauser-thc <vh@thc.org> 2022-08-03 10:06:52 +0200
commit: 6056d4b140f0665c6a701cada9166379be3435ac (patch)
tree: 3a0007a3e8a07b58c4bef927d9c52e0043aa8466
parent: d745da0c93a650785411a7cf05b67174a0ef4544 (diff)
download: afl++-6056d4b140f0665c6a701cada9166379be3435ac.tar.gz
2 files changed, 4 insertions, 1 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md
index c7414ff2..05bbe827 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -12,6 +12,9 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
   - afl-fuzz:
     - change post_process hook to allow returning NULL and 0 length to
       tell afl-fuzz to skip this mutated input
+  - afl-cc:
+    - important fix for the default pcguard mode when LLVM IR vector
+      selects are produced, thanks to @juppytt for reporting!
   - gcc_plugin:
     - Adacore submitted CMPLOG support to the gcc_plugin! :-)
   - llvm_mode:
diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc
index f8ced8fc..e22c9ead 100644
--- a/instrumentation/SanitizerCoveragePCGUARD.so.cc
+++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc
@@ -902,7 +902,7 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage(
           if (tt) {
 
             cnt_sel++;
-            cnt_sel_inc += tt->getElementCount().getKnownMinValue();
+            cnt_sel_inc += (tt->getElementCount().getKnownMinValue() * 2);
 
           }
author	vanhauser-thc <vh@thc.org>	2022-08-03 10:06:52 +0200
committer	vanhauser-thc <vh@thc.org>	2022-08-03 10:06:52 +0200
commit	6056d4b140f0665c6a701cada9166379be3435ac (patch)
tree	3a0007a3e8a07b58c4bef927d9c52e0043aa8466
parent	d745da0c93a650785411a7cf05b67174a0ef4544 (diff)
download	afl++-6056d4b140f0665c6a701cada9166379be3435ac.tar.gz