Fix block ID handling

4 files changed, 34 insertions, 8 deletions

diff --git a/frida_mode/include/util.h b/frida_mode/include/util.h
index 77fbda94..77491ea8 100644
--- a/frida_mode/include/util.h
+++ b/frida_mode/include/util.h
@@ -12,6 +12,8 @@ guint64 util_read_address(char *key);
 
 guint64  util_read_num(char *key);
 gboolean util_output_enabled(void);
+gsize    util_rotate(gsize val, gsize shift, gsize size);
+gsize    util_log2(gsize val);
 
 #define FOKF(x...)                         \
   do {                                     \
diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c
index 0262e461..d5823654 100644
--- a/frida_mode/src/instrument/instrument.c
+++ b/frida_mode/src/instrument/instrument.c
@@ -68,7 +68,8 @@ guint64 instrument_get_offset_hash(GumAddress current_rip) {
 
   guint64 area_offset = hash64((unsigned char *)&current_rip,
                                sizeof(GumAddress), instrument_hash_seed);
-  return area_offset &= MAP_SIZE - 1;
+  gsize   map_size_pow2 = util_log2(__afl_map_size);
+  return area_offset &= ((1 << map_size_pow2) - 1);
 
 }
 
@@ -134,8 +135,8 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context,
   previous_rip = current_rip;
   previous_end = current_end;
 
-  instrument_previous_pc = ((current_pc & (MAP_SIZE - 1) >> 1)) |
-                           ((current_pc & 0x1) << (MAP_SIZE_POW2 - 1));
+  gsize map_size_pow2 = util_log2(__afl_map_size);
+  instrument_previous_pc = util_rotate(current_pc, 1, map_size_pow2);
 
 }
 
@@ -303,7 +304,8 @@ void instrument_init(void) {
 
   if (instrument_unique) {
 
-    int shm_id = shmget(IPC_PRIVATE, MAP_SIZE, IPC_CREAT | IPC_EXCL | 0600);
+    int shm_id =
+        shmget(IPC_PRIVATE, __afl_map_size, IPC_CREAT | IPC_EXCL | 0600);
     if (shm_id < 0) { FATAL("shm_id < 0 - errno: %d\n", errno); }
 
     edges_notified = shmat(shm_id, NULL, 0);
@@ -320,7 +322,7 @@ void instrument_init(void) {
     }
 
     /* Clear it, not sure it's necessary, just seems like good practice */
-    memset(edges_notified, '\0', MAP_SIZE);
+    memset(edges_notified, '\0', __afl_map_size);
 
   }
 
diff --git a/frida_mode/src/instrument/instrument_x64.c b/frida_mode/src/instrument/instrument_x64.c
index e2cbb804..7273119b 100644
--- a/frida_mode/src/instrument/instrument_x64.c
+++ b/frida_mode/src/instrument/instrument_x64.c
@@ -351,7 +351,8 @@ void instrument_coverage_optimize(const cs_insn *   instr,
   afl_log_code  code = {0};
   GumX86Writer *cw = output->writer.x86;
   guint64 area_offset = instrument_get_offset_hash(GUM_ADDRESS(instr->address));
-  guint64 area_offset_ror;
+  gsize   map_size_pow2;
+  gsize   area_offset_ror;
   GumAddress code_addr = 0;
 
   instrument_coverage_suppress_init();
@@ -370,8 +371,8 @@ void instrument_coverage_optimize(const cs_insn *   instr,
       offsetof(afl_log_code, code.mov_eax_curr_loc_shr_1) +
       sizeof(code.code.mov_eax_curr_loc_shr_1) - sizeof(guint32);
 
-  area_offset_ror = ((area_offset & (MAP_SIZE - 1) >> 1)) |
-                    ((area_offset & 0x1) << (MAP_SIZE_POW2 - 1));
+  map_size_pow2 = util_log2(__afl_map_size);
+  area_offset_ror = util_rotate(area_offset, 1, map_size_pow2);
 
   *((guint32 *)&code.bytes[curr_loc_shr_1_offset]) = (guint32)(area_offset_ror);
 
diff --git a/frida_mode/src/util.c b/frida_mode/src/util.c
index 2b0f7be6..d84b7065 100644
--- a/frida_mode/src/util.c
+++ b/frida_mode/src/util.c
@@ -80,3 +80,24 @@ gboolean util_output_enabled(void) {
 
 }
 
+gsize util_rotate(gsize val, gsize shift, gsize size) {
+
+  if (shift == 0) { return val; }
+  gsize result = ((val >> shift) | (val << (size - shift)));
+  result = result & ((1 << size) - 1);
+  return result;
+
+}
+
+gsize util_log2(gsize val) {
+
+  for (gsize i = 0; i < 64; i++) {
+
+    if (((gsize)1 << i) == val) { return i; }
+
+  }
+
+  FFATAL("Not a power of two");
+
+}
+