make llvm_mode pcguard instrumentation collision free

3 files changed, 7 insertions, 2 deletions

diff --git a/docs/Changelog.md b/docs/Changelog.md
index 0a482614..abfd4386 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -31,6 +31,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
       as it is faster and provides better coverage. The original afl
       instrumentation can be set via AFL_LLVM_INSTRUMENT=AFL. This is
       automatically done when the WHITELIST feature is used. 
+    - PCGUARD mode is now even better because we made it collision free - plus
+      it has a fixed map size, so it is also faster! :)
     - some targets want a ld variant for LD that is not gcc/clang but ld,
       added afl-ld-lto to solve this
     - lowered minimum required llvm version to 3.4 (except LLVMInsTrim, which
diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c
index 17b70f26..b815fc1f 100644
--- a/llvm_mode/afl-llvm-rt.o.c
+++ b/llvm_mode/afl-llvm-rt.o.c
@@ -183,6 +183,9 @@ static void __afl_map_shm(void) {
 
   if (__afl_final_loc) {
 
+    if (__afl_final_loc % 8)
+      __afl_final_loc = (((__afl_final_loc + 7) >> 3) << 3);
+
     __afl_map_size = __afl_final_loc;
     if (__afl_final_loc > MAP_SIZE) {
 
@@ -871,7 +874,7 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) {
   while (start < stop) {
 
     if (R(100) < inst_ratio)
-      *start = R(MAP_SIZE - 1) + 1;
+      *start = ++__afl_final_loc;
     else
       *start = 0;
 
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index b2734335..bb7a6797 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -569,7 +569,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
         if (unlikely(tmp_map_size % 8)) {
 
           // should not happen
-          WARNF("Target reported non-aligned map size of %ud", tmp_map_size);
+          WARNF("Target reported non-aligned map size of %u", tmp_map_size);
           tmp_map_size = (((tmp_map_size + 8) >> 3) << 3);
 
         }