added test and debug

3 files changed, 79 insertions, 2 deletions

diff --git a/qemu_mode/libcompcov/Makefile b/qemu_mode/libcompcov/Makefile
index 02266bd2..2336ec59 100644
--- a/qemu_mode/libcompcov/Makefile
+++ b/qemu_mode/libcompcov/Makefile
@@ -21,7 +21,7 @@ VERSION     = $(shell grep '^\#define VERSION ' ../config.h | cut -d '"' -f2)
 CFLAGS      ?= -O3 -funroll-loops
 CFLAGS      += -Wall -Wno-unused-result -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign
 
-all: libcompcov.so
+all: libcompcov.so compcovtest
 
 libcompcov.so: libcompcov.so.c ../../config.h
 	$(CC) $(CFLAGS) -shared -fPIC $< -o $@ $(LDFLAGS)
@@ -30,7 +30,10 @@ libcompcov.so: libcompcov.so.c ../../config.h
 
 clean:
 	rm -f *.o *.so *~ a.out core core.[1-9][0-9]*
-	rm -f libcompcov.so
+	rm -f libcompcov.so compcovtest
+
+compcovtest:	compcovtest.cc
+	$(CXX) $< -o $@ 
 
 install: all
 	install -m 755 libcompcov.so $${DESTDIR}$(HELPER_PATH)
diff --git a/qemu_mode/libcompcov/compcovtest.cc b/qemu_mode/libcompcov/compcovtest.cc
new file mode 100644
index 00000000..fd1fda00
--- /dev/null
+++ b/qemu_mode/libcompcov/compcovtest.cc
@@ -0,0 +1,63 @@
+/////////////////////////////////////////////////////////////////////////

+//

+// Author: Mateusz Jurczyk (mjurczyk@google.com)

+//

+// Copyright 2019 Google LLC

+// 

+// Licensed under the Apache License, Version 2.0 (the "License");

+// you may not use this file except in compliance with the License.

+// You may obtain a copy of the License at

+// 

+// https://www.apache.org/licenses/LICENSE-2.0

+// 

+// Unless required by applicable law or agreed to in writing, software

+// distributed under the License is distributed on an "AS IS" BASIS,

+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+// See the License for the specific language governing permissions and

+// limitations under the License.

+//

+

+// solution: echo -ne 'The quick brown fox jumps over the lazy dog\xbe\xba\xfe\xca\xbe\xba\xfe\xca\xde\xc0\xad\xde\xef\xbe' | ./compcovtest

+

+#include <cstdint>

+#include <cstdio>

+#include <cstdlib>

+#include <cstring>

+

+int main() {

+  char buffer[44] = { /* zero padding */ };

+  fread(buffer, 1, sizeof(buffer) - 1, stdin);

+

+  if (memcmp(&buffer[0], "The quick brown fox ", 20) != 0 ||

+      strncmp(&buffer[20], "jumps over ", 11) != 0 ||

+      strcmp(&buffer[31], "the lazy dog") != 0) {

+    return 1;

+  }

+

+  uint64_t x = 0;

+  fread(&x, sizeof(x), 1, stdin);

+  if (x != 0xCAFEBABECAFEBABE) {

+    return 2;

+  }

+

+  uint32_t y = 0;

+  fread(&y, sizeof(y), 1, stdin);

+  if (y != 0xDEADC0DE) {

+    return 3;

+  }

+

+  uint16_t z = 0;

+  fread(&z, sizeof(z), 1, stdin);

+

+  switch (z) {

+    case 0xBEEF:

+      break;

+

+    default:

+      return 4;

+  }

+

+  printf("Puzzle solved, congrats!\n");

+  abort();

+  return 0;

+}

diff --git a/qemu_mode/libcompcov/libcompcov.so.c b/qemu_mode/libcompcov/libcompcov.so.c
index 3f6a1d0e..52143c1f 100644
--- a/qemu_mode/libcompcov/libcompcov.so.c
+++ b/qemu_mode/libcompcov/libcompcov.so.c
@@ -45,6 +45,8 @@ static void *__compcov_code_start,
 
 static u8 *__compcov_afl_map;
 
+static int debug_fd = -1;
+
 
 static size_t __strlen2(const char *s1, const char *s2, size_t max_length) {
   // from https://github.com/googleprojectzero/CompareCoverage
@@ -108,6 +110,12 @@ static void __compcov_trace(u64 cur_loc, const u8* v0, const u8* v1, size_t n) {
 
   size_t i;
   
+  if (debug_fd != 1) {
+    char debugbuf[4096];
+    snprintf(debugbuf, sizeof(debugbuf), "0x%llx %s %s %lu\n", cur_loc, v0 == NULL ? "(null)" : (char*)v0, v1 == NULL ? "(null)" : (char*)v1, n);
+    write(debug_fd, debugbuf, strlen(debugbuf));
+  }
+  
   for (i = 0; i < n && v0[i] == v1[i]; ++i) {
   
     __compcov_afl_map[cur_loc +i]++;
@@ -301,6 +309,9 @@ int memcmp(const void* mem1, const void* mem2, size_t len) {
 
 __attribute__((constructor)) void __compcov_init(void) {
 
+  if (getenv("AFL_QEMU_COMPCOV_DEBUG") != NULL)
+    debug_fd = open("compcov.debug", O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, 0644);
+
   __compcov_load();
 }