diff options
author | vanhauser-thc <vh@thc.org> | 2023-09-02 15:48:29 +0200 |
---|---|---|
committer | vanhauser-thc <vh@thc.org> | 2023-09-02 15:48:29 +0200 |
commit | dad56abc8598aaeddaabe9c16da177cc934a3ac8 (patch) | |
tree | c320bf754492a7bdc1a1e6c33e53eb18b6d04016 | |
parent | 1604351368c26a1dd91c43c054fb466b8093e86e (diff) | |
download | afl++-dad56abc8598aaeddaabe9c16da177cc934a3ac8.tar.gz |
fix attempt for laf string compare transform
-rw-r--r-- | instrumentation/compare-transform-pass.so.cc | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc index 5dd705cf..b0bbd39a 100644 --- a/instrumentation/compare-transform-pass.so.cc +++ b/instrumentation/compare-transform-pass.so.cc @@ -169,6 +169,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, DenseMap<Value *, std::string *> valueMap; std::vector<CallInst *> calls; LLVMContext &C = M.getContext(); + IntegerType *Int1Ty = IntegerType::getInt1Ty(C); IntegerType *Int8Ty = IntegerType::getInt8Ty(C); IntegerType *Int32Ty = IntegerType::getInt32Ty(C); IntegerType *Int64Ty = IntegerType::getInt64Ty(C); @@ -229,7 +230,8 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, !FuncName.compare("xmlStrEqual") || !FuncName.compare("g_strcmp0") || !FuncName.compare("curl_strequal") || - !FuncName.compare("strcsequal")); + !FuncName.compare("strcsequal") || + !FuncName.compare("g_strcmp0")); isMemcmp &= (!FuncName.compare("memcmp") || !FuncName.compare("bcmp") || !FuncName.compare("CRYPTO_memcmp") || @@ -238,7 +240,8 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, !FuncName.compare("memcmpct")); isStrncmp &= (!FuncName.compare("strncmp") || !FuncName.compare("xmlStrncmp") || - !FuncName.compare("curl_strnequal")); + !FuncName.compare("curl_strnequal") || + !FuncName.compare("xmlStrncmp")); isStrcasecmp &= (!FuncName.compare("strcasecmp") || !FuncName.compare("stricmp") || !FuncName.compare("ap_cstr_casecmp") || @@ -457,6 +460,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, bool isSizedcmp = false; bool isCaseInsensitive = false; bool needs_null = false; + bool success_is_one = false; Function *Callee = callInst->getCalledFunction(); if (Callee) { @@ -503,6 +507,14 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, !Callee->getName().compare("g_strncasecmp")) isCaseInsensitive = true; + if (!Callee->getName().compare("xmlStrEqual") || + !Callee->getName().compare("g_strcmp0") || + !Callee->getName().compare("curl_strequal") || + !Callee->getName().compare("strcsequal") || + !Callee->getName().compare("xmlStrncmp") || + !Callee->getName().compare("curl_strnequal")) + success_is_one = true; + } if (!isSizedcmp) needs_null = true; @@ -667,6 +679,14 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, else isub = cur_cmp_IRB.CreateSub(load, ConstantInt::get(Int8Ty, c)); + if (success_is_one && i == unrollLen - 1) { + + Value *isubsub = cur_cmp_IRB.CreateTrunc(isub, Int1Ty); + isub = cur_cmp_IRB.CreateSelect(isubsub, ConstantInt::get(Int8Ty, 0), + ConstantInt::get(Int8Ty, 1)); + + } + Value *sext = cur_cmp_IRB.CreateSExt(isub, Int32Ty); PN->addIncoming(sext, cur_cmp_bb); |