diff options
| author | vanhauser-thc <vh@thc.org> | 2021-11-15 10:32:44 +0100 | 
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2021-11-15 10:32:44 +0100 | 
| commit | de90fd652e01797f129bfc23c24fa766b4c756a2 (patch) | |
| tree | 2950b1eeadd3b44ec2233777ff38650256106a74 | |
| parent | 96430fc9e0c53bfa32b03acb615d0c05711b13e1 (diff) | |
| download | afl++-de90fd652e01797f129bfc23c24fa766b4c756a2.tar.gz | |
cmplog fix
| -rwxr-xr-x | afl-system-config | 4 | ||||
| -rw-r--r-- | instrumentation/afl-compiler-rt.o.c | 16 | 
2 files changed, 12 insertions, 8 deletions
| diff --git a/afl-system-config b/afl-system-config index 3c14ba55..b222b2ad 100755 --- a/afl-system-config +++ b/afl-system-config @@ -34,8 +34,8 @@ if [ "$PLATFORM" = "Linux" ] ; then sysctl -w kernel.randomize_va_space=0 sysctl -w kernel.sched_child_runs_first=1 sysctl -w kernel.sched_autogroup_enabled=1 - sysctl -w kernel.sched_migration_cost_ns=50000000 - sysctl -w kernel.sched_latency_ns=250000000 + sysctl -w kernel.sched_migration_cost_ns=50000000 2>/dev/null + sysctl -w kernel.sched_latency_ns=250000000 2>/dev/null echo never > /sys/kernel/mm/transparent_hugepage/enabled test -e /sys/devices/system/cpu/cpufreq/scaling_governor && echo performance | tee /sys/devices/system/cpu/cpufreq/scaling_governor test -e /sys/devices/system/cpu/cpufreq/policy0/scaling_governor && echo performance | tee /sys/devices/system/cpu/cpufreq/policy*/scaling_governor diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 91c690c0..759c813a 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -1889,7 +1889,7 @@ void __cmplog_rtn_hook_n(u8 *ptr1, u8 *ptr2, u64 len) { /* u32 i; - if (area_is_valid(ptr1, 32) <= 0 || area_is_valid(ptr2, 32) <= 0) return; + if (area_is_valid(ptr1, 31) <= 0 || area_is_valid(ptr2, 31) <= 0) return; fprintf(stderr, "rtn_n len=%u arg0=", len); for (i = 0; i < len; i++) fprintf(stderr, "%02x", ptr1[i]); @@ -1904,6 +1904,10 @@ void __cmplog_rtn_hook_n(u8 *ptr1, u8 *ptr2, u64 len) { if (unlikely(!len)) return; int l = MIN(31, len); + if ((l = area_is_valid(ptr1, l)) <= 0 || + (l = area_is_valid(ptr2, l)) <= 0) + return; + // fprintf(stderr, "RTN2 %u\n", l); uintptr_t k = (uintptr_t)__builtin_return_address(0); k = (uintptr_t)(default_hash((u8 *)&k, sizeof(uintptr_t)) & (CMP_MAP_W - 1)); @@ -1943,7 +1947,7 @@ void __cmplog_rtn_hook_n(u8 *ptr1, u8 *ptr2, u64 len) { void __cmplog_rtn_hook_strn(u8 *ptr1, u8 *ptr2, u64 len) { /* - if (area_is_valid(ptr1, 32) <= 0 || area_is_valid(ptr2, 32) <= 0) return; + if (area_is_valid(ptr1, 31) <= 0 || area_is_valid(ptr2, 31) <= 0) return; fprintf(stderr, "rtn_strn len=%u arg0=%s arg1=%s\n", len, ptr1, ptr2); */ @@ -1991,7 +1995,7 @@ void __cmplog_rtn_hook_strn(u8 *ptr1, u8 *ptr2, u64 len) { void __cmplog_rtn_hook_str(u8 *ptr1, u8 *ptr2) { /* - if (area_is_valid(ptr1, 32) <= 0 || area_is_valid(ptr2, 32) <= 0) return; + if (area_is_valid(ptr1, 31) <= 0 || area_is_valid(ptr2, 31) <= 0) return; fprintf(stderr, "rtn_str arg0=%s arg1=%s\n", ptr1, ptr2); */ @@ -2042,7 +2046,7 @@ void __cmplog_rtn_hook(u8 *ptr1, u8 *ptr2) { /* u32 i; - if (area_is_valid(ptr1, 32) <= 0 || area_is_valid(ptr2, 32) <= 0) return; + if (area_is_valid(ptr1, 31) <= 0 || area_is_valid(ptr2, 31) <= 0) return; fprintf(stderr, "rtn arg0="); for (i = 0; i < 32; i++) fprintf(stderr, "%02x", ptr1[i]); @@ -2055,8 +2059,8 @@ void __cmplog_rtn_hook(u8 *ptr1, u8 *ptr2) { if (likely(!__afl_cmp_map)) return; // fprintf(stderr, "RTN1 %p %p\n", ptr1, ptr2); int l1, l2; - if ((l1 = area_is_valid(ptr1, 32)) <= 0 || - (l2 = area_is_valid(ptr2, 32)) <= 0) + if ((l1 = area_is_valid(ptr1, 31)) <= 0 || + (l2 = area_is_valid(ptr2, 31)) <= 0) return; int len = MIN(31, MIN(l1, l2)); | 
