diff options
| author | vanhauser-thc <vh@thc.org> | 2021-11-22 14:38:43 +0100 |
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2021-11-22 14:38:43 +0100 |
| commit | 6f9a98c4a97e8e261fc52891d61f0b0c145b6364 (patch) | |
| tree | 4a36de63bec4969a006744ecdb1fce3ad31460f7 /instrumentation/afl-compiler-rt.o.c | |
| parent | 3a7a8704eeca4fccf9629552574c5aac5f0f2271 (diff) | |
| download | afl++-6f9a98c4a97e8e261fc52891d61f0b0c145b6364.tar.gz | |
better string length counting
Diffstat (limited to 'instrumentation/afl-compiler-rt.o.c')
| -rw-r--r-- | instrumentation/afl-compiler-rt.o.c | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index ef1d9300..5d198ada 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -1892,10 +1892,13 @@ void __cmplog_rtn_hook_strn(u8 *ptr1, u8 *ptr2, u64 len) { // fprintf(stderr, "RTN1 %p %p %u\n", ptr1, ptr2, len); if (likely(!__afl_cmp_map)) return; if (unlikely(!len)) return; - int len1 = strnlen(ptr1, 30) + 1; - int len2 = strnlen(ptr2, 30) + 1; + int len0 = MIN(len, 31); + int len1 = strnlen(ptr1, len0); + if (len1 < 31) len1 = area_is_valid(ptr1, len1 + 1); + int len2 = strnlen(ptr2, len0); + if (len2 < 31) len2 = area_is_valid(ptr1, len2 + 1); int l = MAX(len1, len2); - if (l < 3) return; + if (l < 2) return; uintptr_t k = (uintptr_t)__builtin_return_address(0); k = (uintptr_t)(default_hash((u8 *)&k, sizeof(uintptr_t)) & (CMP_MAP_W - 1)); |