diff options
author | van Hauser <vh@thc.org> | 2020-05-05 10:38:44 +0200 |
---|---|---|
committer | van Hauser <vh@thc.org> | 2020-05-05 10:38:44 +0200 |
commit | 6e45e55d82eeed2075579a530f5aeea8d00af55b (patch) | |
tree | a7caa6c041fe940a4cba31352132a7534237693b /llvm_mode/compare-transform-pass.so.cc | |
parent | ecaccd9739d77fb6f5786581ac01bbe1316bdb99 (diff) | |
download | afl++-6e45e55d82eeed2075579a530f5aeea8d00af55b.tar.gz |
fix crash in AFL_LLVM_LAF_TRANSFORM_COMPARES
Diffstat (limited to 'llvm_mode/compare-transform-pass.so.cc')
-rw-r--r-- | llvm_mode/compare-transform-pass.so.cc | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/llvm_mode/compare-transform-pass.so.cc b/llvm_mode/compare-transform-pass.so.cc index c871c1c4..9cf4169e 100644 --- a/llvm_mode/compare-transform-pass.so.cc +++ b/llvm_mode/compare-transform-pass.so.cc @@ -386,13 +386,13 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, TmpConstStr = Str1.str(); VarStr = Str2P; - constLen = isMemcmp ? sizedLen : GetStringLength(Str1P); + constLen = isMemcmp ? sizedLen : TmpConstStr.length(); } else { TmpConstStr = Str2.str(); VarStr = Str1P; - constLen = isMemcmp ? sizedLen : GetStringLength(Str2P); + constLen = isMemcmp ? sizedLen : TmpConstStr.length(); } @@ -401,8 +401,12 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, * runtime bounds checking, which makes debugging easier) */ TmpConstStr.append("\0", 1); ConstStr = StringRef(TmpConstStr); - - if (isSizedcmp && constLen > sizedLen) { constLen = sizedLen; } + // fprintf(stderr, "issized: %d, const > sized ? %u > %u\n", isSizedcmp, + // constLen, sizedLen); + if (isSizedcmp && constLen > sizedLen && sizedLen) constLen = sizedLen; + if (constLen > TmpConstStr.length()) constLen = TmpConstStr.length(); + if (!constLen) constLen = TmpConstStr.length(); + if (!constLen) continue; if (!be_quiet) errs() << callInst->getCalledFunction()->getName() << ": len " << constLen |