diff options
| author | Sonic <50692172+SonicStark@users.noreply.github.com> | 2024-01-25 16:57:50 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-25 08:57:50 +0000 |
| commit | d88c97ad2887962a8565473269057d39d75f998d (patch) | |
| tree | 0592cc1376c29941b341ab82b6e5f480974770c9 /src | |
| parent | ba28c4982b7fed33a22214537b4f8ffcc08286d4 (diff) | |
| download | afl++-d88c97ad2887962a8565473269057d39d75f998d.tar.gz | |
Fix afl-cc (#1968)
- Check if too many cmdline params here, each time before insert a new param.
- Check if it is "-fsanitize=..." before we do sth.
- Remove improper param_st transfer.
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-cc.c | 87 |
1 files changed, 34 insertions, 53 deletions
diff --git a/src/afl-cc.c b/src/afl-cc.c index ccbb4f8d..174b3783 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -192,15 +192,11 @@ u8 *find_object(aflcc_state_t *, u8 *obj); void find_built_deps(aflcc_state_t *); -static inline void limit_params(aflcc_state_t *aflcc, u32 add) { +static inline void insert_param(aflcc_state_t *aflcc, u8 *param) { - if (aflcc->cc_par_cnt + add >= MAX_PARAMS_NUM) + if (unlikely(aflcc->cc_par_cnt + 1 >= MAX_PARAMS_NUM)) FATAL("Too many command line parameters, please increase MAX_PARAMS_NUM."); -} - -static inline void insert_param(aflcc_state_t *aflcc, u8 *param) { - aflcc->cc_params[aflcc->cc_par_cnt++] = param; } @@ -1572,7 +1568,7 @@ void add_defs_fortify(aflcc_state_t *aflcc, u8 action) { break; } - + aflcc->have_fortify = 1; } @@ -1672,41 +1668,42 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { param_st final_ = PARAM_MISS; - if (strstr(cur_argv, "=address") || strstr(cur_argv, ",address")) { - - aflcc->have_asan = 1; - - } - - if (strstr(cur_argv, "=memory") || strstr(cur_argv, ",memory")) { - - aflcc->have_msan = 1; - - } - - if (strstr(cur_argv, "=undefined") || strstr(cur_argv, ",undefined")) { - - aflcc->have_ubsan = 1; - - } - - if (strstr(cur_argv, "=thread") || strstr(cur_argv, ",thread")) { - - aflcc->have_tsan = 1; +// MACRO START +#define HAVE_SANITIZER_SCAN_KEEP(v, k) \ + do { \ + \ + if (strstr(cur_argv, "=" STRINGIFY(k)) || \ + strstr(cur_argv, "," STRINGIFY(k))) { \ + \ + if (scan) { \ + \ + aflcc->have_##v = 1; \ + final_ = PARAM_SCAN; \ + \ + } else { \ + \ + final_ = PARAM_KEEP; \ + \ + } \ + \ + } \ + \ + } while (0) - } + // MACRO END - if (strstr(cur_argv, "=leak") || strstr(cur_argv, ",leak")) { + if (!strncmp(cur_argv, "-fsanitize=", strlen("-fsanitize="))) { - aflcc->have_lsan = 1; + HAVE_SANITIZER_SCAN_KEEP(asan, address); + HAVE_SANITIZER_SCAN_KEEP(msan, memory); + HAVE_SANITIZER_SCAN_KEEP(ubsan, undefined); + HAVE_SANITIZER_SCAN_KEEP(tsan, thread); + HAVE_SANITIZER_SCAN_KEEP(lsan, leak); + HAVE_SANITIZER_SCAN_KEEP(cfisan, cfi); } - if (strstr(cur_argv, "=cfi") || strstr(cur_argv, ",cfi")) { - - aflcc->have_cfisan = 1; - - } +#undef HAVE_SANITIZER_SCAN_KEEP if (!strncmp(cur_argv, "-fsanitize-coverage-", 20) && strstr(cur_argv, "list=")) { @@ -1718,7 +1715,7 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { } else { - final_ = PARAM_KEEP; // may be set to DROP next + final_ = PARAM_KEEP; } @@ -1787,20 +1784,6 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { } - if (final_ == PARAM_MISS) { - - if (scan) { - - final_ = PARAM_SCAN; - - } else { - - final_ = PARAM_KEEP; - - } - - } - if (final_ == PARAM_KEEP) insert_param(aflcc, cur_argv); return final_; @@ -2880,8 +2863,6 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { static void process_params(aflcc_state_t *aflcc, u8 scan, u32 argc, char **argv) { - limit_params(aflcc, argc); - // for (u32 x = 0; x < argc; ++x) fprintf(stderr, "[%u] %s\n", x, argv[x]); /* Process the argument list. */ |