diff options
| -rw-r--r-- | include/forkserver.h | 1 | ||||
| -rw-r--r-- | instrumentation/SanitizerCoveragePCGUARD.so.cc | 4 | ||||
| -rw-r--r-- | instrumentation/afl-llvm-pass.so.cc | 4 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 12 | ||||
| -rw-r--r-- | src/afl-fuzz-bitmap.c | 2 |
5 files changed, 17 insertions, 6 deletions
diff --git a/include/forkserver.h b/include/forkserver.h index 5e498c56..f6230fe8 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -197,6 +197,7 @@ typedef struct afl_forkserver { u32 nyx_id; /* nyx runner id (0 -> master) */ u32 nyx_bind_cpu_id; /* nyx runner cpu id */ char *nyx_aux_string; + u32 nyx_aux_string_len; bool nyx_use_tmp_workdir; char *nyx_tmp_workdir_path; s32 nyx_log_fd; diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 98c5973c..588eb950 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -214,7 +214,11 @@ llvmGetPassPluginInfo() { #if LLVM_VERSION_MAJOR == 13 using OptimizationLevel = typename PassBuilder::OptimizationLevel; #endif +#if LLVM_VERSION_MAJOR >= 16 + PB.registerOptimizerEarlyEPCallback( +#else PB.registerOptimizerLastEPCallback( +#endif [](ModulePassManager &MPM, OptimizationLevel OL) { MPM.addPass(ModuleSanitizerCoverageAFL()); diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index c59324fd..052488a9 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -552,7 +552,7 @@ bool AFLCoverage::runOnModule(Module &M) { #endif { - // load the context ID of the previous function and write to to a + // load the context ID of the previous function and write to a // local variable on the stack LoadInst *PrevCtxLoad = IRB.CreateLoad( #if LLVM_VERSION_MAJOR >= 14 @@ -634,7 +634,7 @@ bool AFLCoverage::runOnModule(Module &M) { /* There is a problem with Ubuntu 18.04 and llvm 6.0 (see issue #63). The inline function successors() is not inlined and also not found at runtime - :-( As I am unable to detect Ubuntu18.04 heree, the next best thing is to + :-( As I am unable to detect Ubuntu18.04 here, the next best thing is to disable this optional optimization for LLVM 6.0.0 and Linux */ #if !(LLVM_VERSION_MAJOR == 6 && LLVM_VERSION_MINOR == 0) || !defined __linux__ // only instrument if this basic block is the destination of a previous diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 07f5a1a9..9b710733 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -615,8 +615,10 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (getenv("AFL_NYX_AUX_SIZE") != NULL) { + fsrv->nyx_aux_string_len = atoi(getenv("AFL_NYX_AUX_SIZE")); + if (fsrv->nyx_handlers->nyx_config_set_aux_buffer_size( - nyx_config, atoi(getenv("AFL_NYX_AUX_SIZE"))) != 1) { + nyx_config, fsrv->nyx_aux_string_len) != 1) { NYX_PRE_FATAL(fsrv, "Invalid AFL_NYX_AUX_SIZE value set (must be a multiple " @@ -624,6 +626,10 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } + } else { + + fsrv->nyx_aux_string_len = 0x1000; + } if (getenv("AFL_NYX_REUSE_SNAPSHOT") != NULL) { @@ -697,8 +703,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, fsrv->nyx_handlers->nyx_option_set_timeout(fsrv->nyx_runner, 2, 0); fsrv->nyx_handlers->nyx_option_apply(fsrv->nyx_runner); - fsrv->nyx_aux_string = malloc(0x1000); - memset(fsrv->nyx_aux_string, 0, 0x1000); + fsrv->nyx_aux_string = malloc(fsrv->nyx_aux_string_len); + memset(fsrv->nyx_aux_string, 0, fsrv->nyx_aux_string_len); /* dry run */ fsrv->nyx_handlers->nyx_set_afl_input(fsrv->nyx_runner, "INIT", 4); diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 0429db34..d76158ce 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -866,7 +866,7 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { if (unlikely(fd < 0)) { PFATAL("Unable to create '%s'", fn_log); } u32 nyx_aux_string_len = afl->fsrv.nyx_handlers->nyx_get_aux_string( - afl->fsrv.nyx_runner, afl->fsrv.nyx_aux_string, 0x1000); + afl->fsrv.nyx_runner, afl->fsrv.nyx_aux_string, afl->fsrv.nyx_aux_string_len); ck_write(fd, afl->fsrv.nyx_aux_string, nyx_aux_string_len, fn_log); close(fd); |