5 files changed, 37 insertions, 15 deletions

diff --git a/docs/Changelog.md b/docs/Changelog.md
index 461acb2c..c3e4b34e 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -20,6 +20,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
   - afl-cc:
     - Update to COMPCOV/laf-intel that speeds up the instrumentation
       process a lot - thanks to Michael Rodler/f0rki for the PR!
+    - Fix for failures for some sized string instrumentations
     - Fix to instrument global namespace functions in c++
     - Fix for llvm 13
     - support partial linking
diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc
index 372af003..28eb0b9f 100644
--- a/instrumentation/SanitizerCoverageLTO.so.cc
+++ b/instrumentation/SanitizerCoverageLTO.so.cc
@@ -759,6 +759,12 @@ bool ModuleSanitizerCoverage::instrumentModule(
 
                   uint64_t literalLength = Str2.size();
                   uint64_t optLength = ilen->getZExtValue();
+                  if (optLength > literalLength + 1) {
+
+                    optLength = Str2.length() + 1;
+
+                  }
+
                   if (literalLength + 1 == optLength) {
 
                     Str2.append("\0", 1);  // add null byte
@@ -862,6 +868,12 @@ bool ModuleSanitizerCoverage::instrumentModule(
 
                 uint64_t literalLength = optLen;
                 optLen = ilen->getZExtValue();
+                if (optLen > thestring.length() + 1) {
+
+                  optLen = thestring.length() + 1;
+
+                }
+
                 if (optLen < 2) { continue; }
                 if (literalLength + 1 == optLen) {  // add null byte
                   thestring.append("\0", 1);
diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc
index e2b44b21..5350f62b 100644
--- a/instrumentation/afl-llvm-dict2file.so.cc
+++ b/instrumentation/afl-llvm-dict2file.so.cc
@@ -428,6 +428,12 @@ bool AFLdict2filePass::runOnModule(Module &M) {
 
                 uint64_t literalLength = Str2.length();
                 uint64_t optLength = ilen->getZExtValue();
+                if (optLength > literalLength + 1) {
+
+                  optLength = Str2.length() + 1;
+
+                }
+
                 if (literalLength + 1 == optLength) {
 
                   Str2.append("\0", 1);  // add null byte
@@ -534,7 +540,12 @@ bool AFLdict2filePass::runOnModule(Module &M) {
 
               uint64_t literalLength = optLen;
               optLen = ilen->getZExtValue();
-              if (optLen > thestring.length()) { optLen = thestring.length(); }
+              if (optLen > thestring.length() + 1) {
+
+                optLen = thestring.length() + 1;
+
+              }
+
               if (optLen < 2) { continue; }
               if (literalLength + 1 == optLen) {  // add null byte
                 thestring.append("\0", 1);
diff --git a/instrumentation/afl-llvm-lto-instrumentation.so.cc b/instrumentation/afl-llvm-lto-instrumentation.so.cc
index bb9b9279..263d947d 100644
--- a/instrumentation/afl-llvm-lto-instrumentation.so.cc
+++ b/instrumentation/afl-llvm-lto-instrumentation.so.cc
@@ -546,6 +546,12 @@ bool AFLLTOPass::runOnModule(Module &M) {
 
                   uint64_t literalLength = Str2.size();
                   uint64_t optLength = ilen->getZExtValue();
+                  if (optLength > literalLength + 1) {
+
+                    optLength = Str2.length() + 1;
+
+                  }
+
                   if (literalLength + 1 == optLength) {
 
                     Str2.append("\0", 1);  // add null byte
@@ -649,6 +655,7 @@ bool AFLLTOPass::runOnModule(Module &M) {
 
                 uint64_t literalLength = optLen;
                 optLen = ilen->getZExtValue();
+                if (optLen > literalLength + 1) { optLen = literalLength + 1; }
                 if (optLen < 2) { continue; }
                 if (literalLength + 1 == optLen) {  // add null byte
                   thestring.append("\0", 1);
diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc
index 3ecba4e6..f5dd4a53 100644
--- a/instrumentation/compare-transform-pass.so.cc
+++ b/instrumentation/compare-transform-pass.so.cc
@@ -313,27 +313,18 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
             ConstantInt *ilen = dyn_cast<ConstantInt>(op2);
             if (ilen) {
 
-              uint64_t len = ilen->getZExtValue();
               // if len is zero this is a pointless call but allow real
               // implementation to worry about that
-              if (len < 2) continue;
+              if (ilen->getZExtValue() < 2) { continue; }
 
-              if (isMemcmp) {
-
-                // if size of compare is larger than constant string this is
-                // likely a bug but allow real implementation to worry about
-                // that
-                uint64_t literalLength = HasStr1 ? Str1.size() : Str2.size();
-                if (literalLength + 1 < ilen->getZExtValue()) continue;
-
-              }
-
-            } else if (isMemcmp)
+            } else if (isMemcmp) {
 
               // this *may* supply a len greater than the constant string at
               // runtime so similarly we don't want to have to handle that
               continue;
 
+            }
+
           }
 
           calls.push_back(callInst);
@@ -421,7 +412,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
     }
 
     if (TmpConstStr.length() < 2 ||
-        (TmpConstStr.length() == 2 && !TmpConstStr[1])) {
+        (TmpConstStr.length() == 2 && TmpConstStr[1] == 0)) {
 
       continue;