diff options
| -rw-r--r-- | docs/Changelog.md | 2 | ||||
| -rw-r--r-- | instrumentation/SanitizerCoveragePCGUARD.so.cc | 20 |
2 files changed, 14 insertions, 8 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md index 842b727b..5e4de45a 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -17,6 +17,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. - default calibration cycles set to 7 from 8, and only add 5 cycles to variables queue items instead of 12. - afl-cc: + - fixed off-by-one bug in our pcguard implemenation, thanks for + @toka for reporting - better handling of -fsanitize=..,...,.. lists - fix gcc_mode cmplog - obtain the map size of a target with setting AFL_DUMP_MAP_SIZE=1 diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index e22c9ead..faad0bf6 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -850,7 +850,8 @@ void ModuleSanitizerCoverageAFL::CreateFunctionLocalArrays( bool ModuleSanitizerCoverageAFL::InjectCoverage( Function &F, ArrayRef<BasicBlock *> AllBlocks, bool IsLeafFunc) { - uint32_t cnt_cov = 0, cnt_sel = 0, cnt_sel_inc = 0; + uint32_t cnt_cov = 0, cnt_sel = 0, cnt_sel_inc = 0; + static uint32_t first = 1; for (auto &BB : F) { @@ -876,9 +877,11 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage( } - if (FuncName.compare(StringRef("__afl_coverage_interesting"))) continue; + if (!FuncName.compare(StringRef("__afl_coverage_interesting"))) { + + cnt_cov++; - cnt_cov++; + } } @@ -917,7 +920,8 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage( } /* Create PCGUARD array */ - CreateFunctionLocalArrays(F, AllBlocks, cnt_cov + cnt_sel_inc); + CreateFunctionLocalArrays(F, AllBlocks, first + cnt_cov + cnt_sel_inc); + if (first) { first = 0; } selects += cnt_sel; uint32_t special = 0, local_selects = 0, skip_next = 0; @@ -1103,10 +1107,10 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage( ModuleSanitizerCoverageAFL::SetNoSanitizeMetadata(MapPtr); /* - std::string errMsg; - raw_string_ostream os(errMsg); - result->print(os); - fprintf(stderr, "X: %s\n", os.str().c_str()); + std::string errMsg; + raw_string_ostream os(errMsg); + result->print(os); + fprintf(stderr, "X: %s\n", os.str().c_str()); */ while (1) { |