3 files changed, 79 insertions, 2 deletions
diff --git a/qemu_mode/libcompcov/Makefile b/qemu_mode/libcompcov/Makefile
index 5f4a33c6..c984588b 100644
--- a/qemu_mode/libcompcov/Makefile
+++ b/qemu_mode/libcompcov/Makefile
@@ -22,7 +22,7 @@ CFLAGS      ?= -O3 -funroll-loops
 CFLAGS      += -Wall -Wno-unused-result -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign
 LDFLAGS     += -ldl
 
-all: libcompcov.so
+all: libcompcov.so compcovtest
 
 libcompcov.so: libcompcov.so.c ../../config.h
 	$(CC) $(CFLAGS) -shared -fPIC $< -o $@ $(LDFLAGS)
@@ -31,7 +31,10 @@ libcompcov.so: libcompcov.so.c ../../config.h
 
 clean:
 	rm -f *.o *.so *~ a.out core core.[1-9][0-9]*
-	rm -f libcompcov.so
+	rm -f libcompcov.so compcovtest
+
+compcovtest:	compcovtest.cc
+	$(CXX) $< -o $@ 
 
 install: all
 	install -m 755 libcompcov.so $${DESTDIR}$(HELPER_PATH)
diff --git a/qemu_mode/libcompcov/compcovtest.cc b/qemu_mode/libcompcov/compcovtest.cc
new file mode 100644
index 00000000..fd1fda00
--- /dev/null
+++ b/qemu_mode/libcompcov/compcovtest.cc
@@ -0,0 +1,63 @@
+/////////////////////////////////////////////////////////////////////////
+//
+// Author: Mateusz Jurczyk (mjurczyk@google.com)
+//
+// Copyright 2019 Google LLC
+// 
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// 
+// https://www.apache.org/licenses/LICENSE-2.0
+// 
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+// solution: echo -ne 'The quick brown fox jumps over the lazy dog\xbe\xba\xfe\xca\xbe\xba\xfe\xca\xde\xc0\xad\xde\xef\xbe' | ./compcovtest
+
+#include <cstdint>
+#include <cstdio>
+#include <cstdlib>
+#include <cstring>
+
+int main() {
+  char buffer[44] = { /* zero padding */ };
+  fread(buffer, 1, sizeof(buffer) - 1, stdin);
+
+  if (memcmp(&buffer[0], "The quick brown fox ", 20) != 0 ||
+      strncmp(&buffer[20], "jumps over ", 11) != 0 ||
+      strcmp(&buffer[31], "the lazy dog") != 0) {
+    return 1;
+  }
+
+  uint64_t x = 0;
+  fread(&x, sizeof(x), 1, stdin);
+  if (x != 0xCAFEBABECAFEBABE) {
+    return 2;
+  }
+
+  uint32_t y = 0;
+  fread(&y, sizeof(y), 1, stdin);
+  if (y != 0xDEADC0DE) {
+    return 3;
+  }
+
+  uint16_t z = 0;
+  fread(&z, sizeof(z), 1, stdin);
+
+  switch (z) {
+    case 0xBEEF:
+      break;
+
+    default:
+      return 4;
+  }
+
+  printf("Puzzle solved, congrats!\n");
+  abort();
+  return 0;
+}
diff --git a/qemu_mode/libcompcov/libcompcov.so.c b/qemu_mode/libcompcov/libcompcov.so.c
index 19eb821e..582230db 100644
--- a/qemu_mode/libcompcov/libcompcov.so.c
+++ b/qemu_mode/libcompcov/libcompcov.so.c
@@ -51,6 +51,8 @@ static int (*__libc_strcasecmp)(const char*, const char*);
 static int (*__libc_strncasecmp)(const char*, const char*, size_t);
 static int (*__libc_memcmp)(const void*, const void*, size_t);
 
+static int debug_fd = -1;
+
 
 static size_t __strlen2(const char *s1, const char *s2, size_t max_length) {
   // from https://github.com/googleprojectzero/CompareCoverage
@@ -118,6 +120,12 @@ static void __compcov_trace(u64 cur_loc, const u8* v0, const u8* v1, size_t n) {
 
   size_t i;
   
+  if (debug_fd != 1) {
+    char debugbuf[4096];
+    snprintf(debugbuf, sizeof(debugbuf), "0x%llx %s %s %lu\n", cur_loc, v0 == NULL ? "(null)" : (char*)v0, v1 == NULL ? "(null)" : (char*)v1, n);
+    write(debug_fd, debugbuf, strlen(debugbuf));
+  }
+  
   for (i = 0; i < n && v0[i] == v1[i]; ++i) {
   
     __compcov_afl_map[cur_loc +i]++;
@@ -262,6 +270,9 @@ int memcmp(const void* mem1, const void* mem2, size_t len) {
 
 __attribute__((constructor)) void __compcov_init(void) {
 
+  if (getenv("AFL_QEMU_COMPCOV_DEBUG") != NULL)
+    debug_fd = open("compcov.debug", O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, 0644);
+
   __compcov_load();
 }