diff options
| -rw-r--r-- | instrumentation/SanitizerCoveragePCGUARD.so.cc | 27 | ||||
| -rw-r--r-- | instrumentation/afl-llvm-dict2file.so.cc | 8 | ||||
| -rw-r--r-- | instrumentation/cmplog-instructions-pass.cc | 17 | ||||
| -rw-r--r-- | src/afl-cc.c | 14 | ||||
| -rw-r--r-- | src/afl-fuzz-cmplog.c | 10 | ||||
| -rw-r--r-- | src/afl-fuzz-redqueen.c | 2 |
6 files changed, 56 insertions, 22 deletions
diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index e234cf57..f80b1a1e 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -932,6 +932,15 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage( IRBuilder<> IRB(callInst); + if (!FunctionGuardArray) { + + fprintf(stderr, + "SANCOV: FunctionGuardArray is NULL, failed to emit " + "instrumentation."); + continue; + + } + Value *GuardPtr = IRB.CreateIntToPtr( IRB.CreateAdd( IRB.CreatePointerCast(FunctionGuardArray, IntptrTy), @@ -957,6 +966,15 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage( if (t->getTypeID() == llvm::Type::IntegerTyID) { + if (!FunctionGuardArray) { + + fprintf(stderr, + "SANCOV: FunctionGuardArray is NULL, failed to emit " + "instrumentation."); + continue; + + } + auto GuardPtr1 = IRB.CreateIntToPtr( IRB.CreateAdd( IRB.CreatePointerCast(FunctionGuardArray, IntptrTy), @@ -993,6 +1011,15 @@ bool ModuleSanitizerCoverageAFL::InjectCoverage( FixedVectorType::get(Int32PtrTy, elements); Value *x, *y; + if (!FunctionGuardArray) { + + fprintf(stderr, + "SANCOV: FunctionGuardArray is NULL, failed to emit " + "instrumentation."); + continue; + + } + Value *val1 = IRB.CreateIntToPtr( IRB.CreateAdd( IRB.CreatePointerCast(FunctionGuardArray, IntptrTy), diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc index 79cdf491..31aaab07 100644 --- a/instrumentation/afl-llvm-dict2file.so.cc +++ b/instrumentation/afl-llvm-dict2file.so.cc @@ -536,15 +536,17 @@ bool AFLdict2filePass::runOnModule(Module &M) { } - if (optLength > Str2.length()) { optLength = Str2.length(); } - } valueMap[Str1P] = new std::string(Str2); - if (debug) + if (debug) { + fprintf(stderr, "Saved: %s for %p\n", Str2.c_str(), (void *)Str1P); + + } + continue; } diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc index 7c95d9bb..fd7930a1 100644 --- a/instrumentation/cmplog-instructions-pass.cc +++ b/instrumentation/cmplog-instructions-pass.cc @@ -515,7 +515,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) { while (1) { std::vector<Value *> args; - uint32_t skip = 0; + bool skip = true; if (vector_cnt) { @@ -537,16 +537,18 @@ bool CmpLogInstructions::hookInstrs(Module &M) { if (i0) { cur_val = (uint64_t)i0->getValue().convertToDouble(); - if (last_val0 && last_val0 == cur_val) { skip = 1; } - last_val0 = cur_val; + if (last_val0 && last_val0 == cur_val) { skip = true; + + } last_val0 = cur_val; } if (i1) { cur_val = (uint64_t)i1->getValue().convertToDouble(); - if (last_val1 && last_val1 == cur_val) { skip = 1; } - last_val1 = cur_val; + if (last_val1 && last_val1 == cur_val) { skip = true; + + } last_val1 = cur_val; } @@ -559,7 +561,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) { if (i0 && i0->uge(0xffffffffffffffff) == false) { cur_val = i0->getZExtValue(); - if (last_val0 && last_val0 == cur_val) { skip = 1; } + if (last_val0 && last_val0 == cur_val) { skip = true; } last_val0 = cur_val; } @@ -567,7 +569,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) { if (i1 && i1->uge(0xffffffffffffffff) == false) { cur_val = i1->getZExtValue(); - if (last_val1 && last_val1 == cur_val) { skip = 1; } + if (last_val1 && last_val1 == cur_val) { skip = true; } last_val1 = cur_val; } @@ -649,7 +651,6 @@ bool CmpLogInstructions::hookInstrs(Module &M) { ++cur; if (cur >= vector_cnt) { break; } - skip = 0; } diff --git a/src/afl-cc.c b/src/afl-cc.c index 4cec7740..ffdda386 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -566,7 +566,19 @@ static void edit_params(u32 argc, char **argv, char **envp) { } - if (!ld_path || !*ld_path) { ld_path = strdup("ld.lld"); } + if (!ld_path || !*ld_path) { + + if (ld_path) { + + // Freeing empty string + free(ld_path); + + } + + ld_path = strdup("ld.lld"); + + } + if (!ld_path) { PFATAL("Could not allocate mem for ld_path"); } #if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 12 cc_params[cc_par_cnt++] = alloc_printf("--ld-path=%s", ld_path); diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c index 1a8052a0..7d94085d 100644 --- a/src/afl-fuzz-cmplog.c +++ b/src/afl-fuzz-cmplog.c @@ -49,7 +49,7 @@ u8 common_fuzz_cmplog_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { u8 fault; - len = write_to_testcase(afl, out_buf, len, 0); + write_to_testcase(afl, out_buf, len, 0); fault = fuzz_run_target(afl, &afl->cmplog_fsrv, afl->fsrv.exec_tmout); @@ -81,14 +81,6 @@ u8 common_fuzz_cmplog_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { } - /* This handles FAULT_ERROR for us: */ - - /* afl->queued_discovered += save_if_interesting(afl, argv, out_buf, len, - fault); - - if (!(afl->stage_cur % afl->stats_update_freq) || afl->stage_cur + 1 == - afl->stage_max) show_stats(afl); */ - return 0; } diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 2f32ef1e..2dbad5cf 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -1969,7 +1969,7 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, if (l0 == 0 || l1 == 0 || ol0 == 0 || ol1 == 0 || l0 > 31 || l1 > 31 || ol0 > 31 || ol1 > 31) { - l0 = l1 = ol0 = ol1 = hshape; + l0 = ol0 = hshape; } |