diff options
| -rw-r--r-- | docs/Changelog.md | 2 | ||||
| -rw-r--r-- | llvm_mode/afl-clang-fast.c | 24 | ||||
| -rw-r--r-- | llvm_mode/compare-transform-pass.so.cc | 10 | ||||
| -rw-r--r-- | test/test-compcov.c | 2 |
4 files changed, 26 insertions, 12 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md index ae398b66..4b6e90e5 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -27,6 +27,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. - added AFL_LLVM_LAF_ALL, sets all laf-intel settings - LTO whitelist functionality rewritten, now main, _init etc functions need not to be whitelisted anymore + - fixed crash in compare-transform-pass when strcasemp/strncasecmp was + tried to be instrumented - fixed afl-gcc/afl-as that could break on fast systems reusing pids in the same second - added lots of dictionaries from oss-fuzz, go-fuzz and Jakub Wilk diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 2aeb0400..8791c5ae 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -220,6 +220,20 @@ static void edit_params(u32 argc, char **argv, char **envp) { afl-clang-lto(++) */ + if (lto_mode) { + + if (getenv("AFL_LLVM_WHITELIST") != NULL) { + + cc_params[cc_par_cnt++] = "-Xclang"; + cc_params[cc_par_cnt++] = "-load"; + cc_params[cc_par_cnt++] = "-Xclang"; + cc_params[cc_par_cnt++] = + alloc_printf("%s/afl-llvm-lto-whitelist.so", obj_path); + + } + + } + // laf if (getenv("LAF_SPLIT_SWITCHES") || getenv("AFL_LLVM_LAF_SPLIT_SWITCHES")) { @@ -289,16 +303,6 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (lto_mode) { - if (getenv("AFL_LLVM_WHITELIST") != NULL) { - - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/afl-llvm-lto-whitelist.so", obj_path); - - } - cc_params[cc_par_cnt++] = alloc_printf("-fuse-ld=%s", AFL_REAL_LD); cc_params[cc_par_cnt++] = "-Wl,--allow-multiple-definition"; if (instrument_mode == INSTRUMENT_CFG) diff --git a/llvm_mode/compare-transform-pass.so.cc b/llvm_mode/compare-transform-pass.so.cc index 1ebc54d7..2f5eb341 100644 --- a/llvm_mode/compare-transform-pass.so.cc +++ b/llvm_mode/compare-transform-pass.so.cc @@ -438,9 +438,13 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, for (uint64_t i = 0; i < constLen; i++) { - BasicBlock *cur_bb = next_bb; + BasicBlock * cur_bb = next_bb; + unsigned char c; - char c = isCaseInsensitive ? tolower(ConstStr[i]) : ConstStr[i]; + if (isCaseInsensitive) + c = (unsigned char)(tolower((int)ConstStr[i]) & 0xff); + else + c = (unsigned char)ConstStr[i]; BasicBlock::iterator IP = next_bb->getFirstInsertionPt(); IRBuilder<> IRB(&*IP); @@ -448,9 +452,11 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, Value *v = ConstantInt::get(Int64Ty, i); Value *ele = IRB.CreateInBoundsGEP(VarStr, v, "empty"); Value *load = IRB.CreateLoad(ele); + if (isCaseInsensitive) { // load >= 'A' && load <= 'Z' ? load | 0x020 : load + load = IRB.CreateZExt(load, Int32Ty); std::vector<Value *> args; args.push_back(load); load = IRB.CreateCall(tolowerFn, args, "tmp"); diff --git a/test/test-compcov.c b/test/test-compcov.c index c8dd674e..a2202a22 100644 --- a/test/test-compcov.c +++ b/test/test-compcov.c @@ -39,6 +39,8 @@ int main(int argc, char **argv) { printf("short local var memcmp works!\n"); else if (memcmp(global_cmpval, input, sizeof(global_cmpval)) == 0) printf("global var memcmp works!\n"); + else if (strncasecmp("-h", input, 2) == 0) + printf("this is not the help you are looking for\n"); else printf("I do not know your string\n"); |