about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--instrumentation/afl-compiler-rt.o.c72
-rw-r--r--instrumentation/cmplog-instructions-pass.cc8
-rw-r--r--src/afl-fuzz-redqueen.c13
-rw-r--r--src/afl-fuzz.c26
-rw-r--r--src/afl-ld-lto.c14
5 files changed, 70 insertions, 63 deletions
diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c
index 060be044..c24173af 100644
--- a/instrumentation/afl-compiler-rt.o.c
+++ b/instrumentation/afl-compiler-rt.o.c
@@ -1169,7 +1169,8 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) {
 
   if (getenv("AFL_DEBUG")) {
 
-    fprintf(stderr, "Running __sanitizer_cov_trace_pc_guard_init: %p-%p (%lu edges)\n",
+    fprintf(stderr,
+            "Running __sanitizer_cov_trace_pc_guard_init: %p-%p (%lu edges)\n",
             start, stop, stop - start);
 
   }
@@ -1448,45 +1449,38 @@ void __cmplog_ins_hook16(uint128_t arg1, uint128_t arg2, uint8_t attr) {
 
 #endif
 
-#if defined(__APPLE__)
-  #pragma weak __sanitizer_cov_trace_const_cmp1 = __cmplog_ins_hook1
-  #pragma weak __sanitizer_cov_trace_const_cmp2 = __cmplog_ins_hook2
-  #pragma weak __sanitizer_cov_trace_const_cmp4 = __cmplog_ins_hook4
-  #pragma weak __sanitizer_cov_trace_const_cmp8 = __cmplog_ins_hook8
-  #pragma weak __sanitizer_cov_trace_const_cmp16 = __cmplog_ins_hook16
-
-  #pragma weak __sanitizer_cov_trace_cmp1 = __cmplog_ins_hook1
-  #pragma weak __sanitizer_cov_trace_cmp2 = __cmplog_ins_hook2
-  #pragma weak __sanitizer_cov_trace_cmp4 = __cmplog_ins_hook4
-  #pragma weak __sanitizer_cov_trace_cmp8 = __cmplog_ins_hook8
-  #pragma weak __sanitizer_cov_trace_cmp16 = __cmplog_ins_hook16
-#else
-void __sanitizer_cov_trace_const_cmp1(uint8_t arg1, uint8_t arg2)
-    __attribute__((alias("__cmplog_ins_hook1")));
-void __sanitizer_cov_trace_const_cmp2(uint16_t arg1, uint16_t arg2)
-    __attribute__((alias("__cmplog_ins_hook2")));
-void __sanitizer_cov_trace_const_cmp4(uint32_t arg1, uint32_t arg2)
-    __attribute__((alias("__cmplog_ins_hook4")));
-void __sanitizer_cov_trace_const_cmp8(uint64_t arg1, uint64_t arg2)
-    __attribute__((alias("__cmplog_ins_hook8")));
-  #ifdef WORD_SIZE_64
-void __sanitizer_cov_trace_const_cmp16(uint128_t arg1, uint128_t arg2)
-    __attribute__((alias("__cmplog_ins_hook16")));
-  #endif
+void __sanitizer_cov_trace_cmp1(uint8_t arg1, uint8_t arg2) {
 
-void __sanitizer_cov_trace_cmp1(uint8_t arg1, uint8_t arg2)
-    __attribute__((alias("__cmplog_ins_hook1")));
-void __sanitizer_cov_trace_cmp2(uint16_t arg1, uint16_t arg2)
-    __attribute__((alias("__cmplog_ins_hook2")));
-void __sanitizer_cov_trace_cmp4(uint32_t arg1, uint32_t arg2)
-    __attribute__((alias("__cmplog_ins_hook4")));
-void __sanitizer_cov_trace_cmp8(uint64_t arg1, uint64_t arg2)
-    __attribute__((alias("__cmplog_ins_hook8")));
-  #ifdef WORD_SIZE_64
-void __sanitizer_cov_trace_cmp16(uint128_t arg1, uint128_t arg2)
-    __attribute__((alias("__cmplog_ins_hook16")));
-  #endif
-#endif                                                /* defined(__APPLE__) */
+  __cmplog_ins_hook1(arg1, arg2, 0);
+
+}
+
+void __sanitizer_cov_trace_cmp2(uint16_t arg1, uint16_t arg2) {
+
+  __cmplog_ins_hook2(arg1, arg2, 0);
+
+}
+
+void __sanitizer_cov_trace_cmp4(uint32_t arg1, uint32_t arg2) {
+
+  __cmplog_ins_hook4(arg1, arg2, 0);
+
+}
+
+void __sanitizer_cov_trace_cmp8(uint64_t arg1, uint64_t arg2) {
+
+  __cmplog_ins_hook8(arg1, arg2, 0);
+
+}
+
+#ifdef WORD_SIZE_64
+void __sanitizer_cov_trace_cmp16(uint128_t arg1, uint128_t arg2) {
+
+  __cmplog_ins_hook16(arg1, arg2, 0);
+
+}
+
+#endif
 
 void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases) {
 
diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc
index 6ce1832f..d4bc0b38 100644
--- a/instrumentation/cmplog-instructions-pass.cc
+++ b/instrumentation/cmplog-instructions-pass.cc
@@ -277,8 +277,12 @@ bool CmpLogInstructions::hookInstrs(Module &M) {
 
       if (max_size % 8) {
 
-        max_size = (((max_size / 8) + 1) * 8);
-        do_cast = 1;
+        // bitcast from i6 to i8 panics llvm, so ...
+        continue;
+        /*
+                max_size = (((max_size / 8) + 1) * 8);
+                do_cast = 1;
+        */
 
       }
 
diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c
index 8979be98..f619a6d3 100644
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@@ -1497,10 +1497,10 @@ static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf,
                    u32 len, u32 lvl, struct tainted *taint) {
 
   struct cmp_header *h = &afl->shm.cmp_map->headers[key];
-  struct tainted *t;
-  u32             i, j, idx, taint_len, loggeds;
-  u32             have_taint = 1, is_n = 0;
-  u8              status = 0, found_one = 0;
+  struct tainted *   t;
+  u32                i, j, idx, taint_len, loggeds;
+  u32                have_taint = 1, is_n = 0;
+  u8                 status = 0, found_one = 0;
 
   /* loop cmps are useless, detect and ignore them */
 #ifdef WORD_SIZE_64
@@ -2439,7 +2439,8 @@ u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len) {
   afl->stage_max = 0;
   afl->stage_cur = 0;
 
-  u32 lvl = (afl->queue_cur->colorized ? 0 : LVL1) + (afl->cmplog_lvl == CMPLOG_LVL_MAX ? LVL3 : 0);
+  u32 lvl = (afl->queue_cur->colorized ? 0 : LVL1) +
+            (afl->cmplog_lvl == CMPLOG_LVL_MAX ? LVL3 : 0);
 
 #ifdef COMBINE
   u8 *cbuf = afl_realloc((void **)&afl->in_scratch_buf, len + 128);
@@ -2527,7 +2528,7 @@ exit_its:
   if (afl->cmplog_lvl == CMPLOG_LVL_MAX) {
 
     afl->queue_cur->colorized = CMPLOG_LVL_MAX;
-  
+
     ck_free(afl->queue_cur->cmplog_colorinput);
     t = taint;
     while (taint) {
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 3a7343ae..a579a8f5 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -123,7 +123,8 @@ static void usage(u8 *argv0, int more_help) {
       "it.\n"
       "                  if using QEMU, just use -c 0.\n"
       "  -l cmplog_level - set the complexity/intensivity of CmpLog.\n"
-      "                  Values: 1 (basic), 2 (larger files) and 3 (transform)\n\n"
+      "                  Values: 1 (basic), 2 (larger files) and 3 "
+      "(transform)\n\n"
 
       "Fuzzing behavior settings:\n"
       "  -Z            - sequential queue selection instead of weighted "
@@ -1556,17 +1557,19 @@ int main(int argc, char **argv_orig, char **envp) {
         afl->virgin_tmout = ck_realloc(afl->virgin_tmout, new_map_size);
         afl->virgin_crash = ck_realloc(afl->virgin_crash, new_map_size);
         afl->var_bytes = ck_realloc(afl->var_bytes, new_map_size);
-        afl->top_rated = ck_realloc(afl->top_rated, new_map_size * sizeof(void *));
+        afl->top_rated =
+            ck_realloc(afl->top_rated, new_map_size * sizeof(void *));
         afl->clean_trace = ck_realloc(afl->clean_trace, new_map_size);
-        afl->clean_trace_custom = ck_realloc(afl->clean_trace_custom, new_map_size);
+        afl->clean_trace_custom =
+            ck_realloc(afl->clean_trace_custom, new_map_size);
         afl->first_trace = ck_realloc(afl->first_trace, new_map_size);
         afl->map_tmp_buf = ck_realloc(afl->map_tmp_buf, new_map_size);
 
         afl_fsrv_kill(&afl->fsrv);
         afl_shm_deinit(&afl->shm);
         afl->fsrv.map_size = new_map_size;
-        afl->fsrv.trace_bits = afl_shm_init(&afl->shm, new_map_size,
-                                            afl->non_instrumented_mode);
+        afl->fsrv.trace_bits =
+            afl_shm_init(&afl->shm, new_map_size, afl->non_instrumented_mode);
         setenv("AFL_NO_AUTODICT", "1", 1);  // loaded already
         afl_fsrv_start(&afl->fsrv, afl->argv, &afl->stop_soon,
                        afl->afl_env.afl_debug_child);
@@ -1608,9 +1611,11 @@ int main(int argc, char **argv_orig, char **envp) {
         afl->virgin_tmout = ck_realloc(afl->virgin_tmout, new_map_size);
         afl->virgin_crash = ck_realloc(afl->virgin_crash, new_map_size);
         afl->var_bytes = ck_realloc(afl->var_bytes, new_map_size);
-        afl->top_rated = ck_realloc(afl->top_rated, new_map_size * sizeof(void *));
+        afl->top_rated =
+            ck_realloc(afl->top_rated, new_map_size * sizeof(void *));
         afl->clean_trace = ck_realloc(afl->clean_trace, new_map_size);
-        afl->clean_trace_custom = ck_realloc(afl->clean_trace_custom, new_map_size);
+        afl->clean_trace_custom =
+            ck_realloc(afl->clean_trace_custom, new_map_size);
         afl->first_trace = ck_realloc(afl->first_trace, new_map_size);
         afl->map_tmp_buf = ck_realloc(afl->map_tmp_buf, new_map_size);
 
@@ -1619,8 +1624,8 @@ int main(int argc, char **argv_orig, char **envp) {
         afl_shm_deinit(&afl->shm);
         afl->cmplog_fsrv.map_size = new_map_size;  // non-cmplog stays the same
 
-        afl->fsrv.trace_bits = afl_shm_init(&afl->shm, new_map_size,
-                                            afl->non_instrumented_mode);
+        afl->fsrv.trace_bits =
+            afl_shm_init(&afl->shm, new_map_size, afl->non_instrumented_mode);
         setenv("AFL_NO_AUTODICT", "1", 1);  // loaded already
         afl_fsrv_start(&afl->fsrv, afl->argv, &afl->stop_soon,
                        afl->afl_env.afl_debug_child);
@@ -1786,6 +1791,7 @@ int main(int argc, char **argv_orig, char **envp) {
                 afl->limit_time_puppet = 0;
 
               }
+
               */
               afl->expand_havoc = 2;
               if (afl->cmplog_lvl && afl->cmplog_lvl < 2) afl->cmplog_lvl = 2;
@@ -1806,7 +1812,7 @@ int main(int argc, char **argv_orig, char **envp) {
               break;
             case 5:
               // if not in sync mode, enable deterministic mode?
-              //if (!afl->sync_id) afl->skip_deterministic = 0;
+              // if (!afl->sync_id) afl->skip_deterministic = 0;
               afl->expand_havoc = 6;
             case 6:
               // nothing else currently
diff --git a/src/afl-ld-lto.c b/src/afl-ld-lto.c
index 1fb01600..0a978653 100644
--- a/src/afl-ld-lto.c
+++ b/src/afl-ld-lto.c
@@ -83,7 +83,7 @@ static void edit_params(int argc, char **argv) {
 
   if (!passthrough) {
 
-    for (i = 1; i < argc; i++) {
+    for (i = 1; i < (u32)argc; i++) {
 
       if (strstr(argv[i], "/afl-llvm-rt-lto.o") != NULL) rt_lto_present = 1;
       if (strstr(argv[i], "/afl-llvm-rt.o") != NULL) rt_present = 1;
@@ -91,7 +91,7 @@ static void edit_params(int argc, char **argv) {
 
     }
 
-    for (i = 1; i < argc && !gold_pos; i++) {
+    for (i = 1; i < (u32)argc && !gold_pos; i++) {
 
       if (strcmp(argv[i], "-plugin") == 0) {
 
@@ -100,7 +100,9 @@ static void edit_params(int argc, char **argv) {
           if (strcasestr(argv[i], "LLVMgold.so") != NULL)
             gold_present = gold_pos = i + 1;
 
-        } else if (i < argc && strcasestr(argv[i + 1], "LLVMgold.so") != NULL) {
+        } else if (i < (u32)argc &&
+
+                   strcasestr(argv[i + 1], "LLVMgold.so") != NULL) {
 
           gold_present = gold_pos = i + 2;
 
@@ -112,7 +114,7 @@ static void edit_params(int argc, char **argv) {
 
     if (!gold_pos) {
 
-      for (i = 1; i + 1 < argc && !gold_pos; i++) {
+      for (i = 1; i + 1 < (u32)argc && !gold_pos; i++) {
 
         if (argv[i][0] != '-') {
 
@@ -198,7 +200,7 @@ static void edit_params(int argc, char **argv) {
         gold_present ? "true" : "false", inst_present ? "true" : "false",
         rt_present ? "true" : "false", rt_lto_present ? "true" : "false");
 
-  for (i = 1; i < argc; i++) {
+  for (i = 1; i < (u32)argc; i++) {
 
     if (ld_param_cnt >= MAX_PARAM_COUNT)
       FATAL(
@@ -324,7 +326,7 @@ int main(int argc, char **argv) {
   if (debug) {
 
     DEBUGF("cd \"%s\";", thecwd);
-    for (i = 0; i < ld_param_cnt; i++)
+    for (i = 0; i < (s32)ld_param_cnt; i++)
       SAYF(" \"%s\"", ld_params[i]);
     SAYF("\n");
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-14 20:41:06 +0000