diff options
Diffstat (limited to 'llvm_mode/afl-llvm-rt.o.c')
| -rw-r--r-- | llvm_mode/afl-llvm-rt.o.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c index 3e5db87d..22c34ae8 100644 --- a/llvm_mode/afl-llvm-rt.o.c +++ b/llvm_mode/afl-llvm-rt.o.c @@ -101,7 +101,7 @@ __thread u32 __afl_cmp_counter; int __afl_sharedmem_fuzzing __attribute__((weak)); -struct cmp_map *__afl_cmp_map = (struct cmp_map *)__afl_area_initial; +struct cmp_map *__afl_cmp_map; /* Running in persistent mode? */ @@ -183,6 +183,11 @@ static void __afl_map_shm_fuzz() { static void __afl_map_shm(void) { + // we we are not running in afl ensure the map exists + fprintf(stderr, "Was: %p\n", __afl_area_ptr); + if (!__afl_area_ptr) __afl_area_ptr = __afl_area_initial; + fprintf(stderr, "Is: %p\n", __afl_area_ptr); + char *id_str = getenv(SHM_ENV_VAR); if (__afl_final_loc) { @@ -943,7 +948,7 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) { void __cmplog_ins_hook1(uint8_t arg1, uint8_t arg2) { - if (unlikely(!__afl_cmp_map || (u8 *)__afl_cmp_map == __afl_area_ptr)) return; + if (unlikely(!__afl_cmp_map)) return; uintptr_t k = (uintptr_t)__builtin_return_address(0); k = (k >> 4) ^ (k << 8); @@ -966,7 +971,7 @@ void __cmplog_ins_hook1(uint8_t arg1, uint8_t arg2) { void __cmplog_ins_hook2(uint16_t arg1, uint16_t arg2) { - if (!__afl_cmp_map) return; + if (unlikely(!__afl_cmp_map)) return; uintptr_t k = (uintptr_t)__builtin_return_address(0); k = (k >> 4) ^ (k << 8); @@ -987,7 +992,7 @@ void __cmplog_ins_hook2(uint16_t arg1, uint16_t arg2) { void __cmplog_ins_hook4(uint32_t arg1, uint32_t arg2) { - if (unlikely(!__afl_cmp_map || (u8 *)__afl_cmp_map == __afl_area_ptr)) return; + if (unlikely(!__afl_cmp_map)) return; uintptr_t k = (uintptr_t)__builtin_return_address(0); k = (k >> 4) ^ (k << 8); @@ -1008,7 +1013,7 @@ void __cmplog_ins_hook4(uint32_t arg1, uint32_t arg2) { void __cmplog_ins_hook8(uint64_t arg1, uint64_t arg2) { - if (unlikely(!__afl_cmp_map || (u8 *)__afl_cmp_map == __afl_area_ptr)) return; + if (unlikely(!__afl_cmp_map)) return; uintptr_t k = (uintptr_t)__builtin_return_address(0); k = (k >> 4) ^ (k << 8); @@ -1059,7 +1064,7 @@ void __sanitizer_cov_trace_cmp8(uint64_t arg1, uint64_t arg2) void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases) { - if (unlikely(!__afl_cmp_map || (u8 *)__afl_cmp_map == __afl_area_ptr)) return; + if (unlikely(!__afl_cmp_map)) return; for (uint64_t i = 0; i < cases[0]; i++) { @@ -1098,7 +1103,7 @@ static int area_is_mapped(void *ptr, size_t len) { void __cmplog_rtn_hook(u8 *ptr1, u8 *ptr2) { - if (unlikely(!__afl_cmp_map || (u8 *)__afl_cmp_map == __afl_area_ptr)) return; + if (unlikely(!__afl_cmp_map)) return; if (!area_is_mapped(ptr1, 32) || !area_is_mapped(ptr2, 32)) return; |