about summary refs log tree commit diff
path: root/qemu_mode/libcompcov/libcompcov.so.c
diff options
context:
space:
mode:
Diffstat (limited to 'qemu_mode/libcompcov/libcompcov.so.c')
-rw-r--r--qemu_mode/libcompcov/libcompcov.so.c195
1 files changed, 110 insertions, 85 deletions
diff --git a/qemu_mode/libcompcov/libcompcov.so.c b/qemu_mode/libcompcov/libcompcov.so.c
index 9e44067e..e758c034 100644
--- a/qemu_mode/libcompcov/libcompcov.so.c
+++ b/qemu_mode/libcompcov/libcompcov.so.c
@@ -40,10 +40,9 @@
 
 #define MAX_CMP_LENGTH 32
 
-static void *__compcov_code_start,
-            *__compcov_code_end;
+static void *__compcov_code_start, *__compcov_code_end;
 
-static u8 *__compcov_afl_map;
+static u8* __compcov_afl_map;
 
 static u32 __compcov_level;
 
@@ -55,15 +54,11 @@ static int (*__libc_memcmp)(const void*, const void*, size_t);
 
 static int debug_fd = -1;
 
-
 #define MAX_MAPPINGS 1024
 
-static struct mapping {
-  void *st, *en;
-} __compcov_ro[MAX_MAPPINGS];
-
-static u32   __compcov_ro_cnt;
+static struct mapping { void *st, *en; } __compcov_ro[MAX_MAPPINGS];
 
+static u32 __compcov_ro_cnt;
 
 /* Check an address against the list of read-only mappings. */
 
@@ -71,42 +66,42 @@ static u8 __compcov_is_ro(const void* ptr) {
 
   u32 i;
 
-  for (i = 0; i < __compcov_ro_cnt; i++) 
+  for (i = 0; i < __compcov_ro_cnt; i++)
     if (ptr >= __compcov_ro[i].st && ptr <= __compcov_ro[i].en) return 1;
 
   return 0;
+
 }
 
+static size_t __strlen2(const char* s1, const char* s2, size_t max_length) {
 
-static size_t __strlen2(const char *s1, const char *s2, size_t max_length) {
   // from https://github.com/googleprojectzero/CompareCoverage
-  
+
   size_t len = 0;
-  for (; len < max_length && s1[len] != '\0' && s2[len] != '\0'; len++) { }
+  for (; len < max_length && s1[len] != '\0' && s2[len] != '\0'; len++) {}
   return len;
+
 }
 
 /* Identify the binary boundaries in the memory mapping */
 
 static void __compcov_load(void) {
-  
+
   __libc_strcmp = dlsym(RTLD_NEXT, "strcmp");
   __libc_strncmp = dlsym(RTLD_NEXT, "strncmp");
   __libc_strcasecmp = dlsym(RTLD_NEXT, "strcasecmp");
   __libc_strncasecmp = dlsym(RTLD_NEXT, "strncasecmp");
   __libc_memcmp = dlsym(RTLD_NEXT, "memcmp");
 
-  if (getenv("AFL_QEMU_COMPCOV")) {
-
-    __compcov_level = 1;
-  }
+  if (getenv("AFL_QEMU_COMPCOV")) { __compcov_level = 1; }
   if (getenv("AFL_COMPCOV_LEVEL")) {
 
     __compcov_level = atoi(getenv("AFL_COMPCOV_LEVEL"));
+
   }
-  
-  char *id_str = getenv(SHM_ENV_VAR);
-  int shm_id;
+
+  char* id_str = getenv(SHM_ENV_VAR);
+  int   shm_id;
 
   if (id_str) {
 
@@ -114,61 +109,72 @@ static void __compcov_load(void) {
     __compcov_afl_map = shmat(shm_id, NULL, 0);
 
     if (__compcov_afl_map == (void*)-1) exit(1);
+
   } else {
-  
+
     __compcov_afl_map = calloc(1, MAP_SIZE);
+
   }
 
   if (getenv("AFL_INST_LIBS")) {
-  
+
     __compcov_code_start = (void*)0;
     __compcov_code_end = (void*)-1;
     return;
+
   }
 
   char* bin_name = getenv("AFL_COMPCOV_BINNAME");
 
   procmaps_iterator* maps = pmparser_parse(-1);
-  procmaps_struct* maps_tmp = NULL;
+  procmaps_struct*   maps_tmp = NULL;
 
   while ((maps_tmp = pmparser_next(maps)) != NULL) {
-  
+
     /* If AFL_COMPCOV_BINNAME is not set pick the first executable segment */
     if (!bin_name || strstr(maps_tmp->pathname, bin_name) != NULL) {
-    
+
       if (maps_tmp->is_x) {
-        if (!__compcov_code_start)
-            __compcov_code_start = maps_tmp->addr_start;
-        if (!__compcov_code_end)
-            __compcov_code_end = maps_tmp->addr_end;
+
+        if (!__compcov_code_start) __compcov_code_start = maps_tmp->addr_start;
+        if (!__compcov_code_end) __compcov_code_end = maps_tmp->addr_end;
+
       }
+
     }
-    
+
     if ((maps_tmp->is_w && !maps_tmp->is_r) || __compcov_ro_cnt == MAX_MAPPINGS)
       continue;
-    
+
     __compcov_ro[__compcov_ro_cnt].st = maps_tmp->addr_start;
     __compcov_ro[__compcov_ro_cnt].en = maps_tmp->addr_end;
+
   }
 
   pmparser_free(maps);
-}
 
+}
 
 static void __compcov_trace(u64 cur_loc, const u8* v0, const u8* v1, size_t n) {
 
   size_t i;
-  
+
   if (debug_fd != 1) {
+
     char debugbuf[4096];
-    snprintf(debugbuf, sizeof(debugbuf), "0x%llx %s %s %lu\n", cur_loc, v0 == NULL ? "(null)" : (char*)v0, v1 == NULL ? "(null)" : (char*)v1, n);
+    snprintf(debugbuf, sizeof(debugbuf), "0x%llx %s %s %lu\n", cur_loc,
+             v0 == NULL ? "(null)" : (char*)v0,
+             v1 == NULL ? "(null)" : (char*)v1, n);
     write(debug_fd, debugbuf, strlen(debugbuf));
+
   }
-  
+
   for (i = 0; i < n && v0[i] == v1[i]; ++i) {
-  
-    __compcov_afl_map[cur_loc +i]++;
+
+    __compcov_afl_map[cur_loc + i]++;
+
   }
+
 }
 
 /* Check an address against the list of read-only mappings. */
@@ -176,8 +182,8 @@ static void __compcov_trace(u64 cur_loc, const u8* v0, const u8* v1, size_t n) {
 static u8 __compcov_is_in_bound(const void* ptr) {
 
   return ptr >= __compcov_code_start && ptr < __compcov_code_end;
-}
 
+}
 
 /* Replacements for strcmp(), memcmp(), and so on. Note that these will be used
    only if the target is compiled with -fno-builtins and linked dynamically. */
@@ -187,127 +193,145 @@ static u8 __compcov_is_in_bound(const void* ptr) {
 int strcmp(const char* str1, const char* str2) {
 
   void* retaddr = __builtin_return_address(0);
-  
-  if (__compcov_is_in_bound(retaddr) && !(__compcov_level < 2 &&
-      !__compcov_is_ro(str1) && !__compcov_is_ro(str2))) {
 
-    size_t n = __strlen2(str1, str2, MAX_CMP_LENGTH +1);
-    
+  if (__compcov_is_in_bound(retaddr) &&
+      !(__compcov_level < 2 && !__compcov_is_ro(str1) &&
+        !__compcov_is_ro(str2))) {
+
+    size_t n = __strlen2(str1, str2, MAX_CMP_LENGTH + 1);
+
     if (n <= MAX_CMP_LENGTH) {
-    
+
       u64 cur_loc = (u64)retaddr;
-      cur_loc  = (cur_loc >> 4) ^ (cur_loc << 8);
+      cur_loc = (cur_loc >> 4) ^ (cur_loc << 8);
       cur_loc &= MAP_SIZE - 1;
-      
+
       __compcov_trace(cur_loc, str1, str2, n);
+
     }
+
   }
 
   return __libc_strcmp(str1, str2);
-}
 
+}
 
 #undef strncmp
 
 int strncmp(const char* str1, const char* str2, size_t len) {
 
   void* retaddr = __builtin_return_address(0);
-  
-  if (__compcov_is_in_bound(retaddr) && !(__compcov_level < 2 &&
-      !__compcov_is_ro(str1) && !__compcov_is_ro(str2))) {
 
-    size_t n = __strlen2(str1, str2, MAX_CMP_LENGTH +1);
+  if (__compcov_is_in_bound(retaddr) &&
+      !(__compcov_level < 2 && !__compcov_is_ro(str1) &&
+        !__compcov_is_ro(str2))) {
+
+    size_t n = __strlen2(str1, str2, MAX_CMP_LENGTH + 1);
     n = MIN(n, len);
-    
+
     if (n <= MAX_CMP_LENGTH) {
-    
+
       u64 cur_loc = (u64)retaddr;
-      cur_loc  = (cur_loc >> 4) ^ (cur_loc << 8);
+      cur_loc = (cur_loc >> 4) ^ (cur_loc << 8);
       cur_loc &= MAP_SIZE - 1;
-      
+
       __compcov_trace(cur_loc, str1, str2, n);
+
     }
+
   }
-  
+
   return __libc_strncmp(str1, str2, len);
-}
 
+}
 
 #undef strcasecmp
 
 int strcasecmp(const char* str1, const char* str2) {
 
   void* retaddr = __builtin_return_address(0);
-  
-  if (__compcov_is_in_bound(retaddr) && !(__compcov_level < 2 &&
-      !__compcov_is_ro(str1) && !__compcov_is_ro(str2))) {
+
+  if (__compcov_is_in_bound(retaddr) &&
+      !(__compcov_level < 2 && !__compcov_is_ro(str1) &&
+        !__compcov_is_ro(str2))) {
+
     /* Fallback to strcmp, maybe improve in future */
 
-    size_t n = __strlen2(str1, str2, MAX_CMP_LENGTH +1);
-    
+    size_t n = __strlen2(str1, str2, MAX_CMP_LENGTH + 1);
+
     if (n <= MAX_CMP_LENGTH) {
-    
+
       u64 cur_loc = (u64)retaddr;
-      cur_loc  = (cur_loc >> 4) ^ (cur_loc << 8);
+      cur_loc = (cur_loc >> 4) ^ (cur_loc << 8);
       cur_loc &= MAP_SIZE - 1;
-      
+
       __compcov_trace(cur_loc, str1, str2, n);
+
     }
+
   }
 
   return __libc_strcasecmp(str1, str2);
-}
 
+}
 
 #undef strncasecmp
 
 int strncasecmp(const char* str1, const char* str2, size_t len) {
 
   void* retaddr = __builtin_return_address(0);
-  
-  if (__compcov_is_in_bound(retaddr) && !(__compcov_level < 2 &&
-      !__compcov_is_ro(str1) && !__compcov_is_ro(str2))) {
+
+  if (__compcov_is_in_bound(retaddr) &&
+      !(__compcov_level < 2 && !__compcov_is_ro(str1) &&
+        !__compcov_is_ro(str2))) {
+
     /* Fallback to strncmp, maybe improve in future */
 
-    size_t n = __strlen2(str1, str2, MAX_CMP_LENGTH +1);
+    size_t n = __strlen2(str1, str2, MAX_CMP_LENGTH + 1);
     n = MIN(n, len);
-    
+
     if (n <= MAX_CMP_LENGTH) {
-    
+
       u64 cur_loc = (u64)retaddr;
-      cur_loc  = (cur_loc >> 4) ^ (cur_loc << 8);
+      cur_loc = (cur_loc >> 4) ^ (cur_loc << 8);
       cur_loc &= MAP_SIZE - 1;
-      
+
       __compcov_trace(cur_loc, str1, str2, n);
+
     }
+
   }
 
   return __libc_strncasecmp(str1, str2, len);
-}
 
+}
 
 #undef memcmp
 
 int memcmp(const void* mem1, const void* mem2, size_t len) {
 
   void* retaddr = __builtin_return_address(0);
-  
-  if (__compcov_is_in_bound(retaddr) && !(__compcov_level < 2 &&
-      !__compcov_is_ro(mem1) && !__compcov_is_ro(mem2))) {
+
+  if (__compcov_is_in_bound(retaddr) &&
+      !(__compcov_level < 2 && !__compcov_is_ro(mem1) &&
+        !__compcov_is_ro(mem2))) {
 
     size_t n = len;
-    
+
     if (n <= MAX_CMP_LENGTH) {
-    
+
       u64 cur_loc = (u64)retaddr;
-      cur_loc  = (cur_loc >> 4) ^ (cur_loc << 8);
+      cur_loc = (cur_loc >> 4) ^ (cur_loc << 8);
       cur_loc &= MAP_SIZE - 1;
-      
+
       __compcov_trace(cur_loc, mem1, mem2, n);
+
     }
+
   }
 
   return __libc_memcmp(mem1, mem2, len);
+
 }
 
 /* Init code to open init the library. */
@@ -315,9 +339,10 @@ int memcmp(const void* mem1, const void* mem2, size_t len) {
 __attribute__((constructor)) void __compcov_init(void) {
 
   if (getenv("AFL_QEMU_COMPCOV_DEBUG") != NULL)
-    debug_fd = open("compcov.debug", O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, 0644);
+    debug_fd =
+        open("compcov.debug", O_WRONLY | O_CREAT | O_TRUNC | O_SYNC, 0644);
 
   __compcov_load();
-}
 
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-15 01:21:33 +0000