From 544b68044a299e4de092d908825e0fa8d6a28db6 Mon Sep 17 00:00:00 2001
From: Sergej Schumilo <sergej@schumilo.de>
Date: Fri, 4 Mar 2022 03:36:52 +0100
Subject: fix broken code format

---
 instrumentation/compare-transform-pass.so.cc | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc
index c668ba95..9a4e4f00 100644
--- a/instrumentation/compare-transform-pass.so.cc
+++ b/instrumentation/compare-transform-pass.so.cc
@@ -76,8 +76,7 @@ class CompareTransform : public ModulePass {
 
 #endif
 
-  //#if LLVM_MAJOR >= 11                                /* use new pass manager
-  /                                                                        /*/
+  //#if LLVM_MAJOR >= 11                             /* use new pass manager */
   //  PreservedAnalyses run(Module &M, ModuleAnalysisManager &MAM);
   //#else
   bool runOnModule(Module &M) override;
-- 
cgit 1.4.1


From 7c9b7c0bc0f17f19e39684c4a066c10d08743672 Mon Sep 17 00:00:00 2001
From: Sergej Schumilo <sergej@schumilo.de>
Date: Fri, 4 Mar 2022 05:35:27 +0100
Subject: update submodules

---
 nyx_mode/LIBNYX_VERSION   | 2 +-
 nyx_mode/PACKER_VERSION   | 2 +-
 nyx_mode/QEMU-Nyx         | 2 +-
 nyx_mode/QEMU_NYX_VERSION | 2 +-
 nyx_mode/libnyx           | 2 +-
 nyx_mode/packer           | 2 +-
 6 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/nyx_mode/LIBNYX_VERSION b/nyx_mode/LIBNYX_VERSION
index b45b4e90..65e119c9 100644
--- a/nyx_mode/LIBNYX_VERSION
+++ b/nyx_mode/LIBNYX_VERSION
@@ -1 +1 @@
-2e45754
+8a77c71
diff --git a/nyx_mode/PACKER_VERSION b/nyx_mode/PACKER_VERSION
index 43488114..d67dee20 100644
--- a/nyx_mode/PACKER_VERSION
+++ b/nyx_mode/PACKER_VERSION
@@ -1 +1 @@
-76100c5
+5d143ee
diff --git a/nyx_mode/QEMU-Nyx b/nyx_mode/QEMU-Nyx
index c2c69cfc..c08e4ac9 160000
--- a/nyx_mode/QEMU-Nyx
+++ b/nyx_mode/QEMU-Nyx
@@ -1 +1 @@
-Subproject commit c2c69cfc528398d9db9363b92f8c50db4008c98f
+Subproject commit c08e4ac94244a9739b4484b3010abc06b372923e
diff --git a/nyx_mode/QEMU_NYX_VERSION b/nyx_mode/QEMU_NYX_VERSION
index be13a784..2d9ee5e3 100644
--- a/nyx_mode/QEMU_NYX_VERSION
+++ b/nyx_mode/QEMU_NYX_VERSION
@@ -1 +1 @@
-c2c69cfc52
+c08e4ac942
diff --git a/nyx_mode/libnyx b/nyx_mode/libnyx
index 2e45754e..8a77c71d 160000
--- a/nyx_mode/libnyx
+++ b/nyx_mode/libnyx
@@ -1 +1 @@
-Subproject commit 2e45754e271463f446c31a6f467231d8657910e8
+Subproject commit 8a77c71dc8a8c0b73abd8fb9c22e30d565184efa
diff --git a/nyx_mode/packer b/nyx_mode/packer
index 76100c52..5d143eee 160000
--- a/nyx_mode/packer
+++ b/nyx_mode/packer
@@ -1 +1 @@
-Subproject commit 76100c52db96429350693a6c7284c5c6cbcb6b08
+Subproject commit 5d143eee4e4dcd12a1fc5d6786dd8da25cbb9953
-- 
cgit 1.4.1


From 0f7419fc9166b1f719372e1658efc4e3b9c88ac5 Mon Sep 17 00:00:00 2001
From: Sergej Schumilo <sergej@schumilo.de>
Date: Fri, 4 Mar 2022 05:41:40 +0100
Subject: write nyx crash logs to AFL++ work directory

---
 include/forkserver.h  |  2 ++
 src/afl-forkserver.c  |  8 +++++++-
 src/afl-fuzz-bitmap.c | 14 ++++++++++++++
 src/afl-fuzz.c        |  4 ++++
 4 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/include/forkserver.h b/include/forkserver.h
index fd4d283c..cb68ce4f 100644
--- a/include/forkserver.h
+++ b/include/forkserver.h
@@ -70,6 +70,7 @@ typedef struct {
   enum NyxReturnValue (*nyx_exec)(void *qemu_process);
   uint8_t *(*nyx_get_bitmap_buffer)(void *qemu_process);
   size_t (*nyx_get_bitmap_buffer_size)(void *qemu_process);
+  uint32_t (*nyx_get_aux_string)(void *nyx_process, uint8_t *buffer, uint32_t size);
 
 } nyx_plugin_handler_t;
 
@@ -173,6 +174,7 @@ typedef struct afl_forkserver {
   void *                nyx_runner;      /* nyx runner object                */
   u32                   nyx_id;          /* nyx runner id (0 -> master)      */
   u32                   nyx_bind_cpu_id; /* nyx runner cpu id                */
+  char*                 nyx_aux_string;
 #endif
 
 } afl_forkserver_t;
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 8997781d..54f28852 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -450,6 +450,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
     fsrv->nyx_handlers->nyx_option_set_timeout(fsrv->nyx_runner, 2, 0);
     fsrv->nyx_handlers->nyx_option_apply(fsrv->nyx_runner);
 
+    fsrv->nyx_aux_string = malloc(0x1000);
+    memset(fsrv->nyx_aux_string, 0, 0x1000);
+
     /* dry run */
     fsrv->nyx_handlers->nyx_set_afl_input(fsrv->nyx_runner, "INIT", 4);
     switch (fsrv->nyx_handlers->nyx_exec(fsrv->nyx_runner)) {
@@ -1253,7 +1256,10 @@ void afl_fsrv_kill(afl_forkserver_t *fsrv) {
   fsrv->child_pid = -1;
 
 #ifdef __linux__
-  if (fsrv->nyx_mode) { fsrv->nyx_handlers->nyx_shutdown(fsrv->nyx_runner); }
+  if (fsrv->nyx_mode) {
+    free(fsrv->nyx_aux_string);
+    fsrv->nyx_handlers->nyx_shutdown(fsrv->nyx_runner); 
+  }
 #endif
 
 }
diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c
index b963caf8..bce1a195 100644
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@@ -771,6 +771,20 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
   ck_write(fd, mem, len, fn);
   close(fd);
 
+  if(afl->fsrv.nyx_mode && fault == FSRV_RUN_CRASH) {
+    u8  fn_log[PATH_MAX];
+
+    snprintf(fn_log, PATH_MAX, "%s.log", fn);
+
+    fd = open(fn_log, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION);
+    if (unlikely(fd < 0)) { PFATAL("Unable to create '%s'", fn_log); }
+
+    u32 nyx_aux_string_len = afl->fsrv.nyx_handlers->nyx_get_aux_string(afl->fsrv.nyx_runner, afl->fsrv.nyx_aux_string, 0x1000);
+
+    ck_write(fd, afl->fsrv.nyx_aux_string, nyx_aux_string_len, fn_log);
+    close(fd);
+  }
+
   return keeping;
 
 }
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index a3f57c1e..df6e5404 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -468,6 +468,10 @@ nyx_plugin_handler_t *afl_load_libnyx_plugin(u8 *libnyx_binary) {
       dlsym(handle, "nyx_get_bitmap_buffer_size");
   if (plugin->nyx_get_bitmap_buffer_size == NULL) { goto fail; }
 
+  plugin->nyx_get_aux_string =
+      dlsym(handle, "nyx_get_aux_string");
+  if (plugin->nyx_get_aux_string == NULL) { goto fail; }
+
   OKF("libnyx plugin is ready!");
   return plugin;
 
-- 
cgit 1.4.1


From 713b069f40094482fb41ef17b44150162c062249 Mon Sep 17 00:00:00 2001
From: Sergej Schumilo <sergej@schumilo.de>
Date: Fri, 4 Mar 2022 06:01:49 +0100
Subject: fix compile error on non linux targets

---
 src/afl-fuzz-bitmap.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c
index bce1a195..226dfa5c 100644
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@@ -771,6 +771,7 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
   ck_write(fd, mem, len, fn);
   close(fd);
 
+#ifdef __linux__
   if(afl->fsrv.nyx_mode && fault == FSRV_RUN_CRASH) {
     u8  fn_log[PATH_MAX];
 
@@ -784,6 +785,7 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
     ck_write(fd, afl->fsrv.nyx_aux_string, nyx_aux_string_len, fn_log);
     close(fd);
   }
+#endif
 
   return keeping;
 
-- 
cgit 1.4.1