From 9db9cc80e39789a2b4fd11a4631576c9a0cbb0d8 Mon Sep 17 00:00:00 2001 From: toka Date: Sat, 14 Oct 2023 11:14:10 +0200 Subject: EarlyEPCallback for llvm16 --- instrumentation/SanitizerCoveragePCGUARD.so.cc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 98c5973c..4f81ac4f 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -214,7 +214,11 @@ llvmGetPassPluginInfo() { #if LLVM_VERSION_MAJOR == 13 using OptimizationLevel = typename PassBuilder::OptimizationLevel; #endif - PB.registerOptimizerLastEPCallback( +#if LLVM_VERSION_MAJOR >= 16 + PB.registerOptimizerEarlyEPCallback( +#else + PB.registerOptimizerLastEPCallback() +#endif [](ModulePassManager &MPM, OptimizationLevel OL) { MPM.addPass(ModuleSanitizerCoverageAFL()); -- cgit 1.4.1 From 943fa7eb7385376f96073421a1a5d7811dd613ec Mon Sep 17 00:00:00 2001 From: toka Date: Sat, 14 Oct 2023 12:48:58 +0200 Subject: bracket --- instrumentation/SanitizerCoveragePCGUARD.so.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 4f81ac4f..588eb950 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -217,7 +217,7 @@ llvmGetPassPluginInfo() { #if LLVM_VERSION_MAJOR >= 16 PB.registerOptimizerEarlyEPCallback( #else - PB.registerOptimizerLastEPCallback() + PB.registerOptimizerLastEPCallback( #endif [](ModulePassManager &MPM, OptimizationLevel OL) { -- cgit 1.4.1 From 92ac2c228c66d71f0a6e4f3ece3397653d0027a9 Mon Sep 17 00:00:00 2001 From: toka Date: Mon, 16 Oct 2023 16:45:30 +0200 Subject: typo --- instrumentation/afl-llvm-pass.so.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index c59324fd..052488a9 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -552,7 +552,7 @@ bool AFLCoverage::runOnModule(Module &M) { #endif { - // load the context ID of the previous function and write to to a + // load the context ID of the previous function and write to a // local variable on the stack LoadInst *PrevCtxLoad = IRB.CreateLoad( #if LLVM_VERSION_MAJOR >= 14 @@ -634,7 +634,7 @@ bool AFLCoverage::runOnModule(Module &M) { /* There is a problem with Ubuntu 18.04 and llvm 6.0 (see issue #63). The inline function successors() is not inlined and also not found at runtime - :-( As I am unable to detect Ubuntu18.04 heree, the next best thing is to + :-( As I am unable to detect Ubuntu18.04 here, the next best thing is to disable this optional optimization for LLVM 6.0.0 and Linux */ #if !(LLVM_VERSION_MAJOR == 6 && LLVM_VERSION_MINOR == 0) || !defined __linux__ // only instrument if this basic block is the destination of a previous -- cgit 1.4.1 From bfb841d01383a4801a28b007c5f7039f2f28bef9 Mon Sep 17 00:00:00 2001 From: "Christian Holler (:decoder)" Date: Fri, 20 Oct 2023 00:07:35 +0200 Subject: Use proper AFL_NYX_AUX_SIZE for nyx_aux_string --- include/forkserver.h | 1 + src/afl-forkserver.c | 12 +++++++++--- src/afl-fuzz-bitmap.c | 2 +- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/include/forkserver.h b/include/forkserver.h index 5e498c56..f6230fe8 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -197,6 +197,7 @@ typedef struct afl_forkserver { u32 nyx_id; /* nyx runner id (0 -> master) */ u32 nyx_bind_cpu_id; /* nyx runner cpu id */ char *nyx_aux_string; + u32 nyx_aux_string_len; bool nyx_use_tmp_workdir; char *nyx_tmp_workdir_path; s32 nyx_log_fd; diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 07f5a1a9..9b710733 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -615,8 +615,10 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (getenv("AFL_NYX_AUX_SIZE") != NULL) { + fsrv->nyx_aux_string_len = atoi(getenv("AFL_NYX_AUX_SIZE")); + if (fsrv->nyx_handlers->nyx_config_set_aux_buffer_size( - nyx_config, atoi(getenv("AFL_NYX_AUX_SIZE"))) != 1) { + nyx_config, fsrv->nyx_aux_string_len) != 1) { NYX_PRE_FATAL(fsrv, "Invalid AFL_NYX_AUX_SIZE value set (must be a multiple " @@ -624,6 +626,10 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } + } else { + + fsrv->nyx_aux_string_len = 0x1000; + } if (getenv("AFL_NYX_REUSE_SNAPSHOT") != NULL) { @@ -697,8 +703,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, fsrv->nyx_handlers->nyx_option_set_timeout(fsrv->nyx_runner, 2, 0); fsrv->nyx_handlers->nyx_option_apply(fsrv->nyx_runner); - fsrv->nyx_aux_string = malloc(0x1000); - memset(fsrv->nyx_aux_string, 0, 0x1000); + fsrv->nyx_aux_string = malloc(fsrv->nyx_aux_string_len); + memset(fsrv->nyx_aux_string, 0, fsrv->nyx_aux_string_len); /* dry run */ fsrv->nyx_handlers->nyx_set_afl_input(fsrv->nyx_runner, "INIT", 4); diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 0429db34..d76158ce 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -866,7 +866,7 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { if (unlikely(fd < 0)) { PFATAL("Unable to create '%s'", fn_log); } u32 nyx_aux_string_len = afl->fsrv.nyx_handlers->nyx_get_aux_string( - afl->fsrv.nyx_runner, afl->fsrv.nyx_aux_string, 0x1000); + afl->fsrv.nyx_runner, afl->fsrv.nyx_aux_string, afl->fsrv.nyx_aux_string_len); ck_write(fd, afl->fsrv.nyx_aux_string, nyx_aux_string_len, fn_log); close(fd); -- cgit 1.4.1