From 9063002af22e916701588248eca2fd2669e4d0df Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 9 Dec 2021 13:22:10 +0100 Subject: rename path --- docs/Changelog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/Changelog.md') diff --git a/docs/Changelog.md b/docs/Changelog.md index 34b9affb..99768d1d 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -1566,7 +1566,7 @@ sending a mail to . - Fixed a bug with installed copies of AFL trying to use QEMU mode. Spotted by G.M. Lime. - - Added last path / crash / hang times to fuzzer_stats, suggested by + - Added last find / crash / hang times to fuzzer_stats, suggested by Richard Hipp. - Fixed a typo, thanks to Jakub Wilk. -- cgit 1.4.1 From db360332c4cf92c3b90d8dfab9292763e677aebf Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 9 Dec 2021 14:33:56 +0100 Subject: make llvm 14-dev working. again. --- GNUmakefile.llvm | 4 +-- docs/Changelog.md | 2 +- instrumentation/SanitizerCoverageLTO.so.cc | 19 +++++----- instrumentation/SanitizerCoveragePCGUARD.so.cc | 23 ++++++------ instrumentation/afl-llvm-pass.so.cc | 44 ++++++++++++++++++----- instrumentation/cmplog-instructions-pass.cc | 6 +++- instrumentation/cmplog-routines-pass.cc | 48 +++++++++++++++++++++----- instrumentation/cmplog-switches-pass.cc | 6 +++- instrumentation/compare-transform-pass.so.cc | 12 +++++-- qemu_mode/qemuafl | 2 +- test/test-llvm-lto.sh | 2 +- 11 files changed, 123 insertions(+), 45 deletions(-) (limited to 'docs/Changelog.md') diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 1e2c411d..f1de28a4 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -390,11 +390,11 @@ instrumentation/afl-llvm-common.o: instrumentation/afl-llvm-common.cc instrument ifeq "$(LLVM_MIN_4_0_1)" "0" $(info [!] N-gram branch coverage instrumentation is not available for llvm version $(LLVMVER)) endif - $(CXX) $(CLANG_CPPFL) -DLLVMInsTrim_EXPORTS -fno-rtti -fPIC -std=$(LLVM_STDCXX) -shared $< -o $@ $(CLANG_LFL) instrumentation/afl-llvm-common.o + $(CXX) $(CLANG_CPPFL) -Wdeprecated -fno-rtti -fPIC -std=$(LLVM_STDCXX) -shared $< -o $@ $(CLANG_LFL) instrumentation/afl-llvm-common.o ./SanitizerCoveragePCGUARD.so: instrumentation/SanitizerCoveragePCGUARD.so.cc instrumentation/afl-llvm-common.o | test_deps ifeq "$(LLVM_10_OK)" "1" - -$(CXX) $(CLANG_CPPFL) -fno-rtti -fPIC -std=$(LLVM_STDCXX) -shared $< -o $@ $(CLANG_LFL) instrumentation/afl-llvm-common.o + -$(CXX) $(CLANG_CPPFL) -Wdeprecated -fno-rtti -fPIC -std=$(LLVM_STDCXX) -shared $< -o $@ $(CLANG_LFL) instrumentation/afl-llvm-common.o endif ./afl-llvm-lto-instrumentlist.so: instrumentation/afl-llvm-lto-instrumentlist.so.cc instrumentation/afl-llvm-common.o diff --git a/docs/Changelog.md b/docs/Changelog.md index 34b9affb..9c3f7a98 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -47,7 +47,7 @@ sending a mail to . - fix for shared linking on MacOS - fixed a potential crash in targets for LAF string handling - added AFL_USE_TSAN thread sanitizer support - - llvm and LTO mode modified to work with new llvm 14-dev (again) + - llvm and LTO mode modified to work with new llvm 14-dev (again. again.) - fix for AFL_REAL_LD - added the very good grammar mutator "GramaTron" to the custom_mutators diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index 8d7f0c80..aa1826cd 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -1123,7 +1123,7 @@ bool ModuleSanitizerCoverage::instrumentModule( M, PointerType::get(Int8Tyi, 0), false, GlobalValue::ExternalLinkage, 0, "__afl_dictionary"); - Value *AFLDictOff = IRB.CreateGEP(AFLInternalDictionary, Zero); + Value *AFLDictOff = IRB.CreateGEP(Int8Ty, AFLInternalDictionary, Zero); Value *AFLDictPtr = IRB.CreatePointerCast(AFLDictOff, PointerType::get(Int8Tyi, 0)); StoreInst *StoreDict = IRB.CreateStore(AFLDictPtr, AFLDictionary); @@ -1388,7 +1388,8 @@ void ModuleSanitizerCoverage::instrumentFunction( local_selects++; uint32_t vector_cur = 0; /* Load SHM pointer */ - LoadInst *MapPtr = IRB.CreateLoad(AFLMapPtr); + LoadInst *MapPtr = + IRB.CreateLoad(PointerType::get(Int8Ty, 0), AFLMapPtr); ModuleSanitizerCoverage::SetNoSanitizeMetadata(MapPtr); while (1) { @@ -1399,12 +1400,12 @@ void ModuleSanitizerCoverage::instrumentFunction( /* Load counter for CurLoc */ if (!vector_cnt) { - MapPtrIdx = IRB.CreateGEP(MapPtr, result); + MapPtrIdx = IRB.CreateGEP(Int8Ty, MapPtr, result); } else { auto element = IRB.CreateExtractElement(result, vector_cur++); - MapPtrIdx = IRB.CreateGEP(MapPtr, element); + MapPtrIdx = IRB.CreateGEP(Int8Ty, MapPtr, element); } @@ -1418,7 +1419,7 @@ void ModuleSanitizerCoverage::instrumentFunction( } else { - LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + LoadInst *Counter = IRB.CreateLoad(IRB.getInt8Ty(), MapPtrIdx); ModuleSanitizerCoverage::SetNoSanitizeMetadata(Counter); /* Update bitmap */ @@ -1672,13 +1673,13 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, if (map_addr) { - MapPtrIdx = IRB.CreateGEP(MapPtrFixed, CurLoc); + MapPtrIdx = IRB.CreateGEP(Int8Ty, MapPtrFixed, CurLoc); } else { - LoadInst *MapPtr = IRB.CreateLoad(AFLMapPtr); + LoadInst *MapPtr = IRB.CreateLoad(PointerType::get(Int8Ty, 0), AFLMapPtr); ModuleSanitizerCoverage::SetNoSanitizeMetadata(MapPtr); - MapPtrIdx = IRB.CreateGEP(MapPtr, CurLoc); + MapPtrIdx = IRB.CreateGEP(Int8Ty, MapPtr, CurLoc); } @@ -1693,7 +1694,7 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, } else { - LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + LoadInst *Counter = IRB.CreateLoad(IRB.getInt8Ty(), MapPtrIdx); ModuleSanitizerCoverage::SetNoSanitizeMetadata(Counter); Value *Incr = IRB.CreateAdd(Counter, One); diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index d5746cc7..7b1d1d40 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -937,7 +937,7 @@ bool ModuleSanitizerCoverage::InjectCoverage(Function & F, ConstantInt::get(IntptrTy, (++special + AllBlocks.size()) * 4)), Int32PtrTy); - LoadInst *Idx = IRB.CreateLoad(GuardPtr); + LoadInst *Idx = IRB.CreateLoad(IRB.getInt32Ty(), GuardPtr); ModuleSanitizerCoverage::SetNoSanitizeMetadata(Idx); callInst->setOperand(1, Idx); @@ -1059,7 +1059,8 @@ bool ModuleSanitizerCoverage::InjectCoverage(Function & F, /* Load SHM pointer */ - LoadInst *MapPtr = IRB.CreateLoad(AFLMapPtr); + LoadInst *MapPtr = + IRB.CreateLoad(PointerType::get(Int8Ty, 0), AFLMapPtr); ModuleSanitizerCoverage::SetNoSanitizeMetadata(MapPtr); /* @@ -1078,17 +1079,17 @@ bool ModuleSanitizerCoverage::InjectCoverage(Function & F, /* Load counter for CurLoc */ if (!vector_cnt) { - CurLoc = IRB.CreateLoad(result); + CurLoc = IRB.CreateLoad(IRB.getInt32Ty(), result); ModuleSanitizerCoverage::SetNoSanitizeMetadata(CurLoc); - MapPtrIdx = IRB.CreateGEP(MapPtr, CurLoc); + MapPtrIdx = IRB.CreateGEP(Int8Ty, MapPtr, CurLoc); } else { auto element = IRB.CreateExtractElement(result, vector_cur++); auto elementptr = IRB.CreateIntToPtr(element, Int32PtrTy); - auto elementld = IRB.CreateLoad(elementptr); + auto elementld = IRB.CreateLoad(IRB.getInt32Ty(), elementptr); ModuleSanitizerCoverage::SetNoSanitizeMetadata(elementld); - MapPtrIdx = IRB.CreateGEP(MapPtr, elementld); + MapPtrIdx = IRB.CreateGEP(Int8Ty, MapPtr, elementld); } @@ -1102,7 +1103,7 @@ bool ModuleSanitizerCoverage::InjectCoverage(Function & F, } else { - LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + LoadInst *Counter = IRB.CreateLoad(IRB.getInt8Ty(), MapPtrIdx); ModuleSanitizerCoverage::SetNoSanitizeMetadata(Counter); /* Update bitmap */ @@ -1347,17 +1348,17 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, ConstantInt::get(IntptrTy, Idx * 4)), Int32PtrTy); - LoadInst *CurLoc = IRB.CreateLoad(GuardPtr); + LoadInst *CurLoc = IRB.CreateLoad(IRB.getInt32Ty(), GuardPtr); ModuleSanitizerCoverage::SetNoSanitizeMetadata(CurLoc); /* Load SHM pointer */ - LoadInst *MapPtr = IRB.CreateLoad(AFLMapPtr); + LoadInst *MapPtr = IRB.CreateLoad(PointerType::get(Int8Ty, 0), AFLMapPtr); ModuleSanitizerCoverage::SetNoSanitizeMetadata(MapPtr); /* Load counter for CurLoc */ - Value *MapPtrIdx = IRB.CreateGEP(MapPtr, CurLoc); + Value *MapPtrIdx = IRB.CreateGEP(Int8Ty, MapPtr, CurLoc); if (use_threadsafe_counters) { @@ -1369,7 +1370,7 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, } else { - LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + LoadInst *Counter = IRB.CreateLoad(IRB.getInt8Ty(), MapPtrIdx); ModuleSanitizerCoverage::SetNoSanitizeMetadata(Counter); /* Update bitmap */ diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 8e22fde8..640aa4dd 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -454,7 +454,11 @@ bool AFLCoverage::runOnModule(Module &M) { #ifdef AFL_HAVE_VECTOR_INTRINSICS if (ctx_k) { - PrevCaller = IRB.CreateLoad(AFLPrevCaller); + PrevCaller = IRB.CreateLoad( + #if LLVM_VERSION_MAJOR >= 14 + IRB.getInt32Ty(), + #endif + AFLPrevCaller); PrevCaller->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); PrevCtx = @@ -467,7 +471,11 @@ bool AFLCoverage::runOnModule(Module &M) { // load the context ID of the previous function and write to to a // local variable on the stack - LoadInst *PrevCtxLoad = IRB.CreateLoad(AFLContext); + LoadInst *PrevCtxLoad = IRB.CreateLoad( +#if LLVM_VERSION_MAJOR >= 14 + IRB.getInt32Ty(), +#endif + AFLContext); PrevCtxLoad->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); PrevCtx = PrevCtxLoad; @@ -620,7 +628,11 @@ bool AFLCoverage::runOnModule(Module &M) { /* Load prev_loc */ - LoadInst *PrevLoc = IRB.CreateLoad(AFLPrevLoc); + LoadInst *PrevLoc = IRB.CreateLoad( +#if LLVM_VERSION_MAJOR >= 14 + IRB.getInt32Ty(), +#endif + AFLPrevLoc); PrevLoc->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); Value *PrevLocTrans; @@ -644,20 +656,28 @@ bool AFLCoverage::runOnModule(Module &M) { /* Load SHM pointer */ - LoadInst *MapPtr = IRB.CreateLoad(AFLMapPtr); + LoadInst *MapPtr = IRB.CreateLoad( +#if LLVM_VERSION_MAJOR >= 14 + PointerType::get(Int8Ty, 0), +#endif + AFLMapPtr); MapPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); Value *MapPtrIdx; #ifdef AFL_HAVE_VECTOR_INTRINSICS if (ngram_size) MapPtrIdx = IRB.CreateGEP( - MapPtr, + Int8Ty, MapPtr, IRB.CreateZExt( IRB.CreateXor(PrevLocTrans, IRB.CreateZExt(CurLoc, Int32Ty)), Int32Ty)); else #endif - MapPtrIdx = IRB.CreateGEP(MapPtr, IRB.CreateXor(PrevLocTrans, CurLoc)); + MapPtrIdx = IRB.CreateGEP( +#if LLVM_VERSION_MAJOR >= 14 + Int8Ty, +#endif + MapPtr, IRB.CreateXor(PrevLocTrans, CurLoc)); /* Update bitmap */ @@ -676,7 +696,11 @@ bool AFLCoverage::runOnModule(Module &M) { } else { - LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + LoadInst *Counter = IRB.CreateLoad( +#if LLVM_VERSION_MAJOR >= 14 + IRB.getInt8Ty(), +#endif + MapPtrIdx); Counter->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); Value *Incr = IRB.CreateAdd(Counter, One); @@ -813,7 +837,11 @@ bool AFLCoverage::runOnModule(Module &M) { IRBuilder<> IRB(&(*it0)); // load the old counter value atomically - LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + LoadInst *Counter = IRB.CreateLoad( + #if LLVM_VERSION_MAJOR >= 14 + IRB.getInt8Ty(), + #endif + MapPtrIdx); Counter->setAlignment(llvm::Align()); Counter->setAtomic(llvm::AtomicOrdering::Monotonic); Counter->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc index 07f80b2c..054caee2 100644 --- a/instrumentation/cmplog-instructions-pass.cc +++ b/instrumentation/cmplog-instructions-pass.cc @@ -264,7 +264,11 @@ bool CmpLogInstructions::hookInstrs(Module &M) { IRBuilder<> IRB2(selectcmpInst->getParent()); IRB2.SetInsertPoint(selectcmpInst); - LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + LoadInst *CmpPtr = IRB2.CreateLoad( +#if LLVM_VERSION_MAJOR >= 14 + PointerType::get(Int8Ty, 0), +#endif + AFLCmplogPtr); CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); auto ThenTerm = diff --git a/instrumentation/cmplog-routines-pass.cc b/instrumentation/cmplog-routines-pass.cc index 0565875e..82c2fa4d 100644 --- a/instrumentation/cmplog-routines-pass.cc +++ b/instrumentation/cmplog-routines-pass.cc @@ -448,7 +448,11 @@ bool CmpLogRoutines::hookRtns(Module &M) { IRBuilder<> IRB2(callInst->getParent()); IRB2.SetInsertPoint(callInst); - LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + LoadInst *CmpPtr = IRB2.CreateLoad( +#if LLVM_VERSION_MAJOR >= 14 + PointerType::get(Int8Ty, 0), +#endif + AFLCmplogPtr); CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); auto ThenTerm = SplitBlockAndInsertIfThen(is_not_null, callInst, false); @@ -475,7 +479,11 @@ bool CmpLogRoutines::hookRtns(Module &M) { IRBuilder<> IRB2(callInst->getParent()); IRB2.SetInsertPoint(callInst); - LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + LoadInst *CmpPtr = IRB2.CreateLoad( +#if LLVM_VERSION_MAJOR >= 14 + PointerType::get(Int8Ty, 0), +#endif + AFLCmplogPtr); CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); auto ThenTerm = SplitBlockAndInsertIfThen(is_not_null, callInst, false); @@ -506,7 +514,11 @@ bool CmpLogRoutines::hookRtns(Module &M) { IRBuilder<> IRB2(callInst->getParent()); IRB2.SetInsertPoint(callInst); - LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + LoadInst *CmpPtr = IRB2.CreateLoad( +#if LLVM_VERSION_MAJOR >= 14 + PointerType::get(Int8Ty, 0), +#endif + AFLCmplogPtr); CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); auto ThenTerm = SplitBlockAndInsertIfThen(is_not_null, callInst, false); @@ -533,7 +545,11 @@ bool CmpLogRoutines::hookRtns(Module &M) { IRBuilder<> IRB2(callInst->getParent()); IRB2.SetInsertPoint(callInst); - LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + LoadInst *CmpPtr = IRB2.CreateLoad( +#if LLVM_VERSION_MAJOR >= 14 + PointerType::get(Int8Ty, 0), +#endif + AFLCmplogPtr); CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); auto ThenTerm = SplitBlockAndInsertIfThen(is_not_null, callInst, false); @@ -564,7 +580,11 @@ bool CmpLogRoutines::hookRtns(Module &M) { IRBuilder<> IRB2(callInst->getParent()); IRB2.SetInsertPoint(callInst); - LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + LoadInst *CmpPtr = IRB2.CreateLoad( +#if LLVM_VERSION_MAJOR >= 14 + PointerType::get(Int8Ty, 0), +#endif + AFLCmplogPtr); CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); auto ThenTerm = SplitBlockAndInsertIfThen(is_not_null, callInst, false); @@ -590,7 +610,11 @@ bool CmpLogRoutines::hookRtns(Module &M) { IRBuilder<> IRB2(callInst->getParent()); IRB2.SetInsertPoint(callInst); - LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + LoadInst *CmpPtr = IRB2.CreateLoad( +#if LLVM_VERSION_MAJOR >= 14 + PointerType::get(Int8Ty, 0), +#endif + AFLCmplogPtr); CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); auto ThenTerm = SplitBlockAndInsertIfThen(is_not_null, callInst, false); @@ -616,7 +640,11 @@ bool CmpLogRoutines::hookRtns(Module &M) { IRBuilder<> IRB2(callInst->getParent()); IRB2.SetInsertPoint(callInst); - LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + LoadInst *CmpPtr = IRB2.CreateLoad( +#if LLVM_VERSION_MAJOR >= 14 + PointerType::get(Int8Ty, 0), +#endif + AFLCmplogPtr); CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); auto ThenTerm = SplitBlockAndInsertIfThen(is_not_null, callInst, false); @@ -642,7 +670,11 @@ bool CmpLogRoutines::hookRtns(Module &M) { IRBuilder<> IRB2(callInst->getParent()); IRB2.SetInsertPoint(callInst); - LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + LoadInst *CmpPtr = IRB2.CreateLoad( +#if LLVM_VERSION_MAJOR >= 14 + PointerType::get(Int8Ty, 0), +#endif + AFLCmplogPtr); CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); auto ThenTerm = SplitBlockAndInsertIfThen(is_not_null, callInst, false); diff --git a/instrumentation/cmplog-switches-pass.cc b/instrumentation/cmplog-switches-pass.cc index bcd5f8bd..4f6f2eca 100644 --- a/instrumentation/cmplog-switches-pass.cc +++ b/instrumentation/cmplog-switches-pass.cc @@ -246,7 +246,11 @@ bool CmpLogInstructions::hookInstrs(Module &M) { IRBuilder<> IRB2(SI->getParent()); IRB2.SetInsertPoint(SI); - LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + LoadInst *CmpPtr = IRB2.CreateLoad( +#if LLVM_VERSION_MAJOR >= 14 + PointerType::get(Int8Ty, 0), +#endif + AFLCmplogPtr); CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); auto ThenTerm = SplitBlockAndInsertIfThen(is_not_null, SI, false); diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc index ef3bd66b..2ced37c5 100644 --- a/instrumentation/compare-transform-pass.so.cc +++ b/instrumentation/compare-transform-pass.so.cc @@ -529,8 +529,16 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, IRBuilder<> cur_cmp_IRB(&*(cur_cmp_bb->getFirstInsertionPt())); Value *v = ConstantInt::get(Int64Ty, i); - Value *ele = cur_cmp_IRB.CreateInBoundsGEP(VarStr, v, "empty"); - Value *load = cur_cmp_IRB.CreateLoad(ele); + Value *ele = cur_cmp_IRB.CreateInBoundsGEP( +#if LLVM_VERSION_MAJOR >= 14 + Int8Ty, +#endif + VarStr, v, "empty"); + Value *load = cur_cmp_IRB.CreateLoad( +#if LLVM_VERSION_MAJOR >= 14 + Int8Ty, +#endif + ele); if (isCaseInsensitive) { diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index 002e4739..8809a2b2 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit 002e473939a350854d56f67ce7b2e2d9706b8bca +Subproject commit 8809a2b2ebf089d3427dd8f6a0044bcc2e13b389 diff --git a/test/test-llvm-lto.sh b/test/test-llvm-lto.sh index 3e762acf..9ff2ec10 100755 --- a/test/test-llvm-lto.sh +++ b/test/test-llvm-lto.sh @@ -3,7 +3,7 @@ . ./test-pre.sh $ECHO "$BLUE[*] Testing: LTO llvm_mode" -test -e ../afl-clang-lto -a -e ../afl-llvm-lto-instrumentation.so && { +test -e ../afl-clang-lto -a -e ../SanitizerCoverageLTO.so && { # on FreeBSD need to set AFL_CC test `uname -s` = 'FreeBSD' && { if type clang >/dev/null; then -- cgit 1.4.1 From 74aa826b60601eb59038bf61298b07eb20944caa Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 11 Dec 2021 11:03:36 +0100 Subject: changelog --- docs/Changelog.md | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'docs/Changelog.md') diff --git a/docs/Changelog.md b/docs/Changelog.md index 9e7b85a7..e9b62dc0 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -10,6 +10,10 @@ sending a mail to . ### Version ++3.15a (dev) - documentation restructuring, made possible by Google Season of Docs + - we renamed several UI and fuzzer_stat entries to be more precise, + e.g. "unique crashes" -> "saved crashes", "total paths" -> + "corpus count", "current path" -> "current item". + This might need changing custom scripting! - new binary-only fuzzing mode: coresight_mode for aarch64 CPUs :) thanks to RICSecLab submitting! - if instrumented libaries are dlopen()'ed after the forkserver you -- cgit 1.4.1 From 57bc3c07018463ad6d069850be9f2bce5c450dd6 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Dec 2021 15:45:41 +0100 Subject: fix qemu/unicorn oob --- docs/Changelog.md | 2 ++ src/afl-sharedmem.c | 3 +++ 2 files changed, 5 insertions(+) (limited to 'docs/Changelog.md') diff --git a/docs/Changelog.md b/docs/Changelog.md index e9b62dc0..00502efe 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -34,6 +34,8 @@ sending a mail to . - better banner - more effective cmplog mode - more often update the UI when in input2stage mode + - qemu_mode/unicorn_mode: fixed OOB write when using libcompcov, + thanks to kotee4ko for reporting! - frida_mode: - better performance, bug fixes - David Carlier added Android support :) diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index 7fb8f821..09941d61 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -242,6 +242,9 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, #else u8 *shm_str; + // handle qemu/unicorn compcov map overwrite + if (map_size == MAP_SIZE) { map_size += 8; } + shm->shm_id = shmget(IPC_PRIVATE, map_size, IPC_CREAT | IPC_EXCL | DEFAULT_PERMISSION); if (shm->shm_id < 0) { -- cgit 1.4.1