From 6e45e55d82eeed2075579a530f5aeea8d00af55b Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 5 May 2020 10:38:44 +0200 Subject: fix crash in AFL_LLVM_LAF_TRANSFORM_COMPARES --- llvm_mode/compare-transform-pass.so.cc | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'llvm_mode/compare-transform-pass.so.cc') diff --git a/llvm_mode/compare-transform-pass.so.cc b/llvm_mode/compare-transform-pass.so.cc index c871c1c4..9cf4169e 100644 --- a/llvm_mode/compare-transform-pass.so.cc +++ b/llvm_mode/compare-transform-pass.so.cc @@ -386,13 +386,13 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, TmpConstStr = Str1.str(); VarStr = Str2P; - constLen = isMemcmp ? sizedLen : GetStringLength(Str1P); + constLen = isMemcmp ? sizedLen : TmpConstStr.length(); } else { TmpConstStr = Str2.str(); VarStr = Str1P; - constLen = isMemcmp ? sizedLen : GetStringLength(Str2P); + constLen = isMemcmp ? sizedLen : TmpConstStr.length(); } @@ -401,8 +401,12 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, * runtime bounds checking, which makes debugging easier) */ TmpConstStr.append("\0", 1); ConstStr = StringRef(TmpConstStr); - - if (isSizedcmp && constLen > sizedLen) { constLen = sizedLen; } + // fprintf(stderr, "issized: %d, const > sized ? %u > %u\n", isSizedcmp, + // constLen, sizedLen); + if (isSizedcmp && constLen > sizedLen && sizedLen) constLen = sizedLen; + if (constLen > TmpConstStr.length()) constLen = TmpConstStr.length(); + if (!constLen) constLen = TmpConstStr.length(); + if (!constLen) continue; if (!be_quiet) errs() << callInst->getCalledFunction()->getName() << ": len " << constLen -- cgit 1.4.1 From d82ada89fee37068b0ff44f340338af3fc07cc37 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 5 May 2020 14:08:24 +0200 Subject: support older llvm versions --- llvm_mode/compare-transform-pass.so.cc | 42 ++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 17 deletions(-) (limited to 'llvm_mode/compare-transform-pass.so.cc') diff --git a/llvm_mode/compare-transform-pass.so.cc b/llvm_mode/compare-transform-pass.so.cc index 9cf4169e..10413076 100644 --- a/llvm_mode/compare-transform-pass.so.cc +++ b/llvm_mode/compare-transform-pass.so.cc @@ -211,20 +211,24 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, } // not literal? maybe global or local variable - if (!(HasStr1 ^ HasStr2)) { + if (!(HasStr1 || HasStr2)) { auto *Ptr = dyn_cast(Str2P); if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) { if (auto *Var = dyn_cast(Ptr->getOperand(0))) { - if (auto *Array = - dyn_cast(Var->getInitializer())) { + if (Var->hasInitializer()) { - HasStr2 = true; - Str2 = Array->getAsString(); - valueMap[Str2P] = new std::string(Str2.str()); - // fprintf(stderr, "glo2 %s\n", Str2.str().c_str()); + if (auto *Array = + dyn_cast(Var->getInitializer())) { + + HasStr2 = true; + Str2 = Array->getAsString(); + valueMap[Str2P] = new std::string(Str2.str()); + fprintf(stderr, "glo2 %s\n", Str2.str().c_str()); + + } } @@ -239,13 +243,17 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, if (auto *Var = dyn_cast(Ptr->getOperand(0))) { - if (auto *Array = - dyn_cast(Var->getInitializer())) { + if (Var->hasInitializer()) { + + if (auto *Array = dyn_cast( + Var->getInitializer())) { + + HasStr1 = true; + Str1 = Array->getAsString(); + valueMap[Str1P] = new std::string(Str1.str()); + // fprintf(stderr, "glo1 %s\n", Str1.str().c_str()); - HasStr1 = true; - Str1 = Array->getAsString(); - valueMap[Str1P] = new std::string(Str1.str()); - // fprintf(stderr, "glo1 %s\n", Str1.str().c_str()); + } } @@ -260,13 +268,13 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, } - if ((HasStr1 ^ HasStr2)) indirect = true; + if ((HasStr1 || HasStr2)) indirect = true; } if (isIntMemcpy) continue; - if (!(HasStr1 ^ HasStr2)) { + if (!(HasStr1 || HasStr2)) { // do we have a saved local variable initialization? std::string *val = valueMap[Str1P]; @@ -294,7 +302,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, } /* handle cases of one string is const, one string is variable */ - if (!(HasStr1 ^ HasStr2)) continue; + if (!(HasStr1 || HasStr2)) continue; if (isMemcmp || isStrncmp || isStrncasecmp) { @@ -359,7 +367,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, } - if (!(HasStr1 ^ HasStr2)) { + if (!(HasStr1 || HasStr2)) { // do we have a saved local or global variable initialization? std::string *val = valueMap[Str1P]; -- cgit 1.4.1 From a38980c80babbb75038766c49774effc0bfa8222 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 5 May 2020 17:57:56 +0200 Subject: unsized string compare fix --- llvm_mode/compare-transform-pass.so.cc | 1 + 1 file changed, 1 insertion(+) (limited to 'llvm_mode/compare-transform-pass.so.cc') diff --git a/llvm_mode/compare-transform-pass.so.cc b/llvm_mode/compare-transform-pass.so.cc index 10413076..2111b646 100644 --- a/llvm_mode/compare-transform-pass.so.cc +++ b/llvm_mode/compare-transform-pass.so.cc @@ -408,6 +408,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, * the StringRef (in comparison to std::string a StringRef has built-in * runtime bounds checking, which makes debugging easier) */ TmpConstStr.append("\0", 1); + if (!sizedLen) constLen++; ConstStr = StringRef(TmpConstStr); // fprintf(stderr, "issized: %d, const > sized ? %u > %u\n", isSizedcmp, // constLen, sizedLen); -- cgit 1.4.1