From 0c9d8e5929c819c0e4de6930065b383843ba8d58 Mon Sep 17 00:00:00 2001 From: Kuan-Wei Chiu Date: Wed, 12 Jun 2024 12:48:13 +0800 Subject: Fix undefined behavior by casting to uint64_t before left shift According to the C standard, left-shifting a value by an amount greater than or equal to the width of its promoted type results in undefined behavior. To prevent potential unexpected results, explicitly cast the uint8_t variable type to uint64_t before performing the left shift operation by 56 bits. This ensures the operation is well-defined and adheres to the standard. Fixes: 40df85d1 ("adjust cmplog header") --- src/hashmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/hashmap.c b/src/hashmap.c index a0a9283c..5834802f 100644 --- a/src/hashmap.c +++ b/src/hashmap.c @@ -59,7 +59,7 @@ static inline unsigned int hash(uint64_t key) { bool hashmap_search_and_add(uint8_t type, uint64_t key) { if (unlikely(type >= 8)) return false; - uint64_t val = (key & 0xf8ffffffffffffff) + (type << 56); + uint64_t val = (key & 0xf8ffffffffffffff) + ((uint64_t)type << 56); unsigned int index = hash(val); HashNode *node = _hashmap->table[index]; while (node) { -- cgit 1.4.1 From 0c9b460cc46aebfa4eb6e1fbe928895c0a8fcfbd Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 12 Jun 2024 09:16:59 +0200 Subject: MONOTONIC --- docs/Changelog.md | 4 ++++ src/afl-common.c | 55 +++++++++++++++++++++++++++++++++++++++++++------------ 2 files changed, 47 insertions(+), 12 deletions(-) (limited to 'src') diff --git a/docs/Changelog.md b/docs/Changelog.md index 1590b2df..caad513c 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -4,6 +4,10 @@ release of the tool. See README.md for the general instruction manual. ### Version ++4.22a (dev) + - afl-fuzz: + - the reason for the regression in 4.20c has been found, COARSE timing + is measuring too broad for our purpose, MONOTONIC is fine and better + than gettimeofday() so switching to this - frida_mode: - AFL_FRIDA_PERSISTENT_ADDR can now be be any reachable address not just a function entry diff --git a/src/afl-common.c b/src/afl-common.c index efdb5d60..efe680a8 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -59,6 +59,43 @@ u8 last_intr = 0; #define AFL_PATH "/usr/local/lib/afl/" #endif +/* Convert seconds to milliseconds. */ +#define SEC_TO_MS(sec) ((sec) * 1000) +/* Convert seconds to microseconds. */ +#define SEC_TO_US(sec) ((sec) * 1000000) +/* Convert nanoseconds to milliseconds. */ +#define NS_TO_MS(ns) ((ns) / 1000000) +/* Convert nanoseconds to microseconds. */ +#define NS_TO_US(ns) ((ns) / 1000) +/* Convert seconds to milliseconds. */ +#define SEC_TO_MS(sec) ((sec) * 1000) +/* Convert seconds to microseconds. */ +#define SEC_TO_US(sec) ((sec) * 1000000) +/* Convert nanoseconds to milliseconds. */ +#define NS_TO_MS(ns) ((ns) / 1000000) +/* Convert nanoseconds to microseconds. */ +#define NS_TO_US(ns) ((ns) / 1000) +/* Convert nanoseconds to microseconds. */ +#define US_TO_MS(us) ((us) / 1000) +/* Convert seconds to milliseconds. */ +#define SEC_TO_MS(sec) ((sec) * 1000) +/* Convert seconds to microseconds. */ +#define SEC_TO_US(sec) ((sec) * 1000000) +/* Convert nanoseconds to milliseconds. */ +#define NS_TO_MS(ns) ((ns) / 1000000) +/* Convert nanoseconds to microseconds. */ +#define NS_TO_US(ns) ((ns) / 1000) +/* Convert seconds to milliseconds. */ +#define SEC_TO_MS(sec) ((sec) * 1000) +/* Convert seconds to microseconds. */ +#define SEC_TO_US(sec) ((sec) * 1000000) +/* Convert nanoseconds to milliseconds. */ +#define NS_TO_MS(ns) ((ns) / 1000000) +/* Convert nanoseconds to microseconds. */ +#define NS_TO_US(ns) ((ns) / 1000) +/* Convert nanoseconds to microseconds. */ +#define US_TO_MS(us) ((us) / 1000) + void *afl_memmem(const void *haystack, size_t haystacklen, const void *needle, size_t needlelen) { @@ -976,12 +1013,9 @@ void read_bitmap(u8 *fname, u8 *map, size_t len) { inline u64 get_cur_time(void) { - struct timeval tv; - struct timezone tz; - - gettimeofday(&tv, &tz); - - return (tv.tv_sec * 1000ULL) + (tv.tv_usec / 1000); + struct timespec ts; + (void)clock_gettime(CLOCK_MONOTONIC, &ts); + return (u64)(SEC_TO_MS((uint64_t)ts.tv_sec) + NS_TO_MS((uint64_t)ts.tv_nsec)); } @@ -989,12 +1023,9 @@ inline u64 get_cur_time(void) { inline u64 get_cur_time_us(void) { - struct timeval tv; - struct timezone tz; - - gettimeofday(&tv, &tz); - - return (tv.tv_sec * 1000000ULL) + tv.tv_usec; + struct timespec ts; + (void)clock_gettime(CLOCK_MONOTONIC, &ts); + return (u64)(SEC_TO_US((uint64_t)ts.tv_sec) + NS_TO_US((uint64_t)ts.tv_nsec)); } -- cgit 1.4.1 From e7da8b9d6bf20b1cac960b1eccf3beac3fbf7901 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 13 Jun 2024 09:18:44 +0200 Subject: Revert "MONOTONIC" This reverts commit 0c9b460cc46aebfa4eb6e1fbe928895c0a8fcfbd. --- docs/Changelog.md | 4 ---- src/afl-common.c | 55 ++++++++++++------------------------------------------- 2 files changed, 12 insertions(+), 47 deletions(-) (limited to 'src') diff --git a/docs/Changelog.md b/docs/Changelog.md index caad513c..1590b2df 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -4,10 +4,6 @@ release of the tool. See README.md for the general instruction manual. ### Version ++4.22a (dev) - - afl-fuzz: - - the reason for the regression in 4.20c has been found, COARSE timing - is measuring too broad for our purpose, MONOTONIC is fine and better - than gettimeofday() so switching to this - frida_mode: - AFL_FRIDA_PERSISTENT_ADDR can now be be any reachable address not just a function entry diff --git a/src/afl-common.c b/src/afl-common.c index efe680a8..efdb5d60 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -59,43 +59,6 @@ u8 last_intr = 0; #define AFL_PATH "/usr/local/lib/afl/" #endif -/* Convert seconds to milliseconds. */ -#define SEC_TO_MS(sec) ((sec) * 1000) -/* Convert seconds to microseconds. */ -#define SEC_TO_US(sec) ((sec) * 1000000) -/* Convert nanoseconds to milliseconds. */ -#define NS_TO_MS(ns) ((ns) / 1000000) -/* Convert nanoseconds to microseconds. */ -#define NS_TO_US(ns) ((ns) / 1000) -/* Convert seconds to milliseconds. */ -#define SEC_TO_MS(sec) ((sec) * 1000) -/* Convert seconds to microseconds. */ -#define SEC_TO_US(sec) ((sec) * 1000000) -/* Convert nanoseconds to milliseconds. */ -#define NS_TO_MS(ns) ((ns) / 1000000) -/* Convert nanoseconds to microseconds. */ -#define NS_TO_US(ns) ((ns) / 1000) -/* Convert nanoseconds to microseconds. */ -#define US_TO_MS(us) ((us) / 1000) -/* Convert seconds to milliseconds. */ -#define SEC_TO_MS(sec) ((sec) * 1000) -/* Convert seconds to microseconds. */ -#define SEC_TO_US(sec) ((sec) * 1000000) -/* Convert nanoseconds to milliseconds. */ -#define NS_TO_MS(ns) ((ns) / 1000000) -/* Convert nanoseconds to microseconds. */ -#define NS_TO_US(ns) ((ns) / 1000) -/* Convert seconds to milliseconds. */ -#define SEC_TO_MS(sec) ((sec) * 1000) -/* Convert seconds to microseconds. */ -#define SEC_TO_US(sec) ((sec) * 1000000) -/* Convert nanoseconds to milliseconds. */ -#define NS_TO_MS(ns) ((ns) / 1000000) -/* Convert nanoseconds to microseconds. */ -#define NS_TO_US(ns) ((ns) / 1000) -/* Convert nanoseconds to microseconds. */ -#define US_TO_MS(us) ((us) / 1000) - void *afl_memmem(const void *haystack, size_t haystacklen, const void *needle, size_t needlelen) { @@ -1013,9 +976,12 @@ void read_bitmap(u8 *fname, u8 *map, size_t len) { inline u64 get_cur_time(void) { - struct timespec ts; - (void)clock_gettime(CLOCK_MONOTONIC, &ts); - return (u64)(SEC_TO_MS((uint64_t)ts.tv_sec) + NS_TO_MS((uint64_t)ts.tv_nsec)); + struct timeval tv; + struct timezone tz; + + gettimeofday(&tv, &tz); + + return (tv.tv_sec * 1000ULL) + (tv.tv_usec / 1000); } @@ -1023,9 +989,12 @@ inline u64 get_cur_time(void) { inline u64 get_cur_time_us(void) { - struct timespec ts; - (void)clock_gettime(CLOCK_MONOTONIC, &ts); - return (u64)(SEC_TO_US((uint64_t)ts.tv_sec) + NS_TO_US((uint64_t)ts.tv_nsec)); + struct timeval tv; + struct timezone tz; + + gettimeofday(&tv, &tz); + + return (tv.tv_sec * 1000000ULL) + tv.tv_usec; } -- cgit 1.4.1