From e68d2345d5c301dfdf7df3a86ccb0d9eb0aabbbd Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Wed, 29 Apr 2020 22:25:10 +0200 Subject: test.sh: continue after failed test case qemu persistent mode --- test/test.sh | 1 - 1 file changed, 1 deletion(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index b8d4208f..e950e3de 100755 --- a/test/test.sh +++ b/test/test.sh @@ -802,7 +802,6 @@ test -e ../afl-qemu-trace && { echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with persistent qemu_mode" CODE=1 - exit 1 } rm -rf in out errors } || { -- cgit 1.4.1 From 6e45e55d82eeed2075579a530f5aeea8d00af55b Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 5 May 2020 10:38:44 +0200 Subject: fix crash in AFL_LLVM_LAF_TRANSFORM_COMPARES --- docs/Changelog.md | 1 + llvm_mode/afl-llvm-rt.o.c | 15 ++++++--------- llvm_mode/compare-transform-pass.so.cc | 12 ++++++++---- test/test.sh | 2 +- 4 files changed, 16 insertions(+), 14 deletions(-) (limited to 'test') diff --git a/docs/Changelog.md b/docs/Changelog.md index 8c0624b6..ac68e8ff 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -21,6 +21,7 @@ sending a mail to . fuzzing speed - fixes to LTO mode if instrumented edges > MAP_SIZE - CTX and NGRAM can now be used together + - AFL_LLVM_LAF_TRANSFORM_COMPARES would sometimes crash, fixed - added AFL_LLVM_SKIP_NEVERZERO to skip the never zero coverage counter implmentation. For targets with little or no loops or heavy called functions. Gives a small performance boost. diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c index 722ca421..56038f7a 100644 --- a/llvm_mode/afl-llvm-rt.o.c +++ b/llvm_mode/afl-llvm-rt.o.c @@ -67,22 +67,19 @@ u8 __afl_area_initial[MAP_SIZE]; u8 *__afl_area_ptr = __afl_area_initial; u8 *__afl_dictionary; +u32 __afl_final_loc; +u32 __afl_map_size = MAP_SIZE; +u32 __afl_dictionary_len; +u64 __afl_map_addr; + #ifdef __ANDROID__ PREV_LOC_T __afl_prev_loc[NGRAM_SIZE_MAX]; -u32 __afl_final_loc; u32 __afl_prev_ctx; u32 __afl_cmp_counter; -u32 __afl_dictionary_len; -u32 __afl_map_size = MAP_SIZE; -u64 __afl_map_addr; #else __thread PREV_LOC_T __afl_prev_loc[NGRAM_SIZE_MAX]; -__thread u32 __afl_final_loc; __thread u32 __afl_prev_ctx; __thread u32 __afl_cmp_counter; -__thread u32 __afl_dictionary_len; -__thread u32 __afl_map_size = MAP_SIZE; -__thread u64 __afl_map_addr; #endif struct cmp_map *__afl_cmp_map; @@ -152,7 +149,7 @@ static void __afl_map_shm(void) { if (getenv("AFL_DEBUG")) fprintf(stderr, - "DEBUG: id_str %s, __afl_map_addr 0x%lx, MAP_SIZE %u, " + "DEBUG: id_str %s, __afl_map_addr 0x%llx, MAP_SIZE %u, " "__afl_final_loc %u, max_size_forkserver %u/0x%x\n", id_str == NULL ? "" : id_str, __afl_map_addr, MAP_SIZE, __afl_final_loc, FS_OPT_MAX_MAPSIZE, FS_OPT_MAX_MAPSIZE); diff --git a/llvm_mode/compare-transform-pass.so.cc b/llvm_mode/compare-transform-pass.so.cc index c871c1c4..9cf4169e 100644 --- a/llvm_mode/compare-transform-pass.so.cc +++ b/llvm_mode/compare-transform-pass.so.cc @@ -386,13 +386,13 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, TmpConstStr = Str1.str(); VarStr = Str2P; - constLen = isMemcmp ? sizedLen : GetStringLength(Str1P); + constLen = isMemcmp ? sizedLen : TmpConstStr.length(); } else { TmpConstStr = Str2.str(); VarStr = Str1P; - constLen = isMemcmp ? sizedLen : GetStringLength(Str2P); + constLen = isMemcmp ? sizedLen : TmpConstStr.length(); } @@ -401,8 +401,12 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, * runtime bounds checking, which makes debugging easier) */ TmpConstStr.append("\0", 1); ConstStr = StringRef(TmpConstStr); - - if (isSizedcmp && constLen > sizedLen) { constLen = sizedLen; } + // fprintf(stderr, "issized: %d, const > sized ? %u > %u\n", isSizedcmp, + // constLen, sizedLen); + if (isSizedcmp && constLen > sizedLen && sizedLen) constLen = sizedLen; + if (constLen > TmpConstStr.length()) constLen = TmpConstStr.length(); + if (!constLen) constLen = TmpConstStr.length(); + if (!constLen) continue; if (!be_quiet) errs() << callInst->getCalledFunction()->getName() << ": len " << constLen diff --git a/test/test.sh b/test/test.sh index e950e3de..90633a9f 100755 --- a/test/test.sh +++ b/test/test.sh @@ -81,7 +81,7 @@ test `uname -s` = 'Darwin' -o `uname -s` = 'FreeBSD' && { } || { AFL_GCC=afl-gcc } -command -v gcc || AFL_GCC=afl-clang +command -v gcc >/dev/null 2>&1 || AFL_GCC=afl-clang SYS=`uname -m` -- cgit 1.4.1 From e31b816aa0948e66902828595fe1b437cb4cd496 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Tue, 5 May 2020 22:46:48 +0200 Subject: fix unit tests when printf is a macro --- test/unittests/unit_list.c | 1 + test/unittests/unit_maybe_alloc.c | 1 + test/unittests/unit_preallocable.c | 1 + 3 files changed, 3 insertions(+) (limited to 'test') diff --git a/test/unittests/unit_list.c b/test/unittests/unit_list.c index df4864e4..86d4748b 100644 --- a/test/unittests/unit_list.c +++ b/test/unittests/unit_list.c @@ -33,6 +33,7 @@ void __wrap_exit(int status) { } /* ignore all printfs */ +#undef printf extern int printf(const char *format, ...); extern int __real_printf(const char *format, ...); int __wrap_printf(const char *format, ...); diff --git a/test/unittests/unit_maybe_alloc.c b/test/unittests/unit_maybe_alloc.c index 8cd8b11a..4e093cfe 100644 --- a/test/unittests/unit_maybe_alloc.c +++ b/test/unittests/unit_maybe_alloc.c @@ -33,6 +33,7 @@ void __wrap_exit(int status) { int __wrap_printf(const char *format, ...); /* ignore all printfs */ +#undef printf extern int printf(const char *format, ...); extern int __real_printf(const char *format, ...); int __wrap_printf(const char *format, ...) { diff --git a/test/unittests/unit_preallocable.c b/test/unittests/unit_preallocable.c index 8d619b78..888bb485 100644 --- a/test/unittests/unit_preallocable.c +++ b/test/unittests/unit_preallocable.c @@ -33,6 +33,7 @@ void __wrap_exit(int status) { } /* ignore all printfs */ +#undef printf extern int printf(const char *format, ...); extern int __real_printf(const char *format, ...); int __wrap_printf(const char *format, ...); -- cgit 1.4.1