SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Proposed fix for issue #3094, whereby all conditional comparisons are treat as 1 byte (rather than 2, 4, or 8) (#3095)

Browse Source
This commit is contained in:
Dan Blackwell 2025-03-21 11:55:58 +00:00 committed by GitHub
parent f73d47dfb8
commit 9195245998
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libafl_targets/src/sancov_cmp.c
View File

@ -14,7 +14,7 @@
#ifdef SANCOV_VALUE_PROFILE #ifdef SANCOV_VALUE_PROFILE
#define SANCOV_VALUE_PROFILE_CALL(k, arg_size, arg1, arg2, arg1_is_const) \ #define SANCOV_VALUE_PROFILE_CALL(k, arg_size, arg1, arg2, arg1_is_const) \
k &= CMP_MAP_SIZE - 1; \ k &= CMP_MAP_SIZE - 1; \
__libafl_targets_value_profile1(k, arg1, arg2); __libafl_targets_value_profile##arg_size(k, arg1, arg2);
#else #else
#define SANCOV_VALUE_PROFILE_CALL(k, arg_size, arg1, arg2, arg1_is_const) #define SANCOV_VALUE_PROFILE_CALL(k, arg_size, arg1, arg2, arg1_is_const)
#endif #endif
@ -22,12 +22,14 @@
#ifdef SANCOV_CMPLOG #ifdef SANCOV_CMPLOG
#define SANCOV_CMPLOG_CALL(k, arg_size, arg1, arg2, arg1_is_const) \ #define SANCOV_CMPLOG_CALL(k, arg_size, arg1, arg2, arg1_is_const) \
k &= CMPLOG_MAP_W - 1; \ k &= CMPLOG_MAP_W - 1; \
cmplog_instructions_checked(k, arg_size, (uint64_t)arg1, (uint64_t)arg2, arg1_is_const); cmplog_instructions_checked(k, arg_size, (uint64_t)arg1, (uint64_t)arg2, \
arg1_is_const);
#else #else
#define SANCOV_CMPLOG_CALL(k, arg_size, arg1, arg2, arg1_is_const) #define SANCOV_CMPLOG_CALL(k, arg_size, arg1, arg2, arg1_is_const)
#endif #endif
#define HANDLE_SANCOV_TRACE_CMP(arg_size, arg1, arg2, arg1_is_const) { \ #define HANDLE_SANCOV_TRACE_CMP(arg_size, arg1, arg2, arg1_is_const) \
{ \
uintptr_t k = RETADDR; \ uintptr_t k = RETADDR; \
k = (k >> 4) ^ (k << 8); \ k = (k >> 4) ^ (k << 8); \
SANCOV_VALUE_PROFILE_CALL(k, arg_size, arg1, arg2, arg1_is_const) \ SANCOV_VALUE_PROFILE_CALL(k, arg_size, arg1, arg2, arg1_is_const) \
@ -80,7 +82,8 @@ void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases) {
#endif #endif
#ifdef SANCOV_CMPLOG #ifdef SANCOV_CMPLOG
k &= CMPLOG_MAP_W - 1; k &= CMPLOG_MAP_W - 1;
// Note: cases[i + 2] are the constant values, so keep them in arg1 and indicate that it's const // Note: cases[i + 2] are the constant values, so keep them in arg1 and
// indicate that it's const
cmplog_instructions_checked(k, cases[1] / 8, cases[i + 2], val, 1); cmplog_instructions_checked(k, cases[1] / 8, cases[i + 2], val, 1);
#endif #endif
} }

7
libafl_targets/src/windows_asan.rs
View File

@ -29,11 +29,8 @@ unsafe extern "C" {
/// ///
/// # Safety /// # Safety
/// Calls the unsafe `__sanitizer_set_death_callback` symbol, but should be safe to call otherwise. /// Calls the unsafe `__sanitizer_set_death_callback` symbol, but should be safe to call otherwise.
pub unsafe fn setup_asan_callback<E, EM, I, OF, S, Z>( pub unsafe fn setup_asan_callback<E, EM, I, OF, S, Z>(_executor: &E, _event_mgr: &EM, _fuzzer: &Z)
_executor: &E, where
_event_mgr: &EM,
_fuzzer: &Z,
) where
E: Executor<EM, I, S, Z> + HasObservers, E: Executor<EM, I, S, Z> + HasObservers,
E::Observers: ObserversTuple<I, S>, E::Observers: ObserversTuple<I, S>,
EM: EventFirer<I, S> + EventRestarter<S>, EM: EventFirer<I, S> + EventRestarter<S>,