workaround for recursive malloc in release mode
This commit is contained in:
Dominik Maier
parent
4ce6e72e1b
commit
f7db29d213
@ -1,17 +1,18 @@
|
||||
#!/bin/sh
|
||||
|
||||
mkdir -p ./crashes
|
||||
rm -rf ./.libfuzzer_test.elf
|
||||
|
||||
cargo build --example libfuzzer_libpng --release || exit 1
|
||||
cp ../../target/release/examples/libfuzzer_libpng ./.libfuzzer_test.elf
|
||||
|
||||
# The broker
|
||||
RUST_BACKTRACE=full taskset 0 ./.libfuzzer_test.elf &
|
||||
RUST_BACKTRACE=full taskset -c 0 ./.libfuzzer_test.elf &
|
||||
# Give the broker time to spawn
|
||||
sleep 2
|
||||
echo "Spawning client"
|
||||
# The 1st fuzzer client, pin to cpu 0x1
|
||||
RUST_BACKTRACE=full taskset 1 ./.libfuzzer_test.elf 2>/dev/null
|
||||
RUST_BACKTRACE=full taskset -c 1 ./.libfuzzer_test.elf 2>/dev/null
|
||||
|
||||
killall .libfuzzer_test.elf
|
||||
rm -rf ./.libfuzzer_test.elf
|
||||
|
||||
@ -138,7 +138,12 @@ void *malloc(size_t size) {
|
||||
k &= MAP_SIZE - 1;
|
||||
__lafl_alloc_map[k] = MAX(__lafl_alloc_map[k], size);
|
||||
|
||||
return realloc(NULL, size);
|
||||
// We cannot malloc in malloc.
|
||||
// Hence, even realloc(NULL, size) would loop in an optimized build.
|
||||
// We fall back to a stricter allocation function. Fingers crossed.
|
||||
void *ret = NULL;
|
||||
posix_memalign(&ret, 1<<6, size);
|
||||
return ret;
|
||||
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user