Skip to content

Commit b6c4f37

Browse files
vanhauser-thcvanhauser-thc
committed
disable xml/curl/g_ string transform compare
1 parent 0892a22 commit b6c4f37

File tree

2 files changed

+29
-9
lines changed

2 files changed

+29
-9
lines changed

docs/Changelog.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@
1515
- re-enable i386 support that was accidently disabled
1616
- fixes for LTO and outdated afl-gcc mode
1717
- fix COMPCOV split compare for old LLVMs
18+
- disable xml/curl/g_ string transform functions because we do not check
19+
for null pointers ... TODO
1820
- ensure shared memory variables are visible in weird build setups
1921
* afl-cmin
2022
- work with input files that have a space

instrumentation/compare-transform-pass.so.cc

Lines changed: 27 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -230,38 +230,38 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
230230
if (callInst->getCallingConv() != llvm::CallingConv::C) continue;
231231
StringRef FuncName = Callee->getName();
232232
isStrcmp &=
233-
(!FuncName.compare("strcmp") || !FuncName.compare("xmlStrcmp") ||
233+
(!FuncName.compare("strcmp") /*|| !FuncName.compare("xmlStrcmp") ||
234234
!FuncName.compare("xmlStrEqual") ||
235235
!FuncName.compare("curl_strequal") ||
236236
!FuncName.compare("strcsequal") ||
237-
!FuncName.compare("g_strcmp0"));
237+
!FuncName.compare("g_strcmp0")*/);
238238
isMemcmp &=
239239
(!FuncName.compare("memcmp") || !FuncName.compare("bcmp") ||
240240
!FuncName.compare("CRYPTO_memcmp") ||
241241
!FuncName.compare("OPENSSL_memcmp") ||
242242
!FuncName.compare("memcmp_const_time") ||
243243
!FuncName.compare("memcmpct"));
244-
isStrncmp &= (!FuncName.compare("strncmp") ||
244+
isStrncmp &= (!FuncName.compare("strncmp")/* ||
245245
!FuncName.compare("curl_strnequal") ||
246-
!FuncName.compare("xmlStrncmp"));
246+
!FuncName.compare("xmlStrncmp")*/);
247247
isStrcasecmp &= (!FuncName.compare("strcasecmp") ||
248248
!FuncName.compare("stricmp") ||
249249
!FuncName.compare("ap_cstr_casecmp") ||
250250
!FuncName.compare("OPENSSL_strcasecmp") ||
251-
!FuncName.compare("xmlStrcasecmp") ||
251+
/*!FuncName.compare("xmlStrcasecmp") ||
252252
!FuncName.compare("g_strcasecmp") ||
253253
!FuncName.compare("g_ascii_strcasecmp") ||
254254
!FuncName.compare("Curl_strcasecompare") ||
255-
!FuncName.compare("Curl_safe_strcasecompare") ||
255+
!FuncName.compare("Curl_safe_strcasecompare") ||*/
256256
!FuncName.compare("cmsstrcasecmp"));
257257
isStrncasecmp &= (!FuncName.compare("strncasecmp") ||
258258
!FuncName.compare("strnicmp") ||
259259
!FuncName.compare("ap_cstr_casecmpn") ||
260-
!FuncName.compare("OPENSSL_strncasecmp") ||
260+
!FuncName.compare("OPENSSL_strncasecmp") /*||
261261
!FuncName.compare("xmlStrncasecmp") ||
262262
!FuncName.compare("g_ascii_strncasecmp") ||
263263
!FuncName.compare("Curl_strncasecompare") ||
264-
!FuncName.compare("g_strncasecmp"));
264+
!FuncName.compare("g_strncasecmp")*/);
265265
isIntMemcpy &= !FuncName.compare("llvm.memcpy.p0i8.p0i8.i64");
266266

267267
if (!isStrcmp && !isMemcmp && !isStrncmp && !isStrcasecmp &&
@@ -465,8 +465,19 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
465465
bool isCaseInsensitive = false;
466466
bool needs_null = false;
467467
bool success_is_one = false;
468+
bool nullCheck = false;
468469
Function *Callee = callInst->getCalledFunction();
469470

471+
fprintf(stderr, "%s - %s - %s\n",
472+
callInst->getParent()
473+
->getParent()
474+
->getParent()
475+
->getName()
476+
.str()
477+
.c_str(),
478+
callInst->getParent()->getParent()->getName().str().c_str(),
479+
Callee ? Callee->getName().str().c_str() : "NULL");
480+
470481
if (Callee) {
471482

472483
if (!Callee->getName().compare("memcmp") ||
@@ -520,6 +531,11 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
520531
}
521532

522533
if (!isSizedcmp) needs_null = true;
534+
if (Callee->getName().startswith("g_") ||
535+
Callee->getName().startswith("curl_") ||
536+
Callee->getName().startswith("Curl_") ||
537+
Callee->getName().startswith("xml"))
538+
nullCheck = true;
523539

524540
Value *sizedValue = isSizedcmp ? callInst->getArgOperand(2) : NULL;
525541
bool isConstSized = sizedValue && isa<ConstantInt>(sizedValue);
@@ -604,8 +620,10 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
604620
/* split before the call instruction */
605621
BasicBlock *bb = callInst->getParent();
606622
BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(callInst));
607-
608623
BasicBlock *next_lenchk_bb = NULL;
624+
625+
if (nullCheck) { fprintf(stderr, "TODO: null check\n"); }
626+
609627
if (isSizedcmp && !isConstSized) {
610628

611629
next_lenchk_bb =

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy