Skip to content

Commit f9e8581

Browse files
vanhauser-thcvanhauser-thc
committed
write score to map
1 parent 8758be3 commit f9e8581

File tree

2 files changed

+45
-3
lines changed

2 files changed

+45
-3
lines changed

instrumentation/SanitizerCoveragePCGUARD.so.cc

Lines changed: 44 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -664,8 +664,50 @@ void ModuleSanitizerCoverageAFL::instrumentFunction(
664664
// InjectTraceForCmp(F, CmpTraceTargets);
665665
// InjectTraceForSwitch(F, SwitchTraceTargets);
666666

667-
if (dump_cc) { calcCyclomaticComplexity(&F, LI); }
668-
if (dump_vc) { calcVulnerabilityScore(&F, LI, DT, PDT); }
667+
unsigned int score = 0;
668+
669+
if (dump_cc) { score = calcCyclomaticComplexity(&F, LI); }
670+
if (dump_vc) { score = calcVulnerabilityScore(&F, LI, DT, PDT); }
671+
672+
if (score) {
673+
674+
BasicBlock::iterator IP = F.getEntryBlock().getFirstInsertionPt();
675+
IRBuilder<> builder(&*IP);
676+
677+
// Access the int32 value at u8 offset 1 (unaligned access)
678+
LoadInst *MapPtr =
679+
builder.CreateLoad(PointerType::get(Int8Ty, 0), AFLMapPtr);
680+
llvm::Value *CastToInt8Ptr =
681+
builder.CreateBitCast(MapPtr, llvm::PointerType::get(Int8Ty, 0));
682+
llvm::Value *Int32Ptr = builder.CreateGEP(
683+
Int8Ty, CastToInt8Ptr, llvm::ConstantInt::get(Int32Ty, 1));
684+
llvm::Value *CastToInt32Ptr =
685+
builder.CreateBitCast(Int32Ptr, llvm::PointerType::get(Int32Ty, 0));
686+
687+
// Load the unaligned int32 value
688+
llvm::LoadInst *Load = builder.CreateLoad(Int32Ty, CastToInt32Ptr);
689+
Load->setAlignment(llvm::Align(1));
690+
691+
// Value to add
692+
llvm::Value *ValueToAdd = llvm::ConstantInt::get(Int32Ty, score);
693+
694+
// Perform addition and check for wrap around
695+
llvm::Value *Add =
696+
builder.CreateAdd(Load, ValueToAdd, "addValue", true, true);
697+
698+
// Check if addition wrapped (unsigned)
699+
llvm::Value *DidWrap = builder.CreateICmpULT(Add, Load, "didWrap");
700+
701+
// Select the maximum value if there was a wrap, otherwise use the result
702+
llvm::Value *MaxInt32 = llvm::ConstantInt::get(Int32Ty, UINT32_MAX);
703+
llvm::Value *Result =
704+
builder.CreateSelect(DidWrap, MaxInt32, Add, "selectMaxOrResult");
705+
706+
// Store the result back at the same unaligned offset
707+
llvm::StoreInst *Store = builder.CreateStore(Result, CastToInt32Ptr);
708+
Store->setAlignment(llvm::Align(1));
709+
710+
}
669711

670712
}
671713

instrumentation/afl-compiler-rt.o.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1849,7 +1849,7 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) {
18491849
to avoid duplicate calls (which can happen as an artifact of the underlying
18501850
implementation in LLVM). */
18511851

1852-
if (__afl_final_loc < 5) __afl_final_loc = 5; // we skip the first 5 entries
1852+
if (__afl_final_loc < 4) __afl_final_loc = 4; // we skip the first 5 entries
18531853

18541854
*(start++) = ++__afl_final_loc;
18551855

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy