fixed shmap fuzzing

author: Dominik Maier <domenukk@gmail.com> 2020-06-09 03:03:21 +0200
committer: Dominik Maier <domenukk@gmail.com> 2020-06-09 03:03:21 +0200
commit: 92b8c5bb6037cb6626682653eacaa124504c592b (patch)
tree: 23976001fee17bd4da81ee965173a24e85bb947b /qemu_mode
parent: 646237e234f74f7f70780f1d880e666fcf75c65e (diff)
download: AFLplusplus-92b8c5bb6037cb6626682653eacaa124504c592b.tar.gz
1 files changed, 8 insertions, 6 deletions
diff --git a/qemu_mode/patches/afl-qemu-cpu-inl.h b/qemu_mode/patches/afl-qemu-cpu-inl.h
index e4953cb1..8dea004e 100644
--- a/qemu_mode/patches/afl-qemu-cpu-inl.h
+++ b/qemu_mode/patches/afl-qemu-cpu-inl.h
@@ -147,20 +147,22 @@ static void afl_map_shm_fuzz(void) {
   if (id_str) {
 
     u32 shm_id = atoi(id_str);
-    shared_buf_len = (u32 *)shmat(shm_id, NULL, 0);
-    shared_buf = (u8 *)(shared_buf_len + sizeof(int));
-
+    u8 *map = (u8 *)shmat(shm_id, NULL, 0);
     /* Whooooops. */
 
-    if (shared_buf == (void *)-1) {
+    if (!map || map == (void *)-1) {
 
-      fprintf(stderr, "[AFL] ERROR:  could not access fuzzing shared memory\n");
+      perror("[AFL] ERROR: could not access fuzzing shared memory");
       exit(1);
 
     }
 
-    if (getenv("AFL_DEBUG"))
+    shared_buf_len = (u32 *)map;
+    shared_buf = map + sizeof(u32);
+
+    if (getenv("AFL_DEBUG")) {
       fprintf(stderr, "[AFL] DEBUG: successfully got fuzzing shared memory\n");
+    }
 
   } else {
author	Dominik Maier <domenukk@gmail.com>	2020-06-09 03:03:21 +0200
committer	Dominik Maier <domenukk@gmail.com>	2020-06-09 03:03:21 +0200
commit	92b8c5bb6037cb6626682653eacaa124504c592b (patch)
tree	23976001fee17bd4da81ee965173a24e85bb947b /qemu_mode
parent	646237e234f74f7f70780f1d880e666fcf75c65e (diff)
download	AFLplusplus-92b8c5bb6037cb6626682653eacaa124504c592b.tar.gz