switch shmem_len to the map

author: van Hauser <vh@thc.org> 2020-06-03 15:49:23 +0200
committer: van Hauser <vh@thc.org> 2020-06-03 15:49:23 +0200
commit: dd0ca7335ff93090def7be7fd0b46e9f71375004 (patch)
tree: 3c447d24b4fed3d8277a19ffe8b53000656a7a95 /qemu_mode
parent: 686d8823eb8eab3a7cb87f4affec56e0d6e402d1 (diff)
download: AFLplusplus-dd0ca7335ff93090def7be7fd0b46e9f71375004.tar.gz
3 files changed, 8 insertions, 10 deletions
diff --git a/qemu_mode/patches/afl-qemu-common.h b/qemu_mode/patches/afl-qemu-common.h
index f7ffa56a..92c33b50 100644
--- a/qemu_mode/patches/afl-qemu-common.h
+++ b/qemu_mode/patches/afl-qemu-common.h
@@ -83,9 +83,9 @@ extern unsigned char  persistent_save_gpr;
 extern uint64_t       persistent_saved_gpr[AFL_REGS_NUM];
 extern int            persisent_retaddr_offset;
 
-extern u8 *shared_buf;
-extern u32 shared_buf_len;
-extern u8  sharedmem_fuzzing;
+extern u8 * shared_buf;
+extern u32 *shared_buf_len;
+extern u8   sharedmem_fuzzing;
 
 extern afl_persistent_hook_fn afl_persistent_hook_ptr;
 
diff --git a/qemu_mode/patches/afl-qemu-cpu-inl.h b/qemu_mode/patches/afl-qemu-cpu-inl.h
index 7836e2cf..78f607aa 100644
--- a/qemu_mode/patches/afl-qemu-cpu-inl.h
+++ b/qemu_mode/patches/afl-qemu-cpu-inl.h
@@ -83,9 +83,9 @@ unsigned char persistent_save_gpr;
 uint64_t      persistent_saved_gpr[AFL_REGS_NUM];
 int           persisent_retaddr_offset;
 
-u8 *shared_buf;
-u32 shared_buf_len;
-u8  sharedmem_fuzzing;
+u8 * shared_buf;
+u32 *shared_buf_len;
+u8   sharedmem_fuzzing;
 
 afl_persistent_hook_fn afl_persistent_hook_ptr;
 
@@ -148,6 +148,7 @@ static void afl_map_shm_fuzz(void) {
 
     u32 shm_id = atoi(id_str);
     shared_buf = shmat(shm_id, NULL, 0);
+    shared_buf_len = (u32 *)(shared_buf + MAX_FILE);
 
     /* Whooooops. */
 
@@ -377,9 +378,6 @@ void afl_forkserver(CPUState *cpu) {
 
     if (read(FORKSRV_FD, &was_killed, 4) != 4) exit(2);
 
-    shared_buf_len = (was_killed >> 8);
-    was_killed = (was_killed & 0xff);
-
     /* If we stopped the child in persistent mode, but there was a race
        condition and afl-fuzz already issued SIGKILL, write off the old
        process. */
diff --git a/qemu_mode/patches/afl-qemu-cpu-translate-inl.h b/qemu_mode/patches/afl-qemu-cpu-translate-inl.h
index 15d5c91c..8553f194 100644
--- a/qemu_mode/patches/afl-qemu-cpu-translate-inl.h
+++ b/qemu_mode/patches/afl-qemu-cpu-translate-inl.h
@@ -162,7 +162,7 @@ static void log_x86_sp_content(void) {
 static void callback_to_persistent_hook(void) {
 
   afl_persistent_hook_ptr(persistent_saved_gpr, guest_base, shared_buf,
-                          shared_buf_len);
+                          *shared_buf_len);
 
 }
author	van Hauser <vh@thc.org>	2020-06-03 15:49:23 +0200
committer	van Hauser <vh@thc.org>	2020-06-03 15:49:23 +0200
commit	dd0ca7335ff93090def7be7fd0b46e9f71375004 (patch)
tree	3c447d24b4fed3d8277a19ffe8b53000656a7a95 /qemu_mode
parent	686d8823eb8eab3a7cb87f4affec56e0d6e402d1 (diff)
download	AFLplusplus-dd0ca7335ff93090def7be7fd0b46e9f71375004.tar.gz