Snapshot mode: fix incompatibility with libcompcov.so

When libcompcov.so is included, the shared memory is picked up in snapshot mode and is reset every time the snapshot is restored. This erases all coverage info, so we should skip it when collecting the memory to be restored.
AFLplusplus · Apr 27, 2024 · 32d7980 · 32d7980
1 parent 40033af
commit 32d7980
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/accel/tcg/cpu-exec.c b/accel/tcg/cpu-exec.c
@@ -176,12 +176,18 @@ static void collect_memory_snapshot(void) {
   char *line = NULL;
   size_t len = 0;
   ssize_t read;
+  uint64_t afl_shm_inode = 0;
+  char *afl_shm_id_str = getenv(SHM_ENV_VAR);
 
   fp = fopen("/proc/self/maps", "r");
   if (fp == NULL) {
     fprintf(stderr, "[AFL] ERROR: cannot open /proc/self/maps\n");
     exit(1);
   }
+
+  if (afl_shm_id_str) {
+    afl_shm_inode = atoi(afl_shm_id_str);
+  }
 
   size_t memory_snapshot_allocd = 32;
   if (!lkm_snapshot)
@@ -208,6 +214,11 @@ static void collect_memory_snapshot(void) {
     if (page_check_range(h2g(min), max - min, flags) == -1)
         continue;
 
+    // When `libcompcov.so` is used, the shared memory used to track coverage
+    // is picked up here. Obviously, we don't want to reset that, as that
+    // would erase coverage tracking, so we skip it.
+    if (afl_shm_id_str && inode == afl_shm_inode) continue;
+
     if (lkm_snapshot) {
 
       afl_snapshot_include_vmrange((void*)min, (void*)max);