forked from fuzztruction/fuzztruction
-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathmem_functions.c
46 lines (42 loc) · 1.42 KB
/
mem_functions.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#include <stdlib.h>
#include <stdint.h>
/*
This file is assembled to LLVM IR (.ll) and later injected during compilation via
our custom LLVM-Pass.
We use the `always_inline` attrbiute to cause the compiler to generate a unique
patch point per per function call. Thus we have seperated mutation entries for
each (like semantically different) memory operation. Without inlineing, we would
have a huge mutation entry that we could only fuzz as one.
*/
/*
Custom memcpy implementation we can instrument.
*/
__attribute__((always_inline))
void *custom_memcpy(void *restrict dst, const void *restrict src, size_t n) {
size_t idx = 0;
while (n--) {
((uint8_t*)dst)[idx] = ((uint8_t*)src)[idx];
idx++;
}
return dst;
}
/*
Custom memmove implementation we can instrument.
! `restrict` is only valid as long the pointers do not point to the same
! memory location. We added this keyword because our custom memmove
! memmove implementation does a bytewise copy and is therefore not subjected
! to aliasing. If this is changed, these attrbiutes might need to be removed.
*/
__attribute__((always_inline))
void *custom_memmove(void *restrict dst, const void *restrict src, size_t n) {
size_t idx = 0;
if (dst == src) {
// ! This is a NOP and also not allowed as of `restrict`.
return dst;
}
while (n--) {
((uint8_t*)dst)[idx] = ((uint8_t*)src)[idx];
idx++;
}
return dst;
}