From faf3e3d2299100f0fccf2f6187d58e398cab06be Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Mon, 14 May 2018 11:17:58 +0200
Subject: executor: filter out invalid PCs on linux/x86_64

Fuzzer manages to corrupt output region and write random coverage again and again.
Do a sanity range check on coverage PCs to filter out invalid ones.
---
 executor/executor_linux.cc | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'executor/executor_linux.cc')

diff --git a/executor/executor_linux.cc b/executor/executor_linux.cc
index d9e84a66a..4b88946dd 100644
--- a/executor/executor_linux.cc
+++ b/executor/executor_linux.cc
@@ -188,6 +188,21 @@ uint32 read_cover_size(thread_t* th)
 	return n;
 }
 
+bool cover_check(uint32 pc)
+{
+	return true;
+}
+
+bool cover_check(uint64 pc)
+{
+#if defined(__i386__) || defined(__x86_64__)
+	// Text/modules range for x86_64.
+	return pc >= 0xffffffff80000000ull && pc < 0xffffffffff000000ull;
+#else
+	return true;
+#endif
+}
+
 uint32* write_output(uint32 v)
 {
 	if (collide)
-- 
cgit mrf-deployment