From 0f3ad288e712e4f342ac23c31c919b182ce46555 Mon Sep 17 00:00:00 2001 From: "Dongjia \"toka\" Zhang" Date: Mon, 22 Apr 2024 19:27:13 +0200 Subject: [PATCH] Fix #1932 (#2089) * fix * Stupid lint * increase rate * fix --- fuzzers/frida_libpng/Cargo.toml | 2 +- fuzzers/frida_libpng/Makefile.toml | 2 +- fuzzers/frida_libpng/src/fuzzer.rs | 6 +++--- libafl/src/corpus/cached.rs | 14 ++++---------- libafl_bolts/src/os/unix_shmem_server.rs | 2 +- libafl_cc/src/clang.rs | 2 +- 6 files changed, 11 insertions(+), 17 deletions(-) diff --git a/fuzzers/frida_libpng/Cargo.toml b/fuzzers/frida_libpng/Cargo.toml index 0d5f267a97..43d66572a2 100644 --- a/fuzzers/frida_libpng/Cargo.toml +++ b/fuzzers/frida_libpng/Cargo.toml @@ -26,7 +26,7 @@ reqwest = { version = "0.11.4", features = ["blocking"] } [dependencies] -libafl = { path = "../../libafl/", features = [ "std", "llmp_compression", "llmp_bind_public", "frida_cli" ] } #, "llmp_small_maps", "llmp_debug"]} +libafl = { path = "../../libafl/", features = [ "std", "llmp_compression", "llmp_bind_public", "frida_cli", "errors_backtrace" ] } #, "llmp_small_maps", "llmp_debug"]} libafl_bolts = { path = "../../libafl_bolts/" } frida-gum = { version = "0.13.6", features = [ "auto-download", "event-sink", "invocation-listener"] } libafl_frida = { path = "../../libafl_frida", features = ["cmplog"] } diff --git a/fuzzers/frida_libpng/Makefile.toml b/fuzzers/frida_libpng/Makefile.toml index 47b478f3e6..531f77445b 100644 --- a/fuzzers/frida_libpng/Makefile.toml +++ b/fuzzers/frida_libpng/Makefile.toml @@ -111,7 +111,7 @@ script_runner = "@shell" script=''' rm -rf libafl_unix_shmem_server || true timeout 30s ./${FUZZER_NAME} -F LLVMFuzzerTestOneInput -H ./libpng-harness.so -l ./libpng-harness.so | tee fuzz_stdout.log 2>/dev/null || true -if grep -qa "corpus: 30" fuzz_stdout.log; then +if grep -qa "corpus: 70" fuzz_stdout.log; then echo "Fuzzer is working" else echo "Fuzzer does not generate any testcases or any crashes" diff --git a/fuzzers/frida_libpng/src/fuzzer.rs b/fuzzers/frida_libpng/src/fuzzer.rs index 83687093d3..8297ba20c3 100644 --- a/fuzzers/frida_libpng/src/fuzzer.rs +++ b/fuzzers/frida_libpng/src/fuzzer.rs @@ -140,7 +140,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> { // RNG StdRand::with_seed(current_nanos()), // Corpus that will be evolved, we keep it in memory for performance - CachedOnDiskCorpus::no_meta(PathBuf::from("./corpus_discovered"), 64) + CachedOnDiskCorpus::no_meta(PathBuf::from("./corpus_discovered"), 4) .unwrap(), // Corpus in which we store solutions (crashes in this example), // on disk so the user can get them after stopping the fuzzer @@ -256,7 +256,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> { // RNG StdRand::with_seed(current_nanos()), // Corpus that will be evolved, we keep it in memory for performance - CachedOnDiskCorpus::no_meta(PathBuf::from("./corpus_discovered"), 64) + CachedOnDiskCorpus::no_meta(PathBuf::from("./corpus_discovered"), 4) .unwrap(), // Corpus in which we store solutions (crashes in this example), // on disk so the user can get them after stopping the fuzzer @@ -386,7 +386,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> { // RNG StdRand::with_seed(current_nanos()), // Corpus that will be evolved, we keep it in memory for performance - CachedOnDiskCorpus::no_meta(PathBuf::from("./corpus_discovered"), 64) + CachedOnDiskCorpus::no_meta(PathBuf::from("./corpus_discovered"), 4) .unwrap(), // Corpus in which we store solutions (crashes in this example), // on disk so the user can get them after stopping the fuzzer diff --git a/libafl/src/corpus/cached.rs b/libafl/src/corpus/cached.rs index ca32966d9a..d585871c0e 100644 --- a/libafl/src/corpus/cached.rs +++ b/libafl/src/corpus/cached.rs @@ -45,20 +45,14 @@ where &'a self, testcase: &'a RefCell>, idx: CorpusId, - is_disabled: bool, ) -> Result<(), Error> { if testcase.borrow().input().is_none() { self.load_input_into(&mut testcase.borrow_mut())?; let mut borrowed_num = 0; while self.cached_indexes.borrow().len() >= self.cache_max_len { let removed = self.cached_indexes.borrow_mut().pop_front().unwrap(); - if let Ok(mut borrowed) = if is_disabled { - self.inner.get_from_all(removed) - } else { - self.inner.get(removed) - }? - .try_borrow_mut() - { + + if let Ok(mut borrowed) = self.inner.get_from_all(removed)?.try_borrow_mut() { *borrowed.input_mut() = None; } else { self.cached_indexes.borrow_mut().push_back(removed); @@ -125,14 +119,14 @@ where #[inline] fn get(&self, idx: CorpusId) -> Result<&RefCell>, Error> { let testcase = { self.inner.get(idx)? }; - self.cache_testcase(testcase, idx, false)?; + self.cache_testcase(testcase, idx)?; Ok(testcase) } /// Get by id; considers both enabled and disabled testcases #[inline] fn get_from_all(&self, idx: CorpusId) -> Result<&RefCell>, Error> { let testcase = { self.inner.get_from_all(idx)? }; - self.cache_testcase(testcase, idx, true)?; + self.cache_testcase(testcase, idx)?; Ok(testcase) } diff --git a/libafl_bolts/src/os/unix_shmem_server.rs b/libafl_bolts/src/os/unix_shmem_server.rs index 8c6291d259..1d1dbd501f 100644 --- a/libafl_bolts/src/os/unix_shmem_server.rs +++ b/libafl_bolts/src/os/unix_shmem_server.rs @@ -179,7 +179,7 @@ where /// Connect to the server and return a new [`ServedShMemProvider`] /// Will try to spawn a [`ShMemService`]. This will only work for the first try. fn new() -> Result { - // Needed for MacOS and Android to get sharedmaps working. + // Needed for `MacOS` and Android to get sharedmaps working. let service = ShMemService::::start(); let mut res = Self { diff --git a/libafl_cc/src/clang.rs b/libafl_cc/src/clang.rs index 200c8ab4bd..8151f9e6a6 100644 --- a/libafl_cc/src/clang.rs +++ b/libafl_cc/src/clang.rs @@ -278,7 +278,7 @@ impl ToolWrapper for ClangWrapper { if linking { new_args.push("-lrt".into()); } - // MacOS has odd linker behavior sometimes + // `MacOS` has odd linker behavior sometimes #[cfg(target_vendor = "apple")] if linking || shared { new_args.push("-undefined".into());