Fix #1932 (#2089)

* fix

* Stupid lint

* increase rate

* fix

fuzzers/frida_libpng/Cargo.toml

@@ -26,7 +26,7 @@ reqwest = { version = "0.11.4", features = ["blocking"] }
 
 
 [dependencies]
-libafl = { path = "../../libafl/", features = [ "std", "llmp_compression", "llmp_bind_public", "frida_cli" ] } #,  "llmp_small_maps", "llmp_debug"]}
+libafl = { path = "../../libafl/", features = [ "std", "llmp_compression", "llmp_bind_public", "frida_cli", "errors_backtrace" ] } #,  "llmp_small_maps", "llmp_debug"]}
 libafl_bolts = { path = "../../libafl_bolts/" }
 frida-gum = { version = "0.13.6", features = [ "auto-download", "event-sink", "invocation-listener"] }
 libafl_frida = { path = "../../libafl_frida", features = ["cmplog"] }

fuzzers/frida_libpng/Makefile.toml

@@ -111,7 +111,7 @@ script_runner = "@shell"
 script='''
 rm -rf libafl_unix_shmem_server || true
 timeout 30s ./${FUZZER_NAME} -F LLVMFuzzerTestOneInput -H ./libpng-harness.so -l ./libpng-harness.so | tee fuzz_stdout.log 2>/dev/null || true
-if grep -qa "corpus: 30" fuzz_stdout.log; then
+if grep -qa "corpus: 70" fuzz_stdout.log; then
     echo "Fuzzer is working"
 else
     echo "Fuzzer does not generate any testcases or any crashes"

fuzzers/frida_libpng/src/fuzzer.rs

@@ -140,7 +140,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
                         // RNG
                         StdRand::with_seed(current_nanos()),
                         // Corpus that will be evolved, we keep it in memory for performance
-                        CachedOnDiskCorpus::no_meta(PathBuf::from("./corpus_discovered"), 64)
+                        CachedOnDiskCorpus::no_meta(PathBuf::from("./corpus_discovered"), 4)
                             .unwrap(),
                         // Corpus in which we store solutions (crashes in this example),
                         // on disk so the user can get them after stopping the fuzzer
@@ -256,7 +256,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
                         // RNG
                         StdRand::with_seed(current_nanos()),
                         // Corpus that will be evolved, we keep it in memory for performance
-                        CachedOnDiskCorpus::no_meta(PathBuf::from("./corpus_discovered"), 64)
+                        CachedOnDiskCorpus::no_meta(PathBuf::from("./corpus_discovered"), 4)
                             .unwrap(),
                         // Corpus in which we store solutions (crashes in this example),
                         // on disk so the user can get them after stopping the fuzzer
@@ -386,7 +386,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
                         // RNG
                         StdRand::with_seed(current_nanos()),
                         // Corpus that will be evolved, we keep it in memory for performance
-                        CachedOnDiskCorpus::no_meta(PathBuf::from("./corpus_discovered"), 64)
+                        CachedOnDiskCorpus::no_meta(PathBuf::from("./corpus_discovered"), 4)
                             .unwrap(),
                         // Corpus in which we store solutions (crashes in this example),
                         // on disk so the user can get them after stopping the fuzzer

libafl/src/corpus/cached.rs

@@ -45,20 +45,14 @@ where
         &'a self,
         testcase: &'a RefCell<Testcase<I>>,
         idx: CorpusId,
-        is_disabled: bool,
     ) -> Result<(), Error> {
         if testcase.borrow().input().is_none() {
             self.load_input_into(&mut testcase.borrow_mut())?;
             let mut borrowed_num = 0;
             while self.cached_indexes.borrow().len() >= self.cache_max_len {
                 let removed = self.cached_indexes.borrow_mut().pop_front().unwrap();
-                if let Ok(mut borrowed) = if is_disabled {
-                    self.inner.get_from_all(removed)
-                } else {
-                    self.inner.get(removed)
-                }?
-                .try_borrow_mut()
-                {
+
+                if let Ok(mut borrowed) = self.inner.get_from_all(removed)?.try_borrow_mut() {
                     *borrowed.input_mut() = None;
                 } else {
                     self.cached_indexes.borrow_mut().push_back(removed);
@@ -125,14 +119,14 @@ where
     #[inline]
     fn get(&self, idx: CorpusId) -> Result<&RefCell<Testcase<I>>, Error> {
         let testcase = { self.inner.get(idx)? };
-        self.cache_testcase(testcase, idx, false)?;
+        self.cache_testcase(testcase, idx)?;
         Ok(testcase)
     }
     /// Get by id; considers both enabled and disabled testcases
     #[inline]
     fn get_from_all(&self, idx: CorpusId) -> Result<&RefCell<Testcase<Self::Input>>, Error> {
         let testcase = { self.inner.get_from_all(idx)? };
-        self.cache_testcase(testcase, idx, true)?;
+        self.cache_testcase(testcase, idx)?;
         Ok(testcase)
     }
 

libafl_bolts/src/os/unix_shmem_server.rs

@@ -179,7 +179,7 @@ where
     /// Connect to the server and return a new [`ServedShMemProvider`]
     /// Will try to spawn a [`ShMemService`]. This will only work for the first try.
     fn new() -> Result<Self, Error> {
-        // Needed for MacOS and Android to get sharedmaps working.
+        // Needed for `MacOS` and Android to get sharedmaps working.
         let service = ShMemService::<SP>::start();
 
         let mut res = Self {

libafl_cc/src/clang.rs

@@ -278,7 +278,7 @@ impl ToolWrapper for ClangWrapper {
         if linking {
             new_args.push("-lrt".into());
         }
-        // MacOS has odd linker behavior sometimes
+        // `MacOS` has odd linker behavior sometimes
         #[cfg(target_vendor = "apple")]
         if linking || shared {
             new_args.push("-undefined".into());