SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

LibAFL_QEMU: Don't require extra_tokens. (#2576)

Browse Source 
Co-authored-by: Romain Malmain <romain.malmain@pm.me>
This commit is contained in:
Dominik Maier 2024-10-07 13:39:55 +02:00 committed by GitHub
parent 1fbb18cb99
commit 27677a6461
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 24 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
fuzzers/binary_only/qemu_launcher/src/client.rs
View File

@ -153,8 +153,6 @@ impl<'a> Client<'a> {
} }
}); });
let extra_tokens = injection_module.as_ref().map(|h| h.tokens.clone());
qemu.entry_break(start_pc); qemu.entry_break(start_pc);
let ret_addr: GuestAddr = qemu let ret_addr: GuestAddr = qemu
@ -169,7 +167,12 @@ impl<'a> Client<'a> {
.address_filter(self.coverage_filter(&qemu)?) .address_filter(self.coverage_filter(&qemu)?)
.build(); .build();
let instance = Instance::builder() let extra_tokens = injection_module
.as_ref()
.map(|h| h.tokens.clone())
.unwrap_or_default();
let instance_builder = Instance::builder()
.options(self.options) .options(self.options)
.qemu(&qemu) .qemu(&qemu)
.mgr(mgr) .mgr(mgr)
@ -178,7 +181,7 @@ impl<'a> Client<'a> {
if is_asan && is_cmplog { if is_asan && is_cmplog {
if let Some(injection_module) = injection_module { if let Some(injection_module) = injection_module {
instance.build().run( instance_builder.build().run(
tuple_list!( tuple_list!(
edge_coverage_module, edge_coverage_module,
CmpLogModule::default(), CmpLogModule::default(),
@ -188,7 +191,7 @@ impl<'a> Client<'a> {
state, state,
) )
} else { } else {
instance.build().run( instance_builder.build().run(
tuple_list!( tuple_list!(
edge_coverage_module, edge_coverage_module,
CmpLogModule::default(), CmpLogModule::default(),
@ -199,7 +202,7 @@ impl<'a> Client<'a> {
} }
} else if is_asan_guest && is_cmplog { } else if is_asan_guest && is_cmplog {
if let Some(injection_module) = injection_module { if let Some(injection_module) = injection_module {
instance.build().run( instance_builder.build().run(
tuple_list!( tuple_list!(
edge_coverage_module, edge_coverage_module,
CmpLogModule::default(), CmpLogModule::default(),
@ -209,7 +212,7 @@ impl<'a> Client<'a> {
state, state,
) )
} else { } else {
instance.build().run( instance_builder.build().run(
tuple_list!( tuple_list!(
edge_coverage_module, edge_coverage_module,
CmpLogModule::default(), CmpLogModule::default(),
@ -220,7 +223,7 @@ impl<'a> Client<'a> {
} }
} else if is_asan { } else if is_asan {
if let Some(injection_module) = injection_module { if let Some(injection_module) = injection_module {
instance.build().run( instance_builder.build().run(
tuple_list!( tuple_list!(
edge_coverage_module, edge_coverage_module,
AsanModule::default(asan.take().unwrap()), AsanModule::default(asan.take().unwrap()),
@ -229,7 +232,7 @@ impl<'a> Client<'a> {
state, state,
) )
} else { } else {
instance.build().run( instance_builder.build().run(
tuple_list!( tuple_list!(
edge_coverage_module, edge_coverage_module,
AsanModule::default(asan.take().unwrap()), AsanModule::default(asan.take().unwrap()),
@ -242,10 +245,10 @@ impl<'a> Client<'a> {
edge_coverage_module, edge_coverage_module,
AsanGuestModule::default(&qemu, asan_lib.take().unwrap()) AsanGuestModule::default(&qemu, asan_lib.take().unwrap())
); );
instance.build().run(modules, state) instance_builder.build().run(modules, state)
} else if is_cmplog { } else if is_cmplog {
if let Some(injection_module) = injection_module { if let Some(injection_module) = injection_module {
instance.build().run( instance_builder.build().run(
tuple_list!( tuple_list!(
edge_coverage_module, edge_coverage_module,
CmpLogModule::default(), CmpLogModule::default(),
@ -254,17 +257,17 @@ impl<'a> Client<'a> {
state, state,
) )
} else { } else {
instance.build().run( instance_builder.build().run(
tuple_list!(edge_coverage_module, CmpLogModule::default()), tuple_list!(edge_coverage_module, CmpLogModule::default()),
state, state,
) )
} }
} else if let Some(injection_module) = injection_module { } else if let Some(injection_module) = injection_module {
instance instance_builder
.build() .build()
.run(tuple_list!(edge_coverage_module, injection_module), state) .run(tuple_list!(edge_coverage_module, injection_module), state)
} else { } else {
instance instance_builder
.build() .build()
.run(tuple_list!(edge_coverage_module), state) .run(tuple_list!(edge_coverage_module), state)
} }

7
fuzzers/binary_only/qemu_launcher/src/instance.rs
View File

@ -64,7 +64,8 @@ pub struct Instance<'a, M: Monitor> {
qemu: &'a Qemu, qemu: &'a Qemu,
mgr: ClientMgr<M>, mgr: ClientMgr<M>,
core_id: CoreId, core_id: CoreId,
extra_tokens: Option<Vec<String>>, #[builder(default)]
extra_tokens: Vec<String>,
#[builder(default=PhantomData)] #[builder(default=PhantomData)]
phantom: PhantomData<M>, phantom: PhantomData<M>,
} }
@ -134,12 +135,10 @@ impl<'a, M: Monitor> Instance<'a, M> {
let mut tokens = Tokens::new(); let mut tokens = Tokens::new();
if let Some(extra_tokens) = &self.extra_tokens { for token in &self.extra_tokens {
for token in extra_tokens {
let bytes = token.as_bytes().to_vec(); let bytes = token.as_bytes().to_vec();
let _ = tokens.add_token(&bytes); let _ = tokens.add_token(&bytes);
} }
}
if let Some(tokenfile) = &self.options.tokens { if let Some(tokenfile) = &self.options.tokens {
tokens.add_from_file(tokenfile)?; tokens.add_from_file(tokenfile)?;

2
libafl_qemu/src/modules/edges.rs
View File

@ -357,6 +357,8 @@ pub struct EdgeCoverageModuleBuilder<AF, PF, V> {
pub struct EdgeCoverageModule<AF, PF, V> { pub struct EdgeCoverageModule<AF, PF, V> {
variant: V, variant: V,
address_filter: AF, address_filter: AF,
// we only use it in system mode at the moment.
#[cfg_attr(not(emulation_mode = "systemmode"), allow(dead_code))]
page_filter: PF, page_filter: PF,
use_hitcounts: bool, use_hitcounts: bool,
use_jit: bool, use_jit: bool,