SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for env_logger for qemu binary only fuzzers (#2817)

Browse Source 
Co-authored-by: Your Name <you@example.com>
This commit is contained in:
WorksButNotTested 2025-01-20 09:46:47 +00:00 committed by GitHub
parent 9a64a53d12
commit 348bfdc7d7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 25 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
fuzzers/binary_only/qemu_cmin/Cargo.toml
View File

@ -31,6 +31,7 @@ vergen-git2 = "1.0.1"
[dependencies] [dependencies]
clap = { version = "4.5.18", features = ["derive", "string"] } clap = { version = "4.5.18", features = ["derive", "string"] }
env_logger = { version = "0.11.5" }
libafl = { path = "../../../libafl" } libafl = { path = "../../../libafl" }
libafl_bolts = { path = "../../../libafl_bolts" } libafl_bolts = { path = "../../../libafl_bolts" }
libafl_qemu = { path = "../../../libafl_qemu", features = ["usermode"] } libafl_qemu = { path = "../../../libafl_qemu", features = ["usermode"] }

13
fuzzers/binary_only/qemu_cmin/src/fuzzer.rs
View File

@ -95,6 +95,7 @@ pub struct FuzzerOptions {
pub const MAX_INPUT_SIZE: usize = 1048576; // 1MB pub const MAX_INPUT_SIZE: usize = 1048576; // 1MB
pub fn fuzz() -> Result<(), Error> { pub fn fuzz() -> Result<(), Error> {
env_logger::init();
let mut options = FuzzerOptions::parse(); let mut options = FuzzerOptions::parse();
let corpus_dir = PathBuf::from(options.input); let corpus_dir = PathBuf::from(options.input);
@ -107,10 +108,10 @@ pub fn fuzz() -> Result<(), Error> {
.expect("Failed to read dir entry"); .expect("Failed to read dir entry");
let program = env::args().next().unwrap(); let program = env::args().next().unwrap();
log::debug!("Program: {program:}"); log::info!("Program: {program:}");
options.args.insert(0, program); options.args.insert(0, program);
log::debug!("ARGS: {:#?}", options.args); log::info!("ARGS: {:#?}", options.args);
env::remove_var("LD_LIBRARY_PATH"); env::remove_var("LD_LIBRARY_PATH");
@ -145,21 +146,21 @@ pub fn fuzz() -> Result<(), Error> {
let test_one_input_ptr = elf let test_one_input_ptr = elf
.resolve_symbol("LLVMFuzzerTestOneInput", qemu.load_addr()) .resolve_symbol("LLVMFuzzerTestOneInput", qemu.load_addr())
.expect("Symbol LLVMFuzzerTestOneInput not found"); .expect("Symbol LLVMFuzzerTestOneInput not found");
log::debug!("LLVMFuzzerTestOneInput @ {test_one_input_ptr:#x}"); log::info!("LLVMFuzzerTestOneInput @ {test_one_input_ptr:#x}");
qemu.entry_break(test_one_input_ptr); qemu.entry_break(test_one_input_ptr);
let pc: GuestReg = qemu.read_reg(Regs::Pc).unwrap(); let pc: GuestReg = qemu.read_reg(Regs::Pc).unwrap();
log::debug!("Break at {pc:#x}"); log::info!("Break at {pc:#x}");
let ret_addr: GuestAddr = qemu.read_return_address().unwrap(); let ret_addr: GuestAddr = qemu.read_return_address().unwrap();
log::debug!("Return address = {ret_addr:#x}"); log::info!("Return address = {ret_addr:#x}");
qemu.set_breakpoint(ret_addr); qemu.set_breakpoint(ret_addr);
let input_addr = qemu let input_addr = qemu
.map_private(0, MAX_INPUT_SIZE, MmapPerms::ReadWrite) .map_private(0, MAX_INPUT_SIZE, MmapPerms::ReadWrite)
.unwrap(); .unwrap();
log::debug!("Placing input at {input_addr:#x}"); log::info!("Placing input at {input_addr:#x}");
let stack_ptr: GuestAddr = qemu.read_reg(Regs::Sp).unwrap(); let stack_ptr: GuestAddr = qemu.read_reg(Regs::Sp).unwrap();

1
fuzzers/binary_only/qemu_coverage/Cargo.toml
View File

@ -31,6 +31,7 @@ vergen-git2 = "1.0.1"
[dependencies] [dependencies]
clap = { version = "4.5.18", features = ["derive", "string"] } clap = { version = "4.5.18", features = ["derive", "string"] }
env_logger = { version = "0.11.5" }
libafl = { path = "../../../libafl" } libafl = { path = "../../../libafl" }
libafl_bolts = { path = "../../../libafl_bolts" } libafl_bolts = { path = "../../../libafl_bolts" }
libafl_qemu = { path = "../../../libafl_qemu", features = ["usermode"] } libafl_qemu = { path = "../../../libafl_qemu", features = ["usermode"] }

19
fuzzers/binary_only/qemu_coverage/src/fuzzer.rs
View File

@ -101,6 +101,7 @@ pub struct FuzzerOptions {
pub const MAX_INPUT_SIZE: usize = 1048576; // 1MB pub const MAX_INPUT_SIZE: usize = 1048576; // 1MB
pub fn fuzz() { pub fn fuzz() {
env_logger::init();
let mut options = FuzzerOptions::parse(); let mut options = FuzzerOptions::parse();
let corpus_files = options let corpus_files = options
@ -115,10 +116,10 @@ pub fn fuzz() {
let files_per_core = (num_files as f64 / num_cores as f64).ceil() as usize; let files_per_core = (num_files as f64 / num_cores as f64).ceil() as usize;
let program = env::args().next().unwrap(); let program = env::args().next().unwrap();
log::debug!("Program: {program:}"); log::info!("Program: {program:}");
options.args.insert(0, program); options.args.insert(0, program);
log::debug!("ARGS: {:#?}", options.args); log::info!("ARGS: {:#?}", options.args);
env::remove_var("LD_LIBRARY_PATH"); env::remove_var("LD_LIBRARY_PATH");
@ -146,12 +147,12 @@ pub fn fuzz() {
let test_one_input_ptr = elf let test_one_input_ptr = elf
.resolve_symbol("LLVMFuzzerTestOneInput", qemu.load_addr()) .resolve_symbol("LLVMFuzzerTestOneInput", qemu.load_addr())
.expect("Symbol LLVMFuzzerTestOneInput not found"); .expect("Symbol LLVMFuzzerTestOneInput not found");
log::debug!("LLVMFuzzerTestOneInput @ {test_one_input_ptr:#x}"); log::info!("LLVMFuzzerTestOneInput @ {test_one_input_ptr:#x}");
qemu.entry_break(test_one_input_ptr); qemu.entry_break(test_one_input_ptr);
for m in qemu.mappings() { for m in qemu.mappings() {
log::debug!( log::info!(
"Mapping: 0x{:016x}-0x{:016x}, {}", "Mapping: 0x{:016x}-0x{:016x}, {}",
m.start(), m.start(),
m.end(), m.end(),
@ -160,17 +161,17 @@ pub fn fuzz() {
} }
let pc: GuestReg = qemu.read_reg(Regs::Pc).unwrap(); let pc: GuestReg = qemu.read_reg(Regs::Pc).unwrap();
log::debug!("Break at {pc:#x}"); log::info!("Break at {pc:#x}");
let ret_addr: GuestAddr = qemu.read_return_address().unwrap(); let ret_addr: GuestAddr = qemu.read_return_address().unwrap();
log::debug!("Return address = {ret_addr:#x}"); log::info!("Return address = {ret_addr:#x}");
qemu.set_breakpoint(ret_addr); qemu.set_breakpoint(ret_addr);
let input_addr = qemu let input_addr = qemu
.map_private(0, MAX_INPUT_SIZE, MmapPerms::ReadWrite) .map_private(0, MAX_INPUT_SIZE, MmapPerms::ReadWrite)
.unwrap(); .unwrap();
log::debug!("Placing input at {input_addr:#x}"); log::info!("Placing input at {input_addr:#x}");
let stack_ptr: GuestAddr = qemu.read_reg(Regs::Sp).unwrap(); let stack_ptr: GuestAddr = qemu.read_reg(Regs::Sp).unwrap();
@ -267,10 +268,10 @@ pub fn fuzz() {
println!("Failed to load initial corpus at {:?}", &options.input_dir); println!("Failed to load initial corpus at {:?}", &options.input_dir);
process::exit(0); process::exit(0);
}); });
log::debug!("We imported {} inputs from disk.", state.corpus().count()); log::info!("We imported {} inputs from disk.", state.corpus().count());
} }
log::debug!("Processed {} inputs from disk.", files.len()); log::info!("Processed {} inputs from disk.", files.len());
mgr.send_exiting()?; mgr.send_exiting()?;
Err(Error::ShuttingDown)? Err(Error::ShuttingDown)?

1
fuzzers/binary_only/qemu_launcher/Cargo.toml
View File

@ -42,6 +42,7 @@ vergen-git2 = "1.0.1"
[dependencies] [dependencies]
clap = { version = "4.5.18", features = ["derive", "string"] } clap = { version = "4.5.18", features = ["derive", "string"] }
env_logger = { version = "0.11.5" }
libafl = { path = "../../../libafl", features = ["tui_monitor"] } libafl = { path = "../../../libafl", features = ["tui_monitor"] }
libafl_bolts = { path = "../../../libafl_bolts", features = [ libafl_bolts = { path = "../../../libafl_bolts", features = [
"errors_backtrace", "errors_backtrace",

4
fuzzers/binary_only/qemu_launcher/src/client.rs
View File

@ -60,11 +60,11 @@ impl Client<'_> {
let core_id = client_description.core_id(); let core_id = client_description.core_id();
let mut args = self.args()?; let mut args = self.args()?;
Harness::edit_args(&mut args); Harness::edit_args(&mut args);
log::debug!("ARGS: {:#?}", args); log::info!("ARGS: {:#?}", args);
let mut env = self.env(); let mut env = self.env();
Harness::edit_env(&mut env); Harness::edit_env(&mut env);
log::debug!("ENV: {:#?}", env); log::info!("ENV: {:#?}", env);
let is_asan = self.options.is_asan_core(core_id); let is_asan = self.options.is_asan_core(core_id);
let is_asan_guest = self.options.is_asan_guest_core(core_id); let is_asan_guest = self.options.is_asan_guest_core(core_id);

1
fuzzers/binary_only/qemu_launcher/src/fuzzer.rs
View File

@ -34,6 +34,7 @@ pub struct Fuzzer {
impl Fuzzer { impl Fuzzer {
pub fn new() -> Fuzzer { pub fn new() -> Fuzzer {
env_logger::init();
let options = FuzzerOptions::parse(); let options = FuzzerOptions::parse();
options.validate(); options.validate();
Fuzzer { options } Fuzzer { options }

4
fuzzers/binary_only/qemu_launcher/src/harness.rs
View File

@ -43,14 +43,14 @@ impl Harness {
/// Initialize the emulator, run to the entrypoint (or jump there) and return the [`Harness`] struct /// Initialize the emulator, run to the entrypoint (or jump there) and return the [`Harness`] struct
pub fn init(qemu: Qemu) -> Result<Harness, Error> { pub fn init(qemu: Qemu) -> Result<Harness, Error> {
let start_pc = Self::start_pc(qemu)?; let start_pc = Self::start_pc(qemu)?;
log::debug!("start_pc @ {start_pc:#x}"); log::info!("start_pc @ {start_pc:#x}");
qemu.entry_break(start_pc); qemu.entry_break(start_pc);
let ret_addr: GuestAddr = qemu let ret_addr: GuestAddr = qemu
.read_return_address() .read_return_address()
.map_err(|e| Error::unknown(format!("Failed to read return address: {e:?}")))?; .map_err(|e| Error::unknown(format!("Failed to read return address: {e:?}")))?;
log::debug!("ret_addr = {ret_addr:#x}"); log::info!("ret_addr = {ret_addr:#x}");
qemu.set_breakpoint(ret_addr); qemu.set_breakpoint(ret_addr);
let input_addr = qemu let input_addr = qemu