SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:AFLplusplus/libAFLrs into main

Browse Source
This commit is contained in:
Andrea Fioraldi 2021-02-11 15:44:31 +01:00
commit 35b7f9364a
2 changed files with 16 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
afl/src/events/mod.rs
View File

@ -942,14 +942,12 @@ where
// We start ourself as child process to actually fuzz // We start ourself as child process to actually fuzz
if std::env::var(_ENV_FUZZER_SENDER).is_err() { if std::env::var(_ENV_FUZZER_SENDER).is_err() {
mgr = LlmpEventManager::<I, SH, ST>::new_on_port(stats, broker_port)?; mgr = LlmpEventManager::<I, SH, ST>::new_on_port(stats, broker_port)?;
if mgr.is_broker() { if mgr.is_broker() {
// Yep, broker. Just loop here. // Yep, broker. Just loop here.
println!("Doing broker things. Run this tool again to start fuzzing in a client."); println!("Doing broker things. Run this tool again to start fuzzing in a client.");
mgr.broker_loop()?; mgr.broker_loop()?;
} else { } else {
mgr.to_env(_ENV_FUZZER_BROKER_CLIENT_INITIAL); mgr.to_env(_ENV_FUZZER_BROKER_CLIENT_INITIAL);
// First, create a channel from the fuzzer (sender) to us (receiver) to report its state for restarts. // First, create a channel from the fuzzer (sender) to us (receiver) to report its state for restarts.
@ -975,7 +973,6 @@ where
todo!("Fix this"); todo!("Fix this");
} }
} }
} }
} }

37
fuzzers/libfuzzer_libpng/src/mod.rs
View File

@ -8,10 +8,10 @@ use clap::{App, Arg};
use std::{env, path::PathBuf}; use std::{env, path::PathBuf};
use afl::{ use afl::{
bolts::{tuples::tuple_list, shmem::AflShmem}, bolts::{shmem::AflShmem, tuples::tuple_list},
corpus::{Corpus, InMemoryCorpus}, corpus::{Corpus, InMemoryCorpus},
events::setup_restarting_mgr, events::setup_restarting_mgr,
events::{SimpleStats}, events::SimpleStats,
executors::{inprocess::InProcessExecutor, Executor, ExitKind}, executors::{inprocess::InProcessExecutor, Executor, ExitKind},
feedbacks::MaxMapFeedback, feedbacks::MaxMapFeedback,
inputs::Input, inputs::Input,
@ -119,28 +119,24 @@ fn fuzz(input: Option<Vec<PathBuf>>, broker_port: u16) -> Result<(), AflError> {
let mut rand = StdRand::new(0); let mut rand = StdRand::new(0);
// 'While the stats are state, they are usually used in the broker - which is likely never restarted // 'While the stats are state, they are usually used in the broker - which is likely never restarted
let stats = SimpleStats::new(|s| println!("{}", s)); let stats = SimpleStats::new(|s| println!("{}", s));
// The restarting state will spawn the same process again as child, then restartet it each time it crashes. // The restarting state will spawn the same process again as child, then restartet it each time it crashes.
let (state_opt, mut restarting_mgr) = let (state, mut restarting_mgr) =
setup_restarting_mgr::<_, _, _, _, AflShmem, _>(stats, broker_port).expect("Failed to setup the restarter".into()); setup_restarting_mgr::<_, _, _, _, AflShmem, _>(stats, broker_port)
.expect("Failed to setup the restarter".into());
let edges_observer = let edges_observer =
StdMapObserver::new_from_ptr(&NAME_COV_MAP, unsafe { __lafl_edges_map }, unsafe { StdMapObserver::new_from_ptr(&NAME_COV_MAP, unsafe { __lafl_edges_map }, unsafe {
__lafl_max_edges_size as usize __lafl_max_edges_size as usize
}); });
let mut state = match state_opt { let mut state = state.unwrap_or(State::new(
Some(s) => s, InMemoryCorpus::new(),
None => { tuple_list!(MaxMapFeedback::new_with_observer(
State::new( &NAME_COV_MAP,
InMemoryCorpus::new(), &edges_observer
tuple_list!(MaxMapFeedback::new_with_observer( )),
&NAME_COV_MAP, ));
&edges_observer
)),
)
},
};
println!("We're a client, let's fuzz :)"); println!("We're a client, let's fuzz :)");
@ -149,7 +145,6 @@ fn fuzz(input: Option<Vec<PathBuf>>, broker_port: u16) -> Result<(), AflError> {
let stage = StdMutationalStage::new(mutator); let stage = StdMutationalStage::new(mutator);
let mut fuzzer = StdFuzzer::new(tuple_list!(stage)); let mut fuzzer = StdFuzzer::new(tuple_list!(stage));
// Create the executor // Create the executor
let mut executor = InProcessExecutor::new( let mut executor = InProcessExecutor::new(
"Libfuzzer", "Libfuzzer",