SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nightly clippy fixes (#155)

Browse Source 
* nightly clippy fixes

* more niglty clippy fixes

* added Safety section

* no_std fixes

* final fixes
This commit is contained in:
Dominik Maier 2021-06-07 12:30:56 +02:00 committed by GitHub
parent 35e655ca04
commit 36b823548a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 125 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fuzzers/frida_libpng/src/fuzzer.rs
View File

@ -273,7 +273,7 @@ fn fuzz(
/// The actual fuzzer /// The actual fuzzer
#[cfg(unix)] #[cfg(unix)]
#[allow(clippy::too_many_lines, clippy::clippy::too_many_arguments)] #[allow(clippy::too_many_lines, clippy::too_many_arguments)]
unsafe fn fuzz( unsafe fn fuzz(
module_name: &str, module_name: &str,
symbol_name: &str, symbol_name: &str,

4
libafl/src/bolts/compress.rs
View File

@ -32,7 +32,7 @@ impl GzipCompressor {
//compress if the buffer is large enough //compress if the buffer is large enough
let compressed = buf let compressed = buf
.iter() .iter()
.cloned() .copied()
.encode(&mut GZipEncoder::new(), Action::Finish) .encode(&mut GZipEncoder::new(), Action::Finish)
.collect::<Result<Vec<_>, _>>()?; .collect::<Result<Vec<_>, _>>()?;
Ok(Some(compressed)) Ok(Some(compressed))
@ -47,7 +47,7 @@ impl GzipCompressor {
pub fn decompress(&self, buf: &[u8]) -> Result<Vec<u8>, Error> { pub fn decompress(&self, buf: &[u8]) -> Result<Vec<u8>, Error> {
Ok(buf Ok(buf
.iter() .iter()
.cloned() .copied()
.decode(&mut GZipDecoder::new()) .decode(&mut GZipDecoder::new())
.collect::<Result<Vec<_>, _>>()?) .collect::<Result<Vec<_>, _>>()?)
} }

2
libafl/src/bolts/launcher.rs
View File

@ -236,4 +236,4 @@ where
} }
} }
const _AFL_LAUNCHER_CLIENT: &str = &"AFL_LAUNCHER_CLIENT"; const _AFL_LAUNCHER_CLIENT: &str = "AFL_LAUNCHER_CLIENT";

57
libafl/src/bolts/llmp.rs
View File

@ -280,12 +280,14 @@ impl Listener {
/// Get sharedmem from a page /// Get sharedmem from a page
#[inline] #[inline]
#[allow(clippy::cast_ptr_alignment)]
unsafe fn shmem2page_mut<SHM: ShMem>(afl_shmem: &mut SHM) -> *mut LlmpPage { unsafe fn shmem2page_mut<SHM: ShMem>(afl_shmem: &mut SHM) -> *mut LlmpPage {
afl_shmem.map_mut().as_mut_ptr() as *mut LlmpPage afl_shmem.map_mut().as_mut_ptr() as *mut LlmpPage
} }
/// Get sharedmem from a page /// Get sharedmem from a page
#[inline] #[inline]
#[allow(clippy::cast_ptr_alignment)]
unsafe fn shmem2page<SHM: ShMem>(afl_shmem: &SHM) -> *const LlmpPage { unsafe fn shmem2page<SHM: ShMem>(afl_shmem: &SHM) -> *const LlmpPage {
afl_shmem.map().as_ptr() as *const LlmpPage afl_shmem.map().as_ptr() as *const LlmpPage
} }
@ -459,7 +461,9 @@ unsafe fn llmp_next_msg_ptr_checked<SHM: ShMem>(
} }
/// Pointer to the message behind the last message /// Pointer to the message behind the last message
/// The messages are padded, so accesses will be aligned properly.
#[inline] #[inline]
#[allow(clippy::cast_ptr_alignment)]
unsafe fn _llmp_next_msg_ptr(last_msg: *const LlmpMsg) -> *mut LlmpMsg { unsafe fn _llmp_next_msg_ptr(last_msg: *const LlmpMsg) -> *mut LlmpMsg {
/* DBG("_llmp_next_msg_ptr %p %lu + %lu\n", last_msg, last_msg->buf_len_padded, sizeof(llmp_message)); */ /* DBG("_llmp_next_msg_ptr %p %lu + %lu\n", last_msg, last_msg->buf_len_padded, sizeof(llmp_message)); */
(last_msg as *mut u8) (last_msg as *mut u8)
@ -488,7 +492,7 @@ pub enum LlmpMsgHookResult {
/// Message sent over the "wire" /// Message sent over the "wire"
#[derive(Copy, Clone, Debug)] #[derive(Copy, Clone, Debug)]
#[repr(C, packed)] #[repr(C)]
pub struct LlmpMsg { pub struct LlmpMsg {
/// A tag /// A tag
pub tag: Tag, //u32 pub tag: Tag, //u32
@ -620,7 +624,7 @@ where
pub fn describe(&self) -> Result<LlmpClientDescription, Error> { pub fn describe(&self) -> Result<LlmpClientDescription, Error> {
Ok(match self { Ok(match self {
LlmpConnection::IsClient { client } => client.describe()?, LlmpConnection::IsClient { client } => client.describe()?,
_ => todo!("Only client can be described atm."), LlmpConnection::IsBroker { .. } => todo!("Only client can be described atm."),
}) })
} }
@ -653,7 +657,7 @@ where
/// Contents of the share mem pages, used by llmp internally /// Contents of the share mem pages, used by llmp internally
#[derive(Copy, Clone, Debug)] #[derive(Copy, Clone, Debug)]
#[repr(C, packed)] #[repr(C)]
pub struct LlmpPage { pub struct LlmpPage {
/// to check if this page got initialized properly /// to check if this page got initialized properly
pub magic: u64, pub magic: u64,
@ -682,7 +686,7 @@ pub struct LlmpPage {
/// This is an internal message! /// This is an internal message!
/// [`LLMP_TAG_END_OF_PAGE_V1`] /// [`LLMP_TAG_END_OF_PAGE_V1`]
#[derive(Copy, Clone, Debug)] #[derive(Copy, Clone, Debug)]
#[repr(C, packed)] #[repr(C)]
struct LlmpPayloadSharedMapInfo { struct LlmpPayloadSharedMapInfo {
/// The map size /// The map size
pub map_size: usize, pub map_size: usize,
@ -1023,6 +1027,7 @@ where
* to consume */ * to consume */
let out = self.alloc_eop()?; let out = self.alloc_eop()?;
#[allow(clippy::cast_ptr_alignment)]
let mut end_of_page_msg = (*out).buf.as_mut_ptr() as *mut LlmpPayloadSharedMapInfo; let mut end_of_page_msg = (*out).buf.as_mut_ptr() as *mut LlmpPayloadSharedMapInfo;
(*end_of_page_msg).map_size = new_map_shmem.shmem.len(); (*end_of_page_msg).map_size = new_map_shmem.shmem.len();
(*end_of_page_msg).shm_str = *new_map_shmem.shmem.id().as_slice(); (*end_of_page_msg).shm_str = *new_map_shmem.shmem.id().as_slice();
@ -1080,11 +1085,24 @@ where
} }
/// Shrinks the allocated [`LlmpMsg`] to a given size. /// Shrinks the allocated [`LlmpMsg`] to a given size.
///
/// # Safety
/// The msg pointer will be dereferenced, if it's not `null`.
pub unsafe fn shrink_alloced( pub unsafe fn shrink_alloced(
&mut self, &mut self,
msg: *mut LlmpMsg, msg: *mut LlmpMsg,
shrinked_len: usize, shrinked_len: usize,
) -> Result<(), Error> { ) -> Result<(), Error> {
if msg.is_null() {
return Err(Error::IllegalArgument(
"Null msg passed to shrink_alloced".into(),
));
} else if !self.has_unsent_message {
return Err(Error::IllegalState(
"Called shrink_alloced, but the msg was not unsent".into(),
));
}
let old_len_padded = (*msg).buf_len_padded; let old_len_padded = (*msg).buf_len_padded;
let msg_start = msg as usize; let msg_start = msg as usize;
@ -1303,6 +1321,7 @@ where
size_of::<LlmpPayloadSharedMapInfo>() size_of::<LlmpPayloadSharedMapInfo>()
); );
} }
#[allow(clippy::cast_ptr_alignment)]
let pageinfo = (*msg).buf.as_mut_ptr() as *mut LlmpPayloadSharedMapInfo; let pageinfo = (*msg).buf.as_mut_ptr() as *mut LlmpPayloadSharedMapInfo;
/* The pageinfo points to the map we're about to unmap. /* The pageinfo points to the map we're about to unmap.
@ -1355,7 +1374,7 @@ where
if (*last_msg).tag == LLMP_TAG_END_OF_PAGE && !llmp_msg_in_page(page, last_msg) { if (*last_msg).tag == LLMP_TAG_END_OF_PAGE && !llmp_msg_in_page(page, last_msg) {
panic!("BUG: full page passed to await_message_blocking or reset failed"); panic!("BUG: full page passed to await_message_blocking or reset failed");
} }
current_msg_id = (*last_msg).message_id current_msg_id = (*last_msg).message_id;
} }
loop { loop {
compiler_fence(Ordering::SeqCst); compiler_fence(Ordering::SeqCst);
@ -1557,18 +1576,19 @@ where
#[cfg(feature = "std")] #[cfg(feature = "std")]
pub unsafe fn msg_to_env(&self, msg: *const LlmpMsg, map_env_name: &str) -> Result<(), Error> { pub unsafe fn msg_to_env(&self, msg: *const LlmpMsg, map_env_name: &str) -> Result<(), Error> {
if msg.is_null() { if msg.is_null() {
env::set_var(&format!("{}_OFFSET", map_env_name), _NULL_ENV_STR) env::set_var(&format!("{}_OFFSET", map_env_name), _NULL_ENV_STR);
} else { } else {
env::set_var( env::set_var(
&format!("{}_OFFSET", map_env_name), &format!("{}_OFFSET", map_env_name),
format!("{}", self.msg_to_offset(msg)?), format!("{}", self.msg_to_offset(msg)?),
) );
}; }
Ok(()) Ok(())
} }
/// Gets this message from this page, at the indicated offset. /// Gets this message from this page, at the indicated offset.
/// Will return [`crate::Error::IllegalArgument`] error if the offset is out of bounds. /// Will return [`crate::Error::IllegalArgument`] error if the offset is out of bounds.
#[allow(clippy::cast_ptr_alignment)]
pub fn msg_from_offset(&mut self, offset: u64) -> Result<*mut LlmpMsg, Error> { pub fn msg_from_offset(&mut self, offset: u64) -> Result<*mut LlmpMsg, Error> {
let offset = offset as usize; let offset = offset as usize;
unsafe { unsafe {
@ -1616,7 +1636,9 @@ pub struct LlmpBrokerSignalHandler {
#[cfg(unix)] #[cfg(unix)]
impl Handler for LlmpBrokerSignalHandler { impl Handler for LlmpBrokerSignalHandler {
fn handle(&mut self, _signal: Signal, _info: siginfo_t, _context: &mut ucontext_t) { fn handle(&mut self, _signal: Signal, _info: siginfo_t, _context: &mut ucontext_t) {
unsafe { ptr::write_volatile(&mut self.shutting_down, true) }; unsafe {
ptr::write_volatile(&mut self.shutting_down, true);
}
} }
fn signals(&self) -> Vec<Signal> { fn signals(&self) -> Vec<Signal> {
@ -1762,8 +1784,8 @@ where
(*out).buf_len_padded = actual_size; (*out).buf_len_padded = actual_size;
/* We need to replace the message ID with our own */ /* We need to replace the message ID with our own */
if let Err(e) = self.llmp_out.send(out, false) { if let Err(e) = self.llmp_out.send(out, false) {
panic!("Error sending msg: {:?}", e) panic!("Error sending msg: {:?}", e);
}; }
self.llmp_out.last_msg_sent = out; self.llmp_out.last_msg_sent = out;
Ok(()) Ok(())
} }
@ -1820,8 +1842,8 @@ where
#[cfg(feature = "std")] #[cfg(feature = "std")]
if let Some(time) = sleep_time { if let Some(time) = sleep_time {
thread::sleep(time) thread::sleep(time);
}; }
#[cfg(not(feature = "std"))] #[cfg(not(feature = "std"))]
match sleep_time { match sleep_time {
@ -1869,6 +1891,7 @@ where
.alloc_next(size_of::<LlmpPayloadSharedMapInfo>()) .alloc_next(size_of::<LlmpPayloadSharedMapInfo>())
.expect("Could not allocate a new message in shared map."); .expect("Could not allocate a new message in shared map.");
(*msg).tag = LLMP_TAG_NEW_SHM_CLIENT; (*msg).tag = LLMP_TAG_NEW_SHM_CLIENT;
#[allow(clippy::cast_ptr_alignment)]
let pageinfo = (*msg).buf.as_mut_ptr() as *mut LlmpPayloadSharedMapInfo; let pageinfo = (*msg).buf.as_mut_ptr() as *mut LlmpPayloadSharedMapInfo;
(*pageinfo).shm_str = *shmem_description.id.as_slice(); (*pageinfo).shm_str = *shmem_description.id.as_slice();
(*pageinfo).map_size = shmem_description.size; (*pageinfo).map_size = shmem_description.size;
@ -2051,7 +2074,7 @@ where
stream, stream,
shmem_provider, shmem_provider,
*current_client_id, *current_client_id,
&broker_map_description, broker_map_description,
) { ) {
if Self::announce_new_client(sender, &shmem_description).is_err() { if Self::announce_new_client(sender, &shmem_description).is_err() {
println!("B2B: Error announcing client {:?}", shmem_description); println!("B2B: Error announcing client {:?}", shmem_description);
@ -2166,6 +2189,7 @@ where
/// broker broadcast to its own page for all others to read */ /// broker broadcast to its own page for all others to read */
#[inline] #[inline]
#[allow(clippy::cast_ptr_alignment)]
unsafe fn handle_new_msgs<F>(&mut self, client_id: u32, on_new_msg: &mut F) -> Result<(), Error> unsafe fn handle_new_msgs<F>(&mut self, client_id: u32, on_new_msg: &mut F) -> Result<(), Error>
where where
F: FnMut(ClientId, Tag, Flags, &[u8]) -> Result<LlmpMsgHookResult, Error>, F: FnMut(ClientId, Tag, Flags, &[u8]) -> Result<LlmpMsgHookResult, Error>,
@ -2239,8 +2263,8 @@ where
if let LlmpMsgHookResult::Handled = if let LlmpMsgHookResult::Handled =
(on_new_msg)(client_id, (*msg).tag, (*msg).flags, msg_buf)? (on_new_msg)(client_id, (*msg).tag, (*msg).flags, msg_buf)?
{ {
should_forward_msg = false should_forward_msg = false;
}; }
if should_forward_msg { if should_forward_msg {
self.forward_msg(msg)?; self.forward_msg(msg)?;
} }
@ -2421,6 +2445,7 @@ where
.alloc_next(size_of::<LlmpPayloadSharedMapInfo>()) .alloc_next(size_of::<LlmpPayloadSharedMapInfo>())
.expect("Could not allocate a new message in shared map."); .expect("Could not allocate a new message in shared map.");
(*msg).tag = LLMP_TAG_NEW_SHM_CLIENT; (*msg).tag = LLMP_TAG_NEW_SHM_CLIENT;
#[allow(clippy::cast_ptr_alignment)]
let pageinfo = (*msg).buf.as_mut_ptr() as *mut LlmpPayloadSharedMapInfo; let pageinfo = (*msg).buf.as_mut_ptr() as *mut LlmpPayloadSharedMapInfo;
(*pageinfo).shm_str = *shm_str; (*pageinfo).shm_str = *shm_str;
(*pageinfo).map_size = shm_id; (*pageinfo).map_size = shm_id;

6
libafl/src/bolts/os/ashmem_server.rs
View File

@ -329,18 +329,18 @@ impl AshmemService {
let client = self.clients.get_mut(&client_id).unwrap(); let client = self.clients.get_mut(&client_id).unwrap();
client client
.stream .stream
.send_fds(&id.to_string().as_bytes(), &[server_fd])?; .send_fds(id.to_string().as_bytes(), &[server_fd])?;
client.maps.entry(server_fd).or_default().push(mapping); client.maps.entry(server_fd).or_default().push(mapping);
} }
AshmemResponse::Id(id) => { AshmemResponse::Id(id) => {
let client = self.clients.get_mut(&client_id).unwrap(); let client = self.clients.get_mut(&client_id).unwrap();
client.stream.send_fds(&id.to_string().as_bytes(), &[])?; client.stream.send_fds(id.to_string().as_bytes(), &[])?;
} }
AshmemResponse::RefCount(refcount) => { AshmemResponse::RefCount(refcount) => {
let client = self.clients.get_mut(&client_id).unwrap(); let client = self.clients.get_mut(&client_id).unwrap();
client client
.stream .stream
.send_fds(&refcount.to_string().as_bytes(), &[])?; .send_fds(refcount.to_string().as_bytes(), &[])?;
} }
} }
Ok(()) Ok(())

2
libafl/src/bolts/rands.rs
View File

@ -327,7 +327,7 @@ pub struct XkcdRand {
#[cfg(test)] #[cfg(test)]
impl Rand for XkcdRand { impl Rand for XkcdRand {
fn set_seed(&mut self, val: u64) { fn set_seed(&mut self, val: u64) {
self.val = val self.val = val;
} }
fn next(&mut self) -> u64 { fn next(&mut self) -> u64 {

4
libafl/src/bolts/shmem.rs
View File

@ -248,7 +248,7 @@ where
impl<T: ShMemProvider> Drop for RcShMem<T> { impl<T: ShMemProvider> Drop for RcShMem<T> {
fn drop(&mut self) { fn drop(&mut self) {
self.provider.borrow_mut().release_map(&mut self.internal) self.provider.borrow_mut().release_map(&mut self.internal);
} }
} }
@ -303,7 +303,7 @@ where
} }
fn release_map(&mut self, map: &mut Self::Mem) { fn release_map(&mut self, map: &mut Self::Mem) {
self.internal.borrow_mut().release_map(&mut map.internal) self.internal.borrow_mut().release_map(&mut map.internal);
} }
fn clone_ref(&mut self, mapping: &Self::Mem) -> Result<Self::Mem, Error> { fn clone_ref(&mut self, mapping: &Self::Mem) -> Result<Self::Mem, Error> {

24
libafl/src/events/llmp.rs
View File

@ -263,7 +263,7 @@ where
{ {
/// LLMP clients will have to wait until their pages are mapped by somebody. /// LLMP clients will have to wait until their pages are mapped by somebody.
fn drop(&mut self) { fn drop(&mut self) {
self.await_restart_safe() self.await_restart_safe();
} }
} }
@ -332,7 +332,7 @@ where
/// Write the config for a client [`EventManager`] to env vars, a new client can reattach using [`LlmpEventManager::existing_client_from_env()`]. /// Write the config for a client [`EventManager`] to env vars, a new client can reattach using [`LlmpEventManager::existing_client_from_env()`].
#[cfg(feature = "std")] #[cfg(feature = "std")]
pub fn to_env(&self, env_name: &str) { pub fn to_env(&self, env_name: &str) {
self.llmp.to_env(env_name).unwrap() self.llmp.to_env(env_name).unwrap();
} }
// Handle arriving events in the client // Handle arriving events in the client
@ -510,7 +510,7 @@ where
S: DeserializeOwned, S: DeserializeOwned,
SP: ShMemProvider, SP: ShMemProvider,
{ {
let tuple: (S, _) = postcard::from_bytes(&state_corpus_serialized)?; let tuple: (S, _) = postcard::from_bytes(state_corpus_serialized)?;
Ok(( Ok((
tuple.0, tuple.0,
LlmpEventManager::existing_client_from_description(shmem_provider, &tuple.1)?, LlmpEventManager::existing_client_from_description(shmem_provider, &tuple.1)?,
@ -558,13 +558,15 @@ where
/// Otherwise, the OS may already have removed the shared maps, /// Otherwise, the OS may already have removed the shared maps,
#[inline] #[inline]
fn await_restart_safe(&mut self) { fn await_restart_safe(&mut self) {
self.llmp_mgr.await_restart_safe() self.llmp_mgr.await_restart_safe();
} }
/// Reset the single page (we reuse it over and over from pos 0), then send the current state to the next runner. /// Reset the single page (we reuse it over and over from pos 0), then send the current state to the next runner.
fn on_restart(&mut self, state: &mut S) -> Result<(), Error> { fn on_restart(&mut self, state: &mut S) -> Result<(), Error> {
// First, reset the page to 0 so the next iteration can read read from the beginning of this page // First, reset the page to 0 so the next iteration can read read from the beginning of this page
unsafe { self.sender.reset() }; unsafe {
self.sender.reset();
}
let state_corpus_serialized = serialize_state_mgr(state, &self.llmp_mgr)?; let state_corpus_serialized = serialize_state_mgr(state, &self.llmp_mgr)?;
self.sender self.sender
.send_buf(_LLMP_TAG_RESTART, &state_corpus_serialized) .send_buf(_LLMP_TAG_RESTART, &state_corpus_serialized)
@ -598,10 +600,10 @@ where
} }
/// The llmp connection from the actual fuzzer to the process supervising it /// The llmp connection from the actual fuzzer to the process supervising it
const _ENV_FUZZER_SENDER: &str = &"_AFL_ENV_FUZZER_SENDER"; const _ENV_FUZZER_SENDER: &str = "_AFL_ENV_FUZZER_SENDER";
const _ENV_FUZZER_RECEIVER: &str = &"_AFL_ENV_FUZZER_RECEIVER"; const _ENV_FUZZER_RECEIVER: &str = "_AFL_ENV_FUZZER_RECEIVER";
/// The llmp (2 way) connection from a fuzzer to the broker (broadcasting all other fuzzer messages) /// The llmp (2 way) connection from a fuzzer to the broker (broadcasting all other fuzzer messages)
const _ENV_FUZZER_BROKER_CLIENT_INITIAL: &str = &"_AFL_ENV_FUZZER_BROKER_CLIENT"; const _ENV_FUZZER_BROKER_CLIENT_INITIAL: &str = "_AFL_ENV_FUZZER_BROKER_CLIENT";
impl<I, OT, S, SP> LlmpRestartingEventManager<I, OT, S, SP> impl<I, OT, S, SP> LlmpRestartingEventManager<I, OT, S, SP>
where where
@ -881,13 +883,15 @@ where
Some((_sender, _tag, msg)) => { Some((_sender, _tag, msg)) => {
println!("Subsequent run. Let's load all data from shmem (received {} bytes from previous instance)", msg.len()); println!("Subsequent run. Let's load all data from shmem (received {} bytes from previous instance)", msg.len());
let (state, mgr): (S, LlmpEventManager<I, OT, S, SP>) = let (state, mgr): (S, LlmpEventManager<I, OT, S, SP>) =
deserialize_state_mgr(new_shmem_provider, &msg)?; deserialize_state_mgr(new_shmem_provider, msg)?;
(Some(state), LlmpRestartingEventManager::new(mgr, sender)) (Some(state), LlmpRestartingEventManager::new(mgr, sender))
} }
}; };
// We reset the sender, the next sender and receiver (after crash) will reuse the page from the initial message. // We reset the sender, the next sender and receiver (after crash) will reuse the page from the initial message.
unsafe { mgr.sender_mut().reset() }; unsafe {
mgr.sender_mut().reset();
}
/* TODO: Not sure if this is needed /* TODO: Not sure if this is needed
// We commit an empty NO_RESTART message to this buf, against infinite loops, // We commit an empty NO_RESTART message to this buf, against infinite loops,
// in case something crashes in the fuzzer. // in case something crashes in the fuzzer.

4
libafl/src/executors/forkserver.rs
View File

@ -346,7 +346,7 @@ where
self.executor self.executor
.out_file_mut() .out_file_mut()
.write_buf(&input.target_bytes().as_slice()); .write_buf(input.target_bytes().as_slice());
let send_len = self let send_len = self
.executor .executor
@ -505,7 +505,7 @@ where
let mut exit_kind = ExitKind::Ok; let mut exit_kind = ExitKind::Ok;
// Write to testcase // Write to testcase
self.out_file.write_buf(&input.target_bytes().as_slice()); self.out_file.write_buf(input.target_bytes().as_slice());
let send_len = self let send_len = self
.forkserver .forkserver

11
libafl/src/executors/inprocess.rs
View File

@ -208,7 +208,7 @@ where
/// Retrieve the harness function. /// Retrieve the harness function.
#[inline] #[inline]
pub fn harness(&self) -> &H { pub fn harness(&self) -> &H {
&self.harness_fn self.harness_fn
} }
/// Retrieve the harness function for a mutable reference. /// Retrieve the harness function for a mutable reference.
@ -286,7 +286,7 @@ mod unix_signal_handler {
let data = &mut GLOBAL_STATE; let data = &mut GLOBAL_STATE;
match signal { match signal {
Signal::SigUser2 | Signal::SigAlarm => { Signal::SigUser2 | Signal::SigAlarm => {
(data.timeout_handler)(signal, info, context, data) (data.timeout_handler)(signal, info, context, data);
} }
_ => (data.crash_handler)(signal, info, context, data), _ => (data.crash_handler)(signal, info, context, data),
} }
@ -342,7 +342,7 @@ mod unix_signal_handler {
let interesting = fuzzer let interesting = fuzzer
.objective_mut() .objective_mut()
.is_interesting(state, event_mgr, &input, observers, &ExitKind::Timeout) .is_interesting(state, event_mgr, input, observers, &ExitKind::Timeout)
.expect("In timeout handler objective failure."); .expect("In timeout handler objective failure.");
if interesting { if interesting {
@ -433,7 +433,6 @@ mod unix_signal_handler {
} }
// TODO tell the parent to not restart // TODO tell the parent to not restart
libc::_exit(1);
} else { } else {
let state = (data.state_ptr as *mut S).as_mut().unwrap(); let state = (data.state_ptr as *mut S).as_mut().unwrap();
let event_mgr = (data.event_mgr_ptr as *mut EM).as_mut().unwrap(); let event_mgr = (data.event_mgr_ptr as *mut EM).as_mut().unwrap();
@ -481,7 +480,7 @@ mod unix_signal_handler {
let interesting = fuzzer let interesting = fuzzer
.objective_mut() .objective_mut()
.is_interesting(state, event_mgr, &input, observers, &ExitKind::Crash) .is_interesting(state, event_mgr, input, observers, &ExitKind::Crash)
.expect("In crash handler objective failure."); .expect("In crash handler objective failure.");
if interesting { if interesting {
@ -512,11 +511,11 @@ mod unix_signal_handler {
event_mgr.await_restart_safe(); event_mgr.await_restart_safe();
#[cfg(feature = "std")] #[cfg(feature = "std")]
println!("Bye!"); println!("Bye!");
}
libc::_exit(1); libc::_exit(1);
} }
} }
}
#[cfg(all(windows, feature = "std"))] #[cfg(all(windows, feature = "std"))]
mod windows_exception_handler { mod windows_exception_handler {

23
libafl/src/feedbacks/mod.rs
View File

@ -62,7 +62,7 @@ where
let start_time = crate::cpu::read_time_counter(); let start_time = crate::cpu::read_time_counter();
// Execute this feedback // Execute this feedback
let ret = self.is_interesting(state, manager, input, observers, &exit_kind); let ret = self.is_interesting(state, manager, input, observers, exit_kind);
// Get the elapsed time for checking this feedback // Get the elapsed time for checking this feedback
let elapsed = crate::cpu::read_time_counter() - start_time; let elapsed = crate::cpu::read_time_counter() - start_time;
@ -244,6 +244,7 @@ where
OT: ObserversTuple; OT: ObserversTuple;
#[cfg(feature = "introspection")] #[cfg(feature = "introspection")]
#[allow(clippy::too_many_arguments)]
fn is_pair_interesting_with_perf<EM, OT>( fn is_pair_interesting_with_perf<EM, OT>(
first: &mut A, first: &mut A,
second: &mut B, second: &mut B,
@ -315,7 +316,7 @@ where
manager, manager,
input, input,
observers, observers,
&exit_kind, exit_kind,
feedback_stats, feedback_stats,
feedback_index, feedback_index,
)?; )?;
@ -325,7 +326,7 @@ where
manager, manager,
input, input,
observers, observers,
&exit_kind, exit_kind,
feedback_stats, feedback_stats,
feedback_index + 1, feedback_index + 1,
)?; )?;
@ -386,7 +387,7 @@ where
manager, manager,
input, input,
observers, observers,
&exit_kind, exit_kind,
feedback_stats, feedback_stats,
feedback_index, feedback_index,
)?; )?;
@ -400,7 +401,7 @@ where
manager, manager,
input, input,
observers, observers,
&exit_kind, exit_kind,
feedback_stats, feedback_stats,
feedback_index + 1, feedback_index + 1,
) )
@ -457,7 +458,7 @@ where
manager, manager,
input, input,
observers, observers,
&exit_kind, exit_kind,
feedback_stats, feedback_stats,
feedback_index, feedback_index,
)?; )?;
@ -467,7 +468,7 @@ where
manager, manager,
input, input,
observers, observers,
&exit_kind, exit_kind,
feedback_stats, feedback_stats,
feedback_index + 1, feedback_index + 1,
)?; )?;
@ -499,7 +500,7 @@ where
OT: ObserversTuple, OT: ObserversTuple,
{ {
let a = first.is_interesting(state, manager, input, observers, exit_kind)?; let a = first.is_interesting(state, manager, input, observers, exit_kind)?;
if a == false { if !a {
return Ok(false); return Ok(false);
} }
@ -528,12 +529,12 @@ where
manager, manager,
input, input,
observers, observers,
&exit_kind, exit_kind,
feedback_stats, feedback_stats,
feedback_index, feedback_index,
)?; )?;
if a == false { if !a {
return Ok(false); return Ok(false);
} }
@ -542,7 +543,7 @@ where
manager, manager,
input, input,
observers, observers,
&exit_kind, exit_kind,
feedback_stats, feedback_stats,
feedback_index + 1, feedback_index + 1,
) )

4
libafl/src/fuzzer.rs
View File

@ -541,7 +541,7 @@ where
start_timer!(state); start_timer!(state);
let is_solution = self let is_solution = self
.objective_mut() .objective_mut()
.is_interesting(state, event_mgr, &input, observers, &exit_kind)?; .is_interesting(state, event_mgr, input, observers, &exit_kind)?;
mark_feature_time!(state, PerfFeature::GetObjectivesInterestingAll); mark_feature_time!(state, PerfFeature::GetObjectivesInterestingAll);
if is_solution { if is_solution {
@ -564,7 +564,7 @@ where
let is_interesting = self.feedback_mut().is_interesting_with_perf( let is_interesting = self.feedback_mut().is_interesting_with_perf(
state, state,
event_mgr, event_mgr,
&input, input,
observers, observers,
&exit_kind, &exit_kind,
&mut feedback_stats, &mut feedback_stats,

12
libafl/src/mutators/mutations.rs
View File

@ -25,7 +25,9 @@ pub fn buffer_self_copy(data: &mut [u8], from: usize, to: usize, len: usize) {
debug_assert!(to + len <= data.len()); debug_assert!(to + len <= data.len());
if len != 0 && from != to { if len != 0 && from != to {
let ptr = data.as_mut_ptr(); let ptr = data.as_mut_ptr();
unsafe { core::ptr::copy(ptr.add(from), ptr.add(to), len) } unsafe {
core::ptr::copy(ptr.add(from), ptr.add(to), len);
}
} }
} }
@ -39,7 +41,9 @@ pub fn buffer_copy(dst: &mut [u8], src: &[u8], from: usize, to: usize, len: usiz
let dst_ptr = dst.as_mut_ptr(); let dst_ptr = dst.as_mut_ptr();
let src_ptr = src.as_ptr(); let src_ptr = src.as_ptr();
if len != 0 { if len != 0 {
unsafe { core::ptr::copy(src_ptr.add(from), dst_ptr.add(to), len) } unsafe {
core::ptr::copy(src_ptr.add(from), dst_ptr.add(to), len);
}
} }
} }
@ -50,7 +54,7 @@ pub fn buffer_copy(dst: &mut [u8], src: &[u8], from: usize, to: usize, len: usiz
fn buffer_set(data: &mut [u8], from: usize, len: usize, val: u8) { fn buffer_set(data: &mut [u8], from: usize, len: usize, val: u8) {
debug_assert!(from + len <= data.len()); debug_assert!(from + len <= data.len());
for p in &mut data[from..(from + len)] { for p in &mut data[from..(from + len)] {
*p = val *p = val;
} }
} }
@ -1406,7 +1410,7 @@ where
let other = other_testcase.load_input()?; let other = other_testcase.load_input()?;
input input
.bytes_mut() .bytes_mut()
.splice(split_at.., other.bytes()[split_at..].iter().cloned()); .splice(split_at.., other.bytes()[split_at..].iter().copied());
Ok(MutationResult::Mutated) Ok(MutationResult::Mutated)
} }

4
libafl/src/mutators/scheduled.rs
View File

@ -338,7 +338,7 @@ where
let mut log = Vec::<String>::new(); let mut log = Vec::<String>::new();
while let Some(idx) = self.mutation_log.pop() { while let Some(idx) = self.mutation_log.pop() {
let name = String::from(self.scheduled.mutations().name(idx).unwrap()); // TODO maybe return an Error on None let name = String::from(self.scheduled.mutations().name(idx).unwrap()); // TODO maybe return an Error on None
log.push(name) log.push(name);
} }
let meta = LogMutationMetadata::new(log); let meta = LogMutationMetadata::new(log);
testcase.add_metadata(meta); testcase.add_metadata(meta);
@ -471,7 +471,7 @@ mod tests {
// The pre-seeded rand should have spliced at position 2. // The pre-seeded rand should have spliced at position 2.
// TODO: Maybe have a fixed rand for this purpose? // TODO: Maybe have a fixed rand for this purpose?
assert_eq!(input.bytes(), &[b'a', b'b', b'f']) assert_eq!(input.bytes(), &[b'a', b'b', b'f']);
} }
#[test] #[test]

2
libafl/src/observers/cmp.rs
View File

@ -39,7 +39,7 @@ impl CmpValues {
CmpValues::U16(t) => Some((u64::from(t.0), u64::from(t.1))), CmpValues::U16(t) => Some((u64::from(t.0), u64::from(t.1))),
CmpValues::U32(t) => Some((u64::from(t.0), u64::from(t.1))), CmpValues::U32(t) => Some((u64::from(t.0), u64::from(t.1))),
CmpValues::U64(t) => Some(*t), CmpValues::U64(t) => Some(*t),
_ => None, CmpValues::Bytes(_) => None,
} }
} }
} }

6
libafl/src/observers/map.rs
View File

@ -128,7 +128,7 @@ where
#[inline] #[inline]
fn set_initial(&mut self, initial: T) { fn set_initial(&mut self, initial: T) {
self.initial = initial self.initial = initial;
} }
} }
@ -249,7 +249,7 @@ where
#[inline] #[inline]
fn set_initial(&mut self, initial: T) { fn set_initial(&mut self, initial: T) {
self.initial = initial self.initial = initial;
} }
} }
@ -371,7 +371,7 @@ where
#[inline] #[inline]
fn set_initial(&mut self, initial: T) { fn set_initial(&mut self, initial: T) {
self.initial = initial self.initial = initial;
} }
} }

2
libafl/src/state/mod.rs
View File

@ -320,7 +320,7 @@ where
} }
fn set_max_size(&mut self, max_size: usize) { fn set_max_size(&mut self, max_size: usize) {
self.max_size = max_size self.max_size = max_size;
} }
} }

4
libafl/src/stats/mod.rs
View File

@ -190,7 +190,7 @@ pub trait Stats {
self.client_stats_mut().push(ClientStats { self.client_stats_mut().push(ClientStats {
last_window_time: current_time(), last_window_time: current_time(),
..ClientStats::default() ..ClientStats::default()
}) });
} }
&mut self.client_stats_mut()[client_id as usize] &mut self.client_stats_mut()[client_id as usize]
} }
@ -512,7 +512,7 @@ impl ClientPerfStats {
let elapsed = self.mark_time(); let elapsed = self.mark_time();
// Add the time to the scheduler stat // Add the time to the scheduler stat
self.update_scheduler(elapsed) self.update_scheduler(elapsed);
} }
/// Update the time spent in the scheduler with the elapsed time that we have seen /// Update the time spent in the scheduler with the elapsed time that we have seen

5
libafl_frida/src/asan_errors.rs
View File

@ -86,7 +86,7 @@ impl AsanErrors {
/// Clears this `AsanErrors` struct /// Clears this `AsanErrors` struct
pub fn clear(&mut self) { pub fn clear(&mut self) {
self.errors.clear() self.errors.clear();
} }
/// Gets the amount of `AsanErrors` in this struct /// Gets the amount of `AsanErrors` in this struct
@ -102,6 +102,7 @@ impl AsanErrors {
} }
/// Get a mutable reference to the global [`AsanErrors`] object /// Get a mutable reference to the global [`AsanErrors`] object
#[must_use]
pub fn get_mut<'a>() -> &'a mut Self { pub fn get_mut<'a>() -> &'a mut Self {
unsafe { ASAN_ERRORS.as_mut().unwrap() } unsafe { ASAN_ERRORS.as_mut().unwrap() }
} }
@ -121,7 +122,7 @@ impl AsanErrors {
.add_frame_filter(Box::new(|frames| { .add_frame_filter(Box::new(|frames| {
frames.retain( frames.retain(
|x| matches!(&x.name, Some(n) if !n.starts_with("libafl_frida::asan_rt::")), |x| matches!(&x.name, Some(n) if !n.starts_with("libafl_frida::asan_rt::")),
) );
})); }));
#[allow(clippy::non_ascii_literal)] #[allow(clippy::non_ascii_literal)]

24
libafl_frida/src/asan_rt.rs
View File

@ -148,7 +148,7 @@ impl AsanRuntime {
/// Check if the test leaked any memory and report it if so. /// Check if the test leaked any memory and report it if so.
pub fn check_for_leaks(&mut self) { pub fn check_for_leaks(&mut self) {
self.allocator.check_for_leaks() self.allocator.check_for_leaks();
} }
/// Returns the `AsanErrors` from the recent run /// Returns the `AsanErrors` from the recent run
@ -174,17 +174,15 @@ impl AsanRuntime {
/// real address, the stalked address is returned. /// real address, the stalked address is returned.
#[must_use] #[must_use]
pub fn real_address_for_stalked(&self, stalked: usize) -> usize { pub fn real_address_for_stalked(&self, stalked: usize) -> usize {
if let Some(addr) = self.stalked_addresses.get(&stalked) { self.stalked_addresses
*addr .get(&stalked)
} else { .map_or(stalked, |addr| *addr)
stalked
}
} }
/// Unpoison all the memory that is currently mapped with read/write permissions. /// Unpoison all the memory that is currently mapped with read/write permissions.
#[allow(clippy::unused_self)] #[allow(clippy::unused_self)]
fn unpoison_all_existing_memory(&mut self) { fn unpoison_all_existing_memory(&mut self) {
self.allocator.unpoison_all_existing_memory() self.allocator.unpoison_all_existing_memory();
} }
/// Register the current thread with the runtime, implementing shadow memory for its stack and /// Register the current thread with the runtime, implementing shadow memory for its stack and
@ -240,7 +238,9 @@ impl AsanRuntime {
let stack_address = &mut stack_var as *mut _ as *mut c_void as usize; let stack_address = &mut stack_var as *mut _ as *mut c_void as usize;
let range_details = RangeDetails::with_address(stack_address as u64).unwrap(); let range_details = RangeDetails::with_address(stack_address as u64).unwrap();
// Write something to (hopefully) make sure the val isn't optimized out // Write something to (hopefully) make sure the val isn't optimized out
unsafe { write_volatile(&mut stack_var, 0xfadbeef) }; unsafe {
write_volatile(&mut stack_var, 0xfadbeef);
}
let start = range_details.memory_range().base_address().0 as usize; let start = range_details.memory_range().base_address().0 as usize;
let end = start + range_details.memory_range().size(); let end = start + range_details.memory_range().size();
@ -1873,7 +1873,7 @@ impl AsanRuntime {
actual_pc = insn.address() as usize; actual_pc = insn.address() as usize;
} }
let detail = cs.insn_detail(&insn).unwrap(); let detail = cs.insn_detail(insn).unwrap();
let arch_detail = detail.arch_detail(); let arch_detail = detail.arch_detail();
let (mut base_reg, mut index_reg, displacement) = let (mut base_reg, mut index_reg, displacement) =
if let Arm64Operand(arm64operand) = arch_detail.operands().last().unwrap() { if let Arm64Operand(arm64operand) = arch_detail.operands().last().unwrap() {
@ -1910,12 +1910,12 @@ impl AsanRuntime {
base_reg -= capstone::arch::arm64::Arm64Reg::ARM64_REG_S0 as u16; base_reg -= capstone::arch::arm64::Arm64Reg::ARM64_REG_S0 as u16;
} }
#[allow(clippy::clippy::cast_possible_wrap)] #[allow(clippy::cast_possible_wrap)]
let mut fault_address = let mut fault_address =
(self.regs[base_reg as usize] as isize + displacement as isize) as usize; (self.regs[base_reg as usize] as isize + displacement as isize) as usize;
if index_reg == 0 { if index_reg == 0 {
index_reg = 0xffff index_reg = 0xffff;
} else { } else {
if capstone::arch::arm64::Arm64Reg::ARM64_REG_X0 as u16 <= index_reg if capstone::arch::arm64::Arm64Reg::ARM64_REG_X0 as u16 <= index_reg
&& index_reg <= capstone::arch::arm64::Arm64Reg::ARM64_REG_X28 as u16 && index_reg <= capstone::arch::arm64::Arm64Reg::ARM64_REG_X28 as u16
@ -1998,7 +1998,7 @@ impl AsanRuntime {
AsanErrors::get_mut().report_error(error); AsanErrors::get_mut().report_error(error);
} }
#[allow(clippy::unused_self)] #[allow(clippy::unused_self, clippy::identity_op)] // identity_op appears to be a false positive in ubfx
fn generate_shadow_check_function(&mut self) { fn generate_shadow_check_function(&mut self) {
let shadow_bit = self.allocator.shadow_bit(); let shadow_bit = self.allocator.shadow_bit();
let mut ops = dynasmrt::VecAssembler::<dynasmrt::aarch64::Aarch64Relocation>::new(0); let mut ops = dynasmrt::VecAssembler::<dynasmrt::aarch64::Aarch64Relocation>::new(0);

8
libafl_frida/src/helper.rs
View File

@ -218,7 +218,7 @@ fn pc(context: &CpuContext) -> usize {
/// The implementation of the [`FridaInstrumentationHelper`] /// The implementation of the [`FridaInstrumentationHelper`]
impl<'a> FridaInstrumentationHelper<'a> { impl<'a> FridaInstrumentationHelper<'a> {
/// Constructor function to create a new [`FridaInstrumentationHelper`], given a `module_name`. /// Constructor function to create a new [`FridaInstrumentationHelper`], given a `module_name`.
#[allow(clippy::clippy::too_many_lines)] #[allow(clippy::too_many_lines)]
#[must_use] #[must_use]
pub fn new( pub fn new(
gum: &'a Gum, gum: &'a Gum,
@ -318,7 +318,7 @@ impl<'a> FridaInstrumentationHelper<'a> {
helper helper
.drcov_basic_blocks .drcov_basic_blocks
.push(DrCovBasicBlock::new(real_address, real_address + 4)); .push(DrCovBasicBlock::new(real_address, real_address + 4));
}) });
} }
} }
@ -348,7 +348,7 @@ impl<'a> FridaInstrumentationHelper<'a> {
); );
} }
} }
instruction.keep() instruction.keep();
} }
}); });
helper.transformer = Some(transformer); helper.transformer = Some(transformer);
@ -361,7 +361,7 @@ impl<'a> FridaInstrumentationHelper<'a> {
#[inline] #[inline]
fn options(&self) -> &FridaOptions { fn options(&self) -> &FridaOptions {
&self.options self.options
} }
#[cfg(target_arch = "aarch64")] #[cfg(target_arch = "aarch64")]
#[inline] #[inline]

4
libafl_targets/src/libfuzzer.rs
View File

@ -15,7 +15,7 @@ extern "C" {
/// # Safety /// # Safety
/// Calls the libfuzzer-style init function which is native code. /// Calls the libfuzzer-style init function which is native code.
#[allow(clippy::similar_names)] #[allow(clippy::similar_names)]
#[allow(clippy::clippy::must_use_candidate)] // nobody uses that return code... #[allow(clippy::must_use_candidate)] // nobody uses that return code...
pub fn libfuzzer_initialize(args: &[String]) -> i32 { pub fn libfuzzer_initialize(args: &[String]) -> i32 {
let argv: Vec<*const u8> = args.iter().map(|x| x.as_bytes().as_ptr()).collect(); let argv: Vec<*const u8> = args.iter().map(|x| x.as_bytes().as_ptr()).collect();
assert!(argv.len() < i32::MAX as usize); assert!(argv.len() < i32::MAX as usize);
@ -32,7 +32,7 @@ pub fn libfuzzer_initialize(args: &[String]) -> i32 {
/// Call a single input of a libfuzzer-style cpp-harness /// Call a single input of a libfuzzer-style cpp-harness
/// # Safety /// # Safety
/// Calls the libfuzzer harness. We actually think the target is unsafe and crashes eventually, that's why we do all this fuzzing. /// Calls the libfuzzer harness. We actually think the target is unsafe and crashes eventually, that's why we do all this fuzzing.
#[allow(clippy::clippy::must_use_candidate)] #[allow(clippy::must_use_candidate)]
pub fn libfuzzer_test_one_input(buf: &[u8]) -> i32 { pub fn libfuzzer_test_one_input(buf: &[u8]) -> i32 {
unsafe { LLVMFuzzerTestOneInput(buf.as_ptr(), buf.len()) } unsafe { LLVMFuzzerTestOneInput(buf.as_ptr(), buf.len()) }
} }