libfuzzer fixes
This commit is contained in:
Dominik Maier
parent
7a7167dcac
commit
3b6d11ce5d
@ -436,8 +436,8 @@ impl LlmpSender {
|
|||||||
/// Never call alloc_next without either sending or cancelling the last allocated message for this page!
|
/// Never call alloc_next without either sending or cancelling the last allocated message for this page!
|
||||||
/// There can only ever be up to one message allocated per page at each given time.
|
/// There can only ever be up to one message allocated per page at each given time.
|
||||||
unsafe fn alloc_next_if_space(&mut self, buf_len: usize) -> Option<*mut LlmpMsg> {
|
unsafe fn alloc_next_if_space(&mut self, buf_len: usize) -> Option<*mut LlmpMsg> {
|
||||||
let mut buf_len_padded = buf_len;
|
let buf_len_padded;
|
||||||
let mut complete_msg_size = llmp_align(size_of::<LlmpMsg>() + buf_len_padded);
|
let mut complete_msg_size = llmp_align(size_of::<LlmpMsg>() + buf_len);
|
||||||
let map = self.out_maps.last().unwrap();
|
let map = self.out_maps.last().unwrap();
|
||||||
let page = map.page();
|
let page = map.page();
|
||||||
let last_msg = self.last_msg_sent;
|
let last_msg = self.last_msg_sent;
|
||||||
|
|||||||
@ -4,8 +4,8 @@ pub mod llmp;
|
|||||||
pub mod shmem_translated;
|
pub mod shmem_translated;
|
||||||
|
|
||||||
use alloc::string::String;
|
use alloc::string::String;
|
||||||
use tuple_list::tuple_list_type;
|
|
||||||
use core::{marker::PhantomData, time};
|
use core::{marker::PhantomData, time};
|
||||||
|
use tuple_list::tuple_list_type;
|
||||||
|
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
@ -414,8 +414,6 @@ where
|
|||||||
fn start_time(&mut self) -> time::Duration {
|
fn start_time(&mut self) -> time::Duration {
|
||||||
self.start_time
|
self.start_time
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
@ -524,19 +522,18 @@ where
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#[cfg(feature = "std")]
|
#[cfg(feature = "std")]
|
||||||
#[cfg(test)]
|
#[cfg(test)]
|
||||||
mod tests {
|
mod tests {
|
||||||
|
|
||||||
use std::io::stderr;
|
use std::io::stderr;
|
||||||
|
|
||||||
use crate::{events::Event, observers::ObserversTuple};
|
use crate::events::EventManager;
|
||||||
use crate::inputs::bytes::BytesInput;
|
use crate::inputs::bytes::BytesInput;
|
||||||
use crate::observers::StdMapObserver;
|
use crate::observers::StdMapObserver;
|
||||||
use crate::serde_anymap::{Ptr, PtrMut};
|
use crate::serde_anymap::{Ptr, PtrMut};
|
||||||
use crate::tuples::{tuple_list, tuple_list_type, MatchNameAndType, Named};
|
use crate::tuples::{tuple_list, tuple_list_type, MatchNameAndType, Named};
|
||||||
use crate::events::EventManager;
|
use crate::{events::Event, observers::ObserversTuple};
|
||||||
|
|
||||||
use super::LoggerEventManager;
|
use super::LoggerEventManager;
|
||||||
|
|
||||||
@ -566,8 +563,7 @@ mod tests {
|
|||||||
client_config: _,
|
client_config: _,
|
||||||
} => {
|
} => {
|
||||||
let o = map.deserialize(&observers_buf).unwrap();
|
let o = map.deserialize(&observers_buf).unwrap();
|
||||||
let test_observer = o.match_name_type::<StdMapObserver<u32>>("test")
|
let test_observer = o.match_name_type::<StdMapObserver<u32>>("test").unwrap();
|
||||||
.unwrap();
|
|
||||||
assert_eq!("test", test_observer.name());
|
assert_eq!("test", test_observer.name());
|
||||||
}
|
}
|
||||||
_ => panic!("mistmatch".to_string()),
|
_ => panic!("mistmatch".to_string()),
|
||||||
|
|||||||
@ -235,18 +235,21 @@ where
|
|||||||
pub fn new(name: &'static str, map_size: usize) -> Self {
|
pub fn new(name: &'static str, map_size: usize) -> Self {
|
||||||
Self {
|
Self {
|
||||||
history_map: vec![T::default(); map_size],
|
history_map: vec![T::default(); map_size],
|
||||||
name: name,
|
|
||||||
phantom: PhantomData,
|
phantom: PhantomData,
|
||||||
|
name,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*pub fn new_with_observer(map_observer: &O) -> Self {
|
/// Create new MapFeedback for the observer type.
|
||||||
|
/// Name should match that of the observer.
|
||||||
|
pub fn new_with_observer(name: &'static str, map_observer: &O) -> Self {
|
||||||
|
debug_assert_eq!(name, map_observer.name());
|
||||||
Self {
|
Self {
|
||||||
history_map: vec![T::default(); map_observer.map().len()],
|
history_map: vec![T::default(); map_observer.map().len()],
|
||||||
name: map_observer.name(),
|
|
||||||
phantom: PhantomData,
|
phantom: PhantomData,
|
||||||
|
name,
|
||||||
}
|
}
|
||||||
}*/
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<T, R, O> MapFeedback<T, R, O>
|
impl<T, R, O> MapFeedback<T, R, O>
|
||||||
|
|||||||
@ -51,7 +51,6 @@ impl ObserversTuple for () {
|
|||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
//fn for_each(&self, f: fn(&dyn Observer)) { }
|
//fn for_each(&self, f: fn(&dyn Observer)) { }
|
||||||
//fn for_each_mut(&mut self, f: fn(&mut dyn Observer)) { }
|
//fn for_each_mut(&mut self, f: fn(&mut dyn Observer)) { }
|
||||||
}
|
}
|
||||||
@ -187,8 +186,8 @@ where
|
|||||||
let initial = if map.len() > 0 { map[0] } else { T::default() };
|
let initial = if map.len() > 0 { map[0] } else { T::default() };
|
||||||
Self {
|
Self {
|
||||||
map: ArrayMut::Cptr((map.as_mut_ptr(), map.len())),
|
map: ArrayMut::Cptr((map.as_mut_ptr(), map.len())),
|
||||||
initial: initial,
|
|
||||||
name: name.into(),
|
name: name.into(),
|
||||||
|
initial,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -198,8 +197,8 @@ where
|
|||||||
let initial = if len > 0 { *map_ptr } else { T::default() };
|
let initial = if len > 0 { *map_ptr } else { T::default() };
|
||||||
StdMapObserver {
|
StdMapObserver {
|
||||||
map: ArrayMut::Cptr((map_ptr, len)),
|
map: ArrayMut::Cptr((map_ptr, len)),
|
||||||
initial: initial,
|
|
||||||
name: name.into(),
|
name: name.into(),
|
||||||
|
initial,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -71,7 +71,7 @@ where
|
|||||||
// in a late stage, NewTestcase should be triggere donly after the processing in the later stage
|
// in a late stage, NewTestcase should be triggere donly after the processing in the later stage
|
||||||
// So by default we shoudl trigger it in corpus.add, so that the user can override it and remove
|
// So by default we shoudl trigger it in corpus.add, so that the user can override it and remove
|
||||||
// if needed by particular cases
|
// if needed by particular cases
|
||||||
if state.is_interesting(&input_mut, observers)? > 0 {
|
if fitness > 0 {
|
||||||
// TODO decouple events manager and engine
|
// TODO decouple events manager and engine
|
||||||
manager.fire(Event::new_testcase("test".into(), input_mut, observers)?)?;
|
manager.fire(Event::new_testcase("test".into(), input_mut, observers)?)?;
|
||||||
// let _ = corpus.add(testcase);
|
// let _ = corpus.add(testcase);
|
||||||
|
|||||||
@ -21,8 +21,8 @@ use afl::mutators::scheduled::HavocBytesMutator;
|
|||||||
use afl::mutators::HasMaxSize;
|
use afl::mutators::HasMaxSize;
|
||||||
use afl::observers::StdMapObserver;
|
use afl::observers::StdMapObserver;
|
||||||
use afl::stages::mutational::StdMutationalStage;
|
use afl::stages::mutational::StdMutationalStage;
|
||||||
use afl::utils::StdRand;
|
|
||||||
use afl::tuples::tuple_list;
|
use afl::tuples::tuple_list;
|
||||||
|
use afl::utils::StdRand;
|
||||||
|
|
||||||
const MAP_SIZE: usize = 65536;
|
const MAP_SIZE: usize = 65536;
|
||||||
|
|
||||||
@ -60,9 +60,9 @@ pub extern "C" fn afl_libfuzzer_main() {
|
|||||||
StdMapObserver::new_from_ptr(&NAME_COV_MAP, unsafe { __lafl_edges_map }, unsafe {
|
StdMapObserver::new_from_ptr(&NAME_COV_MAP, unsafe { __lafl_edges_map }, unsafe {
|
||||||
__lafl_max_edges_size as usize
|
__lafl_max_edges_size as usize
|
||||||
});
|
});
|
||||||
let edges_feedback = MaxMapFeedback::<u8, StdMapObserver<u8>>::new(&NAME_COV_MAP, MAP_SIZE);
|
let edges_feedback = MaxMapFeedback::new_with_observer(&NAME_COV_MAP, &edges_observer);
|
||||||
|
|
||||||
let executor = InMemoryExecutor::new(harness, tuple_list!(edges_observer));
|
let executor = InMemoryExecutor::new("Libfuzzer", harness, tuple_list!(edges_observer));
|
||||||
let mut state = State::new(tuple_list!(edges_feedback));
|
let mut state = State::new(tuple_list!(edges_feedback));
|
||||||
|
|
||||||
let mut engine = Engine::new(executor);
|
let mut engine = Engine::new(executor);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user