add timeouts to libpng_libfuzzer
This commit is contained in:
Andrea Fioraldi
parent
088b54d614
commit
46c69aeee8
@ -1,6 +1,7 @@
|
|||||||
//! A libfuzzer-like fuzzer with llmp-multithreading support and restarts
|
//! A libfuzzer-like fuzzer with llmp-multithreading support and restarts
|
||||||
//! The example harness is built for libpng.
|
//! The example harness is built for libpng.
|
||||||
|
|
||||||
|
use core::time::Duration;
|
||||||
use std::{env, path::PathBuf};
|
use std::{env, path::PathBuf};
|
||||||
|
|
||||||
#[cfg(unix)]
|
#[cfg(unix)]
|
||||||
@ -11,8 +12,8 @@ use libafl::{
|
|||||||
QueueCorpusScheduler,
|
QueueCorpusScheduler,
|
||||||
},
|
},
|
||||||
events::setup_restarting_mgr,
|
events::setup_restarting_mgr,
|
||||||
executors::{inprocess::InProcessExecutor, Executor, ExitKind},
|
executors::{inprocess::InProcessExecutor, inprocess::TimeoutExecutor, Executor, ExitKind},
|
||||||
feedbacks::{CrashFeedback, MaxMapFeedback, TimeFeedback},
|
feedbacks::{CrashFeedback, MaxMapFeedback, TimeFeedback, TimeoutFeedback},
|
||||||
fuzzer::{Fuzzer, HasCorpusScheduler, StdFuzzer},
|
fuzzer::{Fuzzer, HasCorpusScheduler, StdFuzzer},
|
||||||
inputs::Input,
|
inputs::Input,
|
||||||
mutators::{scheduled::HavocBytesMutator, token_mutations::Tokens},
|
mutators::{scheduled::HavocBytesMutator, token_mutations::Tokens},
|
||||||
@ -117,7 +118,7 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
|
|||||||
// on disk so the user can get them after stopping the fuzzer
|
// on disk so the user can get them after stopping the fuzzer
|
||||||
OnDiskCorpus::new(objective_dir).unwrap(),
|
OnDiskCorpus::new(objective_dir).unwrap(),
|
||||||
// Feedbacks to recognize an input as solution
|
// Feedbacks to recognize an input as solution
|
||||||
tuple_list!(CrashFeedback::new()),
|
tuple_list!(CrashFeedback::new(), TimeoutFeedback::new()),
|
||||||
)
|
)
|
||||||
});
|
});
|
||||||
|
|
||||||
@ -143,13 +144,16 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
|
|||||||
let fuzzer = StdFuzzer::new(scheduler, tuple_list!(stage));
|
let fuzzer = StdFuzzer::new(scheduler, tuple_list!(stage));
|
||||||
|
|
||||||
// Create the executor for an in-process function with just one observer for edge coverage
|
// Create the executor for an in-process function with just one observer for edge coverage
|
||||||
let mut executor = InProcessExecutor::new(
|
let mut executor = TimeoutExecutor::new(
|
||||||
"in-process(edges)",
|
InProcessExecutor::new(
|
||||||
harness,
|
"in-process(edges)",
|
||||||
tuple_list!(edges_observer, TimeObserver::new("time")),
|
harness,
|
||||||
&mut state,
|
tuple_list!(edges_observer, TimeObserver::new("time")),
|
||||||
&mut restarting_mgr,
|
&mut state,
|
||||||
)?;
|
&mut restarting_mgr,
|
||||||
|
)?,
|
||||||
|
Duration::new(0, 3),
|
||||||
|
);
|
||||||
|
|
||||||
// The actual target run starts here.
|
// The actual target run starts here.
|
||||||
// Call LLVMFUzzerInitialize() if present.
|
// Call LLVMFUzzerInitialize() if present.
|
||||||
|
|||||||
@ -384,7 +384,7 @@ mod unix_signal_handler {
|
|||||||
match signal {
|
match signal {
|
||||||
Signal::SigUser2 | Signal::SigAlarm => {
|
Signal::SigUser2 | Signal::SigAlarm => {
|
||||||
(data.timeout_handler)(signal, info, void, data)
|
(data.timeout_handler)(signal, info, void, data)
|
||||||
},
|
}
|
||||||
_ => (data.crash_handler)(signal, info, void, data),
|
_ => (data.crash_handler)(signal, info, void, data),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user