diff --git a/fuzzers/frida_gdiplus/src/fuzzer.rs b/fuzzers/frida_gdiplus/src/fuzzer.rs index a9f65693ae..dca5e5af98 100644 --- a/fuzzers/frida_gdiplus/src/fuzzer.rs +++ b/fuzzers/frida_gdiplus/src/fuzzer.rs @@ -102,10 +102,10 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> { #[cfg(unix)] let mut frida_helper = - FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, asan)); + FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, asan))?; #[cfg(windows)] let mut frida_helper = - FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage)); + FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage))?; // Create an observation channel using the coverage map let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr( @@ -221,7 +221,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> { let cmplog = CmpLogRuntime::new(); let mut frida_helper = - FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, cmplog)); + FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, cmplog))?; // Create an observation channel using the coverage map let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr( @@ -351,7 +351,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> { let coverage = CoverageRuntime::new(); let mut frida_helper = - FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage)); + FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage))?; // Create an observation channel using the coverage map let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr( diff --git a/fuzzers/frida_libpng/src/fuzzer.rs b/fuzzers/frida_libpng/src/fuzzer.rs index bd862c3b03..16cb567f03 100644 --- a/fuzzers/frida_libpng/src/fuzzer.rs +++ b/fuzzers/frida_libpng/src/fuzzer.rs @@ -99,10 +99,10 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> { #[cfg(unix)] let mut frida_helper = - FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, asan)); + FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, asan))?; #[cfg(windows)] let mut frida_helper = - FridaInstrumentationHelper::new(&gum, &options, tuple_list!(coverage)); + FridaInstrumentationHelper::new(&gum, &options, tuple_list!(coverage))?; // Create an observation channel using the coverage map let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr( @@ -219,7 +219,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> { let cmplog = CmpLogRuntime::new(); let mut frida_helper = - FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, cmplog)); + FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, cmplog))?; // Create an observation channel using the coverage map let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr( @@ -349,7 +349,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> { let coverage = CoverageRuntime::new(); let mut frida_helper = - FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage)); + FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage))?; // Create an observation channel using the coverage map let edges_observer = HitcountsMapObserver::new(StdMapObserver::from_mut_ptr( diff --git a/libafl/src/events/mod.rs b/libafl/src/events/mod.rs index d9a4c81876..d5ae145d46 100644 --- a/libafl/src/events/mod.rs +++ b/libafl/src/events/mod.rs @@ -3,11 +3,7 @@ pub mod simple; pub use simple::*; pub mod llmp; -use alloc::{ - boxed::Box, - string::{String, ToString}, - vec::Vec, -}; +use alloc::{boxed::Box, string::String, vec::Vec}; #[cfg(all(unix, feature = "std"))] use core::ffi::c_void; use core::{ @@ -33,7 +29,6 @@ use crate::{ inputs::Input, monitors::UserStats, observers::ObserversTuple, - stages::calibrate::UnstableEntriesMetadata, state::{HasClientPerfMonitor, HasExecutions, HasMetadata}, Error, }; @@ -462,23 +457,6 @@ where }, )?; - // Send the stability event to the broker - if let Some(meta) = state.metadata().get::() { - let unstable_entries = meta.unstable_entries().len(); - let map_len = meta.map_len(); - self.fire( - state, - Event::UpdateUserStats { - name: "stability".to_string(), - value: UserStats::Ratio( - (map_len - unstable_entries) as u64, - map_len as u64, - ), - phantom: PhantomData, - }, - )?; - } - // If performance monitor are requested, fire the `UpdatePerfMonitor` event #[cfg(feature = "introspection")] { diff --git a/libafl/src/executors/inprocess.rs b/libafl/src/executors/inprocess.rs index f1dea312cd..3d120d2bd2 100644 --- a/libafl/src/executors/inprocess.rs +++ b/libafl/src/executors/inprocess.rs @@ -186,7 +186,7 @@ where OF: Feedback, Z: HasObjective, { - let handlers = InProcessHandlers::new::()?; + let handlers = InProcessHandlers::new::()?; #[cfg(windows)] // Some initialization necessary for windows. unsafe { @@ -337,14 +337,13 @@ impl InProcessHandlers { } /// Create new [`InProcessHandlers`]. - pub fn new() -> Result + pub fn new() -> Result where E: Executor + HasObservers, EM: EventFirer + EventRestarter, OF: Feedback, E::State: HasSolutions + HasClientPerfMonitor, Z: HasObjective, - H: FnMut(&::Input) -> ExitKind + ?Sized, { #[cfg(unix)] unsafe { diff --git a/libafl/src/stages/calibrate.rs b/libafl/src/stages/calibrate.rs index 3a9fbc9c86..24a7df6e9c 100644 --- a/libafl/src/stages/calibrate.rs +++ b/libafl/src/stages/calibrate.rs @@ -13,7 +13,7 @@ use serde::{Deserialize, Serialize}; use crate::{ bolts::{current_time, tuples::Named, AsIter}, corpus::{Corpus, CorpusId, SchedulerTestcaseMetaData}, - events::{EventFirer, LogSeverity}, + events::{Event, EventFirer, LogSeverity}, executors::{Executor, ExitKind, HasObservers}, feedbacks::{ map::{IsNovel, MapFeedback, MapFeedbackMetadata, Reducer}, @@ -21,6 +21,7 @@ use crate::{ }, fuzzer::Evaluator, inputs::UsesInput, + monitors::UserStats, observers::{MapObserver, ObserversTuple}, schedulers::powersched::SchedulerMetadata, stages::Stage, @@ -285,6 +286,20 @@ where data.set_handicap(handicap); } + // Send the stability event to the broker + if let Some(meta) = state.metadata().get::() { + let unstable_entries = meta.unstable_entries().len(); + let map_len = meta.map_len(); + mgr.fire( + state, + Event::UpdateUserStats { + name: "stability".to_string(), + value: UserStats::Ratio((map_len - unstable_entries) as u64, map_len as u64), + phantom: PhantomData, + }, + )?; + } + Ok(()) } } diff --git a/libafl_frida/src/helper.rs b/libafl_frida/src/helper.rs index 6c118d1721..b5dbd90518 100644 --- a/libafl_frida/src/helper.rs +++ b/libafl_frida/src/helper.rs @@ -165,8 +165,7 @@ where { /// Constructor function to create a new [`FridaInstrumentationHelper`], given a `module_name`. #[allow(clippy::too_many_lines)] - #[must_use] - pub fn new(gum: &'a Gum, options: &'a FuzzerOptions, runtimes: RT) -> Self { + pub fn new(gum: &'a Gum, options: &'a FuzzerOptions, runtimes: RT) -> Result { // workaround frida's frida-gum-allocate-near bug: #[cfg(unix)] unsafe { @@ -179,7 +178,8 @@ where -1, 0, ) - .expect("Failed to map dummy regions for frida workaround"); + .map_err(|_| Error::unknown("Failed to map dummy regions for frida workaround"))?; + mmap( None, std::num::NonZeroUsize::new_unchecked(4 * 1024 * 1024), @@ -188,14 +188,14 @@ where -1, 0, ) - .expect("Failed to map dummy regions for frida workaround"); + .map_err(|_| Error::unknown("Failed to map dummy regions for frida workaround"))?; } } let mut modules_to_instrument = vec![options .harness .as_ref() - .unwrap() + .ok_or_else(|| Error::unknown("No modueles to instrument"))? .to_string_lossy() .to_string()]; modules_to_instrument.append(&mut options.libs_to_instrument.clone()); @@ -209,14 +209,14 @@ where .mode(arch::arm64::ArchMode::Arm) .detail(true) .build() - .expect("Failed to create Capstone object"), + .map_err(|_| Error::unknown("Failed to create Capstone object"))?, #[cfg(all(target_arch = "x86_64", unix))] capstone: Capstone::new() .x86() .mode(arch::x86::ArchMode::Mode64) .detail(true) .build() - .expect("Failed to create Capstone object"), + .map_err(|_| Error::unknown("Failed to create Capstone object"))?, ranges: RangeMap::new(), module_map: ModuleMap::new_from_names(gum, &modules_to_instrument), options, @@ -235,7 +235,8 @@ where } if !options.dont_instrument.is_empty() { for (module_name, offset) in options.dont_instrument.clone() { - let module_details = ModuleDetails::with_name(module_name).unwrap(); + let module_details = ModuleDetails::with_name(module_name.clone()) + .ok_or_else(|| Error::unknown("Module {module_name} not found"))?; let lib_start = module_details.range().base_address().0 as usize; // println!("removing address: {:#x}", lib_start + offset); helper @@ -365,7 +366,7 @@ where helper.transformer = Some(transformer); - helper + Ok(helper) } /// Return the runtime