SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix overflow in Frida mode (#635)

Browse Source
This commit is contained in:
Dongjia Zhang 2022-05-17 22:06:38 +09:00 committed by GitHub
parent afb32fb351
commit 4eba9323c5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libafl/src/bolts/cli.rs
View File

@ -135,7 +135,7 @@ pub struct FuzzerOptions {
/// cores. 'none' to run a client without binding to any core.
/// ex: '1,2-4,6' selects the cores 1, 2, 3, 4, and 6.
#[cfg(feature = "frida_cli")]
#[clap(short, long, default_value = "0", parse(try_from_str = Cores::from_cmdline), help_heading = "ASAN Options")]
#[clap(long, default_value = "0", parse(try_from_str = Cores::from_cmdline), help_heading = "ASAN Options")]
pub asan_cores: Cores,
/// number of fuzz iterations to perform
@ -181,7 +181,7 @@ pub struct FuzzerOptions {
/// cores. 'none' to run a client without binding to any core.
/// ex: '1,2-4,6' selects the cores 1, 2, 3, 4, and 6.
#[cfg(feature = "frida_cli")]
#[clap(short, long, default_value = "0", parse(try_from_str = Cores::from_cmdline), help_heading = "Frida Options")]
#[clap(long, default_value = "0", parse(try_from_str = Cores::from_cmdline), help_heading = "Frida Options")]
pub cmplog_cores: Cores,
/// enable ASAN leak detection
@ -278,7 +278,7 @@ pub struct FuzzerOptions {
/// Spawn a client in each of the provided cores. Use 'all' to select all available
/// cores. 'none' to run a client without binding to any core.
/// ex: '1,2-4,6' selects the cores 1, 2, 3, 4, and 6.
#[clap(short, long, default_value = "0", parse(try_from_str = Cores::from_cmdline))]
#[clap(long, default_value = "0", parse(try_from_str = Cores::from_cmdline))]
pub cores: Cores,
/// port on which the broker should listen

4
libafl_frida/src/coverage_rt.rs
View File

@ -158,9 +158,9 @@ impl CoverageRuntime {
let bitflip = 0x1cad21f72c81017c ^ 0xdb979082e96dd4de;
let mut h64 = tmp ^ bitflip;
h64 = h64.rotate_left(49) & h64.rotate_left(24);
h64 *= 0x9FB21C651E98DF25;
h64 = h64.wrapping_mul(0x9FB21C651E98DF25);
h64 ^= (h64 >> 35) + 8;
h64 *= 0x9FB21C651E98DF25;
h64 = h64.wrapping_mul(0x9FB21C651E98DF25);
h64 ^= h64 >> 28;
let writer = output.writer();