SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

make libfuzzer run

Browse Source
This commit is contained in:
Andrea Fioraldi 2021-01-05 17:16:01 +01:00
parent 7297c9421d
commit 516e49d4b0
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
afl/src/executors/inmemory.rs
View File

@ -155,7 +155,7 @@ where
/// Serialize the current state and corpus during an executiont to bytes. /// Serialize the current state and corpus during an executiont to bytes.
/// This method is needed when the fuzzer run crashes and has to restart. /// This method is needed when the fuzzer run crashes and has to restart.
pub fn serialize_state_corpus<C, FT, I, OT, R>(state: &State<I, R, FT>, corpus: &C) -> Result<Vec<u8>, AflError> pub fn serialize_state_corpus<C, FT, I, R>(state: &State<I, R, FT>, corpus: &C) -> Result<Vec<u8>, AflError>
where where
C: Corpus<I, R>, C: Corpus<I, R>,
FT: FeedbacksTuple<I>, FT: FeedbacksTuple<I>,

6
fuzzers/libfuzzer_libpng/src/mod.rs
View File

@ -25,6 +25,7 @@ use afl::{
stages::mutational::StdMutationalStage, stages::mutational::StdMutationalStage,
tuples::tuple_list, tuples::tuple_list,
utils::StdRand, utils::StdRand,
inputs::BytesInput,
AflError, AflError,
}; };
@ -103,7 +104,7 @@ fn fuzz(input: Option<Vec<PathBuf>>, broker_port: u16) -> Result<(), AflError> {
// We are the fuzzing instance, first, connect to all channels. // We are the fuzzing instance, first, connect to all channels.
// Mgr to send and receive msgs from/to all other fuzzer instances // Mgr to send and receive msgs from/to all other fuzzer instances
mgr = LlmpEventManager::existing_client_from_env_std(ENV_FUZZER_BROKER_CLIENT, stats)?; mgr = LlmpEventManager::<BytesInput, _, _>::existing_client_from_env_std(ENV_FUZZER_BROKER_CLIENT, stats)?;
// A sender and a receiver for single communication // A sender and a receiver for single communication
let mut receiver = LlmpReceiver::<AflShmem>::on_existing_from_env(ENV_FUZZER_RECEIVER)?; let mut receiver = LlmpReceiver::<AflShmem>::on_existing_from_env(ENV_FUZZER_RECEIVER)?;
let mut sender = LlmpSender::<AflShmem>::on_existing_from_env(ENV_FUZZER_SENDER)?; let mut sender = LlmpSender::<AflShmem>::on_existing_from_env(ENV_FUZZER_SENDER)?;
@ -136,7 +137,7 @@ fn fuzz(input: Option<Vec<PathBuf>>, broker_port: u16) -> Result<(), AflError> {
unsafe { sender.reset_last_page() }; unsafe { sender.reset_last_page() };
// Create the engine // Create the engine
let executor = InMemoryExecutor::new( let executor = InMemoryExecutor::<_, _, _, LlmpEventManager<_, _, _>, _, _>::new(
"Libfuzzer", "Libfuzzer",
harness, harness,
tuple_list!(edges_observer), tuple_list!(edges_observer),
@ -144,6 +145,7 @@ fn fuzz(input: Option<Vec<PathBuf>>, broker_port: u16) -> Result<(), AflError> {
match exit_kind { match exit_kind {
ExitKind::Timeout => mgr.timeout(input).expect(&format!("Error sending Timeout event for input {:?}", input)), ExitKind::Timeout => mgr.timeout(input).expect(&format!("Error sending Timeout event for input {:?}", input)),
ExitKind::Crash => mgr.crash(input).expect(&format!("Error sending crash event for input {:?}", input)), ExitKind::Crash => mgr.crash(input).expect(&format!("Error sending crash event for input {:?}", input)),
_ => ()
} }
let state_corpus_serialized = serialize_state_corpus(state, corpus).unwrap(); let state_corpus_serialized = serialize_state_corpus(state, corpus).unwrap();
sender.send_buf(0x1, &state_corpus_serialized).unwrap(); sender.send_buf(0x1, &state_corpus_serialized).unwrap();