From 519ea435ed7e374fc14d0af8ac0a0ad35310ad2f Mon Sep 17 00:00:00 2001
From: Karthik Prakash <116057817+skoriop@users.noreply.github.com>
Date: Tue, 30 Jan 2024 20:55:59 +0530
Subject: [PATCH] LibAFL_libFuzzer: Default `ignore_*` flags to true when
 `tui=1` (#1820)

* default `ignore_*` flags to true if `tui=1`

* update docs

* refactor code to use `Option<bool>` instead of extra struct members
---
 libafl_libfuzzer/README.md                    |  1 +
 .../libafl_libfuzzer_runtime/src/options.rs   | 35 +++++++++++++------
 libafl_libfuzzer/src/lib.rs                   |  1 +
 3 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/libafl_libfuzzer/README.md b/libafl_libfuzzer/README.md
index d9854d87ba..6fcd0daba8 100644
--- a/libafl_libfuzzer/README.md
+++ b/libafl_libfuzzer/README.md
@@ -130,6 +130,7 @@ to partial support of libfuzzer flags, `libafl_libfuzzer` offers:
 - `-fork` and `-jobs`
     - in `libafl_libfuzzer`, these are synonymous
 - `-ignore_crashes`, `-ignore_ooms`, and `-ignore_timeouts`
+    - note that setting `-tui=1` enables these flags by default, so you'll need to explicitly mention `-ignore_...=0` to disable them
 - `-rss_limit_mb` and `-malloc_limit_mb`
 - `-ignore_remaining_args`
 - `-shrink`
diff --git a/libafl_libfuzzer/libafl_libfuzzer_runtime/src/options.rs b/libafl_libfuzzer/libafl_libfuzzer_runtime/src/options.rs
index 58b3b25f08..67965947b5 100644
--- a/libafl_libfuzzer/libafl_libfuzzer_runtime/src/options.rs
+++ b/libafl_libfuzzer/libafl_libfuzzer_runtime/src/options.rs
@@ -239,9 +239,9 @@ struct LibfuzzerOptionsBuilder<'a> {
     forks: Option<usize>,
     dict: Option<&'a str>,
     dirs: Vec<&'a str>,
-    ignore_crashes: bool,
-    ignore_timeouts: bool,
-    ignore_ooms: bool,
+    ignore_crashes: Option<bool>,
+    ignore_timeouts: Option<bool>,
+    ignore_ooms: Option<bool>,
     rss_limit: Option<usize>,
     malloc_limit: Option<usize>,
     ignore_remaining: bool,
@@ -313,12 +313,14 @@ impl<'a> LibfuzzerOptionsBuilder<'a> {
                             self.forks = Some(parse_or_bail!(name, value, usize));
                         }
                         "ignore_crashes" => {
-                            self.ignore_crashes = parse_or_bail!(name, value, u64) > 0;
+                            self.ignore_crashes = Some(parse_or_bail!(name, value, u64) > 0);
                         }
                         "ignore_timeouts" => {
-                            self.ignore_timeouts = parse_or_bail!(name, value, u64) > 0;
+                            self.ignore_timeouts = Some(parse_or_bail!(name, value, u64) > 0);
+                        }
+                        "ignore_ooms" => {
+                            self.ignore_ooms = Some(parse_or_bail!(name, value, u64) > 0);
                         }
-                        "ignore_ooms" => self.ignore_ooms = parse_or_bail!(name, value, u64) > 0,
                         "rss_limit_mb" => {
                             self.rss_limit = Some(parse_or_bail!(name, value, usize) << 20);
                         }
@@ -331,7 +333,20 @@ impl<'a> LibfuzzerOptionsBuilder<'a> {
                         "dedup" => self.dedup = parse_or_bail!(name, value, u64) > 0,
                         "shrink" => self.shrink = parse_or_bail!(name, value, u64) > 0,
                         "skip_tracing" => self.skip_tracing = parse_or_bail!(name, value, u64) > 0,
-                        "tui" => self.tui = parse_or_bail!(name, value, u64) > 0,
+                        "tui" => {
+                            self.tui = parse_or_bail!(name, value, u64) > 0;
+                            if self.tui {
+                                if self.ignore_crashes.is_none() {
+                                    self.ignore_crashes = Some(true);
+                                }
+                                if self.ignore_timeouts.is_none() {
+                                    self.ignore_timeouts = Some(true);
+                                }
+                                if self.ignore_ooms.is_none() {
+                                    self.ignore_ooms = Some(true);
+                                }
+                            }
+                        }
                         "runs" => self.runs = parse_or_bail!(name, value, usize),
                         "close_fd_mask" => self.close_fd_mask = parse_or_bail!(name, value, u8),
                         _ => {
@@ -362,9 +377,9 @@ impl<'a> LibfuzzerOptionsBuilder<'a> {
                 Tokens::from_file(path).expect("Couldn't load tokens from specified dictionary")
             }),
             dirs: self.dirs.into_iter().map(PathBuf::from).collect(),
-            ignore_crashes: self.ignore_crashes,
-            ignore_timeouts: self.ignore_timeouts,
-            ignore_ooms: self.ignore_ooms,
+            ignore_crashes: self.ignore_crashes.unwrap_or_default(),
+            ignore_timeouts: self.ignore_timeouts.unwrap_or_default(),
+            ignore_ooms: self.ignore_ooms.unwrap_or_default(),
             rss_limit: match self.rss_limit.unwrap_or(2 << 30) {
                 0 => usize::MAX,
                 value => value,
diff --git a/libafl_libfuzzer/src/lib.rs b/libafl_libfuzzer/src/lib.rs
index 354fbfc95f..b3ad2c48bd 100644
--- a/libafl_libfuzzer/src/lib.rs
+++ b/libafl_libfuzzer/src/lib.rs
@@ -58,6 +58,7 @@
 //! - `-fork` and `-jobs`
 //!   - in `libafl_libfuzzer`, these are synonymous
 //! - `-ignore_crashes`, `-ignore_ooms`, and `-ignore_timeouts`
+//!   - note that setting `-tui=1` enables these flags by default, so you'll need to explicitly mention `-ignore_...=0` to disable them
 //! - `-rss_limit_mb` and `-malloc_limit_mb`
 //! - `-ignore_remaining_args`
 //! - `-shrink`