SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

LibAFL_libFuzzer: Default ignore_* flags to true when tui=1 (#1820)

Browse Source 
* default `ignore_*` flags to true if `tui=1`

* update docs

* refactor code to use `Option<bool>` instead of extra struct members
This commit is contained in:
Karthik Prakash 2024-01-30 20:55:59 +05:30 committed by GitHub
parent 8b0068e39d
commit 519ea435ed
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 27 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
libafl_libfuzzer/README.md
View File

@ -130,6 +130,7 @@ to partial support of libfuzzer flags, `libafl_libfuzzer` offers:
- `-fork` and `-jobs`
- in `libafl_libfuzzer`, these are synonymous
- `-ignore_crashes`, `-ignore_ooms`, and `-ignore_timeouts`
- note that setting `-tui=1` enables these flags by default, so you'll need to explicitly mention `-ignore_...=0` to disable them
- `-rss_limit_mb` and `-malloc_limit_mb`
- `-ignore_remaining_args`
- `-shrink`

35
libafl_libfuzzer/libafl_libfuzzer_runtime/src/options.rs
View File

@ -239,9 +239,9 @@ struct LibfuzzerOptionsBuilder<'a> {
forks: Option<usize>,
dict: Option<&'a str>,
dirs: Vec<&'a str>,
ignore_crashes: bool,
ignore_timeouts: bool,
ignore_ooms: bool,
ignore_crashes: Option<bool>,
ignore_timeouts: Option<bool>,
ignore_ooms: Option<bool>,
rss_limit: Option<usize>,
malloc_limit: Option<usize>,
ignore_remaining: bool,
@ -313,12 +313,14 @@ impl<'a> LibfuzzerOptionsBuilder<'a> {
self.forks = Some(parse_or_bail!(name, value, usize));
}
"ignore_crashes" => {
self.ignore_crashes = parse_or_bail!(name, value, u64) > 0;
self.ignore_crashes = Some(parse_or_bail!(name, value, u64) > 0);
}
"ignore_timeouts" => {
self.ignore_timeouts = parse_or_bail!(name, value, u64) > 0;
self.ignore_timeouts = Some(parse_or_bail!(name, value, u64) > 0);
}
"ignore_ooms" => {
self.ignore_ooms = Some(parse_or_bail!(name, value, u64) > 0);
}
"ignore_ooms" => self.ignore_ooms = parse_or_bail!(name, value, u64) > 0,
"rss_limit_mb" => {
self.rss_limit = Some(parse_or_bail!(name, value, usize) << 20);
}
@ -331,7 +333,20 @@ impl<'a> LibfuzzerOptionsBuilder<'a> {
"dedup" => self.dedup = parse_or_bail!(name, value, u64) > 0,
"shrink" => self.shrink = parse_or_bail!(name, value, u64) > 0,
"skip_tracing" => self.skip_tracing = parse_or_bail!(name, value, u64) > 0,
"tui" => self.tui = parse_or_bail!(name, value, u64) > 0,
"tui" => {
self.tui = parse_or_bail!(name, value, u64) > 0;
if self.tui {
if self.ignore_crashes.is_none() {
self.ignore_crashes = Some(true);
}
if self.ignore_timeouts.is_none() {
self.ignore_timeouts = Some(true);
}
if self.ignore_ooms.is_none() {
self.ignore_ooms = Some(true);
}
}
}
"runs" => self.runs = parse_or_bail!(name, value, usize),
"close_fd_mask" => self.close_fd_mask = parse_or_bail!(name, value, u8),
_ => {
@ -362,9 +377,9 @@ impl<'a> LibfuzzerOptionsBuilder<'a> {
Tokens::from_file(path).expect("Couldn't load tokens from specified dictionary")
}),
dirs: self.dirs.into_iter().map(PathBuf::from).collect(),
ignore_crashes: self.ignore_crashes,
ignore_timeouts: self.ignore_timeouts,
ignore_ooms: self.ignore_ooms,
ignore_crashes: self.ignore_crashes.unwrap_or_default(),
ignore_timeouts: self.ignore_timeouts.unwrap_or_default(),
ignore_ooms: self.ignore_ooms.unwrap_or_default(),
rss_limit: match self.rss_limit.unwrap_or(2 << 30) {
0 => usize::MAX,
value => value,

1
libafl_libfuzzer/src/lib.rs
View File

@ -58,6 +58,7 @@
//! - `-fork` and `-jobs`
//! - in `libafl_libfuzzer`, these are synonymous
//! - `-ignore_crashes`, `-ignore_ooms`, and `-ignore_timeouts`
//! - note that setting `-tui=1` enables these flags by default, so you'll need to explicitly mention `-ignore_...=0` to disable them
//! - `-rss_limit_mb` and `-malloc_limit_mb`
//! - `-ignore_remaining_args`
//! - `-shrink`