SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cargo clippy

Browse Source
This commit is contained in:
Dominik Maier 2021-04-28 14:32:59 +02:00
parent e418198e78
commit 5ab480ac3e
8 changed files with 70 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
libafl/examples/llmp_test/main.rs
View File

@ -3,9 +3,8 @@ This shows how llmp can be used directly, without libafl abstractions
*/ */
extern crate alloc; extern crate alloc;
use alloc::rc::Rc;
#[cfg(all(unix, feature = "std"))] #[cfg(all(unix, feature = "std"))]
use core::{cell::RefCell, convert::TryInto, time::Duration}; use core::{convert::TryInto, time::Duration};
#[cfg(all(unix, feature = "std"))] #[cfg(all(unix, feature = "std"))]
use std::{thread, time}; use std::{thread, time};

1
libafl/src/bolts/llmp.rs
View File

@ -1683,6 +1683,7 @@ where
/// Reattach to a vacant client map. /// Reattach to a vacant client map.
/// It is essential, that the broker (or someone else) kept a pointer to the out_map /// It is essential, that the broker (or someone else) kept a pointer to the out_map
/// else reattach will get a new, empty page, from the OS, or fail /// else reattach will get a new, empty page, from the OS, or fail
#[allow(clippy::needless_pass_by_value)]
pub fn on_existing_map( pub fn on_existing_map(
shmem_provider: SP, shmem_provider: SP,
_current_out_map: SP::Mem, _current_out_map: SP::Mem,

15
libafl/src/bolts/os/ashmem_server.rs
View File

@ -215,7 +215,6 @@ enum AshmemResponse {
impl AshmemService { impl AshmemService {
/// Create a new AshMem service /// Create a new AshMem service
#[must_use]
fn new() -> Result<Self, Error> { fn new() -> Result<Self, Error> {
Ok(AshmemService { Ok(AshmemService {
provider: AshmemShMemProvider::new()?, provider: AshmemShMemProvider::new()?,
@ -316,11 +315,7 @@ impl AshmemService {
client client
.stream .stream
.send_fds(&id.to_string().as_bytes(), &[server_fd])?; .send_fds(&id.to_string().as_bytes(), &[server_fd])?;
client client.maps.entry(server_fd).or_default().push(mapping);
.maps
.entry(server_fd)
.or_default()
.push(mapping.clone());
} }
AshmemResponse::Id(id) => { AshmemResponse::Id(id) => {
let client = self.clients.get_mut(&client_id).unwrap(); let client = self.clients.get_mut(&client_id).unwrap();
@ -342,7 +337,7 @@ impl AshmemService {
let syncpair = Arc::new((Mutex::new(false), Condvar::new())); let syncpair = Arc::new((Mutex::new(false), Condvar::new()));
let childsyncpair = Arc::clone(&syncpair); let childsyncpair = Arc::clone(&syncpair);
let join_handle = let join_handle =
thread::spawn(move || Self::new()?.listen(ASHMEM_SERVER_NAME, childsyncpair)); thread::spawn(move || Self::new()?.listen(ASHMEM_SERVER_NAME, &childsyncpair));
let (lock, cvar) = &*syncpair; let (lock, cvar) = &*syncpair;
let mut started = lock.lock().unwrap(); let mut started = lock.lock().unwrap();
@ -358,14 +353,14 @@ impl AshmemService {
fn listen( fn listen(
&mut self, &mut self,
filename: &str, filename: &str,
syncpair: Arc<(Mutex<bool>, Condvar)>, syncpair: &Arc<(Mutex<bool>, Condvar)>,
) -> Result<(), Error> { ) -> Result<(), Error> {
let listener = if let Ok(listener) = let listener = if let Ok(listener) =
UnixListener::bind_unix_addr(&UnixSocketAddr::new(filename)?) UnixListener::bind_unix_addr(&UnixSocketAddr::new(filename)?)
{ {
listener listener
} else { } else {
let (lock, cvar) = &*syncpair; let (lock, cvar) = &**syncpair;
*lock.lock().unwrap() = true; *lock.lock().unwrap() = true;
cvar.notify_one(); cvar.notify_one();
return Err(Error::Unknown( return Err(Error::Unknown(
@ -377,7 +372,7 @@ impl AshmemService {
PollFlags::POLLIN | PollFlags::POLLRDNORM | PollFlags::POLLRDBAND, PollFlags::POLLIN | PollFlags::POLLRDNORM | PollFlags::POLLRDBAND,
)]; )];
let (lock, cvar) = &*syncpair; let (lock, cvar) = &**syncpair;
*lock.lock().unwrap() = true; *lock.lock().unwrap() = true;
cvar.notify_one(); cvar.notify_one();

14
libafl/src/bolts/shmem.rs
View File

@ -230,9 +230,9 @@ where
type Mem = RcShMem<T>; type Mem = RcShMem<T>;
fn new() -> Result<Self, Error> { fn new() -> Result<Self, Error> {
return Ok(Self { Ok(Self {
internal: Rc::new(RefCell::new(T::new()?)), internal: Rc::new(RefCell::new(T::new()?)),
}); })
} }
fn new_map(&mut self, map_size: usize) -> Result<Self::Mem, Error> { fn new_map(&mut self, map_size: usize) -> Result<Self::Mem, Error> {
@ -354,7 +354,7 @@ pub mod unix_shmem {
let map = shmat(os_id, ptr::null(), 0) as *mut c_uchar; let map = shmat(os_id, ptr::null(), 0) as *mut c_uchar;
if map == usize::MAX as c_int as *mut c_void as *mut c_uchar || map.is_null() { if map as c_int == -1 || map.is_null() {
shmctl(os_id, 0, ptr::null_mut()); shmctl(os_id, 0, ptr::null_mut());
return Err(Error::Unknown( return Err(Error::Unknown(
"Failed to map the shared mapping".to_string(), "Failed to map the shared mapping".to_string(),
@ -557,7 +557,8 @@ pub mod unix_shmem {
pub fn from_id_and_size(id: ShMemId, map_size: usize) -> Result<Self, Error> { pub fn from_id_and_size(id: ShMemId, map_size: usize) -> Result<Self, Error> {
unsafe { unsafe {
let fd: i32 = id.to_string().parse().unwrap(); let fd: i32 = id.to_string().parse().unwrap();
if ioctl(fd, ASHMEM_GET_SIZE) != map_size as i32 { #[allow(clippy::cast_sign_loss)]
if ioctl(fd, ASHMEM_GET_SIZE) as u32 as usize != map_size {
return Err(Error::Unknown( return Err(Error::Unknown(
"The mapping's size differs from the requested size".to_string(), "The mapping's size differs from the requested size".to_string(),
)); ));
@ -613,11 +614,12 @@ pub mod unix_shmem {
unsafe { unsafe {
let fd: i32 = self.id.to_string().parse().unwrap(); let fd: i32 = self.id.to_string().parse().unwrap();
let length = ioctl(fd, ASHMEM_GET_SIZE); #[allow(clippy::cast_sign_loss)]
let length = ioctl(fd, ASHMEM_GET_SIZE) as u32;
let ap = ashmem_pin { let ap = ashmem_pin {
offset: 0, offset: 0,
len: length as u32, len: length,
}; };
ioctl(fd, ASHMEM_UNPIN, &ap); ioctl(fd, ASHMEM_UNPIN, &ap);

75
libafl_frida/src/asan_rt.rs
View File

@ -30,7 +30,7 @@ use serde::{Deserialize, Serialize};
use std::{ use std::{
cell::{RefCell, RefMut}, cell::{RefCell, RefMut},
ffi::c_void, ffi::c_void,
io::Write, io::{self, Write},
rc::Rc, rc::Rc,
}; };
use termcolor::{Color, ColorSpec, WriteColor}; use termcolor::{Color, ColorSpec, WriteColor};
@ -72,8 +72,13 @@ struct AllocationMetadata {
} }
impl Allocator { impl Allocator {
fn new(runtime: Rc<RefCell<AsanRuntime>>) { fn setup(runtime: Rc<RefCell<AsanRuntime>>) {
let page_size = unsafe { sysconf(_SC_PAGESIZE) as usize }; let ret = unsafe { sysconf(_SC_PAGESIZE) };
if ret < 0 {
panic!("Failed to read pagesize {:?}", io::Error::last_os_error());
}
#[allow(clippy::cast_sign_loss)]
let page_size = ret as usize;
// probe to find a usable shadow bit: // probe to find a usable shadow bit:
let mut shadow_bit: usize = 0; let mut shadow_bit: usize = 0;
for try_shadow_bit in &[46usize, 36usize] { for try_shadow_bit in &[46usize, 36usize] {
@ -98,7 +103,7 @@ impl Allocator {
// attempt to pre-map the entire shadow-memory space // attempt to pre-map the entire shadow-memory space
let addr: usize = 1 << shadow_bit; let addr: usize = 1 << shadow_bit;
let pre_allocated_shadow = if let Ok(_) = unsafe { let pre_allocated_shadow = unsafe {
mmap( mmap(
addr as *mut c_void, addr as *mut c_void,
addr + addr, addr + addr,
@ -107,13 +112,10 @@ impl Allocator {
-1, -1,
0, 0,
) )
} { }
true .is_ok();
} else {
false
};
let res = Self { let allocator = Self {
runtime, runtime,
page_size, page_size,
pre_allocated_shadow, pre_allocated_shadow,
@ -124,7 +126,7 @@ impl Allocator {
allocation_queue: HashMap::new(), allocation_queue: HashMap::new(),
}; };
unsafe { unsafe {
ALLOCATOR_SINGLETON = Some(RefCell::new(res)); ALLOCATOR_SINGLETON = Some(RefCell::new(allocator));
} }
} }
@ -139,7 +141,7 @@ impl Allocator {
} }
pub fn init(runtime: Rc<RefCell<AsanRuntime>>) { pub fn init(runtime: Rc<RefCell<AsanRuntime>>) {
Self::new(runtime); Self::setup(runtime);
} }
#[inline] #[inline]
@ -210,7 +212,7 @@ impl Allocator {
address: mapping + self.page_size, address: mapping + self.page_size,
size, size,
actual_size: rounded_up_size, actual_size: rounded_up_size,
..Default::default() ..AllocationMetadata::default()
}; };
if self if self
@ -235,17 +237,16 @@ impl Allocator {
} }
pub unsafe fn release(&mut self, ptr: *mut c_void) { pub unsafe fn release(&mut self, ptr: *mut c_void) {
let mut metadata = match self.allocations.get_mut(&(ptr as usize)) { let mut metadata = if let Some(metadata) = self.allocations.get_mut(&(ptr as usize)) {
Some(metadata) => metadata, metadata
None => { } else {
if !ptr.is_null() { if !ptr.is_null() {
// TODO: report this as an observer // TODO: report this as an observer
self.runtime self.runtime
.borrow_mut() .borrow_mut()
.report_error(AsanError::UnallocatedFree((ptr as usize, Backtrace::new()))); .report_error(AsanError::UnallocatedFree((ptr as usize, Backtrace::new())));
}
return;
} }
return;
}; };
if metadata.freed { if metadata.freed {
@ -876,7 +877,7 @@ impl AsanRuntime {
let mut actual_pc = self.regs[31]; let mut actual_pc = self.regs[31];
actual_pc = match self.stalked_addresses.get(&actual_pc) { actual_pc = match self.stalked_addresses.get(&actual_pc) {
Some(addr) => *addr, Some(addr) => *addr,
_ => actual_pc, None => actual_pc,
}; };
let cs = Capstone::new() let cs = Capstone::new()
@ -1006,12 +1007,10 @@ impl AsanRuntime {
} else { } else {
AsanError::OobRead(asan_readwrite_error) AsanError::OobRead(asan_readwrite_error)
} }
} else if metadata.freed {
AsanError::WriteAfterFree(asan_readwrite_error)
} else { } else {
if metadata.freed { AsanError::OobWrite(asan_readwrite_error)
AsanError::WriteAfterFree(asan_readwrite_error)
} else {
AsanError::OobWrite(asan_readwrite_error)
}
} }
} else { } else {
AsanError::Unknown(( AsanError::Unknown((
@ -1043,6 +1042,7 @@ impl AsanRuntime {
) )
})); }));
#[allow(clippy::non_ascii_literal)]
writeln!(output, "{:━^100}", " Memory error detected! ").unwrap(); writeln!(output, "{:━^100}", " Memory error detected! ").unwrap();
output output
.set_color(ColorSpec::new().set_fg(Some(Color::Red))) .set_color(ColorSpec::new().set_fg(Some(Color::Red)))
@ -1075,6 +1075,7 @@ impl AsanRuntime {
} }
output.reset().unwrap(); output.reset().unwrap();
#[allow(clippy::non_ascii_literal)]
writeln!(output, "{:━^100}", " REGISTERS ").unwrap(); writeln!(output, "{:━^100}", " REGISTERS ").unwrap();
for reg in 0..=30 { for reg in 0..=30 {
if reg == basereg { if reg == basereg {
@ -1094,11 +1095,12 @@ impl AsanRuntime {
.unwrap(); .unwrap();
output.reset().unwrap(); output.reset().unwrap();
if reg % 4 == 3 { if reg % 4 == 3 {
write!(output, "\n").unwrap(); writeln!(output).unwrap();
} }
} }
writeln!(output, "pc : 0x{:016x} ", error.pc).unwrap(); writeln!(output, "pc : 0x{:016x} ", error.pc).unwrap();
#[allow(clippy::non_ascii_literal)]
writeln!(output, "{:━^100}", " CODE ").unwrap(); writeln!(output, "{:━^100}", " CODE ").unwrap();
let mut cs = Capstone::new() let mut cs = Capstone::new()
.arm64() .arm64()
@ -1131,6 +1133,7 @@ impl AsanRuntime {
.print_trace(&error.backtrace, output) .print_trace(&error.backtrace, output)
.unwrap(); .unwrap();
#[allow(clippy::non_ascii_literal)]
writeln!(output, "{:━^100}", " ALLOCATION INFO ").unwrap(); writeln!(output, "{:━^100}", " ALLOCATION INFO ").unwrap();
let offset: i64 = fault_address as i64 - error.metadata.address as i64; let offset: i64 = fault_address as i64 - error.metadata.address as i64;
let direction = if offset > 0 { "right" } else { "left" }; let direction = if offset > 0 { "right" } else { "left" };
@ -1152,6 +1155,7 @@ impl AsanRuntime {
} }
if error.metadata.freed { if error.metadata.freed {
#[allow(clippy::non_ascii_literal)]
writeln!(output, "{:━^100}", " FREE INFO ").unwrap(); writeln!(output, "{:━^100}", " FREE INFO ").unwrap();
if let Some(backtrace) = error.metadata.release_site_backtrace.as_mut() { if let Some(backtrace) = error.metadata.release_site_backtrace.as_mut() {
writeln!(output, "free site backtrace:").unwrap(); writeln!(output, "free site backtrace:").unwrap();
@ -1183,6 +1187,7 @@ impl AsanRuntime {
} }
output.reset().unwrap(); output.reset().unwrap();
#[allow(clippy::non_ascii_literal)]
writeln!(output, "{:━^100}", " REGISTERS ").unwrap(); writeln!(output, "{:━^100}", " REGISTERS ").unwrap();
for reg in 0..=30 { for reg in 0..=30 {
if reg == basereg { if reg == basereg {
@ -1202,6 +1207,7 @@ impl AsanRuntime {
} }
writeln!(output, "pc : 0x{:016x} ", pc).unwrap(); writeln!(output, "pc : 0x{:016x} ", pc).unwrap();
#[allow(clippy::non_ascii_literal)]
writeln!(output, "{:━^100}", " CODE ").unwrap(); writeln!(output, "{:━^100}", " CODE ").unwrap();
let mut cs = Capstone::new() let mut cs = Capstone::new()
.arm64() .arm64()
@ -1237,6 +1243,7 @@ impl AsanRuntime {
output.reset().unwrap(); output.reset().unwrap();
backtrace_printer.print_trace(&backtrace, output).unwrap(); backtrace_printer.print_trace(&backtrace, output).unwrap();
#[allow(clippy::non_ascii_literal)]
writeln!(output, "{:━^100}", " ALLOCATION INFO ").unwrap(); writeln!(output, "{:━^100}", " ALLOCATION INFO ").unwrap();
writeln!( writeln!(
output, output,
@ -1253,6 +1260,7 @@ impl AsanRuntime {
backtrace.resolve(); backtrace.resolve();
backtrace_printer.print_trace(backtrace, output).unwrap(); backtrace_printer.print_trace(backtrace, output).unwrap();
} }
#[allow(clippy::non_ascii_literal)]
writeln!(output, "{:━^100}", " FREE INFO ").unwrap(); writeln!(output, "{:━^100}", " FREE INFO ").unwrap();
if let Some(backtrace) = metadata.release_site_backtrace.as_mut() { if let Some(backtrace) = metadata.release_site_backtrace.as_mut() {
writeln!(output, "previous free site backtrace:").unwrap(); writeln!(output, "previous free site backtrace:").unwrap();
@ -1269,6 +1277,7 @@ impl AsanRuntime {
writeln!(output, " of {:?}", ptr).unwrap(); writeln!(output, " of {:?}", ptr).unwrap();
output.reset().unwrap(); output.reset().unwrap();
#[allow(clippy::non_ascii_literal)]
writeln!(output, "{:━^100}", " ALLOCATION INFO ").unwrap(); writeln!(output, "{:━^100}", " ALLOCATION INFO ").unwrap();
writeln!( writeln!(
output, output,
@ -1310,6 +1319,7 @@ impl AsanRuntime {
} }
output.reset().unwrap(); output.reset().unwrap();
#[allow(clippy::non_ascii_literal)]
writeln!(output, "{:━^100}", " REGISTERS ").unwrap(); writeln!(output, "{:━^100}", " REGISTERS ").unwrap();
for reg in 0..=30 { for reg in 0..=30 {
if reg == basereg { if reg == basereg {
@ -1329,6 +1339,7 @@ impl AsanRuntime {
} }
writeln!(output, "pc : 0x{:016x} ", pc).unwrap(); writeln!(output, "pc : 0x{:016x} ", pc).unwrap();
#[allow(clippy::non_ascii_literal)]
writeln!(output, "{:━^100}", " CODE ").unwrap(); writeln!(output, "{:━^100}", " CODE ").unwrap();
let mut cs = Capstone::new() let mut cs = Capstone::new()
.arm64() .arm64()
@ -1367,6 +1378,7 @@ impl AsanRuntime {
} }
/// Generate the instrumentation blobs for the current arch. /// Generate the instrumentation blobs for the current arch.
#[allow(clippy::similar_names)] // We allow things like dword and qword
fn generate_instrumentation_blobs(&mut self) { fn generate_instrumentation_blobs(&mut self) {
let shadow_bit = Allocator::get().shadow_bit as u32; let shadow_bit = Allocator::get().shadow_bit as u32;
macro_rules! shadow_check { macro_rules! shadow_check {
@ -1765,6 +1777,7 @@ impl AsanRuntime {
pub static mut ASAN_ERRORS: Option<AsanErrors> = None; pub static mut ASAN_ERRORS: Option<AsanErrors> = None;
#[derive(Serialize, Deserialize)] #[derive(Serialize, Deserialize)]
#[allow(clippy::unsafe_derive_deserialize)]
pub struct AsanErrorsObserver { pub struct AsanErrorsObserver {
errors: OwnedPtr<Option<AsanErrors>>, errors: OwnedPtr<Option<AsanErrors>>,
} }
@ -1832,7 +1845,7 @@ where
) -> Result<u32, Error> { ) -> Result<u32, Error> {
let observer = observers let observer = observers
.match_first_type::<AsanErrorsObserver>() .match_first_type::<AsanErrorsObserver>()
.expect("An AsanErrorsFeedback needs an AsanErrorsObserver".into()); .expect("An AsanErrorsFeedback needs an AsanErrorsObserver");
match observer.errors() { match observer.errors() {
None => Ok(0), None => Ok(0),
Some(errors) => { Some(errors) => {

4
libafl_frida/src/helper.rs
View File

@ -193,7 +193,7 @@ impl<'a> FridaInstrumentationHelper<'a> {
gum: &'a Gum, gum: &'a Gum,
options: FridaOptions, options: FridaOptions,
_harness_module_name: &str, _harness_module_name: &str,
modules_to_instrument: &'a Vec<&str>, modules_to_instrument: &'a [&str],
) -> Self { ) -> Self {
let mut helper = Self { let mut helper = Self {
map: [0u8; MAP_SIZE], map: [0u8; MAP_SIZE],
@ -247,7 +247,7 @@ impl<'a> FridaInstrumentationHelper<'a> {
.real_address_for_stalked(get_pc(&context)) .real_address_for_stalked(get_pc(&context))
{ {
Some(address) => *address, Some(address) => *address,
_ => get_pc(&context), None => get_pc(&context),
}; };
//let (range, (id, name)) = helper.ranges.get_key_value(&real_address).unwrap(); //let (range, (id, name)) = helper.ranges.get_key_value(&real_address).unwrap();
//println!("{}:0x{:016x}", name, real_address - range.start); //println!("{}:0x{:016x}", name, real_address - range.start);

15
libafl_frida/src/lib.rs
View File

@ -3,6 +3,7 @@ pub mod helper;
/// A representation of the various Frida options /// A representation of the various Frida options
#[derive(Clone, Copy, Debug)] #[derive(Clone, Copy, Debug)]
#[allow(clippy::struct_excessive_bools)]
pub struct FridaOptions { pub struct FridaOptions {
enable_asan: bool, enable_asan: bool,
enable_asan_leak_detection: bool, enable_asan_leak_detection: bool,
@ -66,44 +67,44 @@ impl FridaOptions {
/// Is ASAN enabled? /// Is ASAN enabled?
#[inline] #[inline]
pub fn asan_enabled(&self) -> bool { pub fn asan_enabled(self) -> bool {
self.enable_asan self.enable_asan
} }
/// Is coverage enabled? /// Is coverage enabled?
#[inline] #[inline]
pub fn coverage_enabled(&self) -> bool { pub fn coverage_enabled(self) -> bool {
self.enable_coverage self.enable_coverage
} }
/// Is DrCov enabled? /// Is DrCov enabled?
#[inline] #[inline]
pub fn drcov_enabled(&self) -> bool { pub fn drcov_enabled(self) -> bool {
self.enable_drcov self.enable_drcov
} }
/// Should ASAN detect leaks /// Should ASAN detect leaks
#[inline] #[inline]
pub fn asan_detect_leaks(&self) -> bool { pub fn asan_detect_leaks(self) -> bool {
self.enable_asan_leak_detection self.enable_asan_leak_detection
} }
/// Should ASAN continue after a memory error is detected /// Should ASAN continue after a memory error is detected
#[inline] #[inline]
pub fn asan_continue_after_error(&self) -> bool { pub fn asan_continue_after_error(self) -> bool {
self.enable_asan_continue_after_error self.enable_asan_continue_after_error
} }
/// Should ASAN gather (and report) allocation-/free-site backtraces /// Should ASAN gather (and report) allocation-/free-site backtraces
#[inline] #[inline]
pub fn asan_allocation_backtraces(&self) -> bool { pub fn asan_allocation_backtraces(self) -> bool {
self.enable_asan_allocation_backtraces self.enable_asan_allocation_backtraces
} }
/// Whether stalker should be enabled. I.e. whether at least one stalker requiring option is /// Whether stalker should be enabled. I.e. whether at least one stalker requiring option is
/// enabled. /// enabled.
#[inline] #[inline]
pub fn stalker_enabled(&self) -> bool { pub fn stalker_enabled(self) -> bool {
self.enable_asan || self.enable_coverage || self.enable_drcov self.enable_asan || self.enable_coverage || self.enable_drcov
} }
} }

4
libafl_targets/src/lib.rs
View File

@ -11,9 +11,7 @@ pub mod libfuzzer;
pub use libfuzzer::*; pub use libfuzzer::*;
#[cfg(all(feature = "value_profile", feature = "cmplog"))] #[cfg(all(feature = "value_profile", feature = "cmplog"))]
compile_error!( compile_error!("the libafl_targets `value_profile` and `cmplog` features are mutually exclusive.");
"the libafl_targets `value_profile` and `cmplog` features are mutually exclusive."
);
#[cfg(feature = "value_profile")] #[cfg(feature = "value_profile")]
pub mod value_profile; pub mod value_profile;