SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixed fuzzbench early exits (#182)

Browse Source
This commit is contained in:
Dominik Maier 2021-06-22 09:02:56 +02:00 committed by GitHub
parent 57d6df7951
commit 5c5a1cf2e9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 35 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
fuzzers/fuzzbench/src/lib.rs
View File

@ -8,10 +8,10 @@ use nix::{self, unistd::dup};
use std::os::unix::io::{AsRawFd, FromRawFd}; use std::os::unix::io::{AsRawFd, FromRawFd};
use std::{ use std::{
env, env,
fs::{File, OpenOptions}, fs::{self, File, OpenOptions},
io, io::{self, Write},
io::Write,
path::PathBuf, path::PathBuf,
process,
}; };
use libafl::{ use libafl::{
@ -52,7 +52,7 @@ pub extern "C" fn fuzzer_main() {
// Needed only on no_std // Needed only on no_std
//RegistryBuilder::register::<Tokens>(); //RegistryBuilder::register::<Tokens>();
let res = App::new("libafl_fuzzbench") let res = match App::new("libafl_fuzzbench")
.version("0.4.0") .version("0.4.0")
.author("AFLplusplus team") .author("AFLplusplus team")
.about("LibAFL-based fuzzer for Fuzzbench") .about("LibAFL-based fuzzer for Fuzzbench")
@ -91,7 +91,20 @@ pub extern "C" fn fuzzer_main() {
.about("Timeout for each individual execution, in milliseconds") .about("Timeout for each individual execution, in milliseconds")
.default_value("1000"), .default_value("1000"),
) )
.get_matches(); .try_get_matches()
{
Ok(res) => res,
Err(err) => {
println!(
"Syntax: {}, [-x dictionary] corpus_dir seed_dir\n{:?}",
env::current_exe()
.unwrap_or_else(|_| "fuzzer".into())
.to_string_lossy(),
err.info,
);
return;
}
};
println!( println!(
"Workdir: {:?}", "Workdir: {:?}",
@ -100,11 +113,22 @@ pub extern "C" fn fuzzer_main() {
// For fuzzbench, crashes and finds are inside the same `corpus` directory, in the "queue" and "crashes" subdir. // For fuzzbench, crashes and finds are inside the same `corpus` directory, in the "queue" and "crashes" subdir.
let mut out_dir = PathBuf::from(res.value_of("out").unwrap().to_string()); let mut out_dir = PathBuf::from(res.value_of("out").unwrap().to_string());
if fs::create_dir(&out_dir).is_err() {
println!("Out dir at {:?} already exists.", &out_dir);
if !out_dir.is_dir() {
println!("Out dir at {:?} is not a valid directory!", &out_dir);
return;
}
}
let mut crashes = out_dir.clone(); let mut crashes = out_dir.clone();
crashes.push("crashes"); crashes.push("crashes");
out_dir.push("queue"); out_dir.push("queue");
let in_dir = PathBuf::from(res.value_of("in").unwrap().to_string()); let in_dir = PathBuf::from(res.value_of("in").unwrap().to_string());
if !in_dir.is_dir() {
println!("In dir at {:?} is not a valid directory!", &in_dir);
return;
}
let tokens = res.value_of("tokens").map(PathBuf::from); let tokens = res.value_of("tokens").map(PathBuf::from);
@ -287,7 +311,10 @@ fn fuzz(
if state.corpus().count() < 1 { if state.corpus().count() < 1 {
state state
.load_initial_inputs(&mut fuzzer, &mut executor, &mut mgr, &[seed_dir.clone()]) .load_initial_inputs(&mut fuzzer, &mut executor, &mut mgr, &[seed_dir.clone()])
.unwrap_or_else(|_| panic!("Failed to load initial corpus at {:?}", &seed_dir)); .unwrap_or_else(|_| {
println!("Failed to load initial corpus at {:?}", &seed_dir);
process::exit(0);
});
println!("We imported {} inputs from disk.", state.corpus().count()); println!("We imported {} inputs from disk.", state.corpus().count());
} }

3
libafl/src/executors/inprocess.rs
View File

@ -303,7 +303,8 @@ mod unix_signal_handler {
unsafe impl Send for InProcessExecutorHandlerData {} unsafe impl Send for InProcessExecutorHandlerData {}
unsafe impl Sync for InProcessExecutorHandlerData {} unsafe impl Sync for InProcessExecutorHandlerData {}
pub unsafe fn nop_handler( /// A handler that does nothing.
pub fn nop_handler(
_signal: Signal, _signal: Signal,
_info: siginfo_t, _info: siginfo_t,
_context: &mut ucontext_t, _context: &mut ucontext_t,