SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

allow all input from env

Browse Source
This commit is contained in:
Alwin Berger 2022-11-03 10:38:17 +01:00
parent efef29f877
commit 60e49f2377
1 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
fuzzers/qemu_fret/src/fuzzer.rs
View File

@ -93,10 +93,15 @@ pub fn fuzz() {
emu.remove_breakpoint(test_one_input_ptr); // LLVMFuzzerTestOneInput emu.remove_breakpoint(test_one_input_ptr); // LLVMFuzzerTestOneInput
emu.set_breakpoint(ret_addr); // LLVMFuzzerTestOneInput ret addr emu.set_breakpoint(ret_addr); // LLVMFuzzerTestOneInput ret addr
let input_addr = match env::var("DIRECT_WRITE") {
let input_addr = emu Ok(_) => elf
.map_private(0, MAX_INPUT_SIZE, MmapPerms::ReadWrite) .resolve_symbol(&env::var("FUZZ_INPUT").expect("FUZZ_INPUT not set"), emu.load_addr())
.unwrap(); .expect("FUZZ_INPUT symbol not found"),
_ => emu
.map_private(0, MAX_INPUT_SIZE, MmapPerms::ReadWrite)
.unwrap(),
};
println!("Placing input at {:#x}", input_addr); println!("Placing input at {:#x}", input_addr);
// The wrapped harness function, calling out to the LLVM-style harness // The wrapped harness function, calling out to the LLVM-style harness
@ -112,10 +117,13 @@ pub fn fuzz() {
unsafe { unsafe {
emu.write_mem(input_addr, buf); emu.write_mem(input_addr, buf);
emu.write_reg(Regs::Rdi, input_addr).unwrap(); if env::var("DIRECT_WRITE").is_err() {
emu.write_reg(Regs::Rsi, len).unwrap(); println!("Write reg");
emu.write_reg(Regs::Rip, test_one_input_ptr).unwrap(); emu.write_reg(Regs::Rdi, input_addr).unwrap();
emu.write_reg(Regs::Rsp, stack_ptr).unwrap(); emu.write_reg(Regs::Rsi, len).unwrap();
}
emu.write_reg(Regs::Rip, test_one_input_ptr).unwrap();
emu.write_reg(Regs::Rsp, stack_ptr).unwrap();
emu.run(); emu.run();
} }