SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Intel PT minor fixes and improvements (#2749)

Browse Source 
* Fix build target

Create target directory if doesn't exist

* Remove filter on speculatively exec blocks

since also committed blocks can have this flag

* Add current ip_filters getter

* Fix possibile infinite loop in trace decode

* Add comment about target_path
This commit is contained in:
Marco C. 2024-12-06 19:14:08 +01:00 committed by GitHub
parent 42ba65e864
commit 6a87a9d6d6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 27 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
fuzzers/binary_only/intel_pt_command_executor/Makefile.toml
View File

@ -1,17 +1,23 @@
[env]
TARGET_DIR = "${CARGO_MAKE_CRATE_TARGET_DIRECTORY}"
[env.development] [env.development]
PROFILE_DIR = "debug" PROFILE_DIR = "debug"
[env.release] [env.release]
PROFILE_DIR = "release" PROFILE_DIR = "release"
[tasks.target_dir]
condition = { files_not_exist = ["${TARGET_DIR}"] }
script_runner = "@shell"
script = '''
mkdir -p ${TARGET_DIR}
'''
[tasks.build_target] [tasks.build_target]
dependencies = ["target_dir"]
command = "rustc" command = "rustc"
args = [ args = ["src/target_program.rs", "--out-dir", "${TARGET_DIR}", "-O"]
"src/target_program.rs",
"--out-dir",
"${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/${PROFILE_DIR}",
"-O",
]
[tasks.build_fuzzer] [tasks.build_fuzzer]
command = "cargo" command = "cargo"

3
fuzzers/binary_only/intel_pt_command_executor/src/main.rs
View File

@ -36,7 +36,10 @@ pub fn main() {
// Enable logging // Enable logging
env_logger::init(); env_logger::init();
// path of the program we want to fuzz
let target_path = PathBuf::from(env::args().next().unwrap()) let target_path = PathBuf::from(env::args().next().unwrap())
.parent()
.unwrap()
.parent() .parent()
.unwrap() .unwrap()
.join("target_program"); .join("target_program");

16
libafl_intelpt/src/lib.rs
View File

@ -179,6 +179,12 @@ impl IntelPT {
} }
} }
/// Get the current IP filters configuration
#[must_use]
pub fn ip_filters(&self) -> Vec<RangeInclusive<usize>> {
self.ip_filters.clone()
}
fn ip_filters_to_addr_filter(&self) -> AddrFilter { fn ip_filters_to_addr_filter(&self) -> AddrFilter {
let mut builder = AddrFilterBuilder::new(); let mut builder = AddrFilterBuilder::new();
let mut iter = self let mut iter = self
@ -400,7 +406,7 @@ impl IntelPT {
*status = s; *status = s;
let offset = decoder.offset().map_err(error_from_pt_error)?; let offset = decoder.offset().map_err(error_from_pt_error)?;
if b.ninsn() > 0 && !b.speculative() && skip < offset { if b.ninsn() > 0 && skip < offset {
let id = hash_me(*previous_block_end_ip) ^ hash_me(b.ip()); let id = hash_me(*previous_block_end_ip) ^ hash_me(b.ip());
// SAFETY: the index is < map.len() since the modulo operation is applied // SAFETY: the index is < map.len() since the modulo operation is applied
let map_loc = unsafe { map.get_unchecked_mut(id as usize % map.len()) }; let map_loc = unsafe { map.get_unchecked_mut(id as usize % map.len()) };
@ -408,17 +414,19 @@ impl IntelPT {
*previous_block_end_ip = b.end_ip(); *previous_block_end_ip = b.end_ip();
} }
if status.eos() {
break 'block;
}
} }
Err(e) => { Err(e) => {
if e.code() != PtErrorCode::Eos { if e.code() != PtErrorCode::Eos {
log::trace!("PT error in block next {e:?}"); log::trace!("PT error in block next {e:?}");
} }
}
}
if status.eos() {
break 'block; break 'block;
} }
} }
}
Ok(()) Ok(())
} }