linpng example compiles

2021-01-17 11:11:15 +01:00 · 2021-01-17 11:11:15 +01:00 · 6ad82092cd
commit 6ad82092cd
parent db12506e2d
5 changed files with 62 additions and 58 deletions
--- a/afl/src/engines/mod.rs
+++ b/afl/src/engines/mod.rs
@ -89,7 +89,8 @@ where
                println!("Loading file {:?} ...", &path);
                let bytes = std::fs::read(&path)?;
                let input = BytesInput::new(bytes);
-                let fitness = self.evaluate_input(&input, engine.executor_mut(), corpus, manager)?;
+                let fitness =
+                    self.evaluate_input(&input, engine.executor_mut(), corpus, manager)?;
                if self.add_if_interesting(corpus, input, fitness)?.is_none() {
                    println!("File {:?} was not interesting, skipped.", &path);
                }
--- a/afl/src/executors/inmemory.rs
+++ b/afl/src/executors/inmemory.rs
@ -1,5 +1,5 @@
-use os_signals::set_oncrash_ptrs;
 use core::marker::PhantomData;
+use os_signals::set_oncrash_ptrs;

 use crate::{
    corpus::Corpus,
@ -45,27 +45,22 @@ where
    I: Input + HasTargetBytes,
    OT: ObserversTuple,
 {
-    
    fn pre_exec<R, FT, C, EM>(
        &mut self,
        state: &State<I, R, FT>,
        corpus: &C,
        event_mgr: &mut EM,
        input: &I,
-    ) -> Result<(), AflError> where
-        R: Rand ,
+    ) -> Result<(), AflError>
+    where
+        R: Rand,
        FT: FeedbacksTuple<I>,
        C: Corpus<I, R>,
        EM: EventManager<I>,
    {
        #[cfg(unix)]
        unsafe {
-            set_oncrash_ptrs::<EM, C, OT, FT, I, R>(
-                state,
-                corpus,
-                event_mgr,
-                input,
-            );
+            set_oncrash_ptrs::<EM, C, OT, FT, I, R>(state, corpus, event_mgr, input);
        }
        Ok(())
    }
@ -76,11 +71,13 @@ where
        _corpus: &C,
        _event_mgr: &mut EM,
        _input: &I,
-    ) -> Result<(), AflError> where
-        R: Rand ,
+    ) -> Result<(), AflError>
+    where
+        R: Rand,
        FT: FeedbacksTuple<I>,
        C: Corpus<I, R>,
-        EM: EventManager<I>, {
+        EM: EventManager<I>,
+    {
        #[cfg(unix)]
        unsafe {
            reset_oncrash_ptrs::<EM, C, OT, FT, I, R>();
@ -89,10 +86,7 @@ where
    }

    #[inline]
-    fn run_target(
-        &mut self,
-        input: &I,
-    ) -> Result<ExitKind, AflError> {
+    fn run_target(&mut self, input: &I) -> Result<ExitKind, AflError> {
        let bytes = input.target_bytes();
        let ret = (self.harness_fn)(self, bytes.as_slice());
        Ok(ret)
@ -145,11 +139,13 @@ where
        _state: &State<I, R, FT>,
        _corpus: &C,
        _event_mgr: &mut EM,
-    ) -> Self where
-        R: Rand ,
+    ) -> Self
+    where
+        R: Rand,
        FT: FeedbacksTuple<I>,
        C: Corpus<I, R>,
-        EM: EventManager<I>, {
+        EM: EventManager<I>,
+    {
        #[cfg(feature = "std")]
        unsafe {
            setup_crash_handlers::<EM, C, OT, FT, I, R>();
@ -159,7 +155,7 @@ where
            harness_fn,
            observers,
            name,
-            phantom: PhantomData
+            phantom: PhantomData,
        }
    }
 }
@ -203,13 +199,8 @@ pub mod unix_signals {
    };

    use crate::{
-        corpus::Corpus,
-        engines::State,
-        events::EventManager,
-        feedbacks::FeedbacksTuple,
-        inputs::Input,
-        observers::ObserversTuple,
-        utils::Rand,
+        corpus::Corpus, engines::State, events::EventManager, feedbacks::FeedbacksTuple,
+        inputs::Input, observers::ObserversTuple, utils::Rand,
    };

    /// Pointers to values only needed on crash. As the program will not continue after a crash,
--- a/afl/src/executors/mod.rs
+++ b/afl/src/executors/mod.rs
@ -6,14 +6,14 @@ pub mod runtime;
 use core::marker::PhantomData;

 use crate::{
-    engines::State,
    corpus::Corpus,
-    feedbacks::FeedbacksTuple,
+    engines::State,
    events::EventManager,
-    utils::Rand,
+    feedbacks::FeedbacksTuple,
    inputs::{HasTargetBytes, Input},
    observers::ObserversTuple,
    tuples::{MatchNameAndType, MatchType, Named, TupleList},
+    utils::Rand,
    AflError,
 };

@ -84,11 +84,15 @@ where
        _corpus: &C,
        _event_mgr: &mut EM,
        _input: &I,
-    ) -> Result<(), AflError> where
-        R: Rand ,
+    ) -> Result<(), AflError>
+    where
+        R: Rand,
        FT: FeedbacksTuple<I>,
        C: Corpus<I, R>,
-        EM: EventManager<I>, { Ok(()) }
+        EM: EventManager<I>,
+    {
+        Ok(())
+    }

    fn post_exec<R, FT, C, EM>(
        &mut self,
@ -96,18 +100,18 @@ where
        _corpus: &C,
        _event_mgr: &mut EM,
        _input: &I,
-    ) -> Result<(), AflError> where
-        R: Rand ,
+    ) -> Result<(), AflError>
+    where
+        R: Rand,
        FT: FeedbacksTuple<I>,
        C: Corpus<I, R>,
-        EM: EventManager<I>, { Ok(()) }
+        EM: EventManager<I>,
+    {
+        Ok(())
+    }

    /// Instruct the target about the input and run
-    fn run_target(
-        &mut self,
-        input: &I
-    ) -> Result<ExitKind, AflError>;
-    
+    fn run_target(&mut self, input: &I) -> Result<ExitKind, AflError>;
 }

 pub trait ExecutorsTuple<I>: MatchType + MatchNameAndType
--- a/afl/src/stages/mutational.rs
+++ b/afl/src/stages/mutational.rs
@ -61,7 +61,8 @@ where
            self.mutator_mut()
                .mutate(rand, corpus, &mut input_mut, i as i32)?;

-            let fitness = state.evaluate_input(&input_mut, engine.executor_mut(), corpus, manager)?;
+            let fitness =
+                state.evaluate_input(&input_mut, engine.executor_mut(), corpus, manager)?;

            self.mutator_mut()
                .post_exec(fitness, &input_mut, i as i32)?;
--- a/fuzzers/libfuzzer_libpng/src/mod.rs
+++ b/fuzzers/libfuzzer_libpng/src/mod.rs
@ -16,7 +16,7 @@ use afl::{
    executors::{inmemory::InMemoryExecutor, Executor, ExitKind},
    feedbacks::MaxMapFeedback,
    generators::RandPrintablesGenerator,
-    inputs::BytesInput,
+    inputs::{BytesInput, Input},
    mutators::{scheduled::HavocBytesMutator, HasMaxSize},
    observers::StdMapObserver,
    stages::mutational::StdMutationalStage,
@ -48,7 +48,11 @@ extern "C" {
 }

 /// The wrapped harness function, calling out to the llvm-style libfuzzer harness
-fn harness<I>(_executor: &dyn Executor<I>, buf: &[u8]) -> ExitKind {
+fn harness<E, I>(_executor: &E, buf: &[u8]) -> ExitKind
+where
+    E: Executor<I>,
+    I: Input,
+{
    unsafe {
        LLVMFuzzerTestOneInput(buf.as_ptr(), buf.len());
    }
@ -208,12 +212,8 @@ fn fuzz(input: Option<Vec<PathBuf>>, broker_port: u16) -> Result<(), AflError> {
    // We reset the sender, the next sender and receiver (after crash) will reuse the page from the initial message.
    unsafe { sender.reset_last_page() };

-    // Create the engine
-    let executor = InMemoryExecutor::<_, _, _, LlmpEventManager<_, _, _>, _, _>::new(
-        "Libfuzzer",
-        harness,
-        tuple_list!(edges_observer),
-        Box::new(move |exit_kind, input, state, corpus, mgr| {
+    /*
+    move |exit_kind, input, state, corpus, mgr| {
            match exit_kind {
                ExitKind::Timeout => mgr.timeout(input).expect(&format!(
                    "Error sending Timeout event for input {:?}",
@ -228,7 +228,14 @@ fn fuzz(input: Option<Vec<PathBuf>>, broker_port: u16) -> Result<(), AflError> {
            let state_corpus_serialized = serialize_state_corpus_mgr(state, corpus, mgr).unwrap();
            println!("bar: {:?}", &state_corpus_serialized);
            sender.send_buf(0x1, &state_corpus_serialized).unwrap();
-        }),
+        }
+    */
+
+    // Create the engine
+    let executor = InMemoryExecutor::new(
+        "Libfuzzer",
+        harness,
+        tuple_list!(edges_observer),
        &state,
        &corpus,
        &mut mgr,