diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index 1d9bb435a9..43f35eb728 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -10,7 +10,7 @@ on: env: CARGO_TERM_COLOR: always CARGO_NET_GIT_FETCH_WITH_CLI: true - MAIN_LLVM_VERSION: 19 + MAIN_LLVM_VERSION: 18 concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true @@ -20,12 +20,9 @@ jobs: strategy: fail-fast: false matrix: - os: [ ubuntu-latest, windows-latest, macOS-latest ] + os: [ ubuntu-24.04, windows-latest, macOS-latest ] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 - - if: runner.os == 'Linux' - uses: ./.github/workflows/ubuntu-prepare - name: Install mimetype if: runner.os == 'Linux' run: sudo apt-get install -y libfile-mimeinfo-perl @@ -41,6 +38,9 @@ jobs: # => https://github.com/Michael-F-Bryan/mdbook-linkcheck/pull/82#issuecomment-2241058491 git: https://github.com/Michael-F-Bryan/mdbook-linkcheck.git rev: 8c783c5d754d83bcd50c28fb4174854b04ece990 + - uses: actions/checkout@v4 + - if: runner.os == 'Linux' + uses: ./.github/workflows/ubuntu-prepare - uses: Swatinem/rust-cache@v2 with: { shared-key: "ubuntu" } if: runner.os == 'Linux' @@ -67,7 +67,7 @@ jobs: run: cd libafl_targets && cargo test --no-default-features llvm-tester: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 continue-on-error: true strategy: matrix: @@ -75,19 +75,21 @@ jobs: steps: - name: Remove Dotnet & Haskell run: rm -rf /usr/share/dotnet && rm -rf /opt/ghc + - name: Install curl + run: sudo apt-get install clang - uses: dtolnay/rust-toolchain@stable - - uses: actions/checkout@v4 - - uses: Swatinem/rust-cache@v2 - with: { shared-key: "llvm-tester" } - name: Install LLVM and Clang uses: KyleMayes/install-llvm-action@v2 with: version: "${{matrix.llvm-version}}" + - uses: actions/checkout@v4 + - uses: Swatinem/rust-cache@v2 + with: { shared-key: "llvm-tester" } - name: Build and test with llvm-${{ matrix.llvm-version }} run: pwd && ls & cd libafl_cc && cargo build --release ubuntu-doc-build: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - uses: ./.github/workflows/ubuntu-prepare @@ -97,7 +99,7 @@ jobs: run: RUSTFLAGS="--cfg docsrs" cargo +nightly doc --all-features --no-deps ubuntu-doc-test: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - uses: ./.github/workflows/ubuntu-prepare @@ -107,7 +109,7 @@ jobs: run: RUSTFLAGS="--cfg docsrs" cargo +nightly test --doc --all-features ubuntu-miri: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: ubuntu steps: - uses: actions/checkout@v4 @@ -120,14 +122,14 @@ jobs: run: RUST_BACKTRACE=1 MIRIFLAGS="-Zmiri-disable-isolation" cargo +nightly miri test ubuntu: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: + - name: Remove Dotnet & Haskell + run: rm -rf /usr/share/dotnet && rm -rf /opt/ghc - uses: actions/checkout@v4 - uses: ./.github/workflows/ubuntu-prepare - uses: Swatinem/rust-cache@v2 with: { shared-key: "ubuntu" } - - name: Remove Dotnet & Haskell - run: rm -rf /usr/share/dotnet && rm -rf /opt/ghc # pcguard edges and pcguard hitcounts are not compatible and we need to build them seperately - name: Check pcguard edges run: cargo check --features=sancov_pcguard_edges @@ -140,16 +142,16 @@ jobs: run: cargo build --examples --verbose ubuntu-clippy: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/ubuntu-prepare - - uses: Swatinem/rust-cache@v2 - with: { shared-key: "ubuntu" } - name: Remove Dotnet & Haskell run: rm -rf /usr/share/dotnet && rm -rf /opt/ghc - name: Add nightly clippy run: rustup toolchain install nightly --component clippy --allow-downgrade && rustup default nightly + - uses: actions/checkout@v4 + - uses: ./.github/workflows/ubuntu-prepare + - uses: Swatinem/rust-cache@v2 + with: { shared-key: "ubuntu" } - name: Run clippy run: ./scripts/clippy.sh # --- test embedding the libafl_libfuzzer_runtime library @@ -158,7 +160,7 @@ jobs: # run: cargo +nightly test --features=embed-runtime --manifest-path libafl_libfuzzer/Cargo.toml ubuntu-check: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: ubuntu strategy: matrix: @@ -176,9 +178,11 @@ jobs: run: python3 ./scripts/parallellize_cargo_check.py ${{ matrix.instance_idx }} ubuntu-concolic: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 needs: ubuntu steps: + - name: Install curl + run: sudo apt-get install clang - uses: dtolnay/rust-toolchain@stable - uses: actions/checkout@v4 - uses: Swatinem/rust-cache@v2 @@ -189,23 +193,23 @@ jobs: run: ./libafl_concolic/test/smoke_test.sh python-bindings: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: + - name: Install deps + run: sudo apt-get install -y lsb-release wget software-properties-common gnupg ninja-build python3-dev python3-pip python3-venv libz3-dev + - name: Install maturin + run: cargo install --locked maturin - uses: actions/checkout@v4 - uses: ./.github/workflows/ubuntu-prepare - uses: Swatinem/rust-cache@v2 with: { shared-key: "ubuntu" } - - name: Install deps - run: sudo apt-get install -y lsb-release wget software-properties-common gnupg ninja-build python3-dev python3-pip python3-venv libz3-dev - - name: Install maturin - run: python3 -m pip install maturin - name: Run a maturin build - run: export LLVM_CONFIG=llvm-config-16 && cd ./bindings/pylibafl && python3 -m venv .env && . .env/bin/activate && pip install --upgrade --force-reinstall . && ./test.sh + run: export LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} && cd ./bindings/pylibafl && python3 -m venv .env && . .env/bin/activate && pip install --upgrade --force-reinstall . && ./test.sh - name: Run python test run: . ./bindings/pylibafl/.env/bin/activate # && cd ./fuzzers/qemu/python_qemu/ && python3 fuzzer.py 2>&1 | grep "Bye" cargo-fmt: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - uses: ./.github/workflows/ubuntu-prepare @@ -218,7 +222,7 @@ jobs: run: ./scripts/fmt_all.sh check fuzzers-preflight: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - name: Fuzzer in CI Check @@ -232,7 +236,7 @@ jobs: strategy: fail-fast: true matrix: - os: [ ubuntu-latest ] + os: [ ubuntu-24.04 ] fuzzer: # Baby - ./fuzzers/baby/baby_fuzzer_with_forkexecutor @@ -311,10 +315,10 @@ jobs: - name: Build and run example fuzzers (Linux) if: runner.os == 'Linux' shell: bash - run: RUN_ON_CI=1 LLVM_CONFIG=llvm-config ./scripts/test_fuzzer.sh ${{ matrix.fuzzer }} + run: RUN_ON_CI=1 LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} ./scripts/test_fuzzer.sh ${{ matrix.fuzzer }} changes: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: pull-requests: read outputs: @@ -340,7 +344,7 @@ jobs: if: ${{ needs.changes.outputs.qemu == 'true' }} strategy: matrix: - os: [ubuntu-latest] + os: [ubuntu-24.04] fuzzer: - ./fuzzers/qemu/qemu_cmin - ./fuzzers/qemu/qemu_systemmode @@ -355,18 +359,18 @@ jobs: - name: Build and run example QEMU fuzzers (Linux) if: runner.os == 'Linux' shell: bash - run: RUN_ON_CI=1 LLVM_CONFIG=llvm-config ./scripts/test_fuzzer.sh ${{ matrix.fuzzer }} + run: RUN_ON_CI=1 LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} ./scripts/test_fuzzer.sh ${{ matrix.fuzzer }} nostd-build: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: dtolnay/rust-toolchain@nightly with: components: rust-src - - uses: actions/checkout@v4 - - uses: Swatinem/rust-cache@v2 - name: Add targets run: rustup target add arm-linux-androideabi && rustup target add thumbv6m-none-eabi + - uses: actions/checkout@v4 + - uses: Swatinem/rust-cache@v2 - name: Build aarch64-unknown-none run: cd ./fuzzers/baby/baby_no_std && cargo +nightly build -Zbuild-std=core,alloc --target aarch64-unknown-none -v --release && cd ../.. - name: run x86_64 until panic! @@ -375,15 +379,15 @@ jobs: run: cd ./libafl && cargo test --no-default-features nostd-clippy: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: dtolnay/rust-toolchain@nightly with: components: clippy, rust-src - - uses: actions/checkout@v4 - - uses: Swatinem/rust-cache@v2 - name: Add targets run: rustup target add arm-linux-androideabi && rustup target add thumbv6m-none-eabi + - uses: actions/checkout@v4 + - uses: Swatinem/rust-cache@v2 - name: libafl armv6m-none-eabi (32 bit no_std) clippy run: cd ./libafl && cargo clippy --target thumbv6m-none-eabi --no-default-features - name: Build no_std no_alloc bolts @@ -399,7 +403,7 @@ jobs: run: taplo format --check build-docker: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - name: Build docker @@ -493,8 +497,10 @@ jobs: run: cargo build --target aarch64-apple-ios && cd libafl_frida && cargo build --target aarch64-apple-ios && cd .. android: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: + - name: Install curl + run: sudo apt-get install clang - uses: dtolnay/rust-toolchain@stable - uses: nttld/setup-ndk@v1 with: diff --git a/.github/workflows/fuzzer-tester-prepare/action.yml b/.github/workflows/fuzzer-tester-prepare/action.yml index 08f9dcaee2..fc598ee75f 100644 --- a/.github/workflows/fuzzer-tester-prepare/action.yml +++ b/.github/workflows/fuzzer-tester-prepare/action.yml @@ -12,10 +12,7 @@ runs: with: { shared-key: "${{ runner.os }}-shared-fuzzer-cache" } - name: Install fuzzers deps shell: bash - run: sudo apt-get update && sudo apt-get install -y nasm nlohmann-json3-dev gcc-aarch64-linux-gnu g++-aarch64-linux-gnu gcc-mipsel-linux-gnu g++-mipsel-linux-gnu gcc-powerpc-linux-gnu g++-powerpc-linux-gnu libc6-dev-i386-cross libc6-dev libc6-dev-i386 lib32gcc-11-dev lib32stdc++-11-dev libgtk-3-dev pax-utils - - name: pip install - shell: bash - run: python3 -m pip install msgpack jinja2 find_libpython + run: sudo apt-get update && sudo apt-get install -y nasm nlohmann-json3-dev gcc-aarch64-linux-gnu g++-aarch64-linux-gnu gcc-mipsel-linux-gnu g++-mipsel-linux-gnu gcc-powerpc-linux-gnu g++-powerpc-linux-gnu libc6-dev-i386-cross libc6-dev libc6-dev-i386 lib32gcc-11-dev lib32stdc++-11-dev libgtk-3-dev pax-utils python3-msgpack python3-jinja2 - name: enable mult-thread for `make` shell: bash run: export MAKEFLAGS="-j$(expr $(nproc) \+ 1)" diff --git a/.github/workflows/qemu-fuzzer-tester-prepare/action.yml b/.github/workflows/qemu-fuzzer-tester-prepare/action.yml index 37c97a0054..bf47024a2c 100644 --- a/.github/workflows/qemu-fuzzer-tester-prepare/action.yml +++ b/.github/workflows/qemu-fuzzer-tester-prepare/action.yml @@ -3,20 +3,10 @@ description: Sets up the QEMU fuzzers environment runs: using: composite steps: - - uses: actions/checkout@v4 - with: - submodules: true - fetch-depth: 0 - name: Install QEMU deps shell: bash - run: apt-get update && apt-get install -y qemu-utils sudo - - uses: ./.github/workflows/ubuntu-prepare - - uses: Swatinem/rust-cache@v2 - with: { shared-key: "${{ runner.os }}-shared-fuzzer-cache" } + run: apt-get update && apt-get install -y qemu-utils sudo python3-msgpack python3-jinja2 curl - uses: dtolnay/rust-toolchain@stable - - name: pip install - shell: bash - run: python3 -m pip install msgpack jinja2 find_libpython - name: enable mult-thread for `make` shell: bash run: export MAKEFLAGS="-j$(expr $(nproc) \+ 1)" @@ -24,3 +14,10 @@ runs: uses: baptiste0928/cargo-install@v3 with: crate: cargo-make + - uses: actions/checkout@v4 + with: + submodules: true + fetch-depth: 0 + - uses: ./.github/workflows/ubuntu-prepare + - uses: Swatinem/rust-cache@v2 + with: { shared-key: "${{ runner.os }}-shared-fuzzer-cache" } diff --git a/.github/workflows/ubuntu-prepare/action.yml b/.github/workflows/ubuntu-prepare/action.yml index 515c726941..f8b843f5c1 100644 --- a/.github/workflows/ubuntu-prepare/action.yml +++ b/.github/workflows/ubuntu-prepare/action.yml @@ -28,16 +28,9 @@ runs: - name: Add LLVM in sources list shell: bash run: | - sudo tee -a /etc/apt/sources.list.d/llvm.list << EOF - deb https://apt.llvm.org/jammy/ llvm-toolchain-jammy main - deb-src https://apt.llvm.org/jammy/ llvm-toolchain-jammy main - EOF - - name: Add LLVM archive signature - shell: bash - run: wget -qO- https://apt.llvm.org/llvm-snapshot.gpg.key | sudo tee /etc/apt/trusted.gpg.d/apt.llvm.org.asc - - name: Install LLVM and Clang (Version ${{ env.MAIN_LLVM_VERSION }}) - shell: bash - run: sudo apt-get update && sudo apt-get install -y llvm llvm-dev clang libclang-cpp-dev llvm-${{ env.MAIN_LLVM_VERSION }} clang-${{ env.MAIN_LLVM_VERSION }} llvm-${{ env.MAIN_LLVM_VERSION }}-dev libclang-cpp${{ env.MAIN_LLVM_VERSION }} libclang-cpp${{ env.MAIN_LLVM_VERSION }}-dev + wget https://apt.llvm.org/llvm.sh + chmod +x llvm.sh + sudo ./llvm.sh ${{env.MAIN_LLVM_VERSION}} all - name: Symlink Headers shell: bash run: sudo ln -s /usr/include/asm-generic /usr/include/asm diff --git a/fuzzers/others/libafl-fuzz/test/test.sh b/fuzzers/others/libafl-fuzz/test/test.sh index ecc982c166..4ae8c497f5 100755 --- a/fuzzers/others/libafl-fuzz/test/test.sh +++ b/fuzzers/others/libafl-fuzz/test/test.sh @@ -17,7 +17,7 @@ cargo build --release AFL_PATH=$AFL_DIR_NAME $AFL_CC_PATH $AFL_DIR_NAME/test-instr.c -o out-instr -AFL_CORES=1 LLVM_CONFIG=llvm-config-18 AFL_STATS_INTERVAL=1 AFL_NUM_CORES=1 timeout 5 $LIBAFL_FUZZ_PATH -i ./seeds -o ./output $(pwd)/out-instr +AFL_CORES=1 LLVM_CONFIG=${LLVM_CONFIG} AFL_STATS_INTERVAL=1 AFL_NUM_CORES=1 timeout 5 $LIBAFL_FUZZ_PATH -i ./seeds -o ./output $(pwd)/out-instr test -n "$( ls output/fuzzer_main/queue/id:000002* 2>/dev/null )" || exit 1 test -n "$( ls output/fuzzer_main/fuzzer_stats 2>/dev/null )" || exit 1 test -n "$( ls output/fuzzer_main/plot_data 2>/dev/null )" || exit 1 diff --git a/fuzzers/others/libfuzzer_libmozjpeg/src/lib.rs b/fuzzers/others/libfuzzer_libmozjpeg/src/lib.rs index 99db317f11..6f40917791 100644 --- a/fuzzers/others/libfuzzer_libmozjpeg/src/lib.rs +++ b/fuzzers/others/libfuzzer_libmozjpeg/src/lib.rs @@ -80,10 +80,17 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re let edges_observer = unsafe { std_edges_map_observer("edges") }; // Create an observation channel using the cmp map - let cmps_observer = unsafe { StdMapObserver::new("cmps", &mut CMP_MAP) }; + let cmps_observer = + unsafe { StdMapObserver::from_mut_ptr("cmps", CMP_MAP.as_mut_ptr(), CMP_MAP.len()) }; // Create an observation channel using the allocations map - let allocs_observer = unsafe { StdMapObserver::new("allocs", &mut libafl_alloc_map) }; + let allocs_observer = unsafe { + StdMapObserver::from_mut_ptr( + "allocs", + libafl_alloc_map.as_mut_ptr(), + libafl_alloc_map.len(), + ) + }; // Feedback to rate the interestingness of an input let mut feedback = feedback_or!( @@ -152,7 +159,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re // Call LLVMFUzzerInitialize() if present. let args: Vec = env::args().collect(); if libfuzzer_initialize(&args) == -1 { - println!("Warning: LLVMFuzzerInitialize failed with -1") + println!("Warning: LLVMFuzzerInitialize failed with -1"); } // In case the corpus is empty (on first run), reset diff --git a/fuzzers/others/nautilus_sync/src/bin/libafl_cc.rs b/fuzzers/others/nautilus_sync/src/bin/libafl_cc.rs index 1f79c67c9f..ff4d871f97 100644 --- a/fuzzers/others/nautilus_sync/src/bin/libafl_cc.rs +++ b/fuzzers/others/nautilus_sync/src/bin/libafl_cc.rs @@ -1,25 +1,8 @@ -use std::{env, process::Command, str}; +use std::env; use libafl_cc::{ClangWrapper, CompilerWrapper, ToolWrapper}; -fn find_libpython() -> Result { - match Command::new("python3") - .args(["-m", "find_libpython"]) - .output() - { - Ok(output) => { - let shared_obj = str::from_utf8(&output.stdout).unwrap_or_default().trim(); - if shared_obj.is_empty() { - return Err("Empty return from python3 -m find_libpython".to_string()); - } - Ok(shared_obj.to_owned()) - } - Err(err) => Err(format!( - "Could not execute python3 -m find_libpython: {err:?}" - )), - } -} - +#[allow(clippy::missing_panics_doc)] pub fn main() { let args: Vec = env::args().collect(); if args.len() > 1 { @@ -34,8 +17,6 @@ pub fn main() { dir.pop(); - let libpython = find_libpython().expect("Failed to find libpython"); - let mut cc = ClangWrapper::new(); if let Some(code) = cc .cpp(is_cpp) @@ -45,9 +26,10 @@ pub fn main() { .expect("Failed to parse the command line") .link_staticlib(&dir, "nautilus_sync") .add_arg("-fsanitize-coverage=trace-pc-guard") - // needed by Nautilus - .add_link_arg(libpython) .add_link_arg("-lutil") + // needed by Nautilus + .link_libpython() + .expect("Could not find libpython") .run() .expect("Failed to run the wrapped compiler") { diff --git a/fuzzers/others/nautilus_sync/src/lib.rs b/fuzzers/others/nautilus_sync/src/lib.rs index 793e18e6fe..ecfe0df244 100644 --- a/fuzzers/others/nautilus_sync/src/lib.rs +++ b/fuzzers/others/nautilus_sync/src/lib.rs @@ -98,6 +98,7 @@ struct Opt { /// The main fn, `no_mangle` as it is a C symbol #[no_mangle] +#[allow(clippy::missing_panics_doc, clippy::too_many_lines)] pub extern "C" fn libafl_main() { // Registry the metadata types used in this fuzzer // Needed only on no_std @@ -202,7 +203,7 @@ pub extern "C" fn libafl_main() { // Call LLVMFUzzerInitialize() if present. let args: Vec = env::args().collect(); if libfuzzer_initialize(&args) == -1 { - println!("Warning: LLVMFuzzerInitialize failed with -1") + println!("Warning: LLVMFuzzerInitialize failed with -1"); } let mut generator = NautilusGenerator::new(&context); diff --git a/libafl/src/executors/hooks/inprocess.rs b/libafl/src/executors/hooks/inprocess.rs index 463e490b70..670dfe6bb6 100644 --- a/libafl/src/executors/hooks/inprocess.rs +++ b/libafl/src/executors/hooks/inprocess.rs @@ -238,26 +238,33 @@ where E::State: HasExecutions + HasSolutions + HasCorpus, Z: HasObjective + HasScheduler + ExecutionProcessor, { - #[cfg_attr(miri, allow(unused_variables))] + // # Safety + // We get a pointer to `GLOBAL_STATE` that will be initialized at this point in time. + // This unsafe is needed in stable but not in nightly. Remove in the future(?) + #[allow(unused_unsafe)] + let data = unsafe { addr_of_mut!(GLOBAL_STATE) }; + #[cfg(feature = "std")] + unix_signal_handler::setup_panic_hook::(); + // # Safety + // Setting up the signal handlers with a pointer to the `GLOBAL_STATE` which should not be NULL at this point. + // We are the sole users of `GLOBAL_STATE` right now, and only dereference it in case of Segfault/Panic. + // In that case we get the mutable borrow. Otherwise we don't use it. + #[cfg(all(not(miri), unix, feature = "std"))] unsafe { - let data = addr_of_mut!(GLOBAL_STATE); - #[cfg(feature = "std")] - unix_signal_handler::setup_panic_hook::(); - #[cfg(all(not(miri), unix, feature = "std"))] setup_signal_handler(data)?; - compiler_fence(Ordering::SeqCst); - Ok(Self { - #[cfg(feature = "std")] - crash_handler: unix_signal_handler::inproc_crash_handler:: - as *const c_void, - #[cfg(feature = "std")] - timeout_handler: unix_signal_handler::inproc_timeout_handler:: - as *const _, - #[cfg(feature = "std")] - timer: TimerStruct::new(exec_tmout), - phantom: PhantomData, - }) } + compiler_fence(Ordering::SeqCst); + Ok(Self { + #[cfg(feature = "std")] + crash_handler: unix_signal_handler::inproc_crash_handler:: + as *const c_void, + #[cfg(feature = "std")] + timeout_handler: unix_signal_handler::inproc_timeout_handler:: + as *const _, + #[cfg(feature = "std")] + timer: TimerStruct::new(exec_tmout), + phantom: PhantomData, + }) } /// Create new [`InProcessHooks`]. diff --git a/libafl/src/executors/hooks/inprocess_fork.rs b/libafl/src/executors/hooks/inprocess_fork.rs index 819bbe30df..b8a5e8db69 100644 --- a/libafl/src/executors/hooks/inprocess_fork.rs +++ b/libafl/src/executors/hooks/inprocess_fork.rs @@ -60,7 +60,7 @@ impl InChildProcessHooks { where E: HasObservers, { - #[cfg_attr(miri, allow(unused_variables))] + #[cfg_attr(miri, allow(unused_variables, unused_unsafe))] unsafe { let data = addr_of_mut!(FORK_EXECUTOR_GLOBAL_DATA); // child_signal_handlers::setup_child_panic_hook::(); diff --git a/libafl_cc/src/lib.rs b/libafl_cc/src/lib.rs index 7a13081a74..6b2eacd929 100644 --- a/libafl_cc/src/lib.rs +++ b/libafl_cc/src/lib.rs @@ -56,6 +56,7 @@ ) )] +use core::str; use std::{path::Path, process::Command}; pub mod ar; @@ -339,4 +340,34 @@ pub trait CompilerWrapper: ToolWrapper { fn link_staticlib(&mut self, dir: &Path, name: S) -> &'_ mut Self where S: AsRef; + + /// Finds the current `python3` version and adds `-lpython3.` as linker argument. + /// Useful for fuzzers that need libpython, such as `nautilus`-based fuzzers. + fn link_libpython(&mut self) -> Result<&'_ mut Self, String> { + Ok(self.add_link_arg(format!("-l{}", find_python3_version()?))) + } +} + +/// Helper function to find the current python3 version, if you need this information at link time. +/// Example output: `python3.11` +/// Example use: `.add_link_arg(format!("-l{}", find_python3_version()?))` +/// Hint: you can use `link_libpython()` directly. +fn find_python3_version() -> Result { + match Command::new("python3").arg("--version").output() { + Ok(output) => { + let python_version = str::from_utf8(&output.stdout).unwrap_or_default().trim(); + if python_version.is_empty() { + return Err("Empty return from python3 --version".to_string()); + } + let version = python_version.split("Python 3.").nth(1).ok_or_else(|| { + format!("Could not find Python 3 in version string: {python_version}") + })?; + let mut version = version.split('.'); + let version = version.next().ok_or_else(|| { + format!("Could not split python3 version string {python_version}") + })?; + Ok(format!("python3.{version}")) + } + Err(err) => Err(format!("Could not execute python3 --version: {err:?}")), + } } diff --git a/libafl_qemu/libqasan/string.c b/libafl_qemu/libqasan/string.c index 8bb0483022..80d9e2f01c 100644 --- a/libafl_qemu/libqasan/string.c +++ b/libafl_qemu/libqasan/string.c @@ -135,7 +135,8 @@ unsigned char __libqasan_tolower(unsigned char c) { int __libqasan_strcasecmp(const char *str1, const char *str2) { while (1) { - const unsigned char c1 = __libqasan_tolower(*str1), c2 = __libqasan_tolower(*str2); + const unsigned char c1 = __libqasan_tolower(*str1), + c2 = __libqasan_tolower(*str2); if (c1 != c2) { return c1 - c2; } if (!c1) { return 0; } @@ -148,7 +149,8 @@ int __libqasan_strcasecmp(const char *str1, const char *str2) { int __libqasan_strncasecmp(const char *str1, const char *str2, size_t len) { while (len--) { - const unsigned char c1 = __libqasan_tolower(*str1), c2 = __libqasan_tolower(*str2); + const unsigned char c1 = __libqasan_tolower(*str1), + c2 = __libqasan_tolower(*str2); if (c1 != c2) { return c1 - c2; } if (!c1) { return 0; } diff --git a/libafl_targets/src/cmplog.h b/libafl_targets/src/cmplog.h index ef9f74eaad..27a11e4955 100644 --- a/libafl_targets/src/cmplog.h +++ b/libafl_targets/src/cmplog.h @@ -4,6 +4,15 @@ #include "common.h" #include +#ifdef _MSC_VER + #define PACKED(__Declaration__) \ + __pragma(pack(push, 1)) __Declaration__ __pragma(pack(pop)) +#endif + +#ifndef _MSC_VER + #define PACKED(__Declaration__) __Declaration__ __attribute__((__packed__)) +#endif + #ifndef CMPLOG_MAP_W #define CMPLOG_MAP_W 65536 #endif @@ -28,52 +37,43 @@ typedef struct CmpLogHeader { uint8_t kind; } CmpLogHeader; -#ifndef _WIN32 -typedef struct CmpLogHeaderExtended { +typedef PACKED(struct CmpLogHeaderExtended { unsigned hits : 6; unsigned shape : 5; unsigned type : 1; unsigned attribute : 4; -} __attribute__((packed)) CmpLogHeaderExtended; -#else -__pragma(pack(push, 1)) typedef struct CmpLogHeaderExtended { - unsigned hits : 6; - unsigned shape : 5; - unsigned type : 1; - unsigned attribute : 4; -} CmpLogHeaderExtended; -__pragma(pack(pop)) -#endif +}) CmpLogHeaderExtended; typedef struct CmpLogInstruction { uint64_t v0; uint64_t v1; } CmpLogInstruction; -typedef struct CmpLogInstructionExtended { +typedef PACKED(struct CmpLogInstructionExtended { uint64_t v0; uint64_t v0_128; - uint64_t v0_256_0; // u256 is unsupported by any compiler for now, so future use + uint64_t + v0_256_0; // u256 is unsupported by any compiler for now, so future use uint64_t v0_256_1; uint64_t v1; uint64_t v1_128; uint64_t v1_256_0; uint64_t v1_256_1; - uint8_t unused[8]; -} __attribute__((packed)) CmpLogInstructionExtended; + uint8_t unused[8]; +}) CmpLogInstructionExtended; typedef struct CmpLogRoutine { uint8_t v0[CMPLOG_RTN_LEN]; uint8_t v1[CMPLOG_RTN_LEN]; } CmpLogRoutine; -typedef struct CmpLogRoutineExtended { +typedef PACKED(struct CmpLogRoutineExtended { uint8_t v0[CMPLOG_RTN_LEN]; uint8_t v1[CMPLOG_RTN_LEN]; uint8_t v0_len; uint8_t v1_len; uint8_t unused[6]; -} __attribute__((packed)) CmpLogRoutineExtended; +}) CmpLogRoutineExtended; typedef struct CmpLogMap { CmpLogHeader headers[CMPLOG_MAP_W]; diff --git a/libafl_targets/src/libfuzzer.c b/libafl_targets/src/libfuzzer.c index 70df4f1132..172e4496a0 100644 --- a/libafl_targets/src/libfuzzer.c +++ b/libafl_targets/src/libfuzzer.c @@ -21,7 +21,9 @@ EXT_FUNC(LLVMFuzzerCustomCrossOver, size_t, false); EXT_FUNC_IMPL(LLVMFuzzerTestOneInput, int, (const uint8_t *Data, size_t Size), false) { - fprintf(stderr, "Weakly defined \"LLVMFuzzerTestOneInput\" is linked. Did you add extern \"C\" to your harness?\n"); + fprintf(stderr, + "Weakly defined \"LLVMFuzzerTestOneInput\" is linked. Did you add " + "extern \"C\" to your harness?\n"); abort(); return 0; } diff --git a/scripts/parallellize_cargo_check.py b/scripts/parallellize_cargo_check.py index e1cebe1511..629ce876e4 100755 --- a/scripts/parallellize_cargo_check.py +++ b/scripts/parallellize_cargo_check.py @@ -4,6 +4,8 @@ import os import sys import math +LLVM_VERSION = "18" + # Current CI Runner ci_instances = 18 @@ -12,8 +14,9 @@ if len(sys.argv) != 2: instance_idx = int(sys.argv[1]) -# Set llvm config -os.environ["LLVM_CONFIG"] = "llvm-config" +# Set llvm config if it's not already set +if "LLVM_CONFIG" not in os.environ: + os.environ["LLVM_CONFIG"] = f"llvm-config-{LLVM_VERSION}" command = ( "DOCS_RS=1 cargo hack check --workspace --each-feature --clean-per-run "