SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix cast to c_void of the wrong object. (#1921)

Browse Source
This commit is contained in:
Romain Malmain 2024-03-07 21:28:28 +01:00 committed by GitHub
parent 6747a7dc2f
commit 781e830923
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libafl/src/executors/inprocess/inner.rs
View File

@ -102,13 +102,18 @@ where
S: State, S: State,
{ {
/// This function marks the boundary between the fuzzer and the target /// This function marks the boundary between the fuzzer and the target
///
/// # Safety
/// This function sets a bunch of raw pointers in global variables, reused in other parts of
/// the code.
#[inline] #[inline]
pub fn enter_target<EM, Z>( pub unsafe fn enter_target<EM, Z>(
&mut self, &mut self,
fuzzer: &mut Z, fuzzer: &mut Z,
state: &mut <Self as UsesState>::State, state: &mut <Self as UsesState>::State,
mgr: &mut EM, mgr: &mut EM,
input: &<Self as UsesInput>::Input, input: &<Self as UsesInput>::Input,
executor_ptr: *const c_void,
) { ) {
unsafe { unsafe {
let data = addr_of_mut!(GLOBAL_STATE); let data = addr_of_mut!(GLOBAL_STATE);
@ -116,10 +121,7 @@ where
addr_of_mut!((*data).current_input_ptr), addr_of_mut!((*data).current_input_ptr),
ptr::from_ref(input) as *const c_void, ptr::from_ref(input) as *const c_void,
); );
write_volatile( write_volatile(addr_of_mut!((*data).executor_ptr), executor_ptr);
addr_of_mut!((*data).executor_ptr),
ptr::from_ref(self) as *const c_void,
);
// Direct raw pointers access /aliasing is pretty undefined behavior. // Direct raw pointers access /aliasing is pretty undefined behavior.
// Since the state and event may have moved in memory, refresh them right before the signal may happen // Since the state and event may have moved in memory, refresh them right before the signal may happen
write_volatile( write_volatile(

8
libafl/src/executors/inprocess/mod.rs
View File

@ -9,8 +9,10 @@ use alloc::boxed::Box;
use core::ptr::addr_of_mut; use core::ptr::addr_of_mut;
use core::{ use core::{
borrow::BorrowMut, borrow::BorrowMut,
ffi::c_void,
fmt::{self, Debug, Formatter}, fmt::{self, Debug, Formatter},
marker::PhantomData, marker::PhantomData,
ptr,
time::Duration, time::Duration,
}; };
@ -125,7 +127,11 @@ where
input: &Self::Input, input: &Self::Input,
) -> Result<ExitKind, Error> { ) -> Result<ExitKind, Error> {
*state.executions_mut() += 1; *state.executions_mut() += 1;
self.inner.enter_target(fuzzer, state, mgr, input); unsafe {
let executor_ptr = ptr::from_ref(self) as *const c_void;
self.inner
.enter_target(fuzzer, state, mgr, input, executor_ptr);
}
self.inner.hooks.pre_exec_all(fuzzer, state, mgr, input); self.inner.hooks.pre_exec_all(fuzzer, state, mgr, input);
let ret = (self.harness_fn.borrow_mut())(input); let ret = (self.harness_fn.borrow_mut())(input);

8
libafl/src/executors/inprocess/stateful.rs
View File

@ -1,8 +1,10 @@
use alloc::boxed::Box; use alloc::boxed::Box;
use core::{ use core::{
borrow::BorrowMut, borrow::BorrowMut,
ffi::c_void,
fmt::{self, Debug, Formatter}, fmt::{self, Debug, Formatter},
marker::PhantomData, marker::PhantomData,
ptr,
time::Duration, time::Duration,
}; };
@ -116,7 +118,11 @@ where
input: &Self::Input, input: &Self::Input,
) -> Result<ExitKind, Error> { ) -> Result<ExitKind, Error> {
*state.executions_mut() += 1; *state.executions_mut() += 1;
self.inner.enter_target(fuzzer, state, mgr, input); unsafe {
let executor_ptr = ptr::from_ref(self) as *const c_void;
self.inner
.enter_target(fuzzer, state, mgr, input, executor_ptr);
}
self.inner.hooks.pre_exec_all(fuzzer, state, mgr, input); self.inner.hooks.pre_exec_all(fuzzer, state, mgr, input);
let ret = (self.harness_fn.borrow_mut())(input, &mut self.exposed_executor_state); let ret = (self.harness_fn.borrow_mut())(input, &mut self.exposed_executor_state);