SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

cur input global pointer for inmem executor

Browse Source
This commit is contained in:
Andrea Fioraldi 2020-12-18 09:58:14 +01:00
parent 4a33419746
commit 7a19cd21c6
1 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
afl/src/executors/inmemory.rs
View File

@ -7,9 +7,9 @@ use crate::observers::ObserversTuple;
use crate::tuples::Named; use crate::tuples::Named;
use crate::AflError; use crate::AflError;
/// The (unsafe) pointer to the current inmem executor, for the current run. /// The (unsafe) pointer to the current inmem input, for the current run.
/// This is neede for certain non-rust side effects, as well as unix signal handling. /// This is neede for certain non-rust side effects, as well as unix signal handling.
static mut CURRENT_INMEMORY_EXECUTOR_PTR: *const c_void = ptr::null(); static mut CURRENT_INPUT_PTR: *const c_void = ptr::null();
/// The inmem executor harness /// The inmem executor harness
type HarnessFunction<I> = fn(&dyn Executor<I>, &[u8]) -> ExitKind; type HarnessFunction<I> = fn(&dyn Executor<I>, &[u8]) -> ExitKind;
@ -34,11 +34,11 @@ where
fn run_target(&mut self, input: &I) -> Result<ExitKind, AflError> { fn run_target(&mut self, input: &I) -> Result<ExitKind, AflError> {
let bytes = input.target_bytes(); let bytes = input.target_bytes();
unsafe { unsafe {
CURRENT_INMEMORY_EXECUTOR_PTR = self as *const InMemoryExecutor<I, OT> as *const c_void; CURRENT_INPUT_PTR = input as *const _ as *const c_void;
} }
let ret = (self.harness)(self, bytes.as_slice()); let ret = (self.harness)(self, bytes.as_slice());
unsafe { unsafe {
CURRENT_INMEMORY_EXECUTOR_PTR = ptr::null(); CURRENT_INPUT_PTR = ptr::null();
} }
Ok(ret) Ok(ret)
} }
@ -101,7 +101,7 @@ pub mod unix_signals {
use std::io::{stdout, Write}; // Write brings flush() into scope use std::io::{stdout, Write}; // Write brings flush() into scope
use std::{mem, process, ptr}; use std::{mem, process, ptr};
use crate::executors::inmemory::CURRENT_INMEMORY_EXECUTOR_PTR; use crate::executors::inmemory::CURRENT_INPUT_PTR;
use crate::inputs::Input; use crate::inputs::Input;
pub extern "C" fn libaflrs_executor_inmem_handle_crash<I>( pub extern "C" fn libaflrs_executor_inmem_handle_crash<I>(
@ -112,7 +112,7 @@ pub mod unix_signals {
I: Input, I: Input,
{ {
unsafe { unsafe {
if CURRENT_INMEMORY_EXECUTOR_PTR == ptr::null() { if CURRENT_INPUT_PTR == ptr::null() {
println!( println!(
"We died accessing addr {}, but are not in client...", "We died accessing addr {}, but are not in client...",
info.si_addr() as usize info.si_addr() as usize
@ -125,7 +125,9 @@ pub mod unix_signals {
#[cfg(feature = "std")] #[cfg(feature = "std")]
let _ = stdout().flush(); let _ = stdout().flush();
// TODO: LLMP let _input = unsafe {
(CURRENT_INPUT_PTR as *const I).as_ref().unwrap()
};
std::process::exit(139); std::process::exit(139);
} }
@ -139,11 +141,16 @@ pub mod unix_signals {
{ {
dbg!("TIMEOUT/SIGUSR2 received"); dbg!("TIMEOUT/SIGUSR2 received");
unsafe { unsafe {
if CURRENT_INMEMORY_EXECUTOR_PTR == ptr::null() { if CURRENT_INPUT_PTR == ptr::null() {
dbg!("TIMEOUT or SIGUSR2 happened, but currently not fuzzing."); dbg!("TIMEOUT or SIGUSR2 happened, but currently not fuzzing.");
return; return;
} }
} }
let _input = unsafe {
(CURRENT_INPUT_PTR as *const I).as_ref().unwrap()
};
// TODO: send LLMP. // TODO: send LLMP.
println!("Timeout in fuzz run."); println!("Timeout in fuzz run.");
let _ = stdout().flush(); let _ = stdout().flush();