fixed libfuzzer, some integer wraps

2020-12-22 01:59:47 +01:00 · 2020-12-22 01:59:47 +01:00 · 7a1bfcaaf9
commit 7a1bfcaaf9
parent eb78c34f9e
3 changed files with 24 additions and 19 deletions
--- a/afl/src/mutators/mutations.rs
+++ b/afl/src/mutators/mutations.rs
@ -166,7 +166,8 @@ where
        let idx = rand.below(input.bytes().len() as u64) as usize;
        unsafe {
            // moar speed, no bound check
-            *input.bytes_mut().get_unchecked_mut(idx) += 1;
+            let ptr = input.bytes_mut().get_unchecked_mut(idx);
+            *ptr = (*ptr).wrapping_add(1);
        }
        Ok(MutationResult::Mutated)
    }
@ -190,7 +191,8 @@ where
        let idx = rand.below(input.bytes().len() as u64) as usize;
        unsafe {
            // moar speed, no bound check
-            *input.bytes_mut().get_unchecked_mut(idx) -= 1;
+            let ptr = input.bytes_mut().get_unchecked_mut(idx);
+            *ptr = (*ptr).wrapping_sub(1);
        }
        Ok(MutationResult::Mutated)
    }
@ -265,8 +267,8 @@ where
            let ptr = input.bytes_mut().get_unchecked_mut(idx) as *mut u8;
            let num = 1 + rand.below(ARITH_MAX) as u8;
            match rand.below(2) {
-                0 => *ptr += num,
-                _ => *ptr -= num,
+                0 => *ptr = (*ptr).wrapping_add(num),
+                _ => *ptr = (*ptr).wrapping_sub(num),
            };
        }
        Ok(MutationResult::Mutated)
@ -294,10 +296,10 @@ where
            let ptr = input.bytes_mut().get_unchecked_mut(idx) as *mut _ as *mut u16;
            let num = 1 + rand.below(ARITH_MAX) as u16;
            match rand.below(4) {
-                0 => *ptr += num,
-                1 => *ptr -= num,
-                2 => *ptr = ((*ptr).swap_bytes() + num).swap_bytes(),
-                _ => *ptr = ((*ptr).swap_bytes() - num).swap_bytes(),
+                0 => *ptr = (*ptr).wrapping_add(num),
+                1 => *ptr = (*ptr).wrapping_sub(num),
+                2 => *ptr = ((*ptr).swap_bytes().wrapping_add(num)).swap_bytes(),
+                _ => *ptr = ((*ptr).swap_bytes().wrapping_sub(num)).swap_bytes(),
            };
        }
        Ok(MutationResult::Mutated)
@ -325,10 +327,10 @@ where
            let ptr = input.bytes_mut().get_unchecked_mut(idx) as *mut _ as *mut u32;
            let num = 1 + rand.below(ARITH_MAX) as u32;
            match rand.below(4) {
-                0 => *ptr += num,
-                1 => *ptr -= num,
-                2 => *ptr = ((*ptr).swap_bytes() + num).swap_bytes(),
-                _ => *ptr = ((*ptr).swap_bytes() - num).swap_bytes(),
+                0 => *ptr = (*ptr).wrapping_add(num),
+                1 => *ptr = (*ptr).wrapping_sub(num),
+                2 => *ptr = ((*ptr).swap_bytes().wrapping_add(num)).swap_bytes(),
+                _ => *ptr = ((*ptr).swap_bytes().wrapping_sub(num)).swap_bytes(),
            };
        }
        Ok(MutationResult::Mutated)
--- a/fuzzers/libfuzzer_stats/Cargo.toml
+++ b/fuzzers/libfuzzer_stats/Cargo.toml
@ -19,6 +19,7 @@ debug = true

 [build-dependencies]
 cc = "1.0"
+num_cpus = "1.0"

 [dependencies]
 clap = "2.32.0"
--- a/fuzzers/libfuzzer_stats/build.rs
+++ b/fuzzers/libfuzzer_stats/build.rs
@ -19,7 +19,6 @@ fn main() {
        .file("./harness.c")
        .compile("libfuzzer-sys");

-
    let libpng = format!("{}/libpng-1.6.37", &out_dir);
    let libpng_path = Path::new(&libpng);
    let libpng_tar = format!("{}/libpng-1.6.37.tar.gz", &out_dir);
@ -49,11 +48,14 @@ fn main() {
            .unwrap();
        Command::new("make")
            .current_dir(&libpng_path)
-            .env("CC", "clang")
-            .env("CXX", "clang++")
-            .env("CFLAGS", "-D_DEFAULT_SOURCE -fPIE -fsanitize-coverage=trace-pc-guard")
-            .env("LDFLAGS", "-fPIE -fsanitize-coverage=trace-pc-guard")
-            .env("CXXFLAGS", "-D_DEFAULT_SOURCE -fPIE -fsanitize-coverage=trace-pc-guard")
+            .arg(&format!("-j{}", num_cpus::get()))
+            .args(&[
+                "CC=clang",
+                "CXX=clang++",
+                "CFLAGS=-D_DEFAULT_SOURCE -fPIE -fsanitize-coverage=trace-pc-guard",
+                "LDFLAGS=-fPIE -fsanitize-coverage=trace-pc-guard",
+                "CXXFLAGS=-D_DEFAULT_SOURCE -fPIE -fsanitize-coverage=trace-pc-guard",
+            ])
            .status()
            .unwrap();
    }
@ -62,7 +64,7 @@ fn main() {
    println!("cargo:rustc-link-search=native={}/.libs", &libpng);
    println!("cargo:rustc-link-lib=static=png16");

-    //Deps for libpng: -pthread -lz -lm 
+    //Deps for libpng: -pthread -lz -lm
    println!("cargo:rustc-link-lib=dylib=m");
    println!("cargo:rustc-link-lib=dylib=z");