From 7c514c3669b19cf2fcce4ed214ab94e106601278 Mon Sep 17 00:00:00 2001 From: v1ce0ye <0xvincebye@gmail.com> Date: Wed, 22 Mar 2023 22:37:57 +0800 Subject: [PATCH] ix UB in baby_fuzzer_grimoire (#1166) --- fuzzers/baby_fuzzer_grimoire/src/main.rs | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/fuzzers/baby_fuzzer_grimoire/src/main.rs b/fuzzers/baby_fuzzer_grimoire/src/main.rs index f80a58b620..f403f52778 100644 --- a/fuzzers/baby_fuzzer_grimoire/src/main.rs +++ b/fuzzers/baby_fuzzer_grimoire/src/main.rs @@ -1,6 +1,6 @@ #[cfg(windows)] use std::ptr::write_volatile; -use std::{fs, io::Read, path::PathBuf}; +use std::{fs, io::Read, path::PathBuf,ptr::write}; use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice}, @@ -24,10 +24,10 @@ use libafl::{ /// Coverage map with explicit assignments due to the lack of instrumentation static mut SIGNALS: [u8; 16] = [0; 16]; - +static mut SIGNALS_PTR: *mut u8=unsafe{SIGNALS.as_mut_ptr()}; /// Assign a signal to the signals map fn signals_set(idx: usize) { - unsafe { SIGNALS[idx] = 1 }; + unsafe{write(SIGNALS_PTR.add(idx),1)}; } fn is_sub(mut haystack: &[T], needle: &[T]) -> bool { @@ -82,8 +82,7 @@ pub fn main() { }; // Create an observation channel using the signals map - let observer = unsafe { StdMapObserver::new("signals", &mut SIGNALS) }; - + let observer=unsafe{StdMapObserver::from_mut_ptr("signals",SIGNALS_PTR,SIGNALS.len())}; // Feedback to rate the interestingness of an input let mut feedback = MaxMapFeedback::tracking(&observer, false, true);