diff --git a/libafl/src/bolts/llmp.rs b/libafl/src/bolts/llmp.rs index e966db6302..95389a1d56 100644 --- a/libafl/src/bolts/llmp.rs +++ b/libafl/src/bolts/llmp.rs @@ -803,10 +803,10 @@ where panic!("PROGRAM ABORT : BUG: EOP does not fit in page! page {:?}, size_current {:?}, size_total {:?}", page, ptr::addr_of!((*page).size_used), ptr::addr_of!((*page).size_total)); } - let mut ret: *mut LlmpMsg = if !last_msg.is_null() { - llmp_next_msg_ptr_checked(&mut map, last_msg, EOP_MSG_SIZE)? - } else { + let mut ret: *mut LlmpMsg = if last_msg.is_null() { (*page).messages.as_mut_ptr() + } else { + llmp_next_msg_ptr_checked(&mut map, last_msg, EOP_MSG_SIZE)? }; if (*ret).tag == LLMP_TAG_UNINITIALIZED { panic!("Did not call send() on last message!"); @@ -815,10 +815,10 @@ where // We don't need to pad the EOP message: it'll always be the last in this page. (*ret).buf_len_padded = (*ret).buf_len; - (*ret).message_id = if !last_msg.is_null() { - (*last_msg).message_id + 1 - } else { + (*ret).message_id = if last_msg.is_null() { 1 + } else { + (*last_msg).message_id + 1 }; (*ret).tag = LLMP_TAG_END_OF_PAGE; (*page).size_used += EOP_MSG_SIZE; @@ -880,10 +880,7 @@ where } else { (*last_msg).message_id + 1 } - } else if (*page).current_msg_id != (*last_msg).message_id { - /* Oops, wrong usage! */ - panic!("BUG: The current message never got commited using send! (page->current_msg_id {:?}, last_msg->message_id: {})", ptr::addr_of!((*page).current_msg_id), (*last_msg).message_id); - } else { + } else if (*page).current_msg_id == (*last_msg).message_id { buf_len_padded = complete_msg_size - size_of::(); /* DBG("XXX ret %p id %u buf_len_padded %lu complete_msg_size %lu\n", ret, ret->message_id, buf_len_padded, * complete_msg_size); */ @@ -905,6 +902,9 @@ where } }; (*ret).message_id = (*last_msg).message_id + 1 + } else { + /* Oops, wrong usage! */ + panic!("BUG: The current message never got committed using send! (page->current_msg_id {:?}, last_msg->message_id: {})", ptr::addr_of!((*page).current_msg_id), (*last_msg).message_id); } /* The beginning of our message should be messages + size_used, else nobody diff --git a/libafl/src/executors/inprocess.rs b/libafl/src/executors/inprocess.rs index 96ea9c7f64..39a913f588 100644 --- a/libafl/src/executors/inprocess.rs +++ b/libafl/src/executors/inprocess.rs @@ -398,7 +398,39 @@ mod unix_signal_handler { #[cfg(feature = "std")] println!("Crashed with {}", _signal); - if !data.current_input_ptr.is_null() { + if data.current_input_ptr.is_null() { + #[cfg(feature = "std")] + { + println!("Double crash\n"); + #[cfg(target_os = "android")] + let si_addr = + { ((_info._pad[0] as usize) | ((_info._pad[1] as usize) << 32)) as usize }; + #[cfg(not(target_os = "android"))] + let si_addr = { _info.si_addr() as usize }; + + println!( + "We crashed at addr 0x{:x}, but are not in the target... Bug in the fuzzer? Exiting.", + si_addr + ); + } + // let's yolo-cat the maps for debugging, if possible. + #[cfg(all(target_os = "linux", feature = "std"))] + match std::fs::read_to_string("/proc/self/maps") { + Ok(maps) => println!("maps:\n{}", maps), + Err(e) => println!("Couldn't load mappings: {:?}", e), + }; + #[cfg(feature = "std")] + { + println!("Type QUIT to restart the child"); + let mut line = String::new(); + while line.trim() != "QUIT" { + std::io::stdin().read_line(&mut line).unwrap(); + } + } + + // TODO tell the parent to not restart + libc::_exit(1); + } else { let state = (data.state_ptr as *mut S).as_mut().unwrap(); let event_mgr = (data.event_mgr_ptr as *mut EM).as_mut().unwrap(); let observers = (data.observers_ptr as *const OT).as_ref().unwrap(); @@ -484,38 +516,6 @@ mod unix_signal_handler { #[cfg(feature = "std")] println!("Bye!"); - libc::_exit(1); - } else { - #[cfg(feature = "std")] - { - println!("Double crash\n"); - #[cfg(target_os = "android")] - let si_addr = - { ((_info._pad[0] as usize) | ((_info._pad[1] as usize) << 32)) as usize }; - #[cfg(not(target_os = "android"))] - let si_addr = { _info.si_addr() as usize }; - - println!( - "We crashed at addr 0x{:x}, but are not in the target... Bug in the fuzzer? Exiting.", - si_addr - ); - } - // let's yolo-cat the maps for debugging, if possible. - #[cfg(all(target_os = "linux", feature = "std"))] - match std::fs::read_to_string("/proc/self/maps") { - Ok(maps) => println!("maps:\n{}", maps), - Err(e) => println!("Couldn't load mappings: {:?}", e), - }; - #[cfg(feature = "std")] - { - println!("Type QUIT to restart the child"); - let mut line = String::new(); - while line.trim() != "QUIT" { - std::io::stdin().read_line(&mut line).unwrap(); - } - } - - // TODO tell the parent to not restart libc::_exit(1); } } diff --git a/libafl/src/utils.rs b/libafl/src/utils.rs index 5bb12189c1..3b754aac99 100644 --- a/libafl/src/utils.rs +++ b/libafl/src/utils.rs @@ -506,12 +506,12 @@ pub fn find_mapping_for_address(address: usize) -> Result<(usize, usize, String, } }); - if result.0 != 0 { - Ok(result) - } else { + if result.0 == 0 { Err(Error::Unknown( "Couldn't find a mapping for this address".to_string(), )) + } else { + Ok(result) } } diff --git a/libafl_frida/src/asan_rt.rs b/libafl_frida/src/asan_rt.rs index e967306c75..df510d5cb4 100644 --- a/libafl_frida/src/asan_rt.rs +++ b/libafl_frida/src/asan_rt.rs @@ -1045,7 +1045,9 @@ impl AsanRuntime { let mut fault_address = (self.regs[base_reg as usize] as isize + displacement as isize) as usize; - if index_reg != 0 { + if index_reg == 0 { + index_reg = 0xffff + } else { if capstone::arch::arm64::Arm64Reg::ARM64_REG_X0 as u16 <= index_reg && index_reg <= capstone::arch::arm64::Arm64Reg::ARM64_REG_X28 as u16 { @@ -1070,8 +1072,6 @@ impl AsanRuntime { index_reg -= capstone::arch::arm64::Arm64Reg::ARM64_REG_S0 as u16; } fault_address += self.regs[index_reg as usize] as usize; - } else { - index_reg = 0xffff } let backtrace = Backtrace::new(); @@ -1783,11 +1783,11 @@ where match observer.errors() { None => Ok(false), Some(errors) => { - if !errors.errors.is_empty() { + if errors.errors.is_empty() { + Ok(false) + } else { self.errors = Some(errors.clone()); Ok(true) - } else { - Ok(false) } } }