From 7de1e19f789b9257de4ea1690be1bfb9c55ce858 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 18 Dec 2020 11:48:11 +0100 Subject: [PATCH] next step --- afl/src/engines/mod.rs | 38 ++++++++++++---------------------- fuzzers/libfuzzer/runtime/rt.c | 13 ++++++++---- fuzzers/libfuzzer/src/lib.rs | 12 ++++++++++- 3 files changed, 33 insertions(+), 30 deletions(-) diff --git a/afl/src/engines/mod.rs b/afl/src/engines/mod.rs index d31b41ea33..75e12b3e8a 100644 --- a/afl/src/engines/mod.rs +++ b/afl/src/engines/mod.rs @@ -2,8 +2,8 @@ use core::fmt::Debug; use core::marker::PhantomData; -use std::fs; use serde::{Deserialize, Serialize}; +use std::fs; use crate::corpus::{Corpus, Testcase}; use crate::events::EventManager; @@ -203,7 +203,7 @@ where engine: &mut Engine, manager: &mut EM, in_dir: String, - )-> Result<(), AflError> + ) -> Result<(), AflError> where G: Generator, C: Corpus, @@ -212,49 +212,39 @@ where EM: EventManager, { for entry in fs::read_dir(in_dir)? { - let entry = entry?; - + let file = entry.path().display().to_string(); - + let attributes = fs::metadata(file.clone()); if !attributes.is_ok() { - continue; - } - + let attr = attributes?; if attr.is_file() { - println!("Load file {}", file); - //let input = read_file(file); - //let fitness = self.evaluate_input(&input, engine.executor_mut())?; - //if !self.add_if_interesting(corpus, input, fitness)?.is_none() { - // added += 1; - //} - + //let input = read_file(file); + //let fitness = self.evaluate_input(&input, engine.executor_mut())?; + //if !self.add_if_interesting(corpus, input, fitness)?.is_none() { + // added += 1; + //} } else if attr.is_dir() { - - let _x = load_from_directory( + let _x = self.load_from_directory( &mut corpus, &mut generator, &mut engine, &mut manager, file, ); - } - } Ok(()) - } - pub fn load_initial_inputs( &mut self, corpus: &mut C, @@ -262,7 +252,7 @@ where engine: &mut Engine, manager: &mut EM, in_dir: Vec, - )-> Result<(), AflError> + ) -> Result<(), AflError> where G: Generator, C: Corpus, @@ -272,15 +262,13 @@ where { let mut added = 0 as u32; for directory in in_dir { - - let _x = load_from_directory( + let _x = self.load_from_directory( &mut corpus, &mut generator, &mut engine, &mut manager, directory, ); - } manager.log( 0, diff --git a/fuzzers/libfuzzer/runtime/rt.c b/fuzzers/libfuzzer/runtime/rt.c index 1fa6ef9755..234986396c 100644 --- a/fuzzers/libfuzzer/runtime/rt.c +++ b/fuzzers/libfuzzer/runtime/rt.c @@ -120,14 +120,19 @@ void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases) { } __attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv); - void afl_libfuzzer_main(); +int afl_libfuzzer_init(int *argc, char ***argv) { + + if (LLVMFuzzerInitialize) + return LLVMFuzzerInitialize(&argc, &argv); + else + return 0; + +} + int main(int argc, char** argv) { - if (LLVMFuzzerInitialize) - LLVMFuzzerInitialize(&argc, &argv); - afl_libfuzzer_main(); return 0; diff --git a/fuzzers/libfuzzer/src/lib.rs b/fuzzers/libfuzzer/src/lib.rs index d1ee651ac0..4b056464ab 100644 --- a/fuzzers/libfuzzer/src/lib.rs +++ b/fuzzers/libfuzzer/src/lib.rs @@ -29,7 +29,7 @@ extern "C" { fn LLVMFuzzerTestOneInput(data: *const u8, size: usize) -> i32; /// int LLVMFuzzerInitialize(int argc, char **argv) - fn LLVMFuzzerInitialize(argc: u32, argv: *const *const u8) -> i32; + fn afl_libfuzzer_init(argc: u32, argv: *const *const u8) -> i32; static __lafl_edges_map: *mut u8; static __lafl_cmp_map: *mut u8; @@ -120,6 +120,16 @@ pub extern "C" fn afl_libfuzzer_main() { } println!("We're a client, let's fuzz :)"); + // unsafe { + + // if afl_libfuzzer_init(...) == -1 { + + // println("Warning: LLVMFuzzerInitialize failed with -1") + + // } + + // } + let edges_observer = StdMapObserver::new_from_ptr(&NAME_COV_MAP, unsafe { __lafl_edges_map }, unsafe { __lafl_max_edges_size as usize