From 8de9dcaff7dcffd98b4365ec3da29e95a40293a9 Mon Sep 17 00:00:00 2001 From: Dhanvith Nayak <85876638+BAGUVIX456@users.noreply.github.com> Date: Tue, 5 Nov 2024 19:52:14 +0530 Subject: [PATCH] Clean up clippy warnings in fuzzers/binary_only/* (#2662) * clean clippy warnings from fuzzers/binary_only/* * handle unused Results in fuzzers/binary_only/* * format fuzzers/binary_only/qemu_cmin * use unchecked memory write in qemu fuzzer examples * create file_null in fuzzbench_fork_qemu --- .../frida_executable_libpng/Cargo.toml | 2 +- .../frida_executable_libpng/src/fuzzer.rs | 2 +- .../frida_windows_gdiplus/src/fuzzer.rs | 2 +- .../fuzzbench_fork_qemu/src/fuzzer.rs | 3 +++ .../binary_only/fuzzbench_qemu/src/fuzzer.rs | 5 ++++ fuzzers/binary_only/qemu_cmin/src/fuzzer.rs | 9 ++++--- .../binary_only/qemu_coverage/src/fuzzer.rs | 10 +++++--- .../binary_only/tinyinst_simple/src/main.rs | 25 +++++++++---------- 8 files changed, 35 insertions(+), 23 deletions(-) diff --git a/fuzzers/binary_only/frida_executable_libpng/Cargo.toml b/fuzzers/binary_only/frida_executable_libpng/Cargo.toml index ef550012af..fbf2c942f5 100644 --- a/fuzzers/binary_only/frida_executable_libpng/Cargo.toml +++ b/fuzzers/binary_only/frida_executable_libpng/Cargo.toml @@ -5,7 +5,7 @@ edition = "2021" [lib] name = "frida_executable_fuzzer" -crate_type = ["cdylib"] +crate-type = ["cdylib"] [features] default = ["std"] diff --git a/fuzzers/binary_only/frida_executable_libpng/src/fuzzer.rs b/fuzzers/binary_only/frida_executable_libpng/src/fuzzer.rs index 7f55dbb62b..d168acddcd 100644 --- a/fuzzers/binary_only/frida_executable_libpng/src/fuzzer.rs +++ b/fuzzers/binary_only/frida_executable_libpng/src/fuzzer.rs @@ -104,7 +104,7 @@ unsafe fn fuzz( let coverage = CoverageRuntime::new(); #[cfg(unix)] - let asan = AsanRuntime::new(&options); + let asan = AsanRuntime::new(options); #[cfg(unix)] let mut frida_helper = diff --git a/fuzzers/binary_only/frida_windows_gdiplus/src/fuzzer.rs b/fuzzers/binary_only/frida_windows_gdiplus/src/fuzzer.rs index 1a8def4fc6..f23ca77f2f 100644 --- a/fuzzers/binary_only/frida_windows_gdiplus/src/fuzzer.rs +++ b/fuzzers/binary_only/frida_windows_gdiplus/src/fuzzer.rs @@ -104,7 +104,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> { let gum = Gum::obtain(); let coverage = CoverageRuntime::new(); - let asan = AsanRuntime::new(&options); + let asan = AsanRuntime::new(options); let mut frida_helper = FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, asan)); diff --git a/fuzzers/binary_only/fuzzbench_fork_qemu/src/fuzzer.rs b/fuzzers/binary_only/fuzzbench_fork_qemu/src/fuzzer.rs index 1e9aefde6f..fba6e23f36 100644 --- a/fuzzers/binary_only/fuzzbench_fork_qemu/src/fuzzer.rs +++ b/fuzzers/binary_only/fuzzbench_fork_qemu/src/fuzzer.rs @@ -335,6 +335,9 @@ fn fuzz( } unsafe { + // # Safety + // The input buffer size is checked above. We use `write_mem_unchecked` for performance reasons + // For better error handling, use `write_mem` and handle the returned Result qemu.write_mem_unchecked(input_addr, buf); qemu.write_reg(Regs::Rdi, input_addr).unwrap(); diff --git a/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs b/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs index b41940adfb..c71620d2f8 100644 --- a/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs +++ b/fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs @@ -198,8 +198,10 @@ fn fuzz( let stack_ptr: u64 = qemu.read_reg(Regs::Sp).unwrap(); let mut ret_addr = [0; 8]; + qemu.read_mem(stack_ptr, &mut ret_addr) .expect("Error while reading QEMU memory."); + let ret_addr = u64::from_le_bytes(ret_addr); println!("Stack pointer = {stack_ptr:#x}"); @@ -339,6 +341,9 @@ fn fuzz( } unsafe { + // # Safety + // The input buffer size is checked above. We use `write_mem_unchecked` for performance reasons + // For better error handling, use `write_mem` and handle the returned Result qemu.write_mem_unchecked(input_addr, buf); qemu.write_reg(Regs::Rdi, input_addr).unwrap(); diff --git a/fuzzers/binary_only/qemu_cmin/src/fuzzer.rs b/fuzzers/binary_only/qemu_cmin/src/fuzzer.rs index 0132afd983..b0349c0522 100644 --- a/fuzzers/binary_only/qemu_cmin/src/fuzzer.rs +++ b/fuzzers/binary_only/qemu_cmin/src/fuzzer.rs @@ -2,7 +2,7 @@ //! #[cfg(feature = "i386")] use core::mem::size_of; -use std::{env, io, path::PathBuf, process, ptr::NonNull}; +use std::{env, fmt::Write, io, path::PathBuf, process, ptr::NonNull}; use clap::{builder::Str, Parser}; use libafl::{ @@ -52,8 +52,10 @@ impl From for Str { ("Cargo Target Triple", env!("VERGEN_CARGO_TARGET_TRIPLE")), ] .iter() - .map(|(k, v)| format!("{k:25}: {v}\n")) - .collect::(); + .fold(String::new(), |mut output, (k, v)| { + let _ = writeln!(output, "{k:25}: {v}"); + output + }); format!("\n{version:}").into() } @@ -197,6 +199,7 @@ pub fn fuzz() -> Result<(), Error> { unsafe { qemu.write_mem(input_addr, buf).expect("qemu write failed."); + qemu.write_reg(Regs::Pc, test_one_input_ptr).unwrap(); qemu.write_reg(Regs::Sp, stack_ptr).unwrap(); qemu.write_return_address(ret_addr).unwrap(); diff --git a/fuzzers/binary_only/qemu_coverage/src/fuzzer.rs b/fuzzers/binary_only/qemu_coverage/src/fuzzer.rs index a7bc1506ab..eb6a97c7af 100644 --- a/fuzzers/binary_only/qemu_coverage/src/fuzzer.rs +++ b/fuzzers/binary_only/qemu_coverage/src/fuzzer.rs @@ -3,7 +3,7 @@ #[cfg(feature = "i386")] use core::mem::size_of; use core::time::Duration; -use std::{env, fs::DirEntry, io, path::PathBuf, process}; +use std::{env, fmt::Write, fs::DirEntry, io, path::PathBuf, process}; use clap::{builder::Str, Parser}; use libafl::{ @@ -56,8 +56,10 @@ impl From for Str { ("Cargo Target Triple", env!("VERGEN_CARGO_TARGET_TRIPLE")), ] .iter() - .map(|(k, v)| format!("{k:25}: {v}\n")) - .collect::(); + .fold(String::new(), |mut output, (k, v)| { + let _ = writeln!(output, "{k:25}: {v}"); + output + }); format!("\n{version:}").into() } @@ -156,7 +158,7 @@ pub fn fuzz() { let reset = |buf: &[u8], len: GuestReg| -> Result<(), QemuRWError> { unsafe { - qemu.write_mem(input_addr, buf); + let _ = qemu.write_mem(input_addr, buf); qemu.write_reg(Regs::Pc, test_one_input_ptr)?; qemu.write_reg(Regs::Sp, stack_ptr)?; qemu.write_return_address(ret_addr)?; diff --git a/fuzzers/binary_only/tinyinst_simple/src/main.rs b/fuzzers/binary_only/tinyinst_simple/src/main.rs index bfc96b4e2b..2ca5cf72eb 100644 --- a/fuzzers/binary_only/tinyinst_simple/src/main.rs +++ b/fuzzers/binary_only/tinyinst_simple/src/main.rs @@ -37,7 +37,7 @@ fn main() { // use file to pass testcases // let args = vec!["test.exe".to_string(), "-f".to_string(), "@@".to_string()]; - let coverage = unsafe { OwnedMutPtr::Ptr(addr_of_mut!(COVERAGE)) }; + let coverage = OwnedMutPtr::Ptr(addr_of_mut!(COVERAGE)); let observer = ListObserver::new("cov", coverage); let mut feedback = ListFeedback::new(&observer); #[cfg(windows)] @@ -62,18 +62,17 @@ fn main() { let monitor = SimpleMonitor::new(|x| println!("{x}")); let mut mgr = SimpleEventManager::new(monitor); - let mut executor = unsafe { - TinyInstExecutor::builder() - .tinyinst_args(tinyinst_args) - .program_args(args) - .use_shmem() - .persistent("test.exe".to_string(), "fuzz".to_string(), 1, 10000) - .timeout(Duration::new(5, 0)) - .shmem_provider(&mut shmem_provider) - .coverage_ptr(addr_of_mut!(COVERAGE)) - .build(tuple_list!(observer)) - .unwrap() - }; + let mut executor = TinyInstExecutor::builder() + .tinyinst_args(tinyinst_args) + .program_args(args) + .use_shmem() + .persistent("test.exe".to_string(), "fuzz".to_string(), 1, 10000) + .timeout(Duration::new(5, 0)) + .shmem_provider(&mut shmem_provider) + .coverage_ptr(addr_of_mut!(COVERAGE)) + .build(tuple_list!(observer)) + .unwrap(); + let mutator = StdScheduledMutator::new(havoc_mutations()); let mut stages = tuple_list!(StdMutationalStage::new(mutator)); fuzzer