SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Clean up clippy warnings in fuzzers/binary_only/* (#2662)

Browse Source 
* clean clippy warnings from fuzzers/binary_only/*

* handle unused Results in fuzzers/binary_only/*

* format fuzzers/binary_only/qemu_cmin

* use unchecked memory write in qemu fuzzer examples

* create file_null in fuzzbench_fork_qemu
This commit is contained in:
Dhanvith Nayak 2024-11-05 19:52:14 +05:30 committed by GitHub
parent 4581c50023
commit 8de9dcaff7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
8 changed files with 35 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fuzzers/binary_only/frida_executable_libpng/Cargo.toml
View File

@ -5,7 +5,7 @@ edition = "2021"
[lib] [lib]
name = "frida_executable_fuzzer" name = "frida_executable_fuzzer"
crate_type = ["cdylib"] crate-type = ["cdylib"]
[features] [features]
default = ["std"] default = ["std"]

2
fuzzers/binary_only/frida_executable_libpng/src/fuzzer.rs
View File

@ -104,7 +104,7 @@ unsafe fn fuzz(
let coverage = CoverageRuntime::new(); let coverage = CoverageRuntime::new();
#[cfg(unix)] #[cfg(unix)]
let asan = AsanRuntime::new(&options); let asan = AsanRuntime::new(options);
#[cfg(unix)] #[cfg(unix)]
let mut frida_helper = let mut frida_helper =

2
fuzzers/binary_only/frida_windows_gdiplus/src/fuzzer.rs
View File

@ -104,7 +104,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> {
let gum = Gum::obtain(); let gum = Gum::obtain();
let coverage = CoverageRuntime::new(); let coverage = CoverageRuntime::new();
let asan = AsanRuntime::new(&options); let asan = AsanRuntime::new(options);
let mut frida_helper = let mut frida_helper =
FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, asan)); FridaInstrumentationHelper::new(&gum, options, tuple_list!(coverage, asan));

3
fuzzers/binary_only/fuzzbench_fork_qemu/src/fuzzer.rs
View File

@ -335,6 +335,9 @@ fn fuzz(
} }
unsafe { unsafe {
// # Safety
// The input buffer size is checked above. We use `write_mem_unchecked` for performance reasons
// For better error handling, use `write_mem` and handle the returned Result
qemu.write_mem_unchecked(input_addr, buf); qemu.write_mem_unchecked(input_addr, buf);
qemu.write_reg(Regs::Rdi, input_addr).unwrap(); qemu.write_reg(Regs::Rdi, input_addr).unwrap();

5
fuzzers/binary_only/fuzzbench_qemu/src/fuzzer.rs
View File

@ -198,8 +198,10 @@ fn fuzz(
let stack_ptr: u64 = qemu.read_reg(Regs::Sp).unwrap(); let stack_ptr: u64 = qemu.read_reg(Regs::Sp).unwrap();
let mut ret_addr = [0; 8]; let mut ret_addr = [0; 8];
qemu.read_mem(stack_ptr, &mut ret_addr) qemu.read_mem(stack_ptr, &mut ret_addr)
.expect("Error while reading QEMU memory."); .expect("Error while reading QEMU memory.");
let ret_addr = u64::from_le_bytes(ret_addr); let ret_addr = u64::from_le_bytes(ret_addr);
println!("Stack pointer = {stack_ptr:#x}"); println!("Stack pointer = {stack_ptr:#x}");
@ -339,6 +341,9 @@ fn fuzz(
} }
unsafe { unsafe {
// # Safety
// The input buffer size is checked above. We use `write_mem_unchecked` for performance reasons
// For better error handling, use `write_mem` and handle the returned Result
qemu.write_mem_unchecked(input_addr, buf); qemu.write_mem_unchecked(input_addr, buf);
qemu.write_reg(Regs::Rdi, input_addr).unwrap(); qemu.write_reg(Regs::Rdi, input_addr).unwrap();

9
fuzzers/binary_only/qemu_cmin/src/fuzzer.rs
View File

@ -2,7 +2,7 @@
//! //!
#[cfg(feature = "i386")] #[cfg(feature = "i386")]
use core::mem::size_of; use core::mem::size_of;
use std::{env, io, path::PathBuf, process, ptr::NonNull}; use std::{env, fmt::Write, io, path::PathBuf, process, ptr::NonNull};
use clap::{builder::Str, Parser}; use clap::{builder::Str, Parser};
use libafl::{ use libafl::{
@ -52,8 +52,10 @@ impl From<Version> for Str {
("Cargo Target Triple", env!("VERGEN_CARGO_TARGET_TRIPLE")), ("Cargo Target Triple", env!("VERGEN_CARGO_TARGET_TRIPLE")),
] ]
.iter() .iter()
.map(|(k, v)| format!("{k:25}: {v}\n")) .fold(String::new(), |mut output, (k, v)| {
.collect::<String>(); let _ = writeln!(output, "{k:25}: {v}");
output
});
format!("\n{version:}").into() format!("\n{version:}").into()
} }
@ -197,6 +199,7 @@ pub fn fuzz() -> Result<(), Error> {
unsafe { unsafe {
qemu.write_mem(input_addr, buf).expect("qemu write failed."); qemu.write_mem(input_addr, buf).expect("qemu write failed.");
qemu.write_reg(Regs::Pc, test_one_input_ptr).unwrap(); qemu.write_reg(Regs::Pc, test_one_input_ptr).unwrap();
qemu.write_reg(Regs::Sp, stack_ptr).unwrap(); qemu.write_reg(Regs::Sp, stack_ptr).unwrap();
qemu.write_return_address(ret_addr).unwrap(); qemu.write_return_address(ret_addr).unwrap();

10
fuzzers/binary_only/qemu_coverage/src/fuzzer.rs
View File

@ -3,7 +3,7 @@
#[cfg(feature = "i386")] #[cfg(feature = "i386")]
use core::mem::size_of; use core::mem::size_of;
use core::time::Duration; use core::time::Duration;
use std::{env, fs::DirEntry, io, path::PathBuf, process}; use std::{env, fmt::Write, fs::DirEntry, io, path::PathBuf, process};
use clap::{builder::Str, Parser}; use clap::{builder::Str, Parser};
use libafl::{ use libafl::{
@ -56,8 +56,10 @@ impl From<Version> for Str {
("Cargo Target Triple", env!("VERGEN_CARGO_TARGET_TRIPLE")), ("Cargo Target Triple", env!("VERGEN_CARGO_TARGET_TRIPLE")),
] ]
.iter() .iter()
.map(|(k, v)| format!("{k:25}: {v}\n")) .fold(String::new(), |mut output, (k, v)| {
.collect::<String>(); let _ = writeln!(output, "{k:25}: {v}");
output
});
format!("\n{version:}").into() format!("\n{version:}").into()
} }
@ -156,7 +158,7 @@ pub fn fuzz() {
let reset = |buf: &[u8], len: GuestReg| -> Result<(), QemuRWError> { let reset = |buf: &[u8], len: GuestReg| -> Result<(), QemuRWError> {
unsafe { unsafe {
qemu.write_mem(input_addr, buf); let _ = qemu.write_mem(input_addr, buf);
qemu.write_reg(Regs::Pc, test_one_input_ptr)?; qemu.write_reg(Regs::Pc, test_one_input_ptr)?;
qemu.write_reg(Regs::Sp, stack_ptr)?; qemu.write_reg(Regs::Sp, stack_ptr)?;
qemu.write_return_address(ret_addr)?; qemu.write_return_address(ret_addr)?;

9
fuzzers/binary_only/tinyinst_simple/src/main.rs
View File

@ -37,7 +37,7 @@ fn main() {
// use file to pass testcases // use file to pass testcases
// let args = vec!["test.exe".to_string(), "-f".to_string(), "@@".to_string()]; // let args = vec!["test.exe".to_string(), "-f".to_string(), "@@".to_string()];
let coverage = unsafe { OwnedMutPtr::Ptr(addr_of_mut!(COVERAGE)) }; let coverage = OwnedMutPtr::Ptr(addr_of_mut!(COVERAGE));
let observer = ListObserver::new("cov", coverage); let observer = ListObserver::new("cov", coverage);
let mut feedback = ListFeedback::new(&observer); let mut feedback = ListFeedback::new(&observer);
#[cfg(windows)] #[cfg(windows)]
@ -62,8 +62,7 @@ fn main() {
let monitor = SimpleMonitor::new(|x| println!("{x}")); let monitor = SimpleMonitor::new(|x| println!("{x}"));
let mut mgr = SimpleEventManager::new(monitor); let mut mgr = SimpleEventManager::new(monitor);
let mut executor = unsafe { let mut executor = TinyInstExecutor::builder()
TinyInstExecutor::builder()
.tinyinst_args(tinyinst_args) .tinyinst_args(tinyinst_args)
.program_args(args) .program_args(args)
.use_shmem() .use_shmem()
@ -72,8 +71,8 @@ fn main() {
.shmem_provider(&mut shmem_provider) .shmem_provider(&mut shmem_provider)
.coverage_ptr(addr_of_mut!(COVERAGE)) .coverage_ptr(addr_of_mut!(COVERAGE))
.build(tuple_list!(observer)) .build(tuple_list!(observer))
.unwrap() .unwrap();
};
let mutator = StdScheduledMutator::new(havoc_mutations()); let mutator = StdScheduledMutator::new(havoc_mutations());
let mut stages = tuple_list!(StdMutationalStage::new(mutator)); let mut stages = tuple_list!(StdMutationalStage::new(mutator));
fuzzer fuzzer