From 16a79bfbbc95a40f78eebf42b82599f937995f84 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 17 Dec 2020 17:25:01 +0100 Subject: [PATCH 01/16] first attempts --- fuzzers/libfuzzer/Cargo.toml | 1 + fuzzers/libfuzzer/compiler | 2 +- fuzzers/libfuzzer/src/lib.rs | 70 +++++++++++++++++++++++++++++++++++- fuzzers/libfuzzer/test.sh | 13 +++---- 4 files changed, 78 insertions(+), 8 deletions(-) diff --git a/fuzzers/libfuzzer/Cargo.toml b/fuzzers/libfuzzer/Cargo.toml index f31f776145..f8af052585 100644 --- a/fuzzers/libfuzzer/Cargo.toml +++ b/fuzzers/libfuzzer/Cargo.toml @@ -17,6 +17,7 @@ opt-level = 3 debug = true [dependencies] +clap = "2.32.0" afl = { path = "../../afl/" } [lib] diff --git a/fuzzers/libfuzzer/compiler b/fuzzers/libfuzzer/compiler index 056a86af34..7e02ba7964 100755 --- a/fuzzers/libfuzzer/compiler +++ b/fuzzers/libfuzzer/compiler @@ -53,7 +53,7 @@ def ld_mode(): args += sys.argv[1:] args += [ os.path.join(script_dir, "runtime", "rt.o"), - os.path.join(script_dir, "target", "release", "liblibfuzzer.a"), + os.path.join(script_dir, "target", "debug", "liblibfuzzer.a"), ] args += ["-fsanitize-coverage=trace-pc-guard,trace-cmp"] diff --git a/fuzzers/libfuzzer/src/lib.rs b/fuzzers/libfuzzer/src/lib.rs index 38a985038e..e1eac82781 100644 --- a/fuzzers/libfuzzer/src/lib.rs +++ b/fuzzers/libfuzzer/src/lib.rs @@ -1,7 +1,12 @@ #![cfg_attr(not(feature = "std"), no_std)] +#[macro_use] +extern crate clap; extern crate alloc; +use clap::{App, Arg}; +use std::env; + use afl::corpus::InMemoryCorpus; use afl::engines::Engine; use afl::engines::Fuzzer; @@ -23,6 +28,9 @@ extern "C" { /// int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) fn LLVMFuzzerTestOneInput(data: *const u8, size: usize) -> i32; + /// int LLVMFuzzerInitialize(int argc, char **argv) + fn LLVMFuzzerInitialize(argc: u32, argv: *const *const u8) -> i32; + static __lafl_edges_map: *mut u8; static __lafl_cmp_map: *mut u8; static __lafl_max_edges_size: u32; @@ -39,8 +47,68 @@ const NAME_COV_MAP: &str = "cov_map"; #[no_mangle] pub extern "C" fn afl_libfuzzer_main() { - let mut rand = StdRand::new(0); + let matches = App::new("libAFLrs fuzzer harness") + .about("libAFLrs fuzzer harness help options.") + .arg( + Arg::with_name("dictionary") + .short("x") + .value_name("DICTIONARY") + .takes_value(true) + .multiple(true) + .help("Dictionary file to use, can be specified multiple times."), + ) + .arg( + Arg::with_name("statstime") + .short("T") + .value_name("STATSTIME") + .takes_value(true) + .help("How often to print statistics in seconds [default: 5, disable: 0]"), + ) + .arg(Arg::with_name("workdir") + .help("Where to write the corpus, also reads the data on start. If more than one is supplied the first will be the work directory, all others will just be initially read from.") + .multiple(true) + .value_name("WORKDIR") + ) + .get_matches(); + let statstime = value_t!(matches, "statstime", u32).unwrap_or(5); + + let workdir = if matches.is_present("workdir") { + matches.value_of("workdir").unwrap().to_string() + } else { + env::current_dir().unwrap().to_string_lossy().to_string() + }; + + let mut dictionary: Option> = None; + + if matches.is_present("dictionary") { + dictionary = Some(values_t!(matches, "dictionary", String).unwrap_or_else(|e| e.exit())); + } + + let mut input: Option> = None; + if matches.is_present("workdir") { + input = Some(values_t!(matches, "workdir", String).unwrap_or_else(|e| e.exit())); + } + + // debug prints + + println!("workdir: {}", workdir); + + if dictionary != None { + for file in dictionary.unwrap() { + println!("dic: {}", file); + } + } + + if input != None { + for indir in input.unwrap() { + println!("in: {}", indir); + } + } + + // original code + + let mut rand = StdRand::new(0); let mut corpus = InMemoryCorpus::new(); let mut generator = RandPrintablesGenerator::new(32); diff --git a/fuzzers/libfuzzer/test.sh b/fuzzers/libfuzzer/test.sh index f88f80aefa..335a282190 100755 --- a/fuzzers/libfuzzer/test.sh +++ b/fuzzers/libfuzzer/test.sh @@ -1,11 +1,12 @@ #!/bin/sh -cargo build --release -make -C runtime +cargo build || exit 1 +make -C runtime || exit 1 -./compiler -flto=thin -c test/test.c -o test_fuzz.o -./compiler -flto=thin -fuse-ld=lld test_fuzz.o -o test_fuzz.elf +rm -f test_fuzz.elf test_fuzz.o +./compiler -flto=thin -c test/test.c -o test_fuzz.o || exit 1 +./compiler -flto=thin test_fuzz.o -o test_fuzz.elf || exit 1 + +RUST_BACKTRACE=1 ./test_fuzz.elf -x a -x b foo bar -RUST_BACKTRACE=1 ./test_fuzz.elf -#rm ./test_fuzz.elf From 6c3e60df20a40f6591244f95384a42e0023fe5e3 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 18 Dec 2020 00:19:11 +0100 Subject: [PATCH 02/16] now trying to add functionality --- afl/src/engines/mod.rs | 95 ++++++++++++++++++++++++++++++++++++ fuzzers/libfuzzer/src/lib.rs | 34 ++++++++----- 2 files changed, 118 insertions(+), 11 deletions(-) diff --git a/afl/src/engines/mod.rs b/afl/src/engines/mod.rs index 791e2c7156..d31b41ea33 100644 --- a/afl/src/engines/mod.rs +++ b/afl/src/engines/mod.rs @@ -2,6 +2,7 @@ use core::fmt::Debug; use core::marker::PhantomData; +use std::fs; use serde::{Deserialize, Serialize}; use crate::corpus::{Corpus, Testcase}; @@ -195,6 +196,100 @@ where } } + pub fn load_from_directory( + &mut self, + corpus: &mut C, + generator: &mut G, + engine: &mut Engine, + manager: &mut EM, + in_dir: String, + )-> Result<(), AflError> + where + G: Generator, + C: Corpus, + E: Executor + HasObservers, + ET: ExecutorsTuple, + EM: EventManager, + { + for entry in fs::read_dir(in_dir)? { + + let entry = entry?; + + let file = entry.path().display().to_string(); + + let attributes = fs::metadata(file.clone()); + + if !attributes.is_ok() { + + continue; + + } + + let attr = attributes?; + + if attr.is_file() { + + println!("Load file {}", file); + //let input = read_file(file); + //let fitness = self.evaluate_input(&input, engine.executor_mut())?; + //if !self.add_if_interesting(corpus, input, fitness)?.is_none() { + // added += 1; + //} + + } else if attr.is_dir() { + + let _x = load_from_directory( + &mut corpus, + &mut generator, + &mut engine, + &mut manager, + file, + ); + + } + + } + + Ok(()) + + } + + + pub fn load_initial_inputs( + &mut self, + corpus: &mut C, + generator: &mut G, + engine: &mut Engine, + manager: &mut EM, + in_dir: Vec, + )-> Result<(), AflError> + where + G: Generator, + C: Corpus, + E: Executor + HasObservers, + ET: ExecutorsTuple, + EM: EventManager, + { + let mut added = 0 as u32; + for directory in in_dir { + + let _x = load_from_directory( + &mut corpus, + &mut generator, + &mut engine, + &mut manager, + directory, + ); + + } + manager.log( + 0, + format!("Loaded {} initial testcases", 123), // get corpus count + )?; + manager.process(self, corpus)?; + Ok(()) + } + pub fn generate_initial_inputs( &mut self, rand: &mut R, diff --git a/fuzzers/libfuzzer/src/lib.rs b/fuzzers/libfuzzer/src/lib.rs index e1eac82781..d1ee651ac0 100644 --- a/fuzzers/libfuzzer/src/lib.rs +++ b/fuzzers/libfuzzer/src/lib.rs @@ -105,7 +105,7 @@ pub extern "C" fn afl_libfuzzer_main() { println!("in: {}", indir); } } - + // original code let mut rand = StdRand::new(0); @@ -131,16 +131,28 @@ pub extern "C" fn afl_libfuzzer_main() { let mut engine = Engine::new(executor); - state - .generate_initial_inputs( - &mut rand, - &mut corpus, - &mut generator, - &mut engine, - &mut mgr, - 4, - ) - .expect("Failed to load initial inputs"); + if input != None { + state + .load_initial_inputs( + &mut corpus, + &mut generator, + &mut engine, + &mut mgr, + input.unwrap(), + ) + .expect("Failed to load initial corpus"); + } else { + state + .generate_initial_inputs( + &mut rand, + &mut corpus, + &mut generator, + &mut engine, + &mut mgr, + 4, + ) + .expect("Failed to load initial inputs"); + } let mut mutator = HavocBytesMutator::new_default(); mutator.set_max_size(4096); From 7de1e19f789b9257de4ea1690be1bfb9c55ce858 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 18 Dec 2020 11:48:11 +0100 Subject: [PATCH 03/16] next step --- afl/src/engines/mod.rs | 38 ++++++++++++---------------------- fuzzers/libfuzzer/runtime/rt.c | 13 ++++++++---- fuzzers/libfuzzer/src/lib.rs | 12 ++++++++++- 3 files changed, 33 insertions(+), 30 deletions(-) diff --git a/afl/src/engines/mod.rs b/afl/src/engines/mod.rs index d31b41ea33..75e12b3e8a 100644 --- a/afl/src/engines/mod.rs +++ b/afl/src/engines/mod.rs @@ -2,8 +2,8 @@ use core::fmt::Debug; use core::marker::PhantomData; -use std::fs; use serde::{Deserialize, Serialize}; +use std::fs; use crate::corpus::{Corpus, Testcase}; use crate::events::EventManager; @@ -203,7 +203,7 @@ where engine: &mut Engine, manager: &mut EM, in_dir: String, - )-> Result<(), AflError> + ) -> Result<(), AflError> where G: Generator, C: Corpus, @@ -212,49 +212,39 @@ where EM: EventManager, { for entry in fs::read_dir(in_dir)? { - let entry = entry?; - + let file = entry.path().display().to_string(); - + let attributes = fs::metadata(file.clone()); if !attributes.is_ok() { - continue; - } - + let attr = attributes?; if attr.is_file() { - println!("Load file {}", file); - //let input = read_file(file); - //let fitness = self.evaluate_input(&input, engine.executor_mut())?; - //if !self.add_if_interesting(corpus, input, fitness)?.is_none() { - // added += 1; - //} - + //let input = read_file(file); + //let fitness = self.evaluate_input(&input, engine.executor_mut())?; + //if !self.add_if_interesting(corpus, input, fitness)?.is_none() { + // added += 1; + //} } else if attr.is_dir() { - - let _x = load_from_directory( + let _x = self.load_from_directory( &mut corpus, &mut generator, &mut engine, &mut manager, file, ); - } - } Ok(()) - } - pub fn load_initial_inputs( &mut self, corpus: &mut C, @@ -262,7 +252,7 @@ where engine: &mut Engine, manager: &mut EM, in_dir: Vec, - )-> Result<(), AflError> + ) -> Result<(), AflError> where G: Generator, C: Corpus, @@ -272,15 +262,13 @@ where { let mut added = 0 as u32; for directory in in_dir { - - let _x = load_from_directory( + let _x = self.load_from_directory( &mut corpus, &mut generator, &mut engine, &mut manager, directory, ); - } manager.log( 0, diff --git a/fuzzers/libfuzzer/runtime/rt.c b/fuzzers/libfuzzer/runtime/rt.c index 1fa6ef9755..234986396c 100644 --- a/fuzzers/libfuzzer/runtime/rt.c +++ b/fuzzers/libfuzzer/runtime/rt.c @@ -120,14 +120,19 @@ void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases) { } __attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv); - void afl_libfuzzer_main(); +int afl_libfuzzer_init(int *argc, char ***argv) { + + if (LLVMFuzzerInitialize) + return LLVMFuzzerInitialize(&argc, &argv); + else + return 0; + +} + int main(int argc, char** argv) { - if (LLVMFuzzerInitialize) - LLVMFuzzerInitialize(&argc, &argv); - afl_libfuzzer_main(); return 0; diff --git a/fuzzers/libfuzzer/src/lib.rs b/fuzzers/libfuzzer/src/lib.rs index d1ee651ac0..4b056464ab 100644 --- a/fuzzers/libfuzzer/src/lib.rs +++ b/fuzzers/libfuzzer/src/lib.rs @@ -29,7 +29,7 @@ extern "C" { fn LLVMFuzzerTestOneInput(data: *const u8, size: usize) -> i32; /// int LLVMFuzzerInitialize(int argc, char **argv) - fn LLVMFuzzerInitialize(argc: u32, argv: *const *const u8) -> i32; + fn afl_libfuzzer_init(argc: u32, argv: *const *const u8) -> i32; static __lafl_edges_map: *mut u8; static __lafl_cmp_map: *mut u8; @@ -120,6 +120,16 @@ pub extern "C" fn afl_libfuzzer_main() { } println!("We're a client, let's fuzz :)"); + // unsafe { + + // if afl_libfuzzer_init(...) == -1 { + + // println("Warning: LLVMFuzzerInitialize failed with -1") + + // } + + // } + let edges_observer = StdMapObserver::new_from_ptr(&NAME_COV_MAP, unsafe { __lafl_edges_map }, unsafe { __lafl_max_edges_size as usize From 1264926813e6f339bc3a9e3e8a2654edd5f4b2f1 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Fri, 18 Dec 2020 12:04:20 +0100 Subject: [PATCH 04/16] fixed build --- afl/src/engines/mod.rs | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/afl/src/engines/mod.rs b/afl/src/engines/mod.rs index 75e12b3e8a..e651fd9aff 100644 --- a/afl/src/engines/mod.rs +++ b/afl/src/engines/mod.rs @@ -3,7 +3,7 @@ use core::fmt::Debug; use core::marker::PhantomData; use serde::{Deserialize, Serialize}; -use std::fs; +use std::{fs, path::Path}; use crate::corpus::{Corpus, Testcase}; use crate::events::EventManager; @@ -196,13 +196,14 @@ where } } - pub fn load_from_directory( + pub fn load_from_directory + ( &mut self, corpus: &mut C, generator: &mut G, engine: &mut Engine, manager: &mut EM, - in_dir: String, + in_dir: &Path, ) -> Result<(), AflError> where G: Generator, @@ -214,9 +215,9 @@ where for entry in fs::read_dir(in_dir)? { let entry = entry?; - let file = entry.path().display().to_string(); + let path = entry.path(); - let attributes = fs::metadata(file.clone()); + let attributes = fs::metadata(&path); if !attributes.is_ok() { continue; @@ -225,7 +226,7 @@ where let attr = attributes?; if attr.is_file() { - println!("Load file {}", file); + println!("Load file {:?}", &path); //let input = read_file(file); //let fitness = self.evaluate_input(&input, engine.executor_mut())?; //if !self.add_if_interesting(corpus, input, fitness)?.is_none() { @@ -233,11 +234,11 @@ where //} } else if attr.is_dir() { let _x = self.load_from_directory( - &mut corpus, - &mut generator, - &mut engine, - &mut manager, - file, + corpus, + generator, + engine, + manager, + &path, ); } } @@ -261,14 +262,14 @@ where EM: EventManager, { let mut added = 0 as u32; - for directory in in_dir { - let _x = self.load_from_directory( - &mut corpus, - &mut generator, - &mut engine, - &mut manager, - directory, - ); + for directory in &in_dir { + self.load_from_directory( + corpus, + generator, + engine, + manager, + Path::new(directory), + )?; } manager.log( 0, From c6ce49c8133cfe6c5fdf1e56531c118b470f854e Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Fri, 18 Dec 2020 12:05:27 +0100 Subject: [PATCH 05/16] code fmt --- afl/src/engines/mod.rs | 19 +++---------------- 1 file changed, 3 insertions(+), 16 deletions(-) diff --git a/afl/src/engines/mod.rs b/afl/src/engines/mod.rs index e651fd9aff..9e8da46433 100644 --- a/afl/src/engines/mod.rs +++ b/afl/src/engines/mod.rs @@ -196,8 +196,7 @@ where } } - pub fn load_from_directory - ( + pub fn load_from_directory( &mut self, corpus: &mut C, generator: &mut G, @@ -233,13 +232,7 @@ where // added += 1; //} } else if attr.is_dir() { - let _x = self.load_from_directory( - corpus, - generator, - engine, - manager, - &path, - ); + let _x = self.load_from_directory(corpus, generator, engine, manager, &path); } } @@ -263,13 +256,7 @@ where { let mut added = 0 as u32; for directory in &in_dir { - self.load_from_directory( - corpus, - generator, - engine, - manager, - Path::new(directory), - )?; + self.load_from_directory(corpus, generator, engine, manager, Path::new(directory))?; } manager.log( 0, From f6824ff6f89a4ad36e3c90066156343a0a1bd57e Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Fri, 18 Dec 2020 12:07:23 +0100 Subject: [PATCH 06/16] no longer ignoring potential error --- afl/src/engines/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/afl/src/engines/mod.rs b/afl/src/engines/mod.rs index 9e8da46433..b3794dbfd8 100644 --- a/afl/src/engines/mod.rs +++ b/afl/src/engines/mod.rs @@ -232,7 +232,7 @@ where // added += 1; //} } else if attr.is_dir() { - let _x = self.load_from_directory(corpus, generator, engine, manager, &path); + self.load_from_directory(corpus, generator, engine, manager, &path)?; } } From 416b20cdf5ae3cffa8d7fca03f299bff83d33a09 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 18 Dec 2020 12:15:20 +0100 Subject: [PATCH 07/16] fix --- afl/src/engines/mod.rs | 1 - fuzzers/libfuzzer/runtime/rt.c | 2 +- fuzzers/libfuzzer/src/lib.rs | 2 +- fuzzers/libfuzzer/test.sh | 2 +- 4 files changed, 3 insertions(+), 4 deletions(-) diff --git a/afl/src/engines/mod.rs b/afl/src/engines/mod.rs index b3794dbfd8..790262bc0c 100644 --- a/afl/src/engines/mod.rs +++ b/afl/src/engines/mod.rs @@ -254,7 +254,6 @@ where ET: ExecutorsTuple, EM: EventManager, { - let mut added = 0 as u32; for directory in &in_dir { self.load_from_directory(corpus, generator, engine, manager, Path::new(directory))?; } diff --git a/fuzzers/libfuzzer/runtime/rt.c b/fuzzers/libfuzzer/runtime/rt.c index 234986396c..5e36f19922 100644 --- a/fuzzers/libfuzzer/runtime/rt.c +++ b/fuzzers/libfuzzer/runtime/rt.c @@ -122,7 +122,7 @@ void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases) { __attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv); void afl_libfuzzer_main(); -int afl_libfuzzer_init(int *argc, char ***argv) { +int afl_libfuzzer_init(int argc, char **argv) { if (LLVMFuzzerInitialize) return LLVMFuzzerInitialize(&argc, &argv); diff --git a/fuzzers/libfuzzer/src/lib.rs b/fuzzers/libfuzzer/src/lib.rs index 4b056464ab..ddd01fc4c4 100644 --- a/fuzzers/libfuzzer/src/lib.rs +++ b/fuzzers/libfuzzer/src/lib.rs @@ -101,7 +101,7 @@ pub extern "C" fn afl_libfuzzer_main() { } if input != None { - for indir in input.unwrap() { + for indir in input.clone().unwrap() { println!("in: {}", indir); } } diff --git a/fuzzers/libfuzzer/test.sh b/fuzzers/libfuzzer/test.sh index 335a282190..216e32c98f 100755 --- a/fuzzers/libfuzzer/test.sh +++ b/fuzzers/libfuzzer/test.sh @@ -7,6 +7,6 @@ rm -f test_fuzz.elf test_fuzz.o ./compiler -flto=thin -c test/test.c -o test_fuzz.o || exit 1 ./compiler -flto=thin test_fuzz.o -o test_fuzz.elf || exit 1 -RUST_BACKTRACE=1 ./test_fuzz.elf -x a -x b foo bar +RUST_BACKTRACE=1 ./test_fuzz.elf -x a -x b -T5 foo bar From 319c7a1be919627e6cdf4b060ef6f817a618e473 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 20 Dec 2020 11:52:34 +0100 Subject: [PATCH 08/16] add port option --- fuzzers/libfuzzer/src/lib.rs | 30 +++++++++++++++++++----------- fuzzers/libfuzzer/test.sh | 12 +++++++++++- 2 files changed, 30 insertions(+), 12 deletions(-) diff --git a/fuzzers/libfuzzer/src/lib.rs b/fuzzers/libfuzzer/src/lib.rs index ddd01fc4c4..dd56dc5c24 100644 --- a/fuzzers/libfuzzer/src/lib.rs +++ b/fuzzers/libfuzzer/src/lib.rs @@ -49,6 +49,13 @@ const NAME_COV_MAP: &str = "cov_map"; pub extern "C" fn afl_libfuzzer_main() { let matches = App::new("libAFLrs fuzzer harness") .about("libAFLrs fuzzer harness help options.") + .arg( + Arg::with_name("port") + .short("p") + .value_name("PORT") + .takes_value(true) + .help("Broker TCP port to use."), + ) .arg( Arg::with_name("dictionary") .short("x") @@ -72,6 +79,7 @@ pub extern "C" fn afl_libfuzzer_main() { .get_matches(); let statstime = value_t!(matches, "statstime", u32).unwrap_or(5); + let broker_port = value_t!(matches, "port", u16).unwrap_or(1337); let workdir = if matches.is_present("workdir") { matches.value_of("workdir").unwrap().to_string() @@ -90,6 +98,10 @@ pub extern "C" fn afl_libfuzzer_main() { input = Some(values_t!(matches, "workdir", String).unwrap_or_else(|e| e.exit())); } + if dictionary != None || input != None { + println!("Information: the first process started is the broker and only processes the \'-p PORT\' option if present."); + } + // debug prints println!("workdir: {}", workdir); @@ -113,23 +125,13 @@ pub extern "C" fn afl_libfuzzer_main() { let mut generator = RandPrintablesGenerator::new(32); let stats = SimpleStats::new(|s| println!("{}", s)); - let mut mgr = LlmpEventManager::new_on_port(1337, stats).unwrap(); + let mut mgr = LlmpEventManager::new_on_port(broker_port, stats).unwrap(); if mgr.is_broker() { println!("Doing broker things."); mgr.broker_loop().unwrap(); } println!("We're a client, let's fuzz :)"); - // unsafe { - - // if afl_libfuzzer_init(...) == -1 { - - // println("Warning: LLVMFuzzerInitialize failed with -1") - - // } - - // } - let edges_observer = StdMapObserver::new_from_ptr(&NAME_COV_MAP, unsafe { __lafl_edges_map }, unsafe { __lafl_max_edges_size as usize @@ -141,6 +143,12 @@ pub extern "C" fn afl_libfuzzer_main() { let mut engine = Engine::new(executor); + // unsafe { + // if afl_libfuzzer_init(...) == -1 { + // println("Warning: LLVMFuzzerInitialize failed with -1") + // } + // } + if input != None { state .load_initial_inputs( diff --git a/fuzzers/libfuzzer/test.sh b/fuzzers/libfuzzer/test.sh index 216e32c98f..b9fd14c809 100755 --- a/fuzzers/libfuzzer/test.sh +++ b/fuzzers/libfuzzer/test.sh @@ -7,6 +7,16 @@ rm -f test_fuzz.elf test_fuzz.o ./compiler -flto=thin -c test/test.c -o test_fuzz.o || exit 1 ./compiler -flto=thin test_fuzz.o -o test_fuzz.elf || exit 1 -RUST_BACKTRACE=1 ./test_fuzz.elf -x a -x b -T5 foo bar +RUST_BACKTRACE=1 ./test_fuzz.elf & +PID1=$! +test "$PID1" -gt 0 && { + usleep 250 + RUST_BACKTRACE=1 ./test_fuzz.elf -x a -x b -T5 in1 in2 & + sleep 10 + kill $! + +} +sleep 10 +kill $PID1 From 132e542a14c803ff924b2ca966f31b529a5a28e6 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 20 Dec 2020 13:48:22 +0100 Subject: [PATCH 09/16] read files --- afl/src/engines/mod.rs | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/afl/src/engines/mod.rs b/afl/src/engines/mod.rs index 790262bc0c..d611f6179b 100644 --- a/afl/src/engines/mod.rs +++ b/afl/src/engines/mod.rs @@ -10,12 +10,14 @@ use crate::events::EventManager; use crate::executors::{Executor, ExecutorsTuple, HasObservers}; use crate::feedbacks::FeedbacksTuple; use crate::generators::Generator; +use crate::inputs::bytes::BytesInput; use crate::inputs::Input; use crate::observers::ObserversTuple; use crate::serde_anymap::{SerdeAny, SerdeAnyMap}; use crate::stages::StagesTuple; use crate::tuples::{tuple_list, tuple_list_type}; use crate::utils::{current_milliseconds, Rand}; + use crate::AflError; pub trait StateMetadata: Debug { @@ -226,11 +228,10 @@ where if attr.is_file() { println!("Load file {:?}", &path); - //let input = read_file(file); - //let fitness = self.evaluate_input(&input, engine.executor_mut())?; - //if !self.add_if_interesting(corpus, input, fitness)?.is_none() { - // added += 1; - //} + let input = std::fs::read(path)?; + let input = BytesInput::new(input); + let fitness = self.evaluate_input(&input, engine.executor_mut())?; + //self.add_if_interesting(corpus, input, fitness)? } else if attr.is_dir() { self.load_from_directory(corpus, generator, engine, manager, &path)?; } From c848397c8b6767c67f4d3b6f43a882140bc73013 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 20 Dec 2020 15:21:22 +0100 Subject: [PATCH 10/16] run llvmfuzzerinitialize at the correct time, only generate inputs if no inputs were given --- afl/src/corpus/mod.rs | 6 ++++++ afl/src/engines/mod.rs | 7 ++----- fuzzers/libfuzzer/runtime/rt.c | 18 ++++++++++++++++-- fuzzers/libfuzzer/src/lib.rs | 24 +++++++++++++++--------- fuzzers/libfuzzer/test.sh | 9 ++++----- 5 files changed, 43 insertions(+), 21 deletions(-) diff --git a/afl/src/corpus/mod.rs b/afl/src/corpus/mod.rs index 92d047adf4..c2688e00fc 100644 --- a/afl/src/corpus/mod.rs +++ b/afl/src/corpus/mod.rs @@ -149,6 +149,12 @@ where I: Input, R: Rand, { + /// Returns the number of elements + #[inline] + fn count(&self) -> usize { + self.entries().len() + } + /// Gets the next entry #[inline] fn next(&mut self, rand: &mut R) -> Result<(&RefCell>, usize), AflError> { diff --git a/afl/src/engines/mod.rs b/afl/src/engines/mod.rs index d611f6179b..ab27a80313 100644 --- a/afl/src/engines/mod.rs +++ b/afl/src/engines/mod.rs @@ -230,7 +230,7 @@ where println!("Load file {:?}", &path); let input = std::fs::read(path)?; let input = BytesInput::new(input); - let fitness = self.evaluate_input(&input, engine.executor_mut())?; + //let fitness = self.evaluate_input(&input, engine.executor_mut())?; //self.add_if_interesting(corpus, input, fitness)? } else if attr.is_dir() { self.load_from_directory(corpus, generator, engine, manager, &path)?; @@ -258,10 +258,7 @@ where for directory in &in_dir { self.load_from_directory(corpus, generator, engine, manager, Path::new(directory))?; } - manager.log( - 0, - format!("Loaded {} initial testcases", 123), // get corpus count - )?; + manager.log(0, format!("Loaded {} initial testcases", corpus.count()))?; manager.process(self, corpus)?; Ok(()) } diff --git a/fuzzers/libfuzzer/runtime/rt.c b/fuzzers/libfuzzer/runtime/rt.c index 5e36f19922..43ccccc2f7 100644 --- a/fuzzers/libfuzzer/runtime/rt.c +++ b/fuzzers/libfuzzer/runtime/rt.c @@ -1,7 +1,12 @@ +#include #include #define MAP_SIZE 65536 +int orig_argc; +char **orig_argv; +char **orig_envp; + uint8_t __lafl_dummy_map[MAP_SIZE]; uint8_t *__lafl_edges_map = __lafl_dummy_map; @@ -119,13 +124,22 @@ void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases) { } + + static void afl_libfuzzer_copy_args(int argc, char** argv, char** envp) { + orig_argc = argc; + orig_argv = argv; + orig_envp = envp; +} + +__attribute__((section(".init_array"))) void (* p_afl_libfuzzer_copy_args)(int,char*[],char*[]) = &afl_libfuzzer_copy_args; + __attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv); void afl_libfuzzer_main(); -int afl_libfuzzer_init(int argc, char **argv) { +int afl_libfuzzer_init() { if (LLVMFuzzerInitialize) - return LLVMFuzzerInitialize(&argc, &argv); + return LLVMFuzzerInitialize(&orig_argc, &orig_argv); else return 0; diff --git a/fuzzers/libfuzzer/src/lib.rs b/fuzzers/libfuzzer/src/lib.rs index dd56dc5c24..f99313c5e2 100644 --- a/fuzzers/libfuzzer/src/lib.rs +++ b/fuzzers/libfuzzer/src/lib.rs @@ -7,6 +7,7 @@ extern crate alloc; use clap::{App, Arg}; use std::env; +use afl::corpus::Corpus; use afl::corpus::InMemoryCorpus; use afl::engines::Engine; use afl::engines::Fuzzer; @@ -28,8 +29,8 @@ extern "C" { /// int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) fn LLVMFuzzerTestOneInput(data: *const u8, size: usize) -> i32; - /// int LLVMFuzzerInitialize(int argc, char **argv) - fn afl_libfuzzer_init(argc: u32, argv: *const *const u8) -> i32; + // afl_libfuzzer_init calls LLVMFUzzerInitialize() + fn afl_libfuzzer_init() -> i32; static __lafl_edges_map: *mut u8; static __lafl_cmp_map: *mut u8; @@ -143,11 +144,12 @@ pub extern "C" fn afl_libfuzzer_main() { let mut engine = Engine::new(executor); - // unsafe { - // if afl_libfuzzer_init(...) == -1 { - // println("Warning: LLVMFuzzerInitialize failed with -1") - // } - // } + // Call LLVMFUzzerInitialize() if present. + unsafe { + if afl_libfuzzer_init() == -1 { + println!("Warning: LLVMFuzzerInitialize failed with -1") + } + } if input != None { state @@ -159,7 +161,9 @@ pub extern "C" fn afl_libfuzzer_main() { input.unwrap(), ) .expect("Failed to load initial corpus"); - } else { + } + + if corpus.count() < 1 { state .generate_initial_inputs( &mut rand, @@ -169,9 +173,11 @@ pub extern "C" fn afl_libfuzzer_main() { &mut mgr, 4, ) - .expect("Failed to load initial inputs"); + .expect("Failed to generate initial inputs"); } + println!("We have {} inputs.", corpus.count()); + let mut mutator = HavocBytesMutator::new_default(); mutator.set_max_size(4096); diff --git a/fuzzers/libfuzzer/test.sh b/fuzzers/libfuzzer/test.sh index b9fd14c809..f319c9c783 100755 --- a/fuzzers/libfuzzer/test.sh +++ b/fuzzers/libfuzzer/test.sh @@ -8,15 +8,14 @@ rm -f test_fuzz.elf test_fuzz.o ./compiler -flto=thin test_fuzz.o -o test_fuzz.elf || exit 1 RUST_BACKTRACE=1 ./test_fuzz.elf & -PID1=$! -test "$PID1" -gt 0 && { +test "$!" -gt 0 && { usleep 250 RUST_BACKTRACE=1 ./test_fuzz.elf -x a -x b -T5 in1 in2 & - sleep 10 - kill $! } + sleep 10 -kill $PID1 +killall test_fuzz.elf + From 299acded8e99820b12697a9018e82c1b93ba79d3 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 20 Dec 2020 15:52:07 +0100 Subject: [PATCH 11/16] only one more piece missing --- afl/src/engines/mod.rs | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/afl/src/engines/mod.rs b/afl/src/engines/mod.rs index ab27a80313..61a1286e5c 100644 --- a/afl/src/engines/mod.rs +++ b/afl/src/engines/mod.rs @@ -227,11 +227,12 @@ where let attr = attributes?; if attr.is_file() { - println!("Load file {:?}", &path); + println!("Loading file {:?}", &path); let input = std::fs::read(path)?; let input = BytesInput::new(input); - //let fitness = self.evaluate_input(&input, engine.executor_mut())?; - //self.add_if_interesting(corpus, input, fitness)? + let input = do_whatever_magic_function(input); + let fitness = self.evaluate_input(&input, engine.executor_mut())?; + self.add_if_interesting(corpus, input, fitness)?; } else if attr.is_dir() { self.load_from_directory(corpus, generator, engine, manager, &path)?; } From 8c0735623f953374870cc5430378b0e916a2d10d Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 20 Dec 2020 16:01:05 +0100 Subject: [PATCH 12/16] compiles --- afl/src/engines/mod.rs | 145 ++++++++++++++++++++++------------------- 1 file changed, 77 insertions(+), 68 deletions(-) diff --git a/afl/src/engines/mod.rs b/afl/src/engines/mod.rs index d611f6179b..138b87700f 100644 --- a/afl/src/engines/mod.rs +++ b/afl/src/engines/mod.rs @@ -47,6 +47,83 @@ where phantom: PhantomData<(I, R, OT)>, } +impl State +where + R: Rand, + FT: FeedbacksTuple, + OT: ObserversTuple, +{ + pub fn load_from_directory( + &mut self, + corpus: &mut C, + generator: &mut G, + engine: &mut Engine, + manager: &mut EM, + in_dir: &Path, + ) -> Result<(), AflError> + where + G: Generator, + C: Corpus, + E: Executor + HasObservers, + ET: ExecutorsTuple, + EM: EventManager, + { + for entry in fs::read_dir(in_dir)? { + let entry = entry?; + + let path = entry.path(); + + let attributes = fs::metadata(&path); + + if !attributes.is_ok() { + continue; + } + + let attr = attributes?; + + if attr.is_file() { + println!("Load file {:?}", &path); + let bytes = std::fs::read(path)?; + let input = BytesInput::new(bytes); + let fitness = self.evaluate_input(&input, engine.executor_mut())?; + if self.add_if_interesting(corpus, input, fitness)?.is_none() { + println!("File {:?} was interesting, skipped.", &path); + } + } else if attr.is_dir() { + self.load_from_directory(corpus, generator, engine, manager, &path)?; + } + } + + Ok(()) + } + + pub fn load_initial_inputs( + &mut self, + corpus: &mut C, + generator: &mut G, + engine: &mut Engine, + manager: &mut EM, + in_dir: Vec, + ) -> Result<(), AflError> + where + G: Generator, + C: Corpus, + E: Executor + HasObservers, + ET: ExecutorsTuple, + EM: EventManager, + { + for directory in &in_dir { + self.load_from_directory(corpus, generator, engine, manager, Path::new(directory))?; + } + manager.log( + 0, + format!("Loaded {} initial testcases", in_dir.len()), // get corpus count + )?; + manager.process(self, corpus)?; + Ok(()) + } +} + impl State where I: Input, @@ -198,74 +275,6 @@ where } } - pub fn load_from_directory( - &mut self, - corpus: &mut C, - generator: &mut G, - engine: &mut Engine, - manager: &mut EM, - in_dir: &Path, - ) -> Result<(), AflError> - where - G: Generator, - C: Corpus, - E: Executor + HasObservers, - ET: ExecutorsTuple, - EM: EventManager, - { - for entry in fs::read_dir(in_dir)? { - let entry = entry?; - - let path = entry.path(); - - let attributes = fs::metadata(&path); - - if !attributes.is_ok() { - continue; - } - - let attr = attributes?; - - if attr.is_file() { - println!("Load file {:?}", &path); - let input = std::fs::read(path)?; - let input = BytesInput::new(input); - let fitness = self.evaluate_input(&input, engine.executor_mut())?; - //self.add_if_interesting(corpus, input, fitness)? - } else if attr.is_dir() { - self.load_from_directory(corpus, generator, engine, manager, &path)?; - } - } - - Ok(()) - } - - pub fn load_initial_inputs( - &mut self, - corpus: &mut C, - generator: &mut G, - engine: &mut Engine, - manager: &mut EM, - in_dir: Vec, - ) -> Result<(), AflError> - where - G: Generator, - C: Corpus, - E: Executor + HasObservers, - ET: ExecutorsTuple, - EM: EventManager, - { - for directory in &in_dir { - self.load_from_directory(corpus, generator, engine, manager, Path::new(directory))?; - } - manager.log( - 0, - format!("Loaded {} initial testcases", 123), // get corpus count - )?; - manager.process(self, corpus)?; - Ok(()) - } - pub fn generate_initial_inputs( &mut self, rand: &mut R, From f327e0e4ea39d398ff433db91d9e9f73f5303f02 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 20 Dec 2020 16:21:28 +0100 Subject: [PATCH 13/16] always using paths --- afl/src/engines/mod.rs | 15 ++++++----- fuzzers/libfuzzer/src/lib.rs | 48 ++++++++++++++++++------------------ 2 files changed, 33 insertions(+), 30 deletions(-) diff --git a/afl/src/engines/mod.rs b/afl/src/engines/mod.rs index 138b87700f..fc0d94bb32 100644 --- a/afl/src/engines/mod.rs +++ b/afl/src/engines/mod.rs @@ -3,7 +3,10 @@ use core::fmt::Debug; use core::marker::PhantomData; use serde::{Deserialize, Serialize}; -use std::{fs, path::Path}; +use std::{ + fs, + path::{Path, PathBuf}, +}; use crate::corpus::{Corpus, Testcase}; use crate::events::EventManager; @@ -83,7 +86,7 @@ where if attr.is_file() { println!("Load file {:?}", &path); - let bytes = std::fs::read(path)?; + let bytes = std::fs::read(&path)?; let input = BytesInput::new(bytes); let fitness = self.evaluate_input(&input, engine.executor_mut())?; if self.add_if_interesting(corpus, input, fitness)?.is_none() { @@ -103,7 +106,7 @@ where generator: &mut G, engine: &mut Engine, manager: &mut EM, - in_dir: Vec, + in_dirs: &[PathBuf], ) -> Result<(), AflError> where G: Generator, @@ -112,12 +115,12 @@ where ET: ExecutorsTuple, EM: EventManager, { - for directory in &in_dir { - self.load_from_directory(corpus, generator, engine, manager, Path::new(directory))?; + for in_dir in in_dirs { + self.load_from_directory(corpus, generator, engine, manager, in_dir)?; } manager.log( 0, - format!("Loaded {} initial testcases", in_dir.len()), // get corpus count + format!("Loaded {} initial testcases", in_dirs.len()), // get corpus count )?; manager.process(self, corpus)?; Ok(()) diff --git a/fuzzers/libfuzzer/src/lib.rs b/fuzzers/libfuzzer/src/lib.rs index dd56dc5c24..25767a5c48 100644 --- a/fuzzers/libfuzzer/src/lib.rs +++ b/fuzzers/libfuzzer/src/lib.rs @@ -6,6 +6,7 @@ extern crate alloc; use clap::{App, Arg}; use std::env; +use std::path::PathBuf; use afl::corpus::InMemoryCorpus; use afl::engines::Engine; @@ -87,15 +88,15 @@ pub extern "C" fn afl_libfuzzer_main() { env::current_dir().unwrap().to_string_lossy().to_string() }; - let mut dictionary: Option> = None; + let mut dictionary: Option> = None; if matches.is_present("dictionary") { - dictionary = Some(values_t!(matches, "dictionary", String).unwrap_or_else(|e| e.exit())); + dictionary = Some(values_t!(matches, "dictionary", PathBuf).unwrap_or_else(|e| e.exit())); } - let mut input: Option> = None; + let mut input: Option> = None; if matches.is_present("workdir") { - input = Some(values_t!(matches, "workdir", String).unwrap_or_else(|e| e.exit())); + input = Some(values_t!(matches, "workdir", PathBuf).unwrap_or_else(|e| e.exit())); } if dictionary != None || input != None { @@ -104,18 +105,24 @@ pub extern "C" fn afl_libfuzzer_main() { // debug prints - println!("workdir: {}", workdir); + println!("workdir: {:?}", workdir); - if dictionary != None { - for file in dictionary.unwrap() { - println!("dic: {}", file); + match dictionary { + Some(ref x) => { + for file in x { + println!("dic: {:?}", file); + } } + None => (), } - if input != None { - for indir in input.clone().unwrap() { - println!("in: {}", indir); + match input { + Some(ref x) => { + for indir in x { + println!("in: {:?}", indir); + } } + None => (), } // original code @@ -149,18 +156,11 @@ pub extern "C" fn afl_libfuzzer_main() { // } // } - if input != None { - state - .load_initial_inputs( - &mut corpus, - &mut generator, - &mut engine, - &mut mgr, - input.unwrap(), - ) - .expect("Failed to load initial corpus"); - } else { - state + match input { + Some(x) => state + .load_initial_inputs(&mut corpus, &mut generator, &mut engine, &mut mgr, &x) + .expect("Failed to load initial corpus"), + None => state .generate_initial_inputs( &mut rand, &mut corpus, @@ -169,7 +169,7 @@ pub extern "C" fn afl_libfuzzer_main() { &mut mgr, 4, ) - .expect("Failed to load initial inputs"); + .expect("Failed to load initial inputs"), } let mut mutator = HavocBytesMutator::new_default(); From 91200f4bde80ad90e0102fa4a5358bf3772d78f6 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 20 Dec 2020 16:31:23 +0100 Subject: [PATCH 14/16] final touches --- afl/src/engines/mod.rs | 8 +++----- fuzzers/libfuzzer/compiler | 2 +- fuzzers/libfuzzer/src/lib.rs | 1 + fuzzers/libfuzzer/test.sh | 2 +- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/afl/src/engines/mod.rs b/afl/src/engines/mod.rs index 138b87700f..2ddbb5df1b 100644 --- a/afl/src/engines/mod.rs +++ b/afl/src/engines/mod.rs @@ -70,9 +70,7 @@ where { for entry in fs::read_dir(in_dir)? { let entry = entry?; - let path = entry.path(); - let attributes = fs::metadata(&path); if !attributes.is_ok() { @@ -81,13 +79,13 @@ where let attr = attributes?; - if attr.is_file() { + if attr.is_file() && attr.len() > 0 { println!("Load file {:?}", &path); - let bytes = std::fs::read(path)?; + let bytes = std::fs::read(&path)?; let input = BytesInput::new(bytes); let fitness = self.evaluate_input(&input, engine.executor_mut())?; if self.add_if_interesting(corpus, input, fitness)?.is_none() { - println!("File {:?} was interesting, skipped.", &path); + println!("File {:?} was not interesting, skipped.", &path); } } else if attr.is_dir() { self.load_from_directory(corpus, generator, engine, manager, &path)?; diff --git a/fuzzers/libfuzzer/compiler b/fuzzers/libfuzzer/compiler index 7e02ba7964..056a86af34 100755 --- a/fuzzers/libfuzzer/compiler +++ b/fuzzers/libfuzzer/compiler @@ -53,7 +53,7 @@ def ld_mode(): args += sys.argv[1:] args += [ os.path.join(script_dir, "runtime", "rt.o"), - os.path.join(script_dir, "target", "debug", "liblibfuzzer.a"), + os.path.join(script_dir, "target", "release", "liblibfuzzer.a"), ] args += ["-fsanitize-coverage=trace-pc-guard,trace-cmp"] diff --git a/fuzzers/libfuzzer/src/lib.rs b/fuzzers/libfuzzer/src/lib.rs index f99313c5e2..8d4a6b937b 100644 --- a/fuzzers/libfuzzer/src/lib.rs +++ b/fuzzers/libfuzzer/src/lib.rs @@ -164,6 +164,7 @@ pub extern "C" fn afl_libfuzzer_main() { } if corpus.count() < 1 { + println!("Generating random inputs"); state .generate_initial_inputs( &mut rand, diff --git a/fuzzers/libfuzzer/test.sh b/fuzzers/libfuzzer/test.sh index f319c9c783..335985452d 100755 --- a/fuzzers/libfuzzer/test.sh +++ b/fuzzers/libfuzzer/test.sh @@ -1,6 +1,6 @@ #!/bin/sh -cargo build || exit 1 +cargo build --release || exit 1 make -C runtime || exit 1 rm -f test_fuzz.elf test_fuzz.o From e2342a2bbbd602251229515a5785f723bf07d41b Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 20 Dec 2020 16:38:44 +0100 Subject: [PATCH 15/16] done --- afl/src/engines/mod.rs | 4 ++-- fuzzers/libfuzzer/src/lib.rs | 25 ++++--------------------- 2 files changed, 6 insertions(+), 23 deletions(-) diff --git a/afl/src/engines/mod.rs b/afl/src/engines/mod.rs index 0eb5739a1f..b17c9e05a9 100644 --- a/afl/src/engines/mod.rs +++ b/afl/src/engines/mod.rs @@ -83,7 +83,7 @@ where let attr = attributes?; if attr.is_file() && attr.len() > 0 { - println!("Load file {:?}", &path); + println!("Loading file {:?} ...", &path); let bytes = std::fs::read(&path)?; let input = BytesInput::new(bytes); let fitness = self.evaluate_input(&input, engine.executor_mut())?; @@ -118,7 +118,7 @@ where } manager.log( 0, - format!("Loaded {} initial testcases", in_dirs.len()), // get corpus count + format!("Loaded {} initial testcases.", corpus.count()), // get corpus count )?; manager.process(self, corpus)?; Ok(()) diff --git a/fuzzers/libfuzzer/src/lib.rs b/fuzzers/libfuzzer/src/lib.rs index 1011c7e5a1..390dd617ff 100644 --- a/fuzzers/libfuzzer/src/lib.rs +++ b/fuzzers/libfuzzer/src/lib.rs @@ -104,25 +104,14 @@ pub extern "C" fn afl_libfuzzer_main() { println!("Information: the first process started is the broker and only processes the \'-p PORT\' option if present."); } - // debug prints - - println!("workdir: {:?}", workdir); - - match dictionary { - Some(x) => for file in x { - println!("dic: {:?}", file); - }, - None => (), - } - - // original code + println!("Workdir: {:?}", workdir); let mut rand = StdRand::new(0); let mut corpus = InMemoryCorpus::new(); let mut generator = RandPrintablesGenerator::new(32); - let stats = SimpleStats::new(|s| println!("{}", s)); let mut mgr = LlmpEventManager::new_on_port(broker_port, stats).unwrap(); + if mgr.is_broker() { println!("Doing broker things."); mgr.broker_loop().unwrap(); @@ -148,15 +137,9 @@ pub extern "C" fn afl_libfuzzer_main() { } match input { - Some(x) => { - for indir in &x { - println!("in: {:?}", indir); - }; - - state + Some(x) => state .load_initial_inputs(&mut corpus, &mut generator, &mut engine, &mut mgr, &x) - .expect("Failed to load initial corpus") - }, + .expect("Failed to load initial corpus"), None => (), } From 87192a23f2b5e94a42b058d9b161ce606356c21a Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 20 Dec 2020 16:45:26 +0100 Subject: [PATCH 16/16] fix new_on_port_std --- afl/src/events/mod.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/afl/src/events/mod.rs b/afl/src/events/mod.rs index 86bd20f63d..163b6d9670 100644 --- a/afl/src/events/mod.rs +++ b/afl/src/events/mod.rs @@ -742,7 +742,7 @@ where /// Else, it will act as client. pub fn new_on_port_std(stats: ST) -> Result { Ok(Self { - llmp: llmp::LlmpConnection::on_port(port)?, + llmp: llmp::LlmpConnection::on_port(1337)?, stats: stats, phantom: PhantomData, })