From 92c0c5eeab4a94953fe47957e098d1a7a3b3e89b Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Tue, 24 Jan 2023 20:50:56 +0100 Subject: [PATCH] Fix second Forkserver Broken Pipe (#1013) * Truncate at MAX_FILE * AFL_MAP_SIZE * todo --- fuzzers/fuzzbench_forkserver/src/main.rs | 2 ++ libafl/src/executors/forkserver.rs | 7 ++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/fuzzers/fuzzbench_forkserver/src/main.rs b/fuzzers/fuzzbench_forkserver/src/main.rs index c2a1d21f67..ceaa6f0750 100644 --- a/fuzzers/fuzzbench_forkserver/src/main.rs +++ b/fuzzers/fuzzbench_forkserver/src/main.rs @@ -241,6 +241,8 @@ fn fuzz( // let the forkserver know the shmid shmem.write_to_env("__AFL_SHM_ID").unwrap(); let shmem_buf = shmem.as_mut_slice(); + // To let know the AFL++ binary that we have a big map + std::env::set_var("AFL_MAP_SIZE", format!("{}", MAP_SIZE)); // Create an observation channel using the hitcounts map of AFL++ let edges_observer = diff --git a/libafl/src/executors/forkserver.rs b/libafl/src/executors/forkserver.rs index 496b126557..aa0abbcc79 100644 --- a/libafl/src/executors/forkserver.rs +++ b/libafl/src/executors/forkserver.rs @@ -765,6 +765,7 @@ impl<'a, SP> ForkserverExecutorBuilder<'a, SP> { map_size = ((map_size + 63) >> 6) << 6; } + // TODO set AFL_MAP_SIZE assert!(self.map_size.is_none() || map_size as usize <= self.map_size.unwrap()); println!("Target MAP SIZE = {:#x}", self.real_map_size); @@ -1030,7 +1031,11 @@ where if self.uses_shmem_testcase { let map = unsafe { self.map.as_mut().unwrap_unchecked() }; let target_bytes = input.target_bytes(); - let size = target_bytes.as_slice().len(); + let mut size = target_bytes.as_slice().len(); + if size > MAX_FILE { + // Truncate like AFL++ does + size = MAX_FILE; + } let size_in_bytes = size.to_ne_bytes(); // The first four bytes tells the size of the shmem. map.as_mut_slice()[..SHMEM_FUZZ_HDR_SIZE]