Fix second Forkserver Broken Pipe (#1013)

* Truncate at MAX_FILE * AFL_MAP_SIZE * todo
2023-01-24 20:50:56 +01:00 · 2023-01-24 20:50:56 +01:00 · 92c0c5eeab
commit 92c0c5eeab
parent 00ec7e143c
2 changed files with 8 additions and 1 deletions
--- a/fuzzers/fuzzbench_forkserver/src/main.rs
+++ b/fuzzers/fuzzbench_forkserver/src/main.rs
@ -241,6 +241,8 @@ fn fuzz(
    // let the forkserver know the shmid
    shmem.write_to_env("__AFL_SHM_ID").unwrap();
    let shmem_buf = shmem.as_mut_slice();
+    // To let know the AFL++ binary that we have a big map
+    std::env::set_var("AFL_MAP_SIZE", format!("{}", MAP_SIZE));

    // Create an observation channel using the hitcounts map of AFL++
    let edges_observer =
--- a/libafl/src/executors/forkserver.rs
+++ b/libafl/src/executors/forkserver.rs
@ -765,6 +765,7 @@ impl<'a, SP> ForkserverExecutorBuilder<'a, SP> {
                    map_size = ((map_size + 63) >> 6) << 6;
                }

+                // TODO set AFL_MAP_SIZE
                assert!(self.map_size.is_none() || map_size as usize <= self.map_size.unwrap());

                println!("Target MAP SIZE = {:#x}", self.real_map_size);
@ -1030,7 +1031,11 @@ where
        if self.uses_shmem_testcase {
            let map = unsafe { self.map.as_mut().unwrap_unchecked() };
            let target_bytes = input.target_bytes();
-            let size = target_bytes.as_slice().len();
+            let mut size = target_bytes.as_slice().len();
+            if size > MAX_FILE {
+                // Truncate like AFL++ does
+                size = MAX_FILE;
+            }
            let size_in_bytes = size.to_ne_bytes();
            // The first four bytes tells the size of the shmem.
            map.as_mut_slice()[..SHMEM_FUZZ_HDR_SIZE]