Bump libipt, fix tui in intel_pt baby fuzzer (#2714)

* Bump libipt, fix tui in intel_pt baby fuzzer * libipt = "0.2.0" * Use end_ip for previous block instead of ip + 1
2024-11-22 15:58:23 +01:00 · 2024-11-22 15:58:23 +01:00 · 959ecb32e9
commit 959ecb32e9
parent a8d2e8711b
5 changed files with 8 additions and 13 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -91,7 +91,7 @@ cmake = "0.1.51"
 document-features = "0.2.10"
 hashbrown = { version = "0.14.5", default-features = false } # A faster hashmap, nostd compatible
 libc = "0.2.159" # For (*nix) libc
-libipt = "0.1.4"
+libipt = "0.2.0"
 log = "0.4.22"
 meminterval = "0.4.1"
 mimalloc = { version = "0.1.43", default-features = false }
--- a/fuzzers/binary_only/intel_pt_baby_fuzzer/Cargo.toml
+++ b/fuzzers/binary_only/intel_pt_baby_fuzzer/Cargo.toml
@ -9,7 +9,7 @@ authors = [
 edition = "2021"

 [features]
-tui = []
+tui = ["libafl/tui_monitor"]

 [dependencies]
 libafl = { path = "../../../libafl/", default-features = false, features = [
--- a/libafl_intelpt/Cargo.toml
+++ b/libafl_intelpt/Cargo.toml
@ -10,10 +10,6 @@ readme = "./README.md"
 keywords = ["fuzzing", "testing", "security", "intelpt"]
 categories = ["development-tools::testing", "no-std"]

-[package.metadata.docs.rs]
-features = ["std"]
-no-default-features = true # because libipt won't build
-
 [features]
 default = ["std", "libipt"]
 std = ["libafl_bolts/std"]
--- a/libafl_intelpt/src/lib.rs
+++ b/libafl_intelpt/src/lib.rs
@ -317,7 +317,7 @@ impl IntelPT {
            .set_image(Some(image))
            .map_err(error_from_pt_error)?;

-        let mut previous_block_ip = 0;
+        let mut previous_block_end_ip = 0;
        let mut status;
        'sync: loop {
            match decoder.sync_forward() {
@ -326,7 +326,7 @@ impl IntelPT {
                    Self::decode_blocks(
                        &mut decoder,
                        &mut status,
-                        &mut previous_block_ip,
+                        &mut previous_block_end_ip,
                        skip,
                        map,
                    )?;
@ -370,7 +370,7 @@ impl IntelPT {
    fn decode_blocks<T>(
        decoder: &mut BlockDecoder<()>,
        status: &mut Status,
-        previous_block_ip: &mut u64,
+        previous_block_end_ip: &mut u64,
        skip: u64,
        map: &mut [T],
    ) -> Result<(), Error>
@ -396,13 +396,12 @@ impl IntelPT {
                    let offset = decoder.offset().map_err(error_from_pt_error)?;

                    if !b.speculative() && skip < offset {
-                        // add 1 to `previous_block_ip` to avoid that all the recursive basic blocks map to 0
-                        let id = hash_me(*previous_block_ip + 1) ^ hash_me(b.ip());
+                        let id = hash_me(*previous_block_end_ip) ^ hash_me(b.ip());
                        // SAFETY: the index is < map.len() since the modulo operation is applied
                        let map_loc = unsafe { map.get_unchecked_mut(id as usize % map.len()) };
                        *map_loc = (*map_loc).saturating_add(&1u8.into());

-                        *previous_block_ip = b.ip();
+                        *previous_block_end_ip = b.end_ip();
                    }
                }
                Err(e) => {
--- a/libafl_intelpt/tests/run_integration_tests_linux_with_caps.sh
+++ b/libafl_intelpt/tests/run_integration_tests_linux_with_caps.sh
@ -8,4 +8,4 @@ for test_bin in ../target/debug/deps/integration_tests_linux-*; do
  fi
 done

-cargo test intel_pt_trace_fork
+cargo test intel_pt_trace_fork -- --show-output