SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

max len done right

Browse Source
This commit is contained in:
Andrea Fioraldi 2021-02-12 23:06:32 +01:00
parent ebc9571410
commit 9bc4d81b76
7 changed files with 48 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
afl/src/events/mod.rs
View File

@ -578,7 +578,7 @@ where
corpus_size,
observers_buf: _,
time,
executions
executions,
} => {
let client = stats.client_stats_mut_for(sender_id);
client.update_corpus_size(*corpus_size as u64);
@ -639,7 +639,7 @@ where
corpus_size: _,
observers_buf,
time: _,
executions: _
executions: _,
} => {
// TODO: here u should match client_config, if equal to the current one do not re-execute
// we need to pass engine to process() too, TODO
@ -977,7 +977,7 @@ mod tests {
corpus_size: 123,
client_config: "conf".into(),
time: current_time(),
executions: 0
executions: 0,
};
let serialized = postcard::to_allocvec(&e).unwrap();
@ -990,7 +990,7 @@ mod tests {
corpus_size: _,
client_config: _,
time: _,
executions: _
executions: _,
} => {
let o = map.deserialize(&observers_buf).unwrap();
let test_observer = o.match_name_type::<StdMapObserver<u32>>("test").unwrap();

11
afl/src/events/stats.rs
View File

@ -26,7 +26,9 @@ pub struct ClientStats {
impl ClientStats {
/// We got a new information about executions for this client, insert them.
pub fn update_executions(&mut self, executions: u64, cur_time: time::Duration) {
let diff = cur_time.checked_sub(self.last_window_time).map_or(0, |d| d.as_secs());
let diff = cur_time
.checked_sub(self.last_window_time)
.map_or(0, |d| d.as_secs());
if diff > CLIENT_STATS_TIME_WINDOW_SECS {
let _ = self.execs_per_sec(cur_time);
self.last_window_time = cur_time;
@ -46,7 +48,9 @@ impl ClientStats {
return 0;
}
let elapsed = cur_time.checked_sub(self.last_window_time).map_or(0, |d| d.as_secs());
let elapsed = cur_time
.checked_sub(self.last_window_time)
.map_or(0, |d| d.as_secs());
if elapsed == 0 {
return self.last_execs_per_sec as u64;
}
@ -62,7 +66,8 @@ impl ClientStats {
self.last_execs_per_sec = cur_avg;
}
self.last_execs_per_sec = self.last_execs_per_sec * (1.0 - 1.0 / 16.0) + cur_avg * (1.0 / 16.0);
self.last_execs_per_sec =
self.last_execs_per_sec * (1.0 - 1.0 / 16.0) + cur_avg * (1.0 / 16.0);
self.last_execs_per_sec as u64
}
}

8
afl/src/mutators/mutations.rs
View File

@ -705,8 +705,8 @@ where
return Ok(MutationResult::Skipped);
}
let from = rand.below(other_size as u64 -1) as usize;
let to = rand.below(size as u64 -1) as usize;
let from = rand.below(other_size as u64 - 1) as usize;
let to = rand.below(size as u64 - 1) as usize;
let len = rand.below((other_size - from) as u64) as usize;
input.bytes_mut().resize(max(size, to + (2 * len) + 1), 0);
@ -745,9 +745,9 @@ where
return Ok(MutationResult::Skipped);
}
let from = rand.below(other_size as u64 -1) as usize;
let from = rand.below(other_size as u64 - 1) as usize;
let len = rand.below(min(other_size - from, size) as u64) as usize;
let to = rand.below((size - len) as u64 -1) as usize;
let to = rand.below((size - len) as u64 - 1) as usize;
buffer_copy(input.bytes_mut(), other.bytes(), from, to, len);

21
afl/src/observers/mod.rs
View File

@ -383,7 +383,6 @@ where
}
}
/// Map observer with hitcounts postprocessing
#[derive(Serialize, Deserialize, Clone, Debug)]
#[serde(bound = "M: serde::de::DeserializeOwned")]
@ -394,7 +393,20 @@ where
base: M,
}
static COUNT_CLASS_LOOKUP: [u8; 256] = [0, 1, 2, 0, 8, 8, 8, 8, 16, 16, 16, 16, 16, 16, 16, 16, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128];
static COUNT_CLASS_LOOKUP: [u8; 256] = [
0, 1, 2, 0, 8, 8, 8, 8, 16, 16, 16, 16, 16, 16, 16, 16, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32,
32, 32, 32, 32, 32, 32, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
64, 64, 64, 64, 64, 64, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128,
128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128,
128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128,
128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128,
128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128,
128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128,
128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128, 128,
];
impl<M> Observer for HitcountsMapObserver<M>
where
@ -465,13 +477,10 @@ where
{
/// Creates a new MapObserver
pub fn new(base: M) -> Self {
Self {
base: base,
}
Self { base: base }
}
}
#[cfg(feature = "std")]
#[cfg(test)]
mod tests {

15
fuzzers/libfuzzer_libpng/src/mod.rs
View File

@ -13,7 +13,7 @@ use afl::{
executors::{inprocess::InProcessExecutor, Executor, ExitKind},
feedbacks::MaxMapFeedback,
inputs::Input,
mutators::{scheduled::HavocBytesMutator, HasMaxSize},
mutators::scheduled::HavocBytesMutator,
observers::StdMapObserver,
stages::mutational::StdMutationalStage,
state::{HasCorpus, State},
@ -51,7 +51,10 @@ where
/// The main fn, parsing parameters, and starting the fuzzer
pub fn main() {
println!("Workdir: {:?}", env::current_dir().unwrap().to_string_lossy().to_string());
println!(
"Workdir: {:?}",
env::current_dir().unwrap().to_string_lossy().to_string()
);
fuzz(vec![PathBuf::from("./corpus")], 1337).expect("An error occurred while fuzzing");
}
@ -81,8 +84,7 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, broker_port: u16) -> Result<(), AflError> {
println!("We're a client, let's fuzz :)");
let mut mutator = HavocBytesMutator::new_default();
mutator.set_max_size(4096);
let mutator = HavocBytesMutator::new_default();
let stage = StdMutationalStage::new(mutator);
let mut fuzzer = StdFuzzer::new(tuple_list!(stage));
@ -108,7 +110,10 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, broker_port: u16) -> Result<(), AflError> {
if state.corpus().count() < 1 {
state
.load_initial_inputs(&mut executor, &mut restarting_mgr, &corpus_dirs)
.expect(&format!("Failed to load initial corpus at {:?}", &corpus_dirs));
.expect(&format!(
"Failed to load initial corpus at {:?}",
&corpus_dirs
));
println!("We imported {} inputs from disk.", state.corpus().count());
}