fix libfuzzer_stb_image

fuzzers/libfuzzer_stb_image/harness.c

@@ -8,44 +8,8 @@
 
 #include "stb_image.h"
 
-int target_func(const uint8_t *buf, size_t size) {
-
-  /*printf("BUF (%ld): ", size);
-  for (int i = 0; i < size; i++) {
-      printf("%02X", buf[i]);
-  }
-  printf("\n");*/
-  
-  if (size == 0) return 0;
-  
-  switch (buf[0]) {
-
-    case 1:
-      if (buf[1] == 0x44) {
-        //__builtin_trap();
-        return 8;
-      }
-
-      break;
-    case 0xff:
-      if (buf[2] == 0xff) {
-        if (buf[1] == 0x44) {
-          //*(char *)(0xdeadbeef) = 1;
-          return 9;
-        }
-      }
-
-      break;
-    default:
-      break;
-
-  }
-
-  return 1;
-
-}
 int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
-{return target_func(data, size);
+{
     int x, y, channels;
 
     if(!stbi_info_from_memory(data, size, &x, &y, &channels)) return 0;

fuzzers/libfuzzer_stb_image/src/main.rs

@@ -15,7 +15,7 @@ use libafl::{
     fuzzer::{Fuzzer, StdFuzzer},
     mutators::scheduled::{havoc_mutations, StdScheduledMutator},
     mutators::token_mutations::Tokens,
-    observers::{HitcountsMapObserver, StdMapObserver, TimeObserver},
+    observers::{StdMapObserver, TimeObserver},
     stages::mutational::StdMutationalStage,
     state::{HasCorpus, HasMetadata, State},
     stats::SimpleStats,
@@ -63,9 +63,9 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
         };
 
     // Create an observation channel using the coverage map
-    let edges_observer = HitcountsMapObserver::new(unsafe {
-        StdMapObserver::new("edges", &mut EDGES_MAP, MAX_EDGES_NUM)
-    });
+    // We don't use the hitcounts (see the Cargo.toml, we use pcguard_edges)
+    let edges_observer =
+        StdMapObserver::new("edges", unsafe { &mut EDGES_MAP }, unsafe { MAX_EDGES_NUM });
 
     // If not restarting, create a State from scratch
     let mut state = state.unwrap_or_else(|| {