errors in minset for missing meta

2021-02-26 17:21:03 +01:00 · 2021-02-26 17:21:03 +01:00 · bb29e6dd72
commit bb29e6dd72
parent 204076bb1e
4 changed files with 85 additions and 5 deletions
--- a/fuzzers/libfuzzer_libpng/src/fuzzer.rs
+++ b/fuzzers/libfuzzer_libpng/src/fuzzer.rs
@ -89,7 +89,7 @@ fn fuzz(corpus_dirs: Vec<PathBuf>, objective_dir: PathBuf, broker_port: u16) ->
            // Corpus that will be evolved, we keep it in memory for performance
            InMemoryCorpus::new(),
            // Feedbacks to rate the interestingness of an input
-            tuple_list!(MaxMapFeedback::new_with_observer("edges", &edges_observer)),
+            tuple_list!(MaxMapFeedback::new_with_observer(&edges_observer)),
            // Corpus in which we store solutions (crashes in this example),
            // on disk so the user can get them after stopping the fuzzer
            OnDiskCorpus::new(objective_dir),
--- a/fuzzers/libfuzzer_runtime/rt.rs
+++ b/fuzzers/libfuzzer_runtime/rt.rs
@ -0,0 +1,61 @@
+#![allow(dead_code, mutable_transmutes, non_camel_case_types, non_snake_case,
+         non_upper_case_globals, unused_assignments, unused_mut)]
+
+use std::ptr;
+
+pub const MAP_SIZE: usize = 65536;
+
+extern "C" {
+    /// __attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv);
+    fn LLVMFuzzerInitialize(argc: *mut libc::c_int,
+                            argv: *mut *mut *mut libc::c_char) -> libc::c_int;
+                            
+   /// int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+   pub fn LLVMFuzzerTestOneInput(data: *const u8, size: usize) -> i32;
+}
+
+static mut orig_argc: libc::c_int = 0;
+static mut orig_argv: *mut *mut libc::c_char = ptr::null_mut();
+static mut orig_envp: *mut *mut libc::c_char = ptr::null_mut();
+
+pub static mut edges_map: [u8; MAP_SIZE] = [0; MAP_SIZE];
+pub static mut cmp_map: [u8; MAP_SIZE] = [0; MAP_SIZE];
+pub static mut max_edges_size: usize = 0;
+
+#[no_mangle]
+pub unsafe extern "C" fn __sanitizer_cov_trace_pc_guard(mut guard: *mut u32) {
+    let mut pos: u32 = *guard;
+    //uint16_t val = __lafl_edges_map[pos] + 1;
+    //__lafl_edges_map[pos] = ((uint8_t) val) + (uint8_t) (val >> 8);
+    edges_map[pos as usize] = 1 as u8;
+}
+
+#[no_mangle]
+pub unsafe extern "C" fn __sanitizer_cov_trace_pc_guard_init(mut start: *mut u32, mut stop: *mut u32) {
+    if start == stop || *start != 0 { return }
+    
+    while start < stop {
+        max_edges_size += 1;
+        *start = (max_edges_size & (MAP_SIZE -1)) as u32;
+        start = start.offset(1);
+    }
+}
+
+unsafe extern "C" fn copy_args_init(mut argc: libc::c_int, mut argv: *mut *mut libc::c_char, mut envp: *mut *mut libc::c_char) {
+    orig_argc = argc;
+    orig_argv = argv;
+    orig_envp = envp;
+}
+
+#[no_mangle]
+#[link_section = ".init_array"]
+static mut p_copy_args_init: Option<unsafe extern "C" fn(_: libc::c_int, _: *mut *mut libc::c_char, _: *mut *mut libc::c_char) -> ()> = Some(copy_args_init);
+
+#[no_mangle]
+pub unsafe extern "C" fn afl_libfuzzer_init() -> libc::c_int {
+    if Some(LLVMFuzzerInitialize).is_some() {
+        LLVMFuzzerInitialize(&mut orig_argc, &mut orig_argv)
+    } else {
+        0 as libc::c_int
+    }
+}
--- a/libafl/src/corpus/minset.rs
+++ b/libafl/src/corpus/minset.rs
@ -129,7 +129,12 @@ where
        {
            let mut entry = state.corpus().get(idx)?.borrow_mut();
            let factor = F::compute(&mut *entry)?;
-            for elem in entry.metadatas().get::<IT>().unwrap() {
+            for elem in entry.metadatas().get::<IT>().ok_or_else(|| {
+                Error::KeyNotFound(format!(
+                    "Metadata needed for MinimizerCorpusScheduler not found in testcase #{}",
+                    idx
+                ))
+            })? {
                if let Some(old_idx) = state
                    .metadata()
                    .get::<TopRatedsMetadata>()
@ -165,7 +170,12 @@ where
            if !acc.contains(key) {
                let idx = top_rated.map.get(key).unwrap();
                let mut entry = state.corpus().get(*idx)?.borrow_mut();
-                for elem in entry.metadatas().get::<IT>().unwrap() {
+                for elem in entry.metadatas().get::<IT>().ok_or_else(|| {
+                    Error::KeyNotFound(format!(
+                        "Metadata needed for MinimizerCorpusScheduler not found in testcase #{}",
+                        idx
+                    ))
+                })? {
                    acc.insert(elem);
                }

--- a/libafl/src/feedbacks/map.rs
+++ b/libafl/src/feedbacks/map.rs
@ -410,7 +410,12 @@ where
    }

    /// Create new MapFeedback specifying if it must track indexes of novelties
-    pub fn new_track(name: &'static str, map_size: usize, track_indexes: bool, track_novelties: bool) -> Self {
+    pub fn new_track(
+        name: &'static str,
+        map_size: usize,
+        track_indexes: bool,
+        track_novelties: bool,
+    ) -> Self {
        Self {
            history_map: vec![T::default(); map_size],
            phantom: PhantomData,
@ -421,7 +426,11 @@ where
    }

    /// Create new MapFeedback for the observer type if it must track indexes of novelties
-    pub fn new_with_observer_track(map_observer: &O, track_indexes: bool, track_novelties: bool) -> Self {
+    pub fn new_with_observer_track(
+        map_observer: &O,
+        track_indexes: bool,
+        track_novelties: bool,
+    ) -> Self {
        Self {
            history_map: vec![T::default(); map_observer.map().len()],
            phantom: PhantomData,