SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix cmplog (#600)

Browse Source
This commit is contained in:
Andrea Fioraldi 2022-04-08 14:35:32 +02:00 committed by GitHub
parent 0b94647219
commit bd23f7c916
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 56 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libafl/src/observers/cmp.rs
View File

@ -103,7 +103,7 @@ pub trait CmpMap: Debug {
fn usable_executions_for(&self, idx: usize) -> usize;
/// Get the logged values for a cmp
fn values_of(&self, idx: usize, execution: usize) -> CmpValues;
fn values_of(&self, idx: usize, execution: usize) -> Option<CmpValues>;
/// Reset the state
fn reset(&mut self) -> Result<(), Error>;
@ -150,7 +150,7 @@ where
let mut last: Option<CmpValues> = None;
for j in 0..execs {
let val = self.cmp_map().values_of(i, j);
if let Some(val) = self.cmp_map().values_of(i, j) {
if let Some(l) = last.and_then(|x| x.to_u64_tuple()) {
if let Some(v) = val.to_u64_tuple() {
if l.0.wrapping_add(1) == v.0 {
@ -169,6 +169,7 @@ where
}
last = Some(val);
}
}
// We check for execs-2 because the logged execs may wrap and have something like
// 8 9 10 3 4 5 6 7
if increasing_v0 >= execs - 2
@ -180,7 +181,9 @@ where
}
}
for j in 0..execs {
meta.list.push(self.cmp_map().values_of(i, j));
if let Some(val) = self.cmp_map().values_of(i, j) {
meta.list.push(val);
}
}
}
}

4
libafl_targets/src/cmplog.c
View File

@ -111,12 +111,12 @@ void __libafl_targets_cmplog_routines(uintptr_t k, uint8_t *ptr1, uint8_t *ptr2)
if (libafl_cmplog_map_ptr->headers[k].kind != CMPLOG_KIND_RTN) {
libafl_cmplog_map_ptr->headers[k].kind = CMPLOG_KIND_RTN;
libafl_cmplog_map_ptr->headers[k].hits = 1;
libafl_cmplog_map_ptr->headers[k].shape = len - 1;
libafl_cmplog_map_ptr->headers[k].shape = len;
hits = 0;
} else {
hits = libafl_cmplog_map_ptr->headers[k].hits++;
if (libafl_cmplog_map_ptr->headers[k].shape < len)
libafl_cmplog_map_ptr->headers[k].shape = len - 1;
libafl_cmplog_map_ptr->headers[k].shape = len;
}
hits &= CMPLOG_MAP_RTN_H - 1;

25
libafl_targets/src/cmplog.rs
View File

@ -110,35 +110,36 @@ impl CmpMap for CmpLogMap {
}
}
fn values_of(&self, idx: usize, execution: usize) -> CmpValues {
fn values_of(&self, idx: usize, execution: usize) -> Option<CmpValues> {
if self.headers[idx].kind == CMPLOG_KIND_INS {
unsafe {
match self.headers[idx].shape {
1 => CmpValues::U8((
1 => Some(CmpValues::U8((
self.vals.operands[idx][execution].0 as u8,
self.vals.operands[idx][execution].1 as u8,
)),
2 => CmpValues::U16((
))),
2 => Some(CmpValues::U16((
self.vals.operands[idx][execution].0 as u16,
self.vals.operands[idx][execution].1 as u16,
)),
4 => CmpValues::U32((
))),
4 => Some(CmpValues::U32((
self.vals.operands[idx][execution].0 as u32,
self.vals.operands[idx][execution].1 as u32,
)),
8 => CmpValues::U64((
))),
8 => Some(CmpValues::U64((
self.vals.operands[idx][execution].0,
self.vals.operands[idx][execution].1,
)),
other => panic!("Invalid CmpLog shape {}", other),
))),
// other => panic!("Invalid CmpLog shape {}", other),
_ => None,
}
}
} else {
unsafe {
CmpValues::Bytes((
Some(CmpValues::Bytes((
self.vals.routines[idx][execution].0.to_vec(),
self.vals.routines[idx][execution].1.to_vec(),
))
)))
}
}
}

21
scripts/clean_all.sh Executable file
View File

@ -0,0 +1,21 @@
#!/bin/bash
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
cd "$SCRIPT_DIR/.."
# TODO: This should be rewritten in rust, a Makefile, or some platform-independent language
echo "Welcome to the happy clean script. :)"
echo "[*] Running clean for the main crates"
cargo clean
fuzzers=$(find ./fuzzers -maxdepth 1 -type d)
backtrace_fuzzers=$(find ./fuzzers/backtrace_baby_fuzzers -maxdepth 1 -type d)
for fuzzer in $(echo $fuzzers $backtrace_fuzzers);
do
pushd $fuzzer
echo "[*] Running clean for $fuzzer"
cargo clean
popd
done