diff --git a/fuzzers/baby_fuzzer/src/main.rs b/fuzzers/baby_fuzzer/src/main.rs index a40c9d9f7c..351042b8e5 100644 --- a/fuzzers/baby_fuzzer/src/main.rs +++ b/fuzzers/baby_fuzzer/src/main.rs @@ -1,5 +1,6 @@ use std::path::PathBuf; +use libafl::inputs::{BytesInput, HasTargetBytes}; use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list}, corpus::{InMemoryCorpus, OnDiskCorpus, QueueCorpusScheduler}, @@ -26,7 +27,9 @@ fn signals_set(idx: usize) { #[allow(clippy::similar_names)] pub fn main() { // The closure that we want to fuzz - let mut harness = |buf: &[u8]| { + let mut harness = |input: &BytesInput| { + let target = input.target_bytes(); + let buf = target.as_slice(); signals_set(0); if !buf.is_empty() && buf[0] == b'a' { signals_set(1); diff --git a/fuzzers/frida_libpng/src/fuzzer.rs b/fuzzers/frida_libpng/src/fuzzer.rs index 2b80c2d3b8..3add7b1596 100644 --- a/fuzzers/frida_libpng/src/fuzzer.rs +++ b/fuzzers/frida_libpng/src/fuzzer.rs @@ -26,7 +26,7 @@ use libafl::{ feedback_or, feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback, TimeFeedback, TimeoutFeedback}, fuzzer::{Fuzzer, StdFuzzer}, - inputs::{HasTargetBytes, Input}, + inputs::{BytesInput, HasTargetBytes, Input}, mutators::{ scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator}, token_mutations::Tokens, @@ -61,7 +61,7 @@ use libafl_frida::{ struct FridaInProcessExecutor<'a, 'b, 'c, FH, H, I, OT, S> where FH: FridaHelper<'b>, - H: FnMut(&[u8]) -> ExitKind, + H: FnMut(&I) -> ExitKind, I: Input + HasTargetBytes, OT: ObserversTuple, { @@ -78,7 +78,7 @@ impl<'a, 'b, 'c, FH, H, I, OT, S> Executor for FridaInProcessExecutor<'a, 'b, 'c, FH, H, I, OT, S> where FH: FridaHelper<'b>, - H: FnMut(&[u8]) -> ExitKind, + H: FnMut(&I) -> ExitKind, I: Input + HasTargetBytes, OT: ObserversTuple, { @@ -117,7 +117,7 @@ impl<'a, 'b, 'c, EM, FH, H, I, OT, S, Z> HasExecHooks for FridaInProcessExecutor<'a, 'b, 'c, FH, H, I, OT, S> where FH: FridaHelper<'b>, - H: FnMut(&[u8]) -> ExitKind, + H: FnMut(&I) -> ExitKind, I: Input + HasTargetBytes, OT: ObserversTuple, { @@ -152,7 +152,7 @@ impl<'a, 'b, 'c, FH, H, I, OT, S> HasObservers for FridaInProcessExecutor<'a, 'b, 'c, FH, H, I, OT, S> where FH: FridaHelper<'b>, - H: FnMut(&[u8]) -> ExitKind, + H: FnMut(&I) -> ExitKind, I: Input + HasTargetBytes, OT: ObserversTuple, { @@ -171,7 +171,7 @@ impl<'a, 'b, 'c, EM, FH, H, I, OT, S, Z> HasObserversHooks for FridaInProcessExecutor<'a, 'b, 'c, FH, H, I, OT, S> where FH: FridaHelper<'b>, - H: FnMut(&[u8]) -> ExitKind, + H: FnMut(&I) -> ExitKind, I: Input + HasTargetBytes, OT: ObserversTuple + HasExecHooksTuple, { @@ -180,7 +180,7 @@ where impl<'a, 'b, 'c, FH, H, I, OT, S> FridaInProcessExecutor<'a, 'b, 'c, FH, H, I, OT, S> where FH: FridaHelper<'b>, - H: FnMut(&[u8]) -> ExitKind, + H: FnMut(&I) -> ExitKind, I: Input + HasTargetBytes, OT: ObserversTuple, { @@ -336,7 +336,9 @@ unsafe fn fuzz( unsafe extern "C" fn(data: *const u8, size: usize) -> i32, > = lib.get(symbol_name.as_bytes()).unwrap(); - let mut frida_harness = move |buf: &[u8]| { + let mut frida_harness = move |input: &BytesInput| { + let target = input.target_bytes(); + let buf = target.as_slice(); (target_func)(buf.as_ptr(), buf.len()); ExitKind::Ok }; diff --git a/fuzzers/libfuzzer_libmozjpeg/src/lib.rs b/fuzzers/libfuzzer_libmozjpeg/src/lib.rs index 5218886e52..7f68c7ed63 100644 --- a/fuzzers/libfuzzer_libmozjpeg/src/lib.rs +++ b/fuzzers/libfuzzer_libmozjpeg/src/lib.rs @@ -15,6 +15,7 @@ use libafl::{ feedback_or, feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback}, fuzzer::{Fuzzer, StdFuzzer}, + inputs::{BytesInput, HasTargetBytes}, mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator}, mutators::token_mutations::Tokens, observers::StdMapObserver, @@ -128,7 +129,9 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |buf: &[u8]| { + let mut harness = |input: &BytesInput| { + let target = input.target_bytes(); + let buf = target.as_slice(); libfuzzer_test_one_input(buf); ExitKind::Ok }; diff --git a/fuzzers/libfuzzer_libpng/src/lib.rs b/fuzzers/libfuzzer_libpng/src/lib.rs index 33c5a2eb0d..411768118b 100644 --- a/fuzzers/libfuzzer_libpng/src/lib.rs +++ b/fuzzers/libfuzzer_libpng/src/lib.rs @@ -16,6 +16,7 @@ use libafl::{ feedback_or, feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback, TimeFeedback, TimeoutFeedback}, fuzzer::{Fuzzer, StdFuzzer}, + inputs::{BytesInput, HasTargetBytes}, mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator}, mutators::token_mutations::Tokens, observers::{HitcountsMapObserver, StdMapObserver, TimeObserver}, @@ -126,7 +127,9 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |buf: &[u8]| { + let mut harness = |input: &BytesInput| { + let target = input.target_bytes(); + let buf = target.as_slice(); libfuzzer_test_one_input(buf); ExitKind::Ok }; diff --git a/fuzzers/libfuzzer_libpng_launcher/src/lib.rs b/fuzzers/libfuzzer_libpng_launcher/src/lib.rs index c1d9b0980a..b59305a6fc 100644 --- a/fuzzers/libfuzzer_libpng_launcher/src/lib.rs +++ b/fuzzers/libfuzzer_libpng_launcher/src/lib.rs @@ -24,6 +24,7 @@ use libafl::{ feedback_or, feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback, TimeFeedback, TimeoutFeedback}, fuzzer::{Fuzzer, StdFuzzer}, + inputs::{BytesInput, HasTargetBytes}, mutators::scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator}, mutators::token_mutations::Tokens, observers::{HitcountsMapObserver, StdMapObserver, TimeObserver}, @@ -127,7 +128,9 @@ pub fn main() { let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |buf: &[u8]| { + let mut harness = |input: &BytesInput| { + let target = input.target_bytes(); + let buf = target.as_slice(); libfuzzer_test_one_input(buf); ExitKind::Ok }; diff --git a/fuzzers/libfuzzer_reachability/src/lib.rs b/fuzzers/libfuzzer_reachability/src/lib.rs index b733a847f1..7c0141461f 100644 --- a/fuzzers/libfuzzer_reachability/src/lib.rs +++ b/fuzzers/libfuzzer_reachability/src/lib.rs @@ -10,6 +10,7 @@ use libafl::{ executors::{inprocess::InProcessExecutor, ExitKind}, feedbacks::{MapFeedbackState, MaxMapFeedback, ReachabilityFeedback}, fuzzer::{Fuzzer, StdFuzzer}, + inputs::{BytesInput, HasTargetBytes}, mutators::scheduled::{havoc_mutations, StdScheduledMutator}, observers::{HitcountsMapObserver, StdMapObserver}, stages::mutational::StdMutationalStage, @@ -107,7 +108,9 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |buf: &[u8]| { + let mut harness = |input: &BytesInput| { + let target = input.target_bytes(); + let buf = target.as_slice(); libfuzzer_test_one_input(buf); ExitKind::Ok }; diff --git a/fuzzers/libfuzzer_stb_image/src/main.rs b/fuzzers/libfuzzer_stb_image/src/main.rs index d0b677e082..c718b1ad2e 100644 --- a/fuzzers/libfuzzer_stb_image/src/main.rs +++ b/fuzzers/libfuzzer_stb_image/src/main.rs @@ -14,6 +14,7 @@ use libafl::{ feedback_or, feedbacks::{CrashFeedback, MapFeedbackState, MaxMapFeedback, TimeFeedback}, fuzzer::{Fuzzer, StdFuzzer}, + inputs::{BytesInput, HasTargetBytes}, mutators::scheduled::{havoc_mutations, StdScheduledMutator}, mutators::token_mutations::I2SRandReplace, observers::{StdMapObserver, TimeObserver}, @@ -114,7 +115,9 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |buf: &[u8]| { + let mut harness = |input: &BytesInput| { + let target = input.target_bytes(); + let buf = target.as_slice(); libfuzzer_test_one_input(buf); ExitKind::Ok }; @@ -149,7 +152,9 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re } // Secondary harness due to mut ownership - let mut harness = |buf: &[u8]| { + let mut harness = |input: &BytesInput| { + let target = input.target_bytes(); + let buf = target.as_slice(); libfuzzer_test_one_input(buf); ExitKind::Ok }; diff --git a/libafl/src/executors/inprocess.rs b/libafl/src/executors/inprocess.rs index 994f26e1ec..8dd3e59112 100644 --- a/libafl/src/executors/inprocess.rs +++ b/libafl/src/executors/inprocess.rs @@ -23,7 +23,7 @@ use crate::{ }, feedbacks::Feedback, fuzzer::HasObjective, - inputs::{HasTargetBytes, Input}, + inputs::Input, observers::ObserversTuple, state::HasSolutions, Error, @@ -32,8 +32,8 @@ use crate::{ /// The inmem executor simply calls a target function, then returns afterwards. pub struct InProcessExecutor<'a, H, I, OT, S> where - H: FnMut(&[u8]) -> ExitKind, - I: Input + HasTargetBytes, + H: FnMut(&I) -> ExitKind, + I: Input, OT: ObserversTuple, { /// The harness function, being executed for each fuzzing loop execution @@ -45,22 +45,21 @@ where impl<'a, H, I, OT, S> Executor for InProcessExecutor<'a, H, I, OT, S> where - H: FnMut(&[u8]) -> ExitKind, - I: Input + HasTargetBytes, + H: FnMut(&I) -> ExitKind, + I: Input, OT: ObserversTuple, { #[inline] fn run_target(&mut self, input: &I) -> Result { - let bytes = input.target_bytes(); - let ret = (self.harness_fn)(bytes.as_slice()); + let ret = (self.harness_fn)(input); Ok(ret) } } impl<'a, EM, H, I, OT, S, Z> HasExecHooks for InProcessExecutor<'a, H, I, OT, S> where - H: FnMut(&[u8]) -> ExitKind, - I: Input + HasTargetBytes, + H: FnMut(&I) -> ExitKind, + I: Input, OT: ObserversTuple, { #[inline] @@ -140,8 +139,8 @@ where impl<'a, H, I, OT, S> HasObservers for InProcessExecutor<'a, H, I, OT, S> where - H: FnMut(&[u8]) -> ExitKind, - I: Input + HasTargetBytes, + H: FnMut(&I) -> ExitKind, + I: Input, OT: ObserversTuple, { #[inline] @@ -158,16 +157,16 @@ where impl<'a, EM, H, I, OT, S, Z> HasObserversHooks for InProcessExecutor<'a, H, I, OT, S> where - H: FnMut(&[u8]) -> ExitKind, - I: Input + HasTargetBytes, + H: FnMut(&I) -> ExitKind, + I: Input, OT: ObserversTuple + HasExecHooksTuple, { } impl<'a, H, I, OT, S> InProcessExecutor<'a, H, I, OT, S> where - H: FnMut(&[u8]) -> ExitKind, - I: Input + HasTargetBytes, + H: FnMut(&I) -> ExitKind, + I: Input, OT: ObserversTuple, { /// Create a new in mem executor. @@ -256,7 +255,7 @@ mod unix_signal_handler { executors::ExitKind, feedbacks::Feedback, fuzzer::HasObjective, - inputs::{HasTargetBytes, Input}, + inputs::Input, observers::ObserversTuple, state::HasSolutions, }; @@ -343,7 +342,7 @@ mod unix_signal_handler { OC: Corpus, OF: Feedback, S: HasSolutions, - I: Input + HasTargetBytes, + I: Input, Z: HasObjective, { let state = (data.state_ptr as *mut S).as_mut().unwrap(); @@ -417,7 +416,7 @@ mod unix_signal_handler { OC: Corpus, OF: Feedback, S: HasSolutions, - I: Input + HasTargetBytes, + I: Input, Z: HasObjective, { #[cfg(all(target_os = "android", target_arch = "aarch64"))] @@ -570,7 +569,7 @@ mod windows_exception_handler { executors::ExitKind, feedbacks::Feedback, fuzzer::HasObjective, - inputs::{HasTargetBytes, Input}, + inputs::Input, observers::ObserversTuple, state::HasSolutions, }; @@ -636,7 +635,7 @@ mod windows_exception_handler { OC: Corpus, OF: Feedback, S: HasSolutions, - I: Input + HasTargetBytes, + I: Input, Z: HasObjective, { #[cfg(feature = "std")] @@ -735,7 +734,7 @@ mod tests { #[test] fn test_inmem_exec() { - let mut harness = |_buf: &[u8]| ExitKind::Ok; + let mut harness = |_buf: &NopInput| ExitKind::Ok; let mut in_process_executor = InProcessExecutor::<_, NopInput, (), ()> { harness_fn: &mut harness, diff --git a/libafl/src/lib.rs b/libafl/src/lib.rs index 4e013f4bbc..780dab902c 100644 --- a/libafl/src/lib.rs +++ b/libafl/src/lib.rs @@ -201,7 +201,7 @@ mod tests { let scheduler = RandCorpusScheduler::new(); let mut fuzzer = StdFuzzer::new(scheduler, (), ()); - let mut harness = |_buf: &[u8]| ExitKind::Ok; + let mut harness = |_buf: &BytesInput| ExitKind::Ok; let mut executor = InProcessExecutor::new( &mut harness, tuple_list!(),