diff --git a/.gitignore b/.gitignore index 82151577a9..51f20b02af 100644 --- a/.gitignore +++ b/.gitignore @@ -47,6 +47,7 @@ a forkserver_test __pycache__ *.lafl_lock +*.metadata *atomic_file_testfile* **/libxml2 diff --git a/fuzzers/baby_fuzzer_gramatron/src/main.rs b/fuzzers/baby_fuzzer_gramatron/src/main.rs index f37bf34402..b718b11845 100644 --- a/fuzzers/baby_fuzzer_gramatron/src/main.rs +++ b/fuzzers/baby_fuzzer_gramatron/src/main.rs @@ -28,10 +28,11 @@ use libafl::{ /// Coverage map with explicit assignments due to the lack of instrumentation static mut SIGNALS: [u8; 16] = [0; 16]; +static mut SIGNALS_PTR: *mut u8 = unsafe { SIGNALS.as_mut_ptr() }; /* /// Assign a signal to the signals map fn signals_set(idx: usize) { - unsafe { SIGNALS[idx] = 1 }; + unsafe { std::ptr::write(SIGNALS_PTR.add(idx), 1) }; } */ @@ -57,7 +58,7 @@ pub fn main() { }; // Create an observation channel using the signals map - let observer = unsafe { StdMapObserver::new("signals", &mut SIGNALS) }; + let observer = unsafe { StdMapObserver::from_mut_ptr("signals", SIGNALS_PTR, SIGNALS.len()) }; // Feedback to rate the interestingness of an input let mut feedback = MaxMapFeedback::new(&observer); diff --git a/fuzzers/baby_fuzzer_minimizing/src/main.rs b/fuzzers/baby_fuzzer_minimizing/src/main.rs index e9e2a4850c..1c716fd2b0 100644 --- a/fuzzers/baby_fuzzer_minimizing/src/main.rs +++ b/fuzzers/baby_fuzzer_minimizing/src/main.rs @@ -1,15 +1,16 @@ -use std::path::PathBuf; #[cfg(windows)] use std::ptr::write_volatile; +use std::{path::PathBuf, ptr::write}; use libafl::prelude::*; /// Coverage map with explicit assignments due to the lack of instrumentation static mut SIGNALS: [u8; 16] = [0; 16]; +static mut SIGNALS_PTR: *mut u8 = unsafe { SIGNALS.as_mut_ptr() }; /// Assign a signal to the signals map fn signals_set(idx: usize) { - unsafe { SIGNALS[idx] = 1 }; + unsafe { write(SIGNALS_PTR.add(idx), 1) }; } #[allow(clippy::similar_names)] @@ -32,8 +33,7 @@ pub fn main() -> Result<(), Error> { }; // Create an observation channel using the signals map - let observer = - unsafe { StdMapObserver::from_mut_ptr("signals", SIGNALS.as_mut_ptr(), SIGNALS.len()) }; + let observer = unsafe { StdMapObserver::from_mut_ptr("signals", SIGNALS_PTR, SIGNALS.len()) }; let factory = MapEqualityFactory::with_observer(&observer); diff --git a/fuzzers/baby_fuzzer_nautilus/src/main.rs b/fuzzers/baby_fuzzer_nautilus/src/main.rs index bbccf817c2..a9680f83e7 100644 --- a/fuzzers/baby_fuzzer_nautilus/src/main.rs +++ b/fuzzers/baby_fuzzer_nautilus/src/main.rs @@ -4,7 +4,7 @@ use std::ptr::write_volatile; use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list}, - corpus::{InMemoryCorpus, InMemoryOnDiskCorpus, OnDiskCorpus}, + corpus::{InMemoryCorpus, OnDiskCorpus}, events::SimpleEventManager, executors::{inprocess::InProcessExecutor, ExitKind}, feedback_or, @@ -24,10 +24,11 @@ use libafl::{ /// Coverage map with explicit assignments due to the lack of instrumentation static mut SIGNALS: [u8; 16] = [0; 16]; +static mut SIGNALS_PTR: *mut u8 = unsafe { SIGNALS.as_mut_ptr() }; /* /// Assign a signal to the signals map fn signals_set(idx: usize) { - unsafe { SIGNALS[idx] = 1 }; + unsafe { str::ptr::write(SIGNALS_PTR.add(idx), 1) }; } */ @@ -46,7 +47,7 @@ pub fn main() { }; // Create an observation channel using the signals map - let observer = unsafe { StdMapObserver::new("signals", &mut SIGNALS) }; + let observer = unsafe { StdMapObserver::from_mut_ptr("signals", SIGNALS_PTR, SIGNALS.len()) }; // Feedback to rate the interestingness of an input let mut feedback = feedback_or!( diff --git a/fuzzers/baby_fuzzer_tokens/src/main.rs b/fuzzers/baby_fuzzer_tokens/src/main.rs index d22e5afecd..b6ad7a9891 100644 --- a/fuzzers/baby_fuzzer_tokens/src/main.rs +++ b/fuzzers/baby_fuzzer_tokens/src/main.rs @@ -1,6 +1,6 @@ #[cfg(windows)] use std::ptr::write_volatile; -use std::{fs, io::Read, path::PathBuf}; +use std::{fs, io::Read, path::PathBuf, ptr::write}; use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list}, @@ -20,10 +20,12 @@ use libafl::{ /// Coverage map with explicit assignments due to the lack of instrumentation static mut SIGNALS: [u8; 16] = [0; 16]; +static mut SIGNALS_PTR: *mut u8 = unsafe { SIGNALS.as_mut_ptr() }; + /* /// Assign a signal to the signals map fn signals_set(idx: usize) { - unsafe { SIGNALS[idx] = 1 }; + unsafe { write(SIGNALS_PTR.add(idx), 1) }; } */ @@ -65,8 +67,7 @@ pub fn main() { }; // Create an observation channel using the signals map - let observer = - unsafe { StdMapObserver::from_mut_ptr("signals", SIGNALS.as_mut_ptr(), SIGNALS.len()) }; + let observer = unsafe { StdMapObserver::from_mut_ptr("signals", SIGNALS_PTR, SIGNALS.len()) }; // Feedback to rate the interestingness of an input let mut feedback = MaxMapFeedback::new(&observer); diff --git a/fuzzers/baby_fuzzer_with_forkexecutor/src/main.rs b/fuzzers/baby_fuzzer_with_forkexecutor/src/main.rs index 4c9647f183..346ae7f249 100644 --- a/fuzzers/baby_fuzzer_with_forkexecutor/src/main.rs +++ b/fuzzers/baby_fuzzer_with_forkexecutor/src/main.rs @@ -1,6 +1,6 @@ -use std::path::PathBuf; #[cfg(windows)] use std::ptr::write_volatile; +use std::{path::PathBuf, ptr::write}; use libafl::{ bolts::{ @@ -29,11 +29,11 @@ use libafl::{ pub fn main() { let mut shmem_provider = unix_shmem::UnixShMemProvider::new().unwrap(); let mut signals = shmem_provider.new_shmem(16).unwrap(); - let mut signals_clone = signals.clone(); + let signals_len = signals.as_slice().len(); + let signals_ptr = signals.as_mut_slice().as_mut_ptr(); - let mut signals_set = |idx: usize| { - let a = signals.as_mut_slice(); - a[idx] = 1; + let signals_set = |idx: usize| { + unsafe { write(signals_ptr.add(idx), 1) }; }; // The closure that we want to fuzz @@ -64,7 +64,7 @@ pub fn main() { }; // Create an observation channel using the signals map - let observer = unsafe { StdMapObserver::new("signals", signals_clone.as_mut_slice()) }; + let observer = unsafe { StdMapObserver::from_mut_ptr("signals", signals_ptr, signals_len) }; // Create a stacktrace observer to add the observers tuple // Feedback to rate the interestingness of an input, obtained by ANDing the interestingness of both feedbacks diff --git a/fuzzers/baby_no_std/src/main.rs b/fuzzers/baby_no_std/src/main.rs index ffc10f31d6..852a70b490 100644 --- a/fuzzers/baby_no_std/src/main.rs +++ b/fuzzers/baby_no_std/src/main.rs @@ -8,6 +8,7 @@ extern crate alloc; use alloc::ffi::CString; #[cfg(not(any(windows)))] use core::panic::PanicInfo; +use core::ptr::write; use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice}, @@ -46,10 +47,11 @@ fn panic(_info: &PanicInfo) -> ! { /// Coverage map with explicit assignments due to the lack of instrumentation static mut SIGNALS: [u8; 16] = [0; 16]; +static mut SIGNALS_PTR: *mut u8 = unsafe { SIGNALS.as_mut_ptr() }; /// Assign a signal to the signals map fn signals_set(idx: usize) { - unsafe { SIGNALS[idx] = 1 }; + unsafe { write(SIGNALS_PTR.add(idx), 1) }; } /// Provide custom time in `no_std` environment @@ -85,7 +87,7 @@ pub extern "C" fn main(_argc: isize, _argv: *const *const u8) -> isize { }; // Create an observation channel using the signals map - let observer = unsafe { StdMapObserver::new("signals", &mut SIGNALS) }; + let observer = unsafe { StdMapObserver::from_mut_ptr("signals", SIGNALS_PTR, SIGNALS.len()) }; // Feedback to rate the interestingness of an input let mut feedback = MaxMapFeedback::new(&observer); diff --git a/fuzzers/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs b/fuzzers/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs index 786472b8e1..9329645df9 100644 --- a/fuzzers/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs +++ b/fuzzers/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs @@ -1,6 +1,6 @@ -use std::path::PathBuf; #[cfg(windows)] use std::ptr::write_volatile; +use std::{path::PathBuf, ptr::write}; use libafl::{ bolts::{ @@ -30,12 +30,12 @@ use libafl::{ pub fn main() { let mut shmem_provider = unix_shmem::UnixShMemProvider::new().unwrap(); let mut signals = shmem_provider.new_shmem(16).unwrap(); - let mut signals_clone = signals.clone(); + let signals_len = signals.len(); + let signals_ptr = signals.as_mut_slice().as_mut_ptr(); let mut bt = shmem_provider.new_shmem_object::>().unwrap(); - let mut signals_set = |idx: usize| { - let a = signals.as_mut_slice(); - a[idx] = 1; + let signals_set = |idx: usize| { + unsafe { write(signals_ptr.add(idx), 1) }; }; // The closure that we want to fuzz @@ -65,7 +65,7 @@ pub fn main() { }; // Create an observation channel using the signals map - let observer = unsafe { StdMapObserver::new("signals", signals_clone.as_mut_slice()) }; + let observer = unsafe { StdMapObserver::from_mut_ptr("signals", signals_ptr, signals_len) }; // Create a stacktrace observer let bt_observer = BacktraceObserver::new( "BacktraceObserver", diff --git a/fuzzers/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs b/fuzzers/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs index 1f35338c05..2833f29ad4 100644 --- a/fuzzers/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs +++ b/fuzzers/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs @@ -1,6 +1,6 @@ -use std::path::PathBuf; #[cfg(windows)] use std::ptr::write_volatile; +use std::{path::PathBuf, ptr::write}; use libafl::{ bolts::{current_nanos, rands::StdRand, tuples::tuple_list, AsSlice}, @@ -22,10 +22,11 @@ use libafl::{ /// Coverage map with explicit assignments due to the lack of instrumentation static mut SIGNALS: [u8; 16] = [0; 16]; +static mut SIGNALS_PTR: *mut u8 = unsafe { SIGNALS.as_mut_ptr() }; /// Assign a signal to the signals map fn signals_set(idx: usize) { - unsafe { SIGNALS[idx] = 1 }; + unsafe { write(SIGNALS_PTR.add(idx), 1) }; } #[allow(clippy::similar_names)] @@ -58,7 +59,7 @@ pub fn main() { }; // Create an observation channel using the signals map - let observer = unsafe { StdMapObserver::new("signals", &mut SIGNALS) }; + let observer = unsafe { StdMapObserver::from_mut_ptr("signals", SIGNALS_PTR, SIGNALS.len()) }; // Create a stacktrace observer to add the observers tuple let mut bt = None; let bt_observer = BacktraceObserver::new(