SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

merged main

Browse Source
This commit is contained in:
Dominik Maier 2021-02-03 03:47:43 +01:00
commit d0661b7d41
13 changed files with 26 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
afl/examples/llmp_test/main.rs
View File

@ -6,10 +6,7 @@ extern crate alloc;
use core::{convert::TryInto, time::Duration}; use core::{convert::TryInto, time::Duration};
use std::{thread, time}; use std::{thread, time};
use afl::{ use afl::{llmp, shmem::AflShmem, AflError};
events::{llmp, shmem::AflShmem},
AflError,
};
const TAG_SIMPLE_U32_V1: u32 = 0x51300321; const TAG_SIMPLE_U32_V1: u32 = 0x51300321;
const TAG_MATH_RESULT_V1: u32 = 0x77474331; const TAG_MATH_RESULT_V1: u32 = 0x77474331;

2
afl/src/corpus/inmemory.rs
View File

@ -1,4 +1,4 @@
use alloc::vec::Vec; use alloc::{borrow::ToOwned, vec::Vec};
use core::{cell::RefCell, marker::PhantomData}; use core::{cell::RefCell, marker::PhantomData};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};

2
afl/src/corpus/mod.rs
View File

@ -12,7 +12,7 @@ pub use ondisk::OnDiskCorpus;
pub mod queue; pub mod queue;
pub use queue::QueueCorpus; pub use queue::QueueCorpus;
use alloc::vec::Vec; use alloc::{borrow::ToOwned, vec::Vec};
use core::{cell::RefCell, ptr}; use core::{cell::RefCell, ptr};
use crate::{inputs::Input, utils::Rand, AflError}; use crate::{inputs::Input, utils::Rand, AflError};

2
afl/src/corpus/queue.rs
View File

@ -1,4 +1,4 @@
use alloc::vec::Vec; use alloc::{borrow::ToOwned, vec::Vec};
use core::{cell::RefCell, marker::PhantomData}; use core::{cell::RefCell, marker::PhantomData};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};

15
afl/src/events/mod.rs
View File

@ -1,6 +1,3 @@
pub mod llmp;
pub mod shmem;
use alloc::{ use alloc::{
string::{String, ToString}, string::{String, ToString},
vec::Vec, vec::Vec,
@ -11,22 +8,20 @@ use core::{
}; };
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
use self::{ #[cfg(feature = "std")]
llmp::{LlmpClient, LlmpClientDescription, Tag}, use crate::shmem::AflShmem;
shmem::ShMem,
};
use crate::{ use crate::{
corpus::Corpus, corpus::Corpus,
engines::State, engines::State,
feedbacks::FeedbacksTuple, feedbacks::FeedbacksTuple,
inputs::Input, inputs::Input,
llmp::{self, LlmpClient, LlmpClientDescription, Tag},
observers::ObserversTuple, observers::ObserversTuple,
serde_anymap::Ptr, serde_anymap::Ptr,
shmem::ShMem,
utils::{current_time, Rand}, utils::{current_time, Rand},
AflError, AflError,
}; };
#[cfg(feature = "std")]
use shmem::AflShmem;
#[derive(Debug, Copy, Clone)] #[derive(Debug, Copy, Clone)]
/// Indicate if an event worked or not /// Indicate if an event worked or not
@ -662,10 +657,12 @@ where
Ok(BrokerEventResult::Handled) Ok(BrokerEventResult::Handled)
} }
LLMPEventKind::Crash { input: _ } => { LLMPEventKind::Crash { input: _ } => {
#[cfg(feature = "std")]
println!("LLMPEvent::Crash"); println!("LLMPEvent::Crash");
Ok(BrokerEventResult::Handled) Ok(BrokerEventResult::Handled)
} }
LLMPEventKind::Timeout { input: _ } => { LLMPEventKind::Timeout { input: _ } => {
#[cfg(feature = "std")]
println!("LLMPEvent::Timeout"); println!("LLMPEvent::Timeout");
Ok(BrokerEventResult::Handled) Ok(BrokerEventResult::Handled)
} }

11
afl/src/inputs/bytes.rs
View File

@ -59,7 +59,7 @@ impl BytesInput {
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crate::utils::{next_pow2, Rand, StdRand}; use crate::utils::{Rand, StdRand};
#[test] #[test]
fn test_input() { fn test_input() {
@ -70,13 +70,4 @@ mod tests {
assert_eq!(rand.between(10, 10), 10); assert_eq!(rand.between(10, 10), 10);
assert!(rand.between(11, 20) > 10); assert!(rand.between(11, 20) > 10);
} }
#[test]
fn test_next_pow2() {
assert_eq!(next_pow2(0), 0);
assert_eq!(next_pow2(1), 1);
assert_eq!(next_pow2(2), 2);
assert_eq!(next_pow2(3), 4);
assert_eq!(next_pow2(1000), 1024);
}
} }

2
afl/src/lib.rs
View File

@ -16,10 +16,12 @@ pub mod executors;
pub mod feedbacks; pub mod feedbacks;
pub mod generators; pub mod generators;
pub mod inputs; pub mod inputs;
pub mod llmp;
pub mod metamap; pub mod metamap;
pub mod mutators; pub mod mutators;
pub mod observers; pub mod observers;
pub mod serde_anymap; pub mod serde_anymap;
pub mod shmem;
pub mod stages; pub mod stages;
pub mod tuples; pub mod tuples;
pub mod utils; pub mod utils;

8
afl/src/events/llmp.rs → afl/src/llmp.rs
View File

@ -67,7 +67,6 @@ use std::{
}; };
use super::shmem::{ShMem, ShMemDescription}; use super::shmem::{ShMem, ShMemDescription};
use crate::utils::next_pow2;
use crate::AflError; use crate::AflError;
/// We'll start off with 256 megabyte maps per fuzzer client /// We'll start off with 256 megabyte maps per fuzzer client
@ -155,10 +154,11 @@ fn msg_offset_from_env(env_name: &str) -> Result<Option<u64>, AflError> {
/// largest messages we encountered (plus message one new_page message). /// largest messages we encountered (plus message one new_page message).
#[inline] #[inline]
fn new_map_size(max_alloc: usize) -> usize { fn new_map_size(max_alloc: usize) -> usize {
next_pow2(max( max(
max_alloc * 2 + EOP_MSG_SIZE + LLMP_PAGE_HEADER_LEN, max_alloc * 2 + EOP_MSG_SIZE + LLMP_PAGE_HEADER_LEN,
LLMP_PREF_INITIAL_MAP_SIZE, LLMP_PREF_INITIAL_MAP_SIZE,
) as u64) as usize )
.next_power_of_two()
} }
/// Initialize a new llmp_page. size should be relative to /// Initialize a new llmp_page. size should be relative to
@ -1609,7 +1609,7 @@ mod tests {
Tag, Tag,
}; };
#[cfg(feature = "std")] #[cfg(feature = "std")]
use crate::events::shmem::AflShmem; use crate::shmem::AflShmem;
#[cfg(feature = "std")] #[cfg(feature = "std")]
#[test] #[test]

2
afl/src/mutators/scheduled.rs
View File

@ -326,7 +326,7 @@ mod tests {
let mut input = testcase.borrow_mut().load_input().unwrap().clone(); let mut input = testcase.borrow_mut().load_input().unwrap().clone();
rand.set_seed(5); rand.set_seed(5);
let mut mutator = StdScheduledMutator::new(); let mut mutator = StdScheduledMutator::<InMemoryCorpus<BytesInput, XKCDRand>, _, _>::new();
mutation_splice(&mut mutator, &mut rand, &mut corpus, &mut input).unwrap(); mutation_splice(&mut mutator, &mut rand, &mut corpus, &mut input).unwrap();

0
afl/src/events/shmem.rs → afl/src/shmem.rs
View File

27
afl/src/utils.rs
View File

@ -11,9 +11,10 @@ use std::time::{SystemTime, UNIX_EPOCH};
use crate::{ use crate::{
corpus::Corpus, corpus::Corpus,
engines::State, engines::State,
events::{shmem::ShMem, LlmpEventManager, Stats}, events::{LlmpEventManager, Stats},
feedbacks::FeedbacksTuple, feedbacks::FeedbacksTuple,
inputs::Input, inputs::Input,
shmem::ShMem,
AflError, AflError,
}; };
@ -452,23 +453,11 @@ impl XKCDRand {
} }
} }
/// Get the next higher power of two
#[inline]
pub const fn next_pow2(val: u64) -> u64 {
let mut out = val.wrapping_sub(1);
out |= out >> 1;
out |= out >> 2;
out |= out >> 4;
out |= out >> 8;
out |= out >> 16;
out.wrapping_add(1)
}
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
//use xxhash_rust::xxh3::xxh3_64_with_seed; //use xxhash_rust::xxh3::xxh3_64_with_seed;
use crate::utils::{next_pow2, Rand, StdRand}; use crate::utils::{Rand, StdRand};
#[test] #[test]
fn test_rand() { fn test_rand() {
@ -492,14 +481,4 @@ mod tests {
assert_eq!(rand.between(10, 10), 10); assert_eq!(rand.between(10, 10), 10);
assert!(rand.between(11, 20) > 10); assert!(rand.between(11, 20) > 10);
} }
#[test]
fn test_next_pow2() {
assert_eq!(next_pow2(0), 0);
assert_eq!(next_pow2(1), 1);
assert_eq!(next_pow2(2), 2);
assert_eq!(next_pow2(3), 4);
assert_eq!(next_pow2(1000), 1024);
assert_eq!(next_pow2(0xFFFFFFFF as u64), (0xFFFFFFFF as u64) + 1);
}
} }

2
fuzzers/libfuzzer_libpng/harness.cc
View File

@ -154,12 +154,14 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
return 0; return 0;
} }
#ifdef HAS_BUG
// This is going to be too slow. // This is going to be too slow.
if (width && height > 100000000 / width) { if (width && height > 100000000 / width) {
PNG_CLEANUP PNG_CLEANUP
asm("ud2"); asm("ud2");
return 0; return 0;
} }
#endif
// Set several transforms that browsers typically use: // Set several transforms that browsers typically use:
png_set_gray_to_rgb(png_handler.png_ptr); png_set_gray_to_rgb(png_handler.png_ptr);

9
fuzzers/libfuzzer_libpng/src/mod.rs
View File

@ -7,18 +7,15 @@ use std::{env, path::PathBuf, process::Command};
use afl::{ use afl::{
corpus::{Corpus, InMemoryCorpus}, corpus::{Corpus, InMemoryCorpus},
engines::{Engine, Fuzzer, State, StdFuzzer}, engines::{Engine, Fuzzer, State, StdFuzzer},
events::{ events::{EventManager, LlmpEventManager, SimpleStats},
llmp::LlmpReceiver,
llmp::LlmpSender,
shmem::{AflShmem, ShMem},
EventManager, LlmpEventManager, SimpleStats,
},
executors::{inmemory::InMemoryExecutor, Executor, ExitKind}, executors::{inmemory::InMemoryExecutor, Executor, ExitKind},
feedbacks::MaxMapFeedback, feedbacks::MaxMapFeedback,
generators::RandPrintablesGenerator, generators::RandPrintablesGenerator,
inputs::{BytesInput, Input}, inputs::{BytesInput, Input},
llmp::{LlmpSender, LlmpReceiver},
mutators::{scheduled::HavocBytesMutator, HasMaxSize}, mutators::{scheduled::HavocBytesMutator, HasMaxSize},
observers::StdMapObserver, observers::StdMapObserver,
shmem::{AflShmem, ShMem},
stages::mutational::StdMutationalStage, stages::mutational::StdMutationalStage,
tuples::tuple_list, tuples::tuple_list,
utils::{deserialize_state_corpus_mgr, serialize_state_corpus_mgr, StdRand}, utils::{deserialize_state_corpus_mgr, serialize_state_corpus_mgr, StdRand},