SYS-OSS/FRET-LibAFL
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix EdgeCoverageModuleBuilder (#2931)

Browse Source
This commit is contained in:
Dongjia "toka" Zhang 2025-02-04 14:34:11 +01:00 committed by GitHub
parent a27da1b8be
commit defb475d28
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
fuzzers/binary_only/fuzzbench_fork_qemu/Makefile.toml
View File

@ -90,7 +90,7 @@ windows_alias = "unsupported"
script_runner = "@shell"
script = '''
timeout 15s ${TARGET_DIR}/${PROFILE_DIR}/fuzzbench_fork_qemu ${PROJECT_DIR}/harness -- --libafl-in ${PROJECT_DIR}/../../inprocess/libfuzzer_libpng/corpus --libafl-out ${PROJECT_DIR}/out ${PROJECT_DIR}/harness | tee fuzz_stdout.log
if grep -qa "objectives: 1" fuzz_stdout.log; then
if grep -qa "corpus: 5" fuzz_stdout.log; then
echo "Fuzzer is working"
else
echo "Fuzzer does not generate any testcases or any crashes"

3
fuzzers/binary_only/fuzzbench_fork_qemu/src/fuzzer.rs
View File

@ -56,7 +56,7 @@ use libafl_qemu::{
Emulator, GuestReg, MmapPerms, QemuExitError, QemuExitReason, QemuForkExecutor,
QemuShutdownCause, Regs,
};
use libafl_targets::{EDGES_MAP_DEFAULT_SIZE, EDGES_MAP_PTR};
use libafl_targets::EDGES_MAP_DEFAULT_SIZE;
#[cfg(unix)]
use nix::unistd::dup;
@ -155,7 +155,6 @@ fn fuzz(
let mut edges_shmem = shmem_provider.new_shmem(EDGES_MAP_DEFAULT_SIZE).unwrap();
let edges = edges_shmem.as_slice_mut();
unsafe { EDGES_MAP_PTR = edges.as_mut_ptr() };
// Create an observation channel using the coverage map
let mut edges_observer = unsafe {

11
libafl_qemu/src/modules/edges/mod.rs
View File

@ -194,11 +194,20 @@ impl<AF, PF, V, const IS_INITIALIZED: bool, const IS_CONST_MAP: bool, const MAP_
#[must_use]
pub fn const_map_observer<O, const NEW_MAP_SIZE: usize>(
self,
_const_map_observer: &mut O,
map_observer: &mut O,
) -> EdgeCoverageModuleBuilder<AF, PF, V, true, true, NEW_MAP_SIZE>
where
O: ConstLenMapObserver<NEW_MAP_SIZE>,
{
let map_ptr = map_observer.map_slice_mut().as_mut_ptr() as *mut u8;
unsafe {
LIBAFL_QEMU_EDGES_MAP_PTR = map_ptr;
// LIBAFL_QEMU_EDGES_MAP_SIZE_PTR = size_ptr; do i need this ?
LIBAFL_QEMU_EDGES_MAP_ALLOCATED_SIZE = NEW_MAP_SIZE;
LIBAFL_QEMU_EDGES_MAP_MASK_MAX = NEW_MAP_SIZE - 1;
}
EdgeCoverageModuleBuilder::<AF, PF, V, true, true, NEW_MAP_SIZE>::new(
self.variant,
self.address_filter,