Fixes for multiple subtle bugs with grimoire, mutators, and state (#1001)

* fix multiple subtle bugs with grimoire, mutators, and state

* obey the clippy overlord

* grimoire: skip over token after splice

* remove extraneous length check

libafl/src/mutators/grimoire.rs

@@ -277,40 +277,46 @@ where
 
         'first: for item in &mut gen[..rand_idx] {
             if let GeneralizedItem::Bytes(bytes) = item {
-                if bytes.len() < token_1.len() {
-                    continue;
-                }
                 let mut i = 0;
-                while i < bytes.len() - token_1.len() {
+                while bytes
+                    .len()
+                    .checked_sub(token_1.len())
+                    .map_or(false, |len| i < len)
+                {
                     if bytes[i..].starts_with(token_1) {
-                        bytes.splice(i..(i + token_1.len()), token_2.clone());
+                        bytes.splice(i..(i + token_1.len()), token_2.iter().copied());
 
                         mutated = MutationResult::Mutated;
                         if stop_at_first {
                             break 'first;
                         }
+                        i += token_2.len();
+                    } else {
+                        i += 1;
                     }
-                    i += 1;
                 }
             }
         }
         if mutated == MutationResult::Skipped || !stop_at_first {
             'second: for item in &mut gen[rand_idx..] {
                 if let GeneralizedItem::Bytes(bytes) = item {
-                    if bytes.len() < token_1.len() {
-                        continue;
-                    }
                     let mut i = 0;
-                    while i < bytes.len() - token_1.len() {
+                    while bytes
+                        .len()
+                        .checked_sub(token_1.len())
+                        .map_or(false, |len| i < len)
+                    {
                         if bytes[i..].starts_with(token_1) {
-                            bytes.splice(i..(i + token_1.len()), token_2.clone());
+                            bytes.splice(i..(i + token_1.len()), token_2.iter().copied());
 
                             mutated = MutationResult::Mutated;
                             if stop_at_first {
                                 break 'second;
                             }
+                            i += token_2.len();
+                        } else {
+                            i += 1;
                         }
-                        i += 1;
                     }
                 }
             }

libafl/src/stages/mutational.rs

@@ -117,7 +117,7 @@ where
 
         start_timer!(state);
         let testcase = state.corpus().get(corpus_idx)?.borrow();
-        let input = I::try_transform_from(&testcase, state, corpus_idx)?;
+        let Ok(input) = I::try_transform_from(&testcase, state, corpus_idx) else { return Ok(()); };
         drop(testcase);
         mark_feature_time!(state, PerfFeature::GetInputFromCorpus);
 

libafl/src/stages/power.rs

@@ -83,7 +83,7 @@ where
         let num = self.iterations(state, corpus_idx)?;
 
         let testcase = state.corpus().get(corpus_idx)?.borrow();
-        let input = I::try_transform_from(&testcase, state, corpus_idx)?;
+        let Ok(input) = I::try_transform_from(&testcase, state, corpus_idx) else { return Ok(()); };
         drop(testcase);
 
         for i in 0..num {

libafl/src/state/mod.rs

@@ -367,6 +367,10 @@ where
         for entry in fs::read_dir(in_dir)? {
             let entry = entry?;
             let path = entry.path();
+            if path.file_name().unwrap().to_string_lossy().starts_with('.') {
+                continue;
+            }
+
             let attributes = fs::metadata(&path);
 
             if attributes.is_err() {