diff --git a/docs/listings/baby_fuzzer/listing-03/src/main.rs b/docs/listings/baby_fuzzer/listing-03/src/main.rs index b6396a4987..61523ba8ed 100644 --- a/docs/listings/baby_fuzzer/listing-03/src/main.rs +++ b/docs/listings/baby_fuzzer/listing-03/src/main.rs @@ -6,7 +6,7 @@ use libafl::{ }; fn main() { - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); if buf.len() > 0 && buf[0] == 'a' as u8 { diff --git a/docs/listings/baby_fuzzer/listing-04/src/main.rs b/docs/listings/baby_fuzzer/listing-04/src/main.rs index 62498db481..ba29664b75 100644 --- a/docs/listings/baby_fuzzer/listing-04/src/main.rs +++ b/docs/listings/baby_fuzzer/listing-04/src/main.rs @@ -17,7 +17,7 @@ use std::path::PathBuf; /* ANCHOR_END: use */ fn main() { - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); if buf.len() > 0 && buf[0] == 'a' as u8 { diff --git a/docs/listings/baby_fuzzer/listing-05/src/main.rs b/docs/listings/baby_fuzzer/listing-05/src/main.rs index 930cebd0be..644fda0d2a 100644 --- a/docs/listings/baby_fuzzer/listing-05/src/main.rs +++ b/docs/listings/baby_fuzzer/listing-05/src/main.rs @@ -28,7 +28,7 @@ fn signals_set(idx: usize) { fn main() { // The closure that we want to fuzz - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); signals_set(0); // set SIGNALS[0] diff --git a/docs/listings/baby_fuzzer/listing-06/src/main.rs b/docs/listings/baby_fuzzer/listing-06/src/main.rs index 16819e24f4..e314a49dc7 100644 --- a/docs/listings/baby_fuzzer/listing-06/src/main.rs +++ b/docs/listings/baby_fuzzer/listing-06/src/main.rs @@ -29,7 +29,7 @@ fn signals_set(idx: usize) { fn main() { // The closure that we want to fuzz - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); signals_set(0); // set SIGNALS[0] diff --git a/fuzzers/baby_fuzzer/src/main.rs b/fuzzers/baby_fuzzer/src/main.rs index 8305cffecd..1bc592a828 100644 --- a/fuzzers/baby_fuzzer/src/main.rs +++ b/fuzzers/baby_fuzzer/src/main.rs @@ -34,7 +34,7 @@ fn signals_set(idx: usize) { #[allow(clippy::similar_names, clippy::manual_assert)] pub fn main() { // The closure that we want to fuzz - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); signals_set(0); diff --git a/fuzzers/baby_fuzzer_gramatron/src/main.rs b/fuzzers/baby_fuzzer_gramatron/src/main.rs index b718b11845..726c7ff993 100644 --- a/fuzzers/baby_fuzzer_gramatron/src/main.rs +++ b/fuzzers/baby_fuzzer_gramatron/src/main.rs @@ -49,7 +49,7 @@ pub fn main() { let mut bytes = vec![]; // The closure that we want to fuzz - let mut harness = |input: &GramatronInput| { + let mut harness = |input: &mut GramatronInput| { input.unparse(&mut bytes); unsafe { println!(">>> {}", std::str::from_utf8_unchecked(&bytes)); diff --git a/fuzzers/baby_fuzzer_grimoire/src/main.rs b/fuzzers/baby_fuzzer_grimoire/src/main.rs index 59aa1b956e..541e8e5283 100644 --- a/fuzzers/baby_fuzzer_grimoire/src/main.rs +++ b/fuzzers/baby_fuzzer_grimoire/src/main.rs @@ -65,7 +65,7 @@ pub fn main() { } // The closure that we want to fuzz - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target_bytes = input.target_bytes(); let bytes = target_bytes.as_slice(); diff --git a/fuzzers/baby_fuzzer_minimizing/src/main.rs b/fuzzers/baby_fuzzer_minimizing/src/main.rs index 1c716fd2b0..ad3bbf785b 100644 --- a/fuzzers/baby_fuzzer_minimizing/src/main.rs +++ b/fuzzers/baby_fuzzer_minimizing/src/main.rs @@ -16,7 +16,7 @@ fn signals_set(idx: usize) { #[allow(clippy::similar_names)] pub fn main() -> Result<(), Error> { // The closure that we want to fuzz - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); signals_set(0); diff --git a/fuzzers/baby_fuzzer_nautilus/src/main.rs b/fuzzers/baby_fuzzer_nautilus/src/main.rs index a9680f83e7..035bde28f2 100644 --- a/fuzzers/baby_fuzzer_nautilus/src/main.rs +++ b/fuzzers/baby_fuzzer_nautilus/src/main.rs @@ -38,7 +38,7 @@ pub fn main() { let mut bytes = vec![]; // The closure that we want to fuzz - let mut harness = |input: &NautilusInput| { + let mut harness = |input: &mut NautilusInput| { input.unparse(&context, &mut bytes); unsafe { println!(">>> {}", std::str::from_utf8_unchecked(&bytes)); diff --git a/fuzzers/baby_fuzzer_swap_differential/src/main.rs b/fuzzers/baby_fuzzer_swap_differential/src/main.rs index 1e8f39767d..0b1fa1b592 100644 --- a/fuzzers/baby_fuzzer_swap_differential/src/main.rs +++ b/fuzzers/baby_fuzzer_swap_differential/src/main.rs @@ -67,7 +67,7 @@ use slicemap::{HitcountsMapObserver, EDGES}; #[allow(clippy::too_many_lines)] pub fn main() { // The closure that we want to fuzz - let mut first_harness = |input: &BytesInput| { + let mut first_harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); if unsafe { inspect_first(buf.as_ptr(), buf.len()) } { @@ -76,7 +76,7 @@ pub fn main() { ExitKind::Ok } }; - let mut second_harness = |input: &BytesInput| { + let mut second_harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); if unsafe { inspect_second(buf.as_ptr(), buf.len()) } { diff --git a/fuzzers/baby_fuzzer_tokens/src/main.rs b/fuzzers/baby_fuzzer_tokens/src/main.rs index b6ad7a9891..c45de92483 100644 --- a/fuzzers/baby_fuzzer_tokens/src/main.rs +++ b/fuzzers/baby_fuzzer_tokens/src/main.rs @@ -57,7 +57,7 @@ pub fn main() { } // The closure that we want to fuzz - let mut harness = |input: &EncodedInput| { + let mut harness = |input: &mut EncodedInput| { decoded_bytes.clear(); encoder_decoder.decode(input, &mut decoded_bytes).unwrap(); unsafe { diff --git a/fuzzers/baby_fuzzer_wasm/src/lib.rs b/fuzzers/baby_fuzzer_wasm/src/lib.rs index 110abe8b74..f15301ab14 100644 --- a/fuzzers/baby_fuzzer_wasm/src/lib.rs +++ b/fuzzers/baby_fuzzer_wasm/src/lib.rs @@ -44,7 +44,7 @@ pub fn fuzz() { }; // The closure that we want to fuzz - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); signals_set(0); diff --git a/fuzzers/baby_fuzzer_with_forkexecutor/src/main.rs b/fuzzers/baby_fuzzer_with_forkexecutor/src/main.rs index 346ae7f249..6eae77d5b5 100644 --- a/fuzzers/baby_fuzzer_with_forkexecutor/src/main.rs +++ b/fuzzers/baby_fuzzer_with_forkexecutor/src/main.rs @@ -37,7 +37,7 @@ pub fn main() { }; // The closure that we want to fuzz - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); signals_set(0); diff --git a/fuzzers/baby_no_std/src/main.rs b/fuzzers/baby_no_std/src/main.rs index 852a70b490..80aebd81cd 100644 --- a/fuzzers/baby_no_std/src/main.rs +++ b/fuzzers/baby_no_std/src/main.rs @@ -69,7 +69,7 @@ pub extern "C" fn external_current_millis() -> u64 { #[no_mangle] pub extern "C" fn main(_argc: isize, _argv: *const *const u8) -> isize { // The closure that we want to fuzz - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); signals_set(0); diff --git a/fuzzers/backtrace_baby_fuzzers/c_code_with_fork_executor/src/main.rs b/fuzzers/backtrace_baby_fuzzers/c_code_with_fork_executor/src/main.rs index 22b1216b7a..8aa9ba4673 100644 --- a/fuzzers/backtrace_baby_fuzzers/c_code_with_fork_executor/src/main.rs +++ b/fuzzers/backtrace_baby_fuzzers/c_code_with_fork_executor/src/main.rs @@ -38,7 +38,7 @@ pub fn main() { let mut shmem_provider = StdShMemProvider::new().unwrap(); unsafe { create_shmem_array() }; let map_ptr = unsafe { get_ptr() }; - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); unsafe { c_harness(buf.as_ptr()) } diff --git a/fuzzers/backtrace_baby_fuzzers/c_code_with_inprocess_executor/src/main.rs b/fuzzers/backtrace_baby_fuzzers/c_code_with_inprocess_executor/src/main.rs index 5521e6a19d..5574832112 100644 --- a/fuzzers/backtrace_baby_fuzzers/c_code_with_inprocess_executor/src/main.rs +++ b/fuzzers/backtrace_baby_fuzzers/c_code_with_inprocess_executor/src/main.rs @@ -28,7 +28,7 @@ extern "C" { #[allow(clippy::similar_names)] pub fn main() { - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); unsafe { c_harness(buf.as_ptr()) } diff --git a/fuzzers/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs b/fuzzers/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs index 9329645df9..22648c3f89 100644 --- a/fuzzers/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs +++ b/fuzzers/backtrace_baby_fuzzers/rust_code_with_fork_executor/src/main.rs @@ -39,7 +39,7 @@ pub fn main() { }; // The closure that we want to fuzz - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); signals_set(0); diff --git a/fuzzers/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs b/fuzzers/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs index 2833f29ad4..1952faba73 100644 --- a/fuzzers/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs +++ b/fuzzers/backtrace_baby_fuzzers/rust_code_with_inprocess_executor/src/main.rs @@ -32,7 +32,7 @@ fn signals_set(idx: usize) { #[allow(clippy::similar_names)] pub fn main() { // The closure that we want to fuzz - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); signals_set(0); diff --git a/fuzzers/frida_executable_libpng/src/fuzzer.rs b/fuzzers/frida_executable_libpng/src/fuzzer.rs index 9a71c883e8..900331d588 100644 --- a/fuzzers/frida_executable_libpng/src/fuzzer.rs +++ b/fuzzers/frida_executable_libpng/src/fuzzer.rs @@ -55,7 +55,7 @@ pub unsafe fn lib(main: extern "C" fn(i32, *const *const u8, *const *const u8) - let options = parse_args(); - let mut frida_harness = |input: &BytesInput| { + let mut frida_harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); let len = buf.len().to_string(); @@ -87,7 +87,7 @@ pub unsafe fn lib(main: extern "C" fn(i32, *const *const u8, *const *const u8) - #[allow(clippy::too_many_lines, clippy::too_many_arguments)] unsafe fn fuzz( options: &FuzzerOptions, - mut frida_harness: &dyn Fn(&BytesInput) -> ExitKind, + mut frida_harness: &dyn Fn(&mut BytesInput) -> ExitKind, ) -> Result<(), Error> { // 'While the stats are state, they are usually used in the broker - which is likely never restarted let monitor = MultiMonitor::new(|s| println!("{s}")); diff --git a/fuzzers/frida_gdiplus/src/fuzzer.rs b/fuzzers/frida_gdiplus/src/fuzzer.rs index d8ab41cdb0..2cb0c20a58 100644 --- a/fuzzers/frida_gdiplus/src/fuzzer.rs +++ b/fuzzers/frida_gdiplus/src/fuzzer.rs @@ -85,7 +85,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> { unsafe extern "C" fn(data: *const u8, size: usize) -> i32, > = lib.get(options.harness_function.as_bytes()).unwrap(); - let mut frida_harness = |input: &BytesInput| { + let mut frida_harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); (target_func)(buf.as_ptr(), buf.len()); diff --git a/fuzzers/frida_libpng/src/fuzzer.rs b/fuzzers/frida_libpng/src/fuzzer.rs index b46b516b09..60ddf5a4a2 100644 --- a/fuzzers/frida_libpng/src/fuzzer.rs +++ b/fuzzers/frida_libpng/src/fuzzer.rs @@ -82,7 +82,7 @@ unsafe fn fuzz(options: &FuzzerOptions) -> Result<(), Error> { unsafe extern "C" fn(data: *const u8, size: usize) -> i32, > = lib.get(options.harness_function.as_bytes()).unwrap(); - let mut frida_harness = |input: &BytesInput| { + let mut frida_harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); (target_func)(buf.as_ptr(), buf.len()); diff --git a/fuzzers/fuzzbench/src/lib.rs b/fuzzers/fuzzbench/src/lib.rs index eef5e6f119..39fcf0f1ce 100644 --- a/fuzzers/fuzzbench/src/lib.rs +++ b/fuzzers/fuzzbench/src/lib.rs @@ -317,7 +317,7 @@ fn fuzz( let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); libfuzzer_test_one_input(buf); diff --git a/fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs b/fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs index 6baac70420..0b1106991d 100644 --- a/fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs +++ b/fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs @@ -305,7 +305,7 @@ fn fuzz( let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let mut buf = target.as_slice(); let mut len = buf.len(); diff --git a/fuzzers/fuzzbench_qemu/src/fuzzer.rs b/fuzzers/fuzzbench_qemu/src/fuzzer.rs index e872e38281..972a7808e2 100644 --- a/fuzzers/fuzzbench_qemu/src/fuzzer.rs +++ b/fuzzers/fuzzbench_qemu/src/fuzzer.rs @@ -317,7 +317,7 @@ fn fuzz( let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let mut buf = target.as_slice(); let mut len = buf.len(); diff --git a/fuzzers/fuzzbench_text/src/lib.rs b/fuzzers/fuzzbench_text/src/lib.rs index b59cf7c4e6..8c87048d15 100644 --- a/fuzzers/fuzzbench_text/src/lib.rs +++ b/fuzzers/fuzzbench_text/src/lib.rs @@ -384,7 +384,7 @@ fn fuzz_binary( let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); libfuzzer_test_one_input(buf); @@ -609,7 +609,7 @@ fn fuzz_text( let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); libfuzzer_test_one_input(buf); diff --git a/fuzzers/libafl_atheris/src/lib.rs b/fuzzers/libafl_atheris/src/lib.rs index 8d99f52ac3..a7466699aa 100644 --- a/fuzzers/libafl_atheris/src/lib.rs +++ b/fuzzers/libafl_atheris/src/lib.rs @@ -249,7 +249,7 @@ pub fn LLVMFuzzerRunDriver( let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); harness_fn(buf.as_ptr(), buf.len()); @@ -269,7 +269,7 @@ pub fn LLVMFuzzerRunDriver( ); // Secondary harness due to mut ownership - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); harness_fn(buf.as_ptr(), buf.len()); diff --git a/fuzzers/libfuzzer_libmozjpeg/src/lib.rs b/fuzzers/libfuzzer_libmozjpeg/src/lib.rs index 034194c204..e9170607a6 100644 --- a/fuzzers/libfuzzer_libmozjpeg/src/lib.rs +++ b/fuzzers/libfuzzer_libmozjpeg/src/lib.rs @@ -133,7 +133,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); libfuzzer_test_one_input(buf); diff --git a/fuzzers/libfuzzer_libpng/src/lib.rs b/fuzzers/libfuzzer_libpng/src/lib.rs index 35b5fe5db5..c2fbb71702 100644 --- a/fuzzers/libfuzzer_libpng/src/lib.rs +++ b/fuzzers/libfuzzer_libpng/src/lib.rs @@ -157,7 +157,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); #[cfg(feature = "crash")] diff --git a/fuzzers/libfuzzer_libpng_accounting/src/lib.rs b/fuzzers/libfuzzer_libpng_accounting/src/lib.rs index ce62e5ed7d..5d53b56ecc 100644 --- a/fuzzers/libfuzzer_libpng_accounting/src/lib.rs +++ b/fuzzers/libfuzzer_libpng_accounting/src/lib.rs @@ -198,7 +198,7 @@ pub fn libafl_main() { let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); libfuzzer_test_one_input(buf); diff --git a/fuzzers/libfuzzer_libpng_centralized/src/lib.rs b/fuzzers/libfuzzer_libpng_centralized/src/lib.rs index f5bb6c3b36..ed6b926727 100644 --- a/fuzzers/libfuzzer_libpng_centralized/src/lib.rs +++ b/fuzzers/libfuzzer_libpng_centralized/src/lib.rs @@ -230,7 +230,7 @@ pub fn libafl_main() { let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); libfuzzer_test_one_input(buf); diff --git a/fuzzers/libfuzzer_libpng_cmin/src/lib.rs b/fuzzers/libfuzzer_libpng_cmin/src/lib.rs index 1fc59e6bf2..40b21cbd74 100644 --- a/fuzzers/libfuzzer_libpng_cmin/src/lib.rs +++ b/fuzzers/libfuzzer_libpng_cmin/src/lib.rs @@ -156,7 +156,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); #[cfg(feature = "crash")] diff --git a/fuzzers/libfuzzer_libpng_ctx/src/lib.rs b/fuzzers/libfuzzer_libpng_ctx/src/lib.rs index 9ae48549c8..31f388f10f 100644 --- a/fuzzers/libfuzzer_libpng_ctx/src/lib.rs +++ b/fuzzers/libfuzzer_libpng_ctx/src/lib.rs @@ -189,7 +189,7 @@ pub fn libafl_main() { let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); libfuzzer_test_one_input(buf); diff --git a/fuzzers/libfuzzer_libpng_launcher/src/lib.rs b/fuzzers/libfuzzer_libpng_launcher/src/lib.rs index ffef102464..2a342b07a5 100644 --- a/fuzzers/libfuzzer_libpng_launcher/src/lib.rs +++ b/fuzzers/libfuzzer_libpng_launcher/src/lib.rs @@ -194,7 +194,7 @@ pub fn libafl_main() { let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); libfuzzer_test_one_input(buf); diff --git a/fuzzers/libfuzzer_libpng_norestart/src/lib.rs b/fuzzers/libfuzzer_libpng_norestart/src/lib.rs index cabc4a5354..fa42f48fab 100644 --- a/fuzzers/libfuzzer_libpng_norestart/src/lib.rs +++ b/fuzzers/libfuzzer_libpng_norestart/src/lib.rs @@ -215,7 +215,7 @@ pub fn libafl_main() { let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); libfuzzer_test_one_input(buf); diff --git a/fuzzers/libfuzzer_libpng_tcp_manager/src/lib.rs b/fuzzers/libfuzzer_libpng_tcp_manager/src/lib.rs index 882dac2530..208c5210cd 100644 --- a/fuzzers/libfuzzer_libpng_tcp_manager/src/lib.rs +++ b/fuzzers/libfuzzer_libpng_tcp_manager/src/lib.rs @@ -155,7 +155,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); #[cfg(feature = "crash")] diff --git a/fuzzers/libfuzzer_reachability/src/lib.rs b/fuzzers/libfuzzer_reachability/src/lib.rs index ad6d049605..8b1e87f474 100644 --- a/fuzzers/libfuzzer_reachability/src/lib.rs +++ b/fuzzers/libfuzzer_reachability/src/lib.rs @@ -112,7 +112,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); libfuzzer_test_one_input(buf); diff --git a/fuzzers/libfuzzer_stb_image/src/main.rs b/fuzzers/libfuzzer_stb_image/src/main.rs index e80360a11b..9b70d6d0fd 100644 --- a/fuzzers/libfuzzer_stb_image/src/main.rs +++ b/fuzzers/libfuzzer_stb_image/src/main.rs @@ -115,7 +115,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); libfuzzer_test_one_input(buf); diff --git a/fuzzers/libfuzzer_stb_image_concolic/fuzzer/src/main.rs b/fuzzers/libfuzzer_stb_image_concolic/fuzzer/src/main.rs index ac514f3c54..00894c1621 100644 --- a/fuzzers/libfuzzer_stb_image_concolic/fuzzer/src/main.rs +++ b/fuzzers/libfuzzer_stb_image_concolic/fuzzer/src/main.rs @@ -153,7 +153,7 @@ fn fuzz( let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); libfuzzer_test_one_input(buf); diff --git a/fuzzers/libfuzzer_windows_asan/src/lib.rs b/fuzzers/libfuzzer_windows_asan/src/lib.rs index 0cb39415a7..ff09b37cc6 100644 --- a/fuzzers/libfuzzer_windows_asan/src/lib.rs +++ b/fuzzers/libfuzzer_windows_asan/src/lib.rs @@ -122,7 +122,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); libfuzzer_test_one_input(buf); diff --git a/fuzzers/nautilus_sync/src/lib.rs b/fuzzers/nautilus_sync/src/lib.rs index e94302a65a..e21929c07d 100644 --- a/fuzzers/nautilus_sync/src/lib.rs +++ b/fuzzers/nautilus_sync/src/lib.rs @@ -135,7 +135,7 @@ pub fn libafl_main() { let mut bytes = vec![]; // The closure that we want to fuzz - let mut harness = |input: &NautilusInput| { + let mut harness = |input: &mut NautilusInput| { input.unparse(&context, &mut bytes); libfuzzer_test_one_input(&bytes); ExitKind::Ok diff --git a/fuzzers/push_harness/src/main.rs b/fuzzers/push_harness/src/main.rs index a2ad03f20d..4a0da50f94 100644 --- a/fuzzers/push_harness/src/main.rs +++ b/fuzzers/push_harness/src/main.rs @@ -32,7 +32,7 @@ fn signals_set(idx: usize) { #[allow(clippy::similar_names)] fn input_generator() { // The closure that produced the input for the generator - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { // The `yield_` switches execution context back to the loop in `main`. // When `resume` is called, we return to this function. yield_(input); diff --git a/fuzzers/qemu_coverage/src/fuzzer.rs b/fuzzers/qemu_coverage/src/fuzzer.rs index c69192960b..2279c71c20 100644 --- a/fuzzers/qemu_coverage/src/fuzzer.rs +++ b/fuzzers/qemu_coverage/src/fuzzer.rs @@ -203,7 +203,7 @@ pub fn fuzz() { let input_addr = emu.map_private(0, 4096, MmapPerms::ReadWrite).unwrap(); println!("Placing input at {input_addr:#x}"); - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target .as_slice() diff --git a/fuzzers/qemu_launcher/src/fuzzer.rs b/fuzzers/qemu_launcher/src/fuzzer.rs index e422e8727b..7ab9a44dd7 100644 --- a/fuzzers/qemu_launcher/src/fuzzer.rs +++ b/fuzzers/qemu_launcher/src/fuzzer.rs @@ -210,7 +210,7 @@ pub fn fuzz() { let input_addr = emu.map_private(0, 4096, MmapPerms::ReadWrite).unwrap(); println!("Placing input at {input_addr:#x}"); - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target .as_slice() diff --git a/fuzzers/qemu_systemmode/src/fuzzer.rs b/fuzzers/qemu_systemmode/src/fuzzer.rs index 74fbd0b1dd..fe64aa5606 100644 --- a/fuzzers/qemu_systemmode/src/fuzzer.rs +++ b/fuzzers/qemu_systemmode/src/fuzzer.rs @@ -99,7 +99,7 @@ pub fn fuzz() { let snap = emu.create_fast_snapshot(true); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let mut buf = target.as_slice(); let len = buf.len(); diff --git a/fuzzers/tutorial/src/lib.rs b/fuzzers/tutorial/src/lib.rs index 725b732890..ff76a480cb 100644 --- a/fuzzers/tutorial/src/lib.rs +++ b/fuzzers/tutorial/src/lib.rs @@ -56,7 +56,7 @@ pub fn libafl_main() { /// The actual fuzzer fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Result<(), Error> { // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &PacketData| { + let mut harness = |input: &mut PacketData| { let target = input.target_bytes(); let buf = target.as_slice(); libfuzzer_test_one_input(buf); diff --git a/libafl/src/bolts/minibsod.rs b/libafl/src/bolts/minibsod.rs index f312ba39ae..c3397de308 100644 --- a/libafl/src/bolts/minibsod.rs +++ b/libafl/src/bolts/minibsod.rs @@ -54,11 +54,11 @@ pub fn dump_registers( writer: &mut BufWriter, ucontext: &ucontext_t, ) -> Result<(), std::io::Error> { - for reg in 0..31 { + for reg in 0..31_usize { write!( writer, "x{:02}: 0x{:016x} ", - reg, ucontext.uc_mcontext.regs[reg as usize] + reg, ucontext.uc_mcontext.regs[reg] )?; if reg % 4 == 3 { writeln!(writer)?; diff --git a/libafl/src/bolts/shmem.rs b/libafl/src/bolts/shmem.rs index 530129dbd3..cd0ac56601 100644 --- a/libafl/src/bolts/shmem.rs +++ b/libafl/src/bolts/shmem.rs @@ -2,6 +2,8 @@ //! too.) use alloc::{rc::Rc, string::ToString}; +#[cfg(feature = "std")] +use core::num::TryFromIntError; use core::{ cell::RefCell, fmt::{self, Debug, Display}, @@ -1442,23 +1444,34 @@ impl std::io::Seek for ShMemCursor { std::io::SeekFrom::Start(s) => s, std::io::SeekFrom::End(offset) => { let map_len = self.inner.as_slice().len(); - i64::try_from(map_len).unwrap(); - let signed_pos = i64::try_from(map_len).unwrap(); - let effective = signed_pos.checked_add(offset).unwrap(); + let signed_pos: i64 = map_len.try_into().map_err(|e: TryFromIntError| { + std::io::Error::new(std::io::ErrorKind::Other, e) + })?; + let effective = signed_pos.checked_add(offset).ok_or_else(|| { + std::io::Error::new(std::io::ErrorKind::Other, "Invalid offset") + })?; assert!(effective >= 0); - effective.try_into().unwrap() + effective.try_into().map_err(|e: TryFromIntError| { + std::io::Error::new(std::io::ErrorKind::Other, e) + })? } std::io::SeekFrom::Current(offset) => { let current_pos = self.pos; - i64::try_from(current_pos).unwrap(); - let signed_pos = i64::try_from(current_pos).unwrap(); - let effective = signed_pos.checked_add(offset).unwrap(); + let signed_pos: i64 = current_pos.try_into().map_err(|e: TryFromIntError| { + std::io::Error::new(std::io::ErrorKind::Other, e) + })?; + let effective = signed_pos.checked_add(offset).ok_or_else(|| { + std::io::Error::new(std::io::ErrorKind::Other, "Invalid offset") + })?; assert!(effective >= 0); - effective.try_into().unwrap() + effective.try_into().map_err(|e: TryFromIntError| { + std::io::Error::new(std::io::ErrorKind::Other, e) + })? } }; - usize::try_from(effective_new_pos).unwrap(); - self.pos = effective_new_pos as usize; + self.pos = effective_new_pos + .try_into() + .map_err(|e: TryFromIntError| std::io::Error::new(std::io::ErrorKind::Other, e))?; Ok(effective_new_pos) } } diff --git a/libafl/src/corpus/minimizer.rs b/libafl/src/corpus/minimizer.rs index 7ab506fa64..f11dea72eb 100644 --- a/libafl/src/corpus/minimizer.rs +++ b/libafl/src/corpus/minimizer.rs @@ -128,7 +128,7 @@ where // Execute the input; we cannot rely on the metadata already being present. executor.observers_mut().pre_exec_all(state, &input)?; - let kind = executor.run_target(fuzzer, state, manager, &input)?; + let kind = executor.run_target(fuzzer, state, manager, &mut input.clone())?; executor .observers_mut() .post_exec_all(state, &input, &kind)?; diff --git a/libafl/src/events/llmp.rs b/libafl/src/events/llmp.rs index 2abd5e1359..027306e71f 100644 --- a/libafl/src/events/llmp.rs +++ b/libafl/src/events/llmp.rs @@ -1558,7 +1558,7 @@ mod tests { let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); - let mut harness = |_buf: &BytesInput| ExitKind::Ok; + let mut harness = |_buf: &mut BytesInput| ExitKind::Ok; let mut executor = InProcessExecutor::new( &mut harness, tuple_list!(), diff --git a/libafl/src/executors/combined.rs b/libafl/src/executors/combined.rs index 708baa8c7f..f28e81a294 100644 --- a/libafl/src/executors/combined.rs +++ b/libafl/src/executors/combined.rs @@ -52,7 +52,7 @@ where fuzzer: &mut Z, state: &mut Self::State, mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { let ret = self.primary.run_target(fuzzer, state, mgr, input); self.primary.post_run_reset(); diff --git a/libafl/src/executors/command.rs b/libafl/src/executors/command.rs index 256ab875bf..1d2aea7c5c 100644 --- a/libafl/src/executors/command.rs +++ b/libafl/src/executors/command.rs @@ -323,7 +323,7 @@ where _fuzzer: &mut Z, _state: &mut Self::State, _mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { use std::os::unix::prelude::ExitStatusExt; @@ -712,7 +712,7 @@ mod tests { &mut NopFuzzer::new(), &mut NopState::new(), &mut mgr, - &BytesInput::new(b"test".to_vec()), + &mut BytesInput::new(b"test".to_vec()), ) .unwrap(); } @@ -740,7 +740,7 @@ mod tests { &mut NopFuzzer::new(), &mut NopState::new(), &mut mgr, - &BytesInput::new(b"test".to_vec()), + &mut BytesInput::new(b"test".to_vec()), ) .unwrap(); } diff --git a/libafl/src/executors/differential.rs b/libafl/src/executors/differential.rs index 850a246115..3777ec1dc9 100644 --- a/libafl/src/executors/differential.rs +++ b/libafl/src/executors/differential.rs @@ -68,7 +68,7 @@ where fuzzer: &mut Z, state: &mut Self::State, mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { self.observers(); // update in advance let observers = self.observers.get_mut(); diff --git a/libafl/src/executors/forkserver.rs b/libafl/src/executors/forkserver.rs index 99545f9e3b..c725041a61 100644 --- a/libafl/src/executors/forkserver.rs +++ b/libafl/src/executors/forkserver.rs @@ -429,7 +429,7 @@ where _fuzzer: &mut Z, _state: &mut Self::State, _mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { let mut exit_kind = ExitKind::Ok; @@ -1091,7 +1091,7 @@ where _fuzzer: &mut Z, _state: &mut Self::State, _mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { let mut exit_kind = ExitKind::Ok; diff --git a/libafl/src/executors/inprocess.rs b/libafl/src/executors/inprocess.rs index 5cef974bf9..559f15a929 100644 --- a/libafl/src/executors/inprocess.rs +++ b/libafl/src/executors/inprocess.rs @@ -56,22 +56,27 @@ use crate::{ Error, }; -/// The process executor simply calls a target function, as mutable reference to a closure +/// [`InProcessExecutor`] calls a target function as a mutable reference to a closure with a +/// mutable reference to the input as an argument to allow the harness to mutate the input pub type InProcessExecutor<'a, H, OT, S> = GenericInProcessExecutor; -/// The process executor simply calls a target function, as boxed `FnMut` trait object +/// [`OwnedInProcessExecutor`] calls a boxed target function as a mutable reference +/// to a closure with a mutable reference to the input as an argument to allow the +/// harness to mutate the input pub type OwnedInProcessExecutor = GenericInProcessExecutor< - dyn FnMut(&::Input) -> ExitKind, - Box::Input) -> ExitKind>, + dyn FnMut(&mut ::Input) -> ExitKind, + Box::Input) -> ExitKind>, OT, S, >; -/// The inmem executor simply calls a target function, then returns afterwards. +/// The [`GenericInProcessExecutor`] calls a target function as a mutable reference +/// to a closure with a mutable reference to the input as an argument to allow the +/// harness to mutate the input, and returns afterwards #[allow(dead_code)] pub struct GenericInProcessExecutor where - H: FnMut(&S::Input) -> ExitKind + ?Sized, + H: FnMut(&mut S::Input) -> ExitKind + ?Sized, HB: BorrowMut, OT: ObserversTuple, S: UsesInput, @@ -87,7 +92,7 @@ where impl Debug for GenericInProcessExecutor where - H: FnMut(&S::Input) -> ExitKind + ?Sized, + H: FnMut(&mut S::Input) -> ExitKind + ?Sized, HB: BorrowMut, OT: ObserversTuple, S: UsesInput, @@ -102,7 +107,7 @@ where impl UsesState for GenericInProcessExecutor where - H: ?Sized + FnMut(&S::Input) -> ExitKind, + H: ?Sized + FnMut(&mut S::Input) -> ExitKind, HB: BorrowMut, OT: ObserversTuple, S: UsesInput, @@ -112,7 +117,7 @@ where impl UsesObservers for GenericInProcessExecutor where - H: ?Sized + FnMut(&S::Input) -> ExitKind, + H: ?Sized + FnMut(&mut S::Input) -> ExitKind, HB: BorrowMut, OT: ObserversTuple, S: UsesInput, @@ -122,7 +127,7 @@ where impl Executor for GenericInProcessExecutor where - H: FnMut(&S::Input) -> ExitKind + ?Sized, + H: FnMut(&mut S::Input) -> ExitKind + ?Sized, HB: BorrowMut, EM: UsesState, OT: ObserversTuple, @@ -134,7 +139,7 @@ where fuzzer: &mut Z, state: &mut Self::State, mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { self.handlers .pre_run_target(self, fuzzer, state, mgr, input); @@ -146,27 +151,9 @@ where } } -impl HasObservers for GenericInProcessExecutor -where - H: FnMut(&S::Input) -> ExitKind + ?Sized, - HB: BorrowMut, - OT: ObserversTuple, - S: UsesInput, -{ - #[inline] - fn observers(&self) -> &OT { - &self.observers - } - - #[inline] - fn observers_mut(&mut self) -> &mut OT { - &mut self.observers - } -} - impl GenericInProcessExecutor where - H: FnMut(&::Input) -> ExitKind + ?Sized, + H: FnMut(&mut ::Input) -> ExitKind + ?Sized, HB: BorrowMut, OT: ObserversTuple, S: HasSolutions + HasClientPerfMonitor + HasCorpus + HasExecutions, @@ -174,7 +161,8 @@ where /// Create a new in mem executor. /// Caution: crash and restart in one of them will lead to odd behavior if multiple are used, /// depending on different corpus or state. - /// * `harness_fn` - the harness, executing the function + /// * `harness_fn` - the harness, executing the function. The harness may also mutate the + /// input. /// * `observers` - the observers observing the target during execution /// This may return an error on unix, if signal handler setup fails pub fn new( @@ -243,6 +231,24 @@ where } } +impl HasObservers for GenericInProcessExecutor +where + H: FnMut(&mut S::Input) -> ExitKind + ?Sized, + HB: BorrowMut, + OT: ObserversTuple, + S: UsesInput, +{ + #[inline] + fn observers(&self) -> &OT { + &self.observers + } + + #[inline] + fn observers_mut(&mut self) -> &mut OT { + &mut self.observers + } +} + /// The struct has [`InProcessHandlers`]. #[cfg(windows)] pub trait HasInProcessHandlers { @@ -253,7 +259,7 @@ pub trait HasInProcessHandlers { #[cfg(windows)] impl HasInProcessHandlers for GenericInProcessExecutor where - H: FnMut(&::Input) -> ExitKind + ?Sized, + H: FnMut(&mut ::Input) -> ExitKind + ?Sized, HB: BorrowMut, OT: ObserversTuple, S: HasSolutions + HasClientPerfMonitor + HasCorpus + HasExecutions, @@ -1584,10 +1590,12 @@ extern "C" { const ITIMER_REAL: libc::c_int = 0; /// [`InProcessForkExecutor`] is an executor that forks the current process before each execution. +/// It is the same as [`InProcessForkExecutor`] except that it allows the harness input to be +/// mutated. #[cfg(all(feature = "std", unix))] pub struct InProcessForkExecutor<'a, H, OT, S, SP> where - H: FnMut(&S::Input) -> ExitKind + ?Sized, + H: FnMut(&mut S::Input) -> ExitKind + ?Sized, OT: ObserversTuple, S: UsesInput, SP: ShMemProvider, @@ -1603,7 +1611,7 @@ where #[cfg(all(feature = "std", unix))] pub struct TimeoutInProcessForkExecutor<'a, H, OT, S, SP> where - H: FnMut(&S::Input) -> ExitKind + ?Sized, + H: FnMut(&mut S::Input) -> ExitKind + ?Sized, OT: ObserversTuple, S: UsesInput, SP: ShMemProvider, @@ -1622,7 +1630,7 @@ where #[cfg(all(feature = "std", unix))] impl<'a, H, OT, S, SP> Debug for InProcessForkExecutor<'a, H, OT, S, SP> where - H: FnMut(&S::Input) -> ExitKind + ?Sized, + H: FnMut(&mut S::Input) -> ExitKind + ?Sized, OT: ObserversTuple, S: UsesInput, SP: ShMemProvider, @@ -1638,7 +1646,7 @@ where #[cfg(all(feature = "std", unix))] impl<'a, H, OT, S, SP> Debug for TimeoutInProcessForkExecutor<'a, H, OT, S, SP> where - H: FnMut(&S::Input) -> ExitKind + ?Sized, + H: FnMut(&mut S::Input) -> ExitKind + ?Sized, OT: ObserversTuple, S: UsesInput, SP: ShMemProvider, @@ -1667,7 +1675,7 @@ where #[cfg(all(feature = "std", unix))] impl<'a, H, OT, S, SP> UsesState for InProcessForkExecutor<'a, H, OT, S, SP> where - H: ?Sized + FnMut(&S::Input) -> ExitKind, + H: ?Sized + FnMut(&mut S::Input) -> ExitKind, OT: ObserversTuple, S: UsesInput, SP: ShMemProvider, @@ -1678,7 +1686,7 @@ where #[cfg(all(feature = "std", unix))] impl<'a, H, OT, S, SP> UsesState for TimeoutInProcessForkExecutor<'a, H, OT, S, SP> where - H: ?Sized + FnMut(&S::Input) -> ExitKind, + H: ?Sized + FnMut(&mut S::Input) -> ExitKind, OT: ObserversTuple, S: UsesInput, SP: ShMemProvider, @@ -1690,7 +1698,7 @@ where impl<'a, EM, H, OT, S, SP, Z> Executor for InProcessForkExecutor<'a, H, OT, S, SP> where EM: UsesState, - H: FnMut(&S::Input) -> ExitKind + ?Sized, + H: FnMut(&mut S::Input) -> ExitKind + ?Sized, OT: ObserversTuple, S: UsesInput, SP: ShMemProvider, @@ -1703,7 +1711,7 @@ where _fuzzer: &mut Z, state: &mut Self::State, _mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { unsafe { self.shmem_provider.pre_fork()?; @@ -1758,7 +1766,7 @@ where impl<'a, EM, H, OT, S, SP, Z> Executor for TimeoutInProcessForkExecutor<'a, H, OT, S, SP> where EM: UsesState, - H: FnMut(&S::Input) -> ExitKind + ?Sized, + H: FnMut(&mut S::Input) -> ExitKind + ?Sized, OT: ObserversTuple, S: UsesInput, SP: ShMemProvider, @@ -1771,7 +1779,7 @@ where _fuzzer: &mut Z, state: &mut Self::State, _mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { unsafe { self.shmem_provider.pre_fork()?; @@ -1860,7 +1868,7 @@ where #[cfg(all(feature = "std", unix))] impl<'a, H, OT, S, SP> InProcessForkExecutor<'a, H, OT, S, SP> where - H: FnMut(&S::Input) -> ExitKind + ?Sized, + H: FnMut(&mut S::Input) -> ExitKind + ?Sized, OT: ObserversTuple, S: UsesInput + HasCorpus, SP: ShMemProvider, @@ -1909,7 +1917,7 @@ where #[cfg(all(feature = "std", unix))] impl<'a, H, OT, S, SP> TimeoutInProcessForkExecutor<'a, H, OT, S, SP> where - H: FnMut(&S::Input) -> ExitKind + ?Sized, + H: FnMut(&mut S::Input) -> ExitKind + ?Sized, S: UsesInput + HasCorpus, OT: ObserversTuple, SP: ShMemProvider, @@ -2020,7 +2028,7 @@ where #[cfg(all(feature = "std", unix))] impl<'a, H, OT, S, SP> UsesObservers for InProcessForkExecutor<'a, H, OT, S, SP> where - H: ?Sized + FnMut(&S::Input) -> ExitKind, + H: ?Sized + FnMut(&mut S::Input) -> ExitKind, OT: ObserversTuple, S: UsesInput, SP: ShMemProvider, @@ -2031,7 +2039,7 @@ where #[cfg(all(feature = "std", unix))] impl<'a, H, OT, S, SP> UsesObservers for TimeoutInProcessForkExecutor<'a, H, OT, S, SP> where - H: ?Sized + FnMut(&S::Input) -> ExitKind, + H: ?Sized + FnMut(&mut S::Input) -> ExitKind, OT: ObserversTuple, S: UsesInput, SP: ShMemProvider, @@ -2042,7 +2050,7 @@ where #[cfg(all(feature = "std", unix))] impl<'a, H, OT, S, SP> HasObservers for InProcessForkExecutor<'a, H, OT, S, SP> where - H: FnMut(&S::Input) -> ExitKind + ?Sized, + H: FnMut(&mut S::Input) -> ExitKind + ?Sized, S: UsesInput, OT: ObserversTuple, SP: ShMemProvider, @@ -2061,7 +2069,7 @@ where #[cfg(all(feature = "std", unix))] impl<'a, H, OT, S, SP> HasObservers for TimeoutInProcessForkExecutor<'a, H, OT, S, SP> where - H: FnMut(&S::Input) -> ExitKind + ?Sized, + H: FnMut(&mut S::Input) -> ExitKind + ?Sized, S: UsesInput, OT: ObserversTuple, SP: ShMemProvider, @@ -2189,7 +2197,7 @@ mod tests { #[test] fn test_inmem_exec() { - let mut harness = |_buf: &NopInput| ExitKind::Ok; + let mut harness = |_buf: &mut NopInput| ExitKind::Ok; let mut in_process_executor = InProcessExecutor::<_, _, _> { harness_fn: &mut harness, @@ -2197,13 +2205,13 @@ mod tests { handlers: InProcessHandlers::nop(), phantom: PhantomData, }; - let input = NopInput {}; + let mut input = NopInput {}; in_process_executor .run_target( &mut NopFuzzer::new(), &mut NopState::new(), &mut NopEventManager::new(), - &input, + &mut input, ) .unwrap(); } @@ -2223,7 +2231,7 @@ mod tests { let provider = StdShMemProvider::new().unwrap(); - let mut harness = |_buf: &NopInput| ExitKind::Ok; + let mut harness = |_buf: &mut NopInput| ExitKind::Ok; let mut in_process_fork_executor = InProcessForkExecutor::<_, (), _, _> { harness_fn: &mut harness, shmem_provider: provider, @@ -2231,12 +2239,12 @@ mod tests { handlers: InChildProcessHandlers::nop(), phantom: PhantomData, }; - let input = NopInput {}; + let mut input = NopInput {}; let mut fuzzer = NopFuzzer::new(); let mut state = NopState::new(); let mut mgr = SimpleEventManager::printing(); in_process_fork_executor - .run_target(&mut fuzzer, &mut state, &mut mgr, &input) + .run_target(&mut fuzzer, &mut state, &mut mgr, &mut input) .unwrap(); } } @@ -2278,7 +2286,7 @@ pub mod pybind { ) -> Self { Self { inner: OwnedInProcessExecutor::new( - Box::new(move |input: &BytesInput| { + Box::new(move |input: &mut BytesInput| { Python::with_gil(|py| -> PyResult<()> { let args = (PyBytes::new(py, input.bytes()),); harness.call1(py, args)?; diff --git a/libafl/src/executors/mod.rs b/libafl/src/executors/mod.rs index bf4e5e44b4..66d3f426cc 100644 --- a/libafl/src/executors/mod.rs +++ b/libafl/src/executors/mod.rs @@ -3,7 +3,7 @@ pub mod inprocess; pub use inprocess::InProcessExecutor; #[cfg(all(feature = "std", feature = "fork", unix))] -pub use inprocess::InProcessForkExecutor; +pub use inprocess::{InProcessForkExecutor, TimeoutInProcessForkExecutor}; pub mod differential; pub use differential::DiffExecutor; @@ -121,7 +121,7 @@ where fuzzer: &mut Z, state: &mut Self::State, mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result; /// Wraps this Executor with the given [`ObserversTuple`] to implement [`HasObservers`]. @@ -167,7 +167,7 @@ where _fuzzer: &mut Z, _state: &mut Self::State, _mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { if input.target_bytes().as_slice().is_empty() { Err(Error::empty("Input Empty")) @@ -186,8 +186,8 @@ mod test { #[test] fn nop_executor() { - let empty_input = BytesInput::new(vec![]); - let nonempty_input = BytesInput::new(vec![1u8]); + let mut empty_input = BytesInput::new(vec![]); + let mut nonempty_input = BytesInput::new(vec![1u8]); let mut executor = NopExecutor { phantom: PhantomData, }; @@ -200,7 +200,7 @@ mod test { &mut fuzzer, &mut state, &mut NopEventManager::new(), - &empty_input, + &mut empty_input, ) .unwrap_err(); executor @@ -208,7 +208,7 @@ mod test { &mut fuzzer, &mut state, &mut NopEventManager::new(), - &nonempty_input, + &mut nonempty_input, ) .unwrap(); } @@ -352,7 +352,7 @@ pub mod pybind { fuzzer: &mut PythonStdFuzzer, state: &mut Self::State, mgr: &mut PythonEventManager, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { let ek = Python::with_gil(|py| -> PyResult<_> { let ek: PythonExitKind = self @@ -475,7 +475,7 @@ pub mod pybind { fuzzer: &mut PythonStdFuzzer, state: &mut Self::State, mgr: &mut PythonEventManager, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { unwrap_me_mut!(self.wrapper, e, { e.run_target(fuzzer, state, mgr, input) }) } diff --git a/libafl/src/executors/shadow.rs b/libafl/src/executors/shadow.rs index bf749268c7..161774d77d 100644 --- a/libafl/src/executors/shadow.rs +++ b/libafl/src/executors/shadow.rs @@ -68,9 +68,10 @@ where fuzzer: &mut Z, state: &mut Self::State, mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { - self.executor.run_target(fuzzer, state, mgr, input) + let mut input = input.clone(); + self.executor.run_target(fuzzer, state, mgr, &mut input) } } diff --git a/libafl/src/executors/timeout.rs b/libafl/src/executors/timeout.rs index 53ccee00a7..4c5e6ab75d 100644 --- a/libafl/src/executors/timeout.rs +++ b/libafl/src/executors/timeout.rs @@ -385,7 +385,7 @@ where fuzzer: &mut Z, state: &mut Self::State, mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { unsafe { let data = &mut GLOBAL_STATE; @@ -460,7 +460,7 @@ where fuzzer: &mut Z, state: &mut Self::State, mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { unsafe { if self.batch_mode { @@ -533,7 +533,7 @@ where fuzzer: &mut Z, state: &mut Self::State, mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { unsafe { setitimer(ITIMER_REAL, &mut self.itimerval, null_mut()); diff --git a/libafl/src/executors/with_observers.rs b/libafl/src/executors/with_observers.rs index e36e8e8130..b636a40007 100644 --- a/libafl/src/executors/with_observers.rs +++ b/libafl/src/executors/with_observers.rs @@ -28,7 +28,7 @@ where fuzzer: &mut Z, state: &mut Self::State, mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { self.executor.run_target(fuzzer, state, mgr, input) } diff --git a/libafl/src/fuzzer/mod.rs b/libafl/src/fuzzer/mod.rs index d8b34db513..e9344df624 100644 --- a/libafl/src/fuzzer/mod.rs +++ b/libafl/src/fuzzer/mod.rs @@ -456,14 +456,14 @@ where state: &mut Self::State, executor: &mut E, manager: &mut EM, - input: ::Input, + mut input: ::Input, send_events: bool, ) -> Result<(ExecuteInputResult, Option), Error> where E: Executor + HasObservers, EM: EventFirer, { - let exit_kind = self.execute_input(state, executor, manager, &input)?; + let exit_kind = self.execute_input(state, executor, manager, &mut input)?; let observers = executor.observers(); self.scheduler.on_evaluation(state, &input, observers)?; @@ -501,9 +501,9 @@ where state: &mut CS::State, executor: &mut E, manager: &mut EM, - input: ::Input, + mut input: ::Input, ) -> Result { - let exit_kind = self.execute_input(state, executor, manager, &input)?; + let exit_kind = self.execute_input(state, executor, manager, &mut input)?; let observers = executor.observers(); // Always consider this to be "interesting" @@ -647,7 +647,7 @@ where state: &mut CS::State, executor: &mut E, event_mgr: &mut EM, - input: &::Input, + input: &mut ::Input, ) -> Result where E: Executor + HasObservers, @@ -686,7 +686,7 @@ where state: &mut Self::State, executor: &mut E, event_mgr: &mut EM, - input: &::Input, + input: &mut ::Input, ) -> Result; } @@ -705,7 +705,7 @@ where state: &mut CS::State, executor: &mut E, event_mgr: &mut EM, - input: &::Input, + input: &mut ::Input, ) -> Result { start_timer!(state); executor.observers_mut().pre_exec_all(state, input)?; diff --git a/libafl/src/lib.rs b/libafl/src/lib.rs index 81fceecb6c..af3c6b1fbd 100644 --- a/libafl/src/lib.rs +++ b/libafl/src/lib.rs @@ -502,7 +502,7 @@ mod tests { let scheduler = RandScheduler::new(); let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); - let mut harness = |_buf: &BytesInput| ExitKind::Ok; + let mut harness = |_buf: &mut BytesInput| ExitKind::Ok; let mut executor = InProcessExecutor::new( &mut harness, tuple_list!(), diff --git a/libafl/src/mutators/mutations.rs b/libafl/src/mutators/mutations.rs index 55a8c51db3..a3e2c344d9 100644 --- a/libafl/src/mutators/mutations.rs +++ b/libafl/src/mutators/mutations.rs @@ -1239,20 +1239,20 @@ impl CrossoverReplaceMutator { } /// Returns the first and last diff position between the given vectors, stopping at the min len -fn locate_diffs(this: &[u8], other: &[u8]) -> (i64, i64) { +fn locate_diffs(this: &[u8], other: &[u8]) -> Result<(i64, i64), Error> { let mut first_diff: i64 = -1; let mut last_diff: i64 = -1; for (i, (this_el, other_el)) in this.iter().zip(other.iter()).enumerate() { #[allow(clippy::cast_possible_wrap)] if this_el != other_el { if first_diff < 0 { - first_diff = i as i64; + first_diff = i.try_into()?; } - last_diff = i as i64; + last_diff = i.try_into()?; } } - (first_diff, last_diff) + Ok((first_diff, last_diff)) } /// Splice mutation for inputs with a bytes vector @@ -1285,7 +1285,7 @@ where let mut counter: u32 = 0; loop { - let (f, l) = locate_diffs(input.bytes(), other.bytes()); + let (f, l) = locate_diffs(input.bytes(), other.bytes())?; if f != l && f >= 0 && l >= 2 { break (f as u64, l as u64); diff --git a/libafl/src/mutators/token_mutations.rs b/libafl/src/mutators/token_mutations.rs index 3fc9457de5..321a9d7cda 100644 --- a/libafl/src/mutators/token_mutations.rs +++ b/libafl/src/mutators/token_mutations.rs @@ -1867,13 +1867,13 @@ mod tests { #[test] fn test_read_tokens() { let _res = fs::remove_file("test.tkns"); - let data = r###" + let data = r#" # comment token1@123="AAA" token1="A\x41A" "A\AA" token2="B" - "###; + "#; fs::write("test.tkns", data).expect("Unable to write test.tkns"); let tokens = Tokens::from_file("test.tkns").unwrap(); log::info!("Token file entries: {:?}", tokens.tokens()); diff --git a/libafl/src/schedulers/ecofuzz.rs b/libafl/src/schedulers/ecofuzz.rs index cddfec41c2..131bcd8cc0 100644 --- a/libafl/src/schedulers/ecofuzz.rs +++ b/libafl/src/schedulers/ecofuzz.rs @@ -148,10 +148,8 @@ where for id in state.corpus().ids() { let was_fuzzed = state.testcase(id)?.scheduled_count() > 0; if !was_fuzzed { - let selection = Some(id); state.metadata_mut::()?.state = EcoState::Exploration; - #[allow(clippy::unnecessary_literal_unwrap)] // false positive - return Ok(selection.expect("Error in the algorithm, this cannot be None")); + return Ok(id); } } diff --git a/libafl/src/stages/calibrate.rs b/libafl/src/stages/calibrate.rs index 84b863fbba..a9e5671790 100644 --- a/libafl/src/stages/calibrate.rs +++ b/libafl/src/stages/calibrate.rs @@ -122,7 +122,7 @@ where let mut start = current_time(); - let exit_kind = executor.run_target(fuzzer, state, mgr, &input)?; + let exit_kind = executor.run_target(fuzzer, state, mgr, &mut input.clone())?; let mut total_time = if exit_kind == ExitKind::Ok { current_time() - start } else { @@ -158,7 +158,7 @@ where executor.observers_mut().pre_exec_all(state, &input)?; start = current_time(); - let exit_kind = executor.run_target(fuzzer, state, mgr, &input)?; + let exit_kind = executor.run_target(fuzzer, state, mgr, &mut input.clone())?; if exit_kind != ExitKind::Ok { if !has_errors { mgr.log( diff --git a/libafl/src/stages/colorization.rs b/libafl/src/stages/colorization.rs index 9f26aaab56..13065c0a49 100644 --- a/libafl/src/stages/colorization.rs +++ b/libafl/src/stages/colorization.rs @@ -302,7 +302,7 @@ where ) -> Result { executor.observers_mut().pre_exec_all(state, &input)?; - let exit_kind = executor.run_target(fuzzer, state, manager, &input)?; + let exit_kind = executor.run_target(fuzzer, state, manager, &mut input.clone())?; let observer = executor .observers() diff --git a/libafl/src/stages/generalization.rs b/libafl/src/stages/generalization.rs index 8ab9d53aea..6fc8cad736 100644 --- a/libafl/src/stages/generalization.rs +++ b/libafl/src/stages/generalization.rs @@ -354,7 +354,7 @@ where mark_feature_time!(state, PerfFeature::PreExecObservers); start_timer!(state); - let exit_kind = executor.run_target(fuzzer, state, manager, input)?; + let exit_kind = executor.run_target(fuzzer, state, manager, &mut input.clone())?; mark_feature_time!(state, PerfFeature::TargetExecution); *state.executions_mut() += 1; diff --git a/libafl/src/stages/mod.rs b/libafl/src/stages/mod.rs index 5e82155b5a..ee790cc0ec 100644 --- a/libafl/src/stages/mod.rs +++ b/libafl/src/stages/mod.rs @@ -276,14 +276,14 @@ where push_stage.init(fuzzer, state, event_mgr, executor.observers_mut())?; loop { - let input = + let mut input = match push_stage.pre_exec(fuzzer, state, event_mgr, executor.observers_mut()) { Some(Ok(next_input)) => next_input, Some(Err(err)) => return Err(err), None => break, }; - let exit_kind = fuzzer.execute_input(state, executor, event_mgr, &input)?; + let exit_kind = fuzzer.execute_input(state, executor, event_mgr, &mut input)?; push_stage.post_exec( fuzzer, diff --git a/libafl/src/stages/tmin.rs b/libafl/src/stages/tmin.rs index 52985cb136..f52e735473 100644 --- a/libafl/src/stages/tmin.rs +++ b/libafl/src/stages/tmin.rs @@ -78,7 +78,7 @@ where let base_hash = hasher.finish(); mark_feature_time!(state, PerfFeature::GetInputFromCorpus); - fuzzer.execute_input(state, executor, manager, &base)?; + fuzzer.execute_input(state, executor, manager, &mut base)?; let observers = executor.observers(); let mut feedback = self.create_feedback(observers); @@ -106,7 +106,7 @@ where let corpus_idx = if input.len() < before_len { // run the input - let exit_kind = fuzzer.execute_input(state, executor, manager, &input)?; + let exit_kind = fuzzer.execute_input(state, executor, manager, &mut input)?; let observers = executor.observers(); // let the fuzzer process this execution -- it's possible that we find something @@ -156,7 +156,7 @@ where base.hash(&mut hasher); let new_hash = hasher.finish(); if base_hash != new_hash { - let exit_kind = fuzzer.execute_input(state, executor, manager, &base)?; + let exit_kind = fuzzer.execute_input(state, executor, manager, &mut base)?; let observers = executor.observers(); *state.executions_mut() += 1; // assumption: this input should not be marked interesting because it was not diff --git a/libafl/src/stages/tracing.rs b/libafl/src/stages/tracing.rs index 8edcd7885f..548c3905ca 100644 --- a/libafl/src/stages/tracing.rs +++ b/libafl/src/stages/tracing.rs @@ -62,9 +62,9 @@ where mark_feature_time!(state, PerfFeature::PreExecObservers); start_timer!(state); - let exit_kind = self - .tracer_executor - .run_target(fuzzer, state, manager, &input)?; + let exit_kind = + self.tracer_executor + .run_target(fuzzer, state, manager, &mut input.clone())?; mark_feature_time!(state, PerfFeature::TargetExecution); *state.executions_mut() += 1; @@ -138,7 +138,8 @@ where ) -> Result<(), Error> { // First run with the un-mutated input - let unmutated_input = state.corpus().cloned_input_for_id(corpus_idx)?; + let original_unmutated_input = state.corpus().cloned_input_for_id(corpus_idx)?; + let mut unmutated_input = state.corpus().cloned_input_for_id(corpus_idx)?; if let Some(name) = &self.cmplog_observer_name { if let Some(ob) = self @@ -156,17 +157,19 @@ where self.tracer_executor .observers_mut() - .pre_exec_all(state, &unmutated_input)?; + .pre_exec_all(state, &original_unmutated_input)?; let exit_kind = self.tracer_executor - .run_target(fuzzer, state, manager, &unmutated_input)?; + .run_target(fuzzer, state, manager, &mut unmutated_input)?; *state.executions_mut() += 1; - self.tracer_executor - .observers_mut() - .post_exec_all(state, &unmutated_input, &exit_kind)?; + self.tracer_executor.observers_mut().post_exec_all( + state, + &original_unmutated_input, + &exit_kind, + )?; // Second run with the mutated input let mutated_input = match state.metadata_map().get::() { @@ -192,9 +195,9 @@ where .observers_mut() .pre_exec_all(state, &mutated_input)?; - let exit_kind = self - .tracer_executor - .run_target(fuzzer, state, manager, &mutated_input)?; + let exit_kind = + self.tracer_executor + .run_target(fuzzer, state, manager, &mut mutated_input.clone())?; *state.executions_mut() += 1; @@ -280,7 +283,7 @@ where mark_feature_time!(state, PerfFeature::PreExecObservers); start_timer!(state); - let exit_kind = executor.run_target(fuzzer, state, manager, &input)?; + let exit_kind = executor.run_target(fuzzer, state, manager, &mut input.clone())?; mark_feature_time!(state, PerfFeature::TargetExecution); *state.executions_mut() += 1; diff --git a/libafl_frida/src/alloc.rs b/libafl_frida/src/alloc.rs index fe7bb00fca..b6e35dbe88 100644 --- a/libafl_frida/src/alloc.rs +++ b/libafl_frida/src/alloc.rs @@ -385,14 +385,13 @@ impl Allocator { metadatas.sort_by(|a, b| a.address.cmp(&b.address)); let mut offset_to_closest = i64::max_value(); let mut closest = None; + let ptr: i64 = ptr.try_into().unwrap(); for metadata in metadatas { + let address: i64 = metadata.address.try_into().unwrap(); let new_offset = if hint_base == metadata.address { - (ptr as i64 - metadata.address as i64).abs() + (ptr - address).abs() } else { - std::cmp::min( - offset_to_closest, - (ptr as i64 - metadata.address as i64).abs(), - ) + std::cmp::min(offset_to_closest, (ptr - address).abs()) }; if new_offset < offset_to_closest { offset_to_closest = new_offset; diff --git a/libafl_frida/src/asan/errors.rs b/libafl_frida/src/asan/errors.rs index 4be258c9de..0bc0488823 100644 --- a/libafl_frida/src/asan/errors.rs +++ b/libafl_frida/src/asan/errors.rs @@ -251,14 +251,13 @@ impl AsanErrors { cs.set_skipdata(true).expect("failed to set skipdata"); let start_pc = error.pc - 4 * 5; - for insn in cs + for insn in &*cs .disasm_count( unsafe { std::slice::from_raw_parts(start_pc as *mut u8, 4 * 11) }, start_pc as u64, 11, ) .expect("failed to disassemble instructions") - .iter() { if insn.address() as usize == error.pc { output @@ -276,7 +275,9 @@ impl AsanErrors { #[allow(clippy::non_ascii_literal)] writeln!(output, "{:━^100}", " ALLOCATION INFO ").unwrap(); - let offset: i64 = fault_address as i64 - (error.metadata.address + 0x1000) as i64; + let fault_address: i64 = fault_address.try_into().unwrap(); + let metadata_address: i64 = error.metadata.address.try_into().unwrap(); + let offset: i64 = fault_address - (metadata_address + 0x1000); let direction = if offset > 0 { "right" } else { "left" }; writeln!( output, @@ -505,14 +506,13 @@ impl AsanErrors { cs.set_skipdata(true).expect("failed to set skipdata"); let start_pc = pc; - for insn in cs + for insn in &*cs .disasm_count( unsafe { std::slice::from_raw_parts(start_pc as *mut u8, 4 * 11) }, start_pc as u64, 11, ) .expect("failed to disassemble instructions") - .iter() { if insn.address() as usize == pc { output diff --git a/libafl_frida/src/coverage_rt.rs b/libafl_frida/src/coverage_rt.rs index a55e42b999..6efeea0a18 100644 --- a/libafl_frida/src/coverage_rt.rs +++ b/libafl_frida/src/coverage_rt.rs @@ -150,7 +150,7 @@ impl CoverageRuntime { ; mov QWORD [rsp-0x98], rbx // Load the previous_pc - ; mov rax, QWORD prev_loc_ptr as *mut u64 as _ + ; mov rax, QWORD prev_loc_ptr as _ ; mov rax, QWORD [rax] // Calculate the edge id @@ -158,7 +158,7 @@ impl CoverageRuntime { ; xor rax, rbx // Load the map byte address - ; mov rbx, QWORD map_addr_ptr as *mut [u8; MAP_SIZE] as _ + ; mov rbx, QWORD map_addr_ptr as _ ; add rax, rbx // Update the map byte @@ -168,7 +168,7 @@ impl CoverageRuntime { ; mov BYTE [rax],bl // Update the previous_pc value - ; mov rax, QWORD prev_loc_ptr as *mut u64 as _ + ; mov rax, QWORD prev_loc_ptr as _ ; mov ebx, WORD (h64 >> 1) as i32 ; mov QWORD [rax], rbx diff --git a/libafl_frida/src/executor.rs b/libafl_frida/src/executor.rs index 85f92753eb..6650e41e82 100644 --- a/libafl_frida/src/executor.rs +++ b/libafl_frida/src/executor.rs @@ -24,10 +24,12 @@ use crate::helper::{FridaInstrumentationHelper, FridaRuntimeTuple}; #[cfg(windows)] use crate::windows_hooks::initialize; -/// The [`FridaInProcessExecutor`] is an [`Executor`] that executes the target in the same process, usinig [`frida`](https://frida.re/) for binary-only instrumentation. +/// The [`FridaInProcessExecutor`] is an [`Executor`] that executes the target in the +/// same process, usinig [`frida`](https://frida.re/) for binary-only instrumentation. It is +/// the same as [`FridaInProcessExecutor`] except it allows mutating the input pub struct FridaInProcessExecutor<'a, 'b, 'c, H, OT, RT, S> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, S::Input: HasTargetBytes, S: UsesInput, OT: ObserversTuple, @@ -44,7 +46,7 @@ where impl<'a, 'b, 'c, H, OT, RT, S> Debug for FridaInProcessExecutor<'a, 'b, 'c, H, OT, RT, S> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, S: UsesInput, S::Input: HasTargetBytes, OT: ObserversTuple, @@ -62,7 +64,7 @@ impl<'a, 'b, 'c, EM, H, OT, RT, S, Z> Executor for FridaInProcessExecutor<'a, 'b, 'c, H, OT, RT, S> where EM: UsesState, - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, S: UsesInput, S::Input: HasTargetBytes, OT: ObserversTuple, @@ -76,7 +78,7 @@ where fuzzer: &mut Z, state: &mut Self::State, mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { self.helper.pre_exec(input)?; if self.helper.stalker_enabled() { @@ -106,7 +108,7 @@ where impl<'a, 'b, 'c, H, OT, RT, S> UsesObservers for FridaInProcessExecutor<'a, 'b, 'c, H, OT, RT, S> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, OT: ObserversTuple, S: UsesInput, S::Input: HasTargetBytes, @@ -116,7 +118,7 @@ where impl<'a, 'b, 'c, H, OT, RT, S> UsesState for FridaInProcessExecutor<'a, 'b, 'c, H, OT, RT, S> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, OT: ObserversTuple, S: UsesInput, S::Input: HasTargetBytes, @@ -126,7 +128,7 @@ where impl<'a, 'b, 'c, H, OT, RT, S> HasObservers for FridaInProcessExecutor<'a, 'b, 'c, H, OT, RT, S> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, S::Input: HasTargetBytes, S: UsesInput, OT: ObserversTuple, @@ -144,7 +146,7 @@ where impl<'a, 'b, 'c, H, OT, S, RT> FridaInProcessExecutor<'a, 'b, 'c, H, OT, RT, S> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, S: UsesInput, S::Input: HasTargetBytes, OT: ObserversTuple, @@ -199,7 +201,7 @@ where impl<'a, 'b, 'c, H, OT, RT, S> HasInProcessHandlers for FridaInProcessExecutor<'a, 'b, 'c, H, OT, RT, S> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, S: UsesInput + HasClientPerfMonitor + HasSolutions + HasCorpus + HasExecutions, S::Input: HasTargetBytes, OT: ObserversTuple, diff --git a/libafl_nyx/src/executor.rs b/libafl_nyx/src/executor.rs index 0e500b455f..76ef54fe5f 100644 --- a/libafl_nyx/src/executor.rs +++ b/libafl_nyx/src/executor.rs @@ -57,7 +57,7 @@ where _fuzzer: &mut Z, _state: &mut Self::State, _mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { let input_owned = input.target_bytes(); let input = input_owned.as_slice(); diff --git a/libafl_qemu/src/asan.rs b/libafl_qemu/src/asan.rs index 65456196e5..ccdfecaaaf 100644 --- a/libafl_qemu/src/asan.rs +++ b/libafl_qemu/src/asan.rs @@ -395,7 +395,7 @@ impl AsanGiovese { if self.snapshot_shadow { let set = self.dirty_shadow.lock().unwrap(); - for &page in set.iter() { + for &page in &*set { let data = Self::get_shadow_page(emu, page).to_vec(); self.saved_shadow.insert(page, data); } @@ -425,7 +425,7 @@ impl AsanGiovese { if self.snapshot_shadow { let mut set = self.dirty_shadow.lock().unwrap(); - for &page in set.iter() { + for &page in &*set { let original = self.saved_shadow.get(&page); if let Some(data) = original { let cur = Self::get_shadow_page(emu, page); @@ -472,7 +472,7 @@ pub fn init_with_asan( |e: &str| "LD_PRELOAD=".to_string() + &asan_lib + " " + &e["LD_PRELOAD=".len()..]; let mut added = false; - for (k, v) in env.iter_mut() { + for (k, v) in &mut *env { if k == "QEMU_SET_ENV" { let mut new_v = vec![]; for e in v.split(',') { diff --git a/libafl_qemu/src/drcov.rs b/libafl_qemu/src/drcov.rs index 17ddabe4e1..4e8057aee4 100644 --- a/libafl_qemu/src/drcov.rs +++ b/libafl_qemu/src/drcov.rs @@ -102,8 +102,8 @@ where if self.full_trace { if DRCOV_IDS.lock().unwrap().as_ref().unwrap().len() > self.drcov_len { let mut drcov_vec = Vec::::new(); - for id in DRCOV_IDS.lock().unwrap().as_ref().unwrap().iter() { - 'pcs_full: for (pc, idm) in DRCOV_MAP.lock().unwrap().as_ref().unwrap().iter() { + for id in DRCOV_IDS.lock().unwrap().as_ref().unwrap() { + 'pcs_full: for (pc, idm) in DRCOV_MAP.lock().unwrap().as_ref().unwrap() { let mut module_found = false; for module in self.module_mapping.iter() { let (range, (_, _)) = module; @@ -141,7 +141,7 @@ where } else { if DRCOV_MAP.lock().unwrap().as_ref().unwrap().len() > self.drcov_len { let mut drcov_vec = Vec::::new(); - 'pcs: for (pc, _) in DRCOV_MAP.lock().unwrap().as_ref().unwrap().iter() { + 'pcs: for (pc, _) in DRCOV_MAP.lock().unwrap().as_ref().unwrap() { let mut module_found = false; for module in self.module_mapping.iter() { let (range, (_, _)) = module; diff --git a/libafl_qemu/src/elf.rs b/libafl_qemu/src/elf.rs index bfc42e5328..5917872894 100644 --- a/libafl_qemu/src/elf.rs +++ b/libafl_qemu/src/elf.rs @@ -41,7 +41,7 @@ impl<'a> EasyElf<'a> { #[must_use] pub fn resolve_symbol(&self, name: &str, load_addr: GuestAddr) -> Option { - for sym in self.elf.syms.iter() { + for sym in &self.elf.syms { if let Some(sym_name) = self.elf.strtab.get_at(sym.st_name) { if sym_name == name { return if sym.st_value == 0 { diff --git a/libafl_qemu/src/emu.rs b/libafl_qemu/src/emu.rs index 53ae0352b4..cf0360320f 100644 --- a/libafl_qemu/src/emu.rs +++ b/libafl_qemu/src/emu.rs @@ -739,18 +739,10 @@ impl Emulator { envp.push(null()); unsafe { #[cfg(emulation_mode = "usermode")] - qemu_user_init( - argc, - argv.as_ptr() as *const *const u8, - envp.as_ptr() as *const *const u8, - ); + qemu_user_init(argc, argv.as_ptr(), envp.as_ptr()); #[cfg(emulation_mode = "systemmode")] { - qemu_init( - argc, - argv.as_ptr() as *const *const u8, - envp.as_ptr() as *const *const u8, - ); + qemu_init(argc, argv.as_ptr(), envp.as_ptr()); libc::atexit(qemu_cleanup_atexit); libafl_qemu_sys::syx_snapshot_init(); } diff --git a/libafl_qemu/src/executor.rs b/libafl_qemu/src/executor.rs index 918f467651..b074571030 100644 --- a/libafl_qemu/src/executor.rs +++ b/libafl_qemu/src/executor.rs @@ -21,7 +21,7 @@ use crate::{emu::Emulator, helper::QemuHelperTuple, hooks::QemuHooks}; pub struct QemuExecutor<'a, H, OT, QT, S> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, S: UsesInput, OT: ObserversTuple, QT: QemuHelperTuple, @@ -33,7 +33,7 @@ where impl<'a, H, OT, QT, S> Debug for QemuExecutor<'a, H, OT, QT, S> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, S: UsesInput, OT: ObserversTuple, QT: QemuHelperTuple, @@ -48,7 +48,7 @@ where impl<'a, H, OT, QT, S> QemuExecutor<'a, H, OT, QT, S> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, S: UsesInput, OT: ObserversTuple, QT: QemuHelperTuple, @@ -101,7 +101,7 @@ where impl<'a, EM, H, OT, QT, S, Z> Executor for QemuExecutor<'a, H, OT, QT, S> where EM: UsesState, - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, S: UsesInput, OT: ObserversTuple, QT: QemuHelperTuple, @@ -112,7 +112,7 @@ where fuzzer: &mut Z, state: &mut Self::State, mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { let emu = Emulator::new_empty(); if self.first_exec { @@ -133,7 +133,7 @@ where impl<'a, H, OT, QT, S> UsesState for QemuExecutor<'a, H, OT, QT, S> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, OT: ObserversTuple, QT: QemuHelperTuple, S: UsesInput, @@ -143,7 +143,7 @@ where impl<'a, H, OT, QT, S> UsesObservers for QemuExecutor<'a, H, OT, QT, S> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, OT: ObserversTuple, QT: QemuHelperTuple, S: UsesInput, @@ -153,7 +153,7 @@ where impl<'a, H, OT, QT, S> HasObservers for QemuExecutor<'a, H, OT, QT, S> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, S: UsesInput, OT: ObserversTuple, QT: QemuHelperTuple, @@ -172,7 +172,7 @@ where #[cfg(feature = "fork")] pub struct QemuForkExecutor<'a, H, OT, QT, S, SP> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, S: UsesInput, OT: ObserversTuple, QT: QemuHelperTuple, @@ -186,7 +186,7 @@ where #[cfg(feature = "fork")] impl<'a, H, OT, QT, S, SP> Debug for QemuForkExecutor<'a, H, OT, QT, S, SP> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, S: UsesInput, OT: ObserversTuple, QT: QemuHelperTuple, @@ -203,7 +203,7 @@ where #[cfg(feature = "fork")] impl<'a, H, OT, QT, S, SP> QemuForkExecutor<'a, H, OT, QT, S, SP> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, S: UsesInput + HasCorpus, OT: ObserversTuple, QT: QemuHelperTuple, @@ -268,7 +268,7 @@ where impl<'a, EM, H, OT, QT, S, Z, SP> Executor for QemuForkExecutor<'a, H, OT, QT, S, SP> where EM: EventManager, Z, State = S>, - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, S: UsesInput + HasClientPerfMonitor + HasMetadata + HasExecutions, OT: ObserversTuple, QT: QemuHelperTuple, @@ -280,7 +280,7 @@ where fuzzer: &mut Z, state: &mut Self::State, mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { let emu = Emulator::new_empty(); if self.first_exec { @@ -302,7 +302,7 @@ where #[cfg(feature = "fork")] impl<'a, H, OT, QT, S, SP> UsesObservers for QemuForkExecutor<'a, H, OT, QT, S, SP> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, OT: ObserversTuple, QT: QemuHelperTuple, S: UsesInput, @@ -314,7 +314,7 @@ where #[cfg(feature = "fork")] impl<'a, H, OT, QT, S, SP> UsesState for QemuForkExecutor<'a, H, OT, QT, S, SP> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, OT: ObserversTuple, QT: QemuHelperTuple, S: UsesInput, @@ -326,7 +326,7 @@ where #[cfg(feature = "fork")] impl<'a, H, OT, QT, S, SP> HasObservers for QemuForkExecutor<'a, H, OT, QT, S, SP> where - H: FnMut(&S::Input) -> ExitKind, + H: FnMut(&mut S::Input) -> ExitKind, S: UsesInput, OT: ObserversTuple, QT: QemuHelperTuple, diff --git a/libafl_qemu/src/snapshot.rs b/libafl_qemu/src/snapshot.rs index 530d1a10d7..deecf8775a 100644 --- a/libafl_qemu/src/snapshot.rs +++ b/libafl_qemu/src/snapshot.rs @@ -211,7 +211,7 @@ impl QemuSnapshotHelper { { let new_maps = self.new_maps.get_mut().unwrap(); - for acc in self.accesses.iter_mut() { + for acc in &mut self.accesses { unsafe { &mut (*acc.get()) }.dirty.retain(|page| { if let Some(info) = self.pages.get_mut(page) { // TODO avoid duplicated memcpy @@ -251,7 +251,7 @@ impl QemuSnapshotHelper { self.reset_maps(emulator); // This one is after that we remapped potential regions mapped at snapshot time but unmapped during execution - for acc in self.accesses.iter_mut() { + for acc in &mut self.accesses { for page in unsafe { &(*acc.get()).dirty } { for entry in self .maps diff --git a/libafl_sugar/src/inmemory.rs b/libafl_sugar/src/inmemory.rs index b86310756c..154c697b42 100644 --- a/libafl_sugar/src/inmemory.rs +++ b/libafl_sugar/src/inmemory.rs @@ -193,7 +193,7 @@ where let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); (harness_bytes)(buf); diff --git a/libafl_sugar/src/qemu.rs b/libafl_sugar/src/qemu.rs index 7f32deefbf..45626bbc14 100644 --- a/libafl_sugar/src/qemu.rs +++ b/libafl_sugar/src/qemu.rs @@ -204,7 +204,7 @@ where let mut fuzzer = StdFuzzer::new(scheduler, feedback, objective); // The wrapped harness function, calling out to the LLVM-style harness - let mut harness = |input: &BytesInput| { + let mut harness = |input: &mut BytesInput| { let target = input.target_bytes(); let buf = target.as_slice(); (harness_bytes)(buf); diff --git a/libafl_targets/src/sancov_8bit.rs b/libafl_targets/src/sancov_8bit.rs index 1a745bcb96..937879807b 100644 --- a/libafl_targets/src/sancov_8bit.rs +++ b/libafl_targets/src/sancov_8bit.rs @@ -165,7 +165,7 @@ mod observers { let mut hasher = RandomState::with_seeds(0, 0, 0, 0).build_hasher(); for map in unsafe { &COUNTERS_MAPS } { let slice = map.as_slice(); - let ptr = slice.as_ptr() as *const u8; + let ptr = slice.as_ptr(); let map_size = slice.len() / core::mem::size_of::(); unsafe { hasher.write(from_raw_parts(ptr, map_size)); diff --git a/libafl_targets/src/sancov_pcguard.rs b/libafl_targets/src/sancov_pcguard.rs index 41a4e48964..975de65051 100644 --- a/libafl_targets/src/sancov_pcguard.rs +++ b/libafl_targets/src/sancov_pcguard.rs @@ -22,11 +22,11 @@ pub unsafe extern "C" fn __sanitizer_cov_trace_pc_guard(guard: *mut u32) { { #[cfg(feature = "sancov_pcguard_edges")] { - (EDGES_MAP_PTR as *mut u8).add(pos).write(1); + (EDGES_MAP_PTR).add(pos).write(1); } #[cfg(feature = "sancov_pcguard_hitcounts")] { - let addr = (EDGES_MAP_PTR as *mut u8).add(pos); + let addr = (EDGES_MAP_PTR).add(pos); let val = addr.read().wrapping_add(1); addr.write(val); } diff --git a/libafl_tinyinst/src/executor.rs b/libafl_tinyinst/src/executor.rs index ca01384a58..a60e256b0f 100644 --- a/libafl_tinyinst/src/executor.rs +++ b/libafl_tinyinst/src/executor.rs @@ -54,7 +54,7 @@ where _fuzzer: &mut Z, _state: &mut Self::State, _mgr: &mut EM, - input: &Self::Input, + input: &mut Self::Input, ) -> Result { match &self.map { Some(_) => { diff --git a/utils/gramatron/construct_automata/src/main.rs b/utils/gramatron/construct_automata/src/main.rs index ff0c7d2df2..7a74067845 100644 --- a/utils/gramatron/construct_automata/src/main.rs +++ b/utils/gramatron/construct_automata/src/main.rs @@ -208,7 +208,7 @@ fn postprocess(pda: &[Transition], stack_limit: usize) -> Automaton { //let mut culled_pda_unique = HashSet::new(); for final_state in &finals { - for transition in pda.iter() { + for transition in pda { if transition.dest == *final_state && transition.stack.len() > 0 { blocklist.insert(transition.dest); } else { @@ -267,7 +267,7 @@ fn postprocess(pda: &[Transition], stack_limit: usize) -> Automaton { } } else { // Running FSA construction in exact approximation mode and postprocessing it like so - for transition in pda.iter() { + for transition in pda { num_transition += 1; let state = transition.source; if state >= memoized.len() {