aboutsummaryrefslogtreecommitdiff
path: root/custom_mutators
diff options
context:
space:
mode:
authorvan Hauser <vh@thc.org>2023-01-05 13:51:20 +0100
committerGitHub <noreply@github.com>2023-01-05 13:51:20 +0100
commit3b6fcd911a860a8c823c912c4b08b423734e4cfe (patch)
treecc2599499e847c4ac661988d1c5fe7b35a5ef82e /custom_mutators
parent60dc37a8cf09f8e9048e4b6a2204d6c90b27655a (diff)
parenta3b56e7280cb5b5cea21c66c40d4390db6f13b8f (diff)
downloadafl++-3b6fcd911a860a8c823c912c4b08b423734e4cfe.tar.gz
Merge pull request #1610 from AFLplusplus/dev4.05c
push to stable
Diffstat (limited to 'custom_mutators')
-rwxr-xr-xcustom_mutators/gramatron/build_gramatron_mutator.sh2
-rwxr-xr-xcustom_mutators/grammar_mutator/build_grammar_mutator.sh2
-rw-r--r--custom_mutators/libafl_base/Cargo.toml2
-rw-r--r--custom_mutators/libafl_base/src/lib.rs36
-rw-r--r--custom_mutators/rust/custom_mutator-sys/Cargo.toml6
-rw-r--r--custom_mutators/rust/custom_mutator-sys/build.rs4
-rw-r--r--custom_mutators/rust/custom_mutator-sys/src/lib.rs2
-rw-r--r--custom_mutators/rust/custom_mutator/Cargo.toml2
-rw-r--r--custom_mutators/rust/custom_mutator/src/lib.rs109
-rw-r--r--custom_mutators/rust/example/Cargo.toml2
-rw-r--r--custom_mutators/rust/example_lain/Cargo.toml2
11 files changed, 91 insertions, 78 deletions
diff --git a/custom_mutators/gramatron/build_gramatron_mutator.sh b/custom_mutators/gramatron/build_gramatron_mutator.sh
index ff88ff26..c830329e 100755
--- a/custom_mutators/gramatron/build_gramatron_mutator.sh
+++ b/custom_mutators/gramatron/build_gramatron_mutator.sh
@@ -11,7 +11,7 @@
# Adapted for AFLplusplus by Dominik Maier <mail@dmnk.co>
#
# Copyright 2017 Battelle Memorial Institute. All rights reserved.
-# Copyright 2019-2022 AFLplusplus Project. All rights reserved.
+# Copyright 2019-2023 AFLplusplus Project. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/custom_mutators/grammar_mutator/build_grammar_mutator.sh b/custom_mutators/grammar_mutator/build_grammar_mutator.sh
index 74cae8aa..593cd2dc 100755
--- a/custom_mutators/grammar_mutator/build_grammar_mutator.sh
+++ b/custom_mutators/grammar_mutator/build_grammar_mutator.sh
@@ -14,7 +14,7 @@
# <andreafioraldi@gmail.com>
#
# Copyright 2017 Battelle Memorial Institute. All rights reserved.
-# Copyright 2019-2022 AFLplusplus Project. All rights reserved.
+# Copyright 2019-2023 AFLplusplus Project. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/custom_mutators/libafl_base/Cargo.toml b/custom_mutators/libafl_base/Cargo.toml
index 6e40fc39..ac6b0c8f 100644
--- a/custom_mutators/libafl_base/Cargo.toml
+++ b/custom_mutators/libafl_base/Cargo.toml
@@ -6,7 +6,7 @@ edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
-libafl = { git = "https://github.com/AFLplusplus/LibAFL.git", rev = "62614ce1016c86e3f00f35b56399292ceabd486b" }
+libafl = { git = "https://github.com/AFLplusplus/LibAFL.git", rev = "266677bb88abe75165430f34e7de897c35560504" }
custom_mutator = { path = "../rust/custom_mutator", features = ["afl_internals"] }
serde = { version = "1.0", default-features = false, features = ["alloc"] } # serialization lib
diff --git a/custom_mutators/libafl_base/src/lib.rs b/custom_mutators/libafl_base/src/lib.rs
index 6f2db8ca..bae11e1f 100644
--- a/custom_mutators/libafl_base/src/lib.rs
+++ b/custom_mutators/libafl_base/src/lib.rs
@@ -1,5 +1,4 @@
#![cfg(unix)]
-#![allow(unused_variables)]
use serde::{Deserialize, Deserializer, Serialize, Serializer};
use std::{
@@ -18,10 +17,12 @@ use libafl::{
scheduled::{havoc_mutations, tokens_mutations, StdScheduledMutator, Tokens},
Mutator,
},
- state::{HasCorpus, HasMaxSize, HasMetadata, HasRand, State},
+ prelude::UsesInput,
+ state::{HasCorpus, HasMaxSize, HasMetadata, HasRand, State, UsesState},
Error,
};
+#[allow(clippy::identity_op)]
const MAX_FILE: usize = 1 * 1024 * 1024;
static mut AFL: Option<&'static afl_state> = None;
@@ -64,24 +65,32 @@ impl<'de> Deserialize<'de> for AFLCorpus {
}
}
-impl Corpus<BytesInput> for AFLCorpus {
+impl UsesState for AFLCorpus {
+ type State = AFLState;
+}
+
+impl Corpus for AFLCorpus {
#[inline]
fn count(&self) -> usize {
afl().queued_items as usize
}
#[inline]
- fn add(&mut self, testcase: Testcase<BytesInput>) -> Result<usize, Error> {
+ fn add(&mut self, _testcase: Testcase<BytesInput>) -> Result<usize, Error> {
unimplemented!();
}
#[inline]
- fn replace(&mut self, idx: usize, testcase: Testcase<BytesInput>) -> Result<(), Error> {
+ fn replace(
+ &mut self,
+ _idx: usize,
+ _testcase: Testcase<BytesInput>,
+ ) -> Result<Testcase<Self::Input>, Error> {
unimplemented!();
}
#[inline]
- fn remove(&mut self, idx: usize) -> Result<Option<Testcase<BytesInput>>, Error> {
+ fn remove(&mut self, _idx: usize) -> Result<Option<Testcase<BytesInput>>, Error> {
unimplemented!();
}
@@ -92,7 +101,7 @@ impl Corpus<BytesInput> for AFLCorpus {
entries.entry(idx).or_insert_with(|| {
let queue_buf = std::slice::from_raw_parts_mut(afl().queue_buf, self.count());
let entry = queue_buf[idx].as_mut().unwrap();
- let fname = CStr::from_ptr((entry.fname as *mut i8).as_ref().unwrap())
+ let fname = CStr::from_ptr((entry.fname.cast::<i8>()).as_ref().unwrap())
.to_str()
.unwrap()
.to_owned();
@@ -127,9 +136,10 @@ pub struct AFLState {
}
impl AFLState {
+ #[must_use]
pub fn new(seed: u32) -> Self {
Self {
- rand: StdRand::with_seed(seed as u64),
+ rand: StdRand::with_seed(u64::from(seed)),
corpus: AFLCorpus::default(),
metadata: SerdeAnyMap::new(),
max_size: MAX_FILE,
@@ -153,7 +163,11 @@ impl HasRand for AFLState {
}
}
-impl HasCorpus<BytesInput> for AFLState {
+impl UsesInput for AFLState {
+ type Input = BytesInput;
+}
+
+impl HasCorpus for AFLState {
type Corpus = AFLCorpus;
#[inline]
@@ -208,7 +222,7 @@ impl CustomMutator for LibAFLBaseCustomMutator {
tokens.push(data.to_vec());
}
if !tokens.is_empty() {
- state.add_metadata(Tokens::new(tokens));
+ state.add_metadata(Tokens::from(tokens));
}
Ok(Self {
state,
@@ -220,7 +234,7 @@ impl CustomMutator for LibAFLBaseCustomMutator {
fn fuzz<'b, 's: 'b>(
&'s mut self,
buffer: &'b mut [u8],
- add_buff: Option<&[u8]>,
+ _add_buff: Option<&[u8]>,
max_size: usize,
) -> Result<Option<&'b [u8]>, Self::Error> {
self.state.set_max_size(max_size);
diff --git a/custom_mutators/rust/custom_mutator-sys/Cargo.toml b/custom_mutators/rust/custom_mutator-sys/Cargo.toml
index 104f7df0..e38c972e 100644
--- a/custom_mutators/rust/custom_mutator-sys/Cargo.toml
+++ b/custom_mutators/rust/custom_mutator-sys/Cargo.toml
@@ -1,12 +1,12 @@
[package]
name = "custom_mutator-sys"
-version = "0.1.0"
+version = "0.1.1"
authors = ["Julius Hohnerlein <julihoh@users.noreply.github.com>"]
-edition = "2018"
+edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
[build-dependencies]
-bindgen = "0.56"
+bindgen = "0.63"
diff --git a/custom_mutators/rust/custom_mutator-sys/build.rs b/custom_mutators/rust/custom_mutator-sys/build.rs
index 3c88a90d..ba4390ff 100644
--- a/custom_mutators/rust/custom_mutator-sys/build.rs
+++ b/custom_mutators/rust/custom_mutator-sys/build.rs
@@ -15,8 +15,8 @@ fn main() {
// The input header we would like to generate
// bindings for.
.header("wrapper.h")
- .whitelist_type("afl_state_t")
- .blacklist_type(r"u\d+")
+ .allowlist_type("afl_state_t")
+ .blocklist_type(r"u\d+")
.opaque_type(r"_.*")
.opaque_type("FILE")
.opaque_type("in_addr(_t)?")
diff --git a/custom_mutators/rust/custom_mutator-sys/src/lib.rs b/custom_mutators/rust/custom_mutator-sys/src/lib.rs
index a38a13a8..719ac994 100644
--- a/custom_mutators/rust/custom_mutator-sys/src/lib.rs
+++ b/custom_mutators/rust/custom_mutator-sys/src/lib.rs
@@ -1,5 +1,7 @@
#![allow(non_upper_case_globals)]
#![allow(non_camel_case_types)]
#![allow(non_snake_case)]
+#![allow(clippy::too_many_lines)]
+#![allow(clippy::used_underscore_binding)]
include!(concat!(env!("OUT_DIR"), "/bindings.rs"));
diff --git a/custom_mutators/rust/custom_mutator/Cargo.toml b/custom_mutators/rust/custom_mutator/Cargo.toml
index 2d3cdbfa..30f764dc 100644
--- a/custom_mutators/rust/custom_mutator/Cargo.toml
+++ b/custom_mutators/rust/custom_mutator/Cargo.toml
@@ -2,7 +2,7 @@
name = "custom_mutator"
version = "0.1.0"
authors = ["Julius Hohnerlein <julihoh@users.noreply.github.com>"]
-edition = "2018"
+edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
diff --git a/custom_mutators/rust/custom_mutator/src/lib.rs b/custom_mutators/rust/custom_mutator/src/lib.rs
index f872241e..3b635eb5 100644
--- a/custom_mutators/rust/custom_mutator/src/lib.rs
+++ b/custom_mutators/rust/custom_mutator/src/lib.rs
@@ -20,7 +20,7 @@
//! This binding is panic-safe in that it will prevent panics from unwinding into AFL++. Any panic will `abort` at the boundary between the custom mutator and AFL++.
//!
//! # Access to AFL++ internals
-//! This crate has an optional feature "afl_internals", which gives access to AFL++'s internal state.
+//! This crate has an optional feature "`afl_internals`", which gives access to AFL++'s internal state.
//! The state is passed to [`CustomMutator::init`], when the feature is activated.
//!
//! _This is completely unsafe and uses automatically generated types extracted from the AFL++ source._
@@ -115,7 +115,7 @@ pub mod wrappers {
impl<M: RawCustomMutator> FFIContext<M> {
fn from(ptr: *mut c_void) -> ManuallyDrop<Box<Self>> {
assert!(!ptr.is_null());
- ManuallyDrop::new(unsafe { Box::from_raw(ptr as *mut Self) })
+ ManuallyDrop::new(unsafe { Box::from_raw(ptr.cast::<Self>()) })
}
fn into_ptr(self: Box<Self>) -> *const c_void {
@@ -141,27 +141,28 @@ pub mod wrappers {
}
/// panic handler called for every panic
- fn panic_handler(method: &str, panic_info: Box<dyn Any + Send + 'static>) -> ! {
+ fn panic_handler(method: &str, panic_info: &Box<dyn Any + Send + 'static>) -> ! {
use std::ops::Deref;
- let cause = panic_info
- .downcast_ref::<String>()
- .map(String::deref)
- .unwrap_or_else(|| {
+ let cause = panic_info.downcast_ref::<String>().map_or_else(
+ || {
panic_info
.downcast_ref::<&str>()
.copied()
.unwrap_or("<cause unknown>")
- });
- eprintln!("A panic occurred at {}: {}", method, cause);
+ },
+ String::deref,
+ );
+ eprintln!("A panic occurred at {method}: {cause}");
abort()
}
/// Internal function used in the macro
#[cfg(not(feature = "afl_internals"))]
+ #[must_use]
pub fn afl_custom_init_<M: RawCustomMutator>(seed: u32) -> *const c_void {
match catch_unwind(|| FFIContext::<M>::new(seed).into_ptr()) {
Ok(ret) => ret,
- Err(err) => panic_handler("afl_custom_init", err),
+ Err(err) => panic_handler("afl_custom_init", &err),
}
}
@@ -176,7 +177,7 @@ pub mod wrappers {
FFIContext::<M>::new(afl, seed).into_ptr()
}) {
Ok(ret) => ret,
- Err(err) => panic_handler("afl_custom_init", err),
+ Err(err) => panic_handler("afl_custom_init", &err),
}
}
@@ -196,32 +197,27 @@ pub mod wrappers {
) -> usize {
match catch_unwind(|| {
let mut context = FFIContext::<M>::from(data);
- if buf.is_null() {
- panic!("null buf passed to afl_custom_fuzz")
- }
- if out_buf.is_null() {
- panic!("null out_buf passed to afl_custom_fuzz")
- }
+
+ assert!(!buf.is_null(), "null buf passed to afl_custom_fuzz");
+ assert!(!out_buf.is_null(), "null out_buf passed to afl_custom_fuzz");
+
let buff_slice = slice::from_raw_parts_mut(buf, buf_size);
let add_buff_slice = if add_buf.is_null() {
None
} else {
Some(slice::from_raw_parts(add_buf, add_buf_size))
};
- match context.mutator.fuzz(buff_slice, add_buff_slice, max_size) {
- Some(buffer) => {
- *out_buf = buffer.as_ptr();
- buffer.len()
- }
- None => {
- // return the input buffer with 0-length to let AFL skip this mutation attempt
- *out_buf = buf;
- 0
- }
+ if let Some(buffer) = context.mutator.fuzz(buff_slice, add_buff_slice, max_size) {
+ *out_buf = buffer.as_ptr();
+ buffer.len()
+ } else {
+ // return the input buffer with 0-length to let AFL skip this mutation attempt
+ *out_buf = buf;
+ 0
}
}) {
Ok(ret) => ret,
- Err(err) => panic_handler("afl_custom_fuzz", err),
+ Err(err) => panic_handler("afl_custom_fuzz", &err),
}
}
@@ -237,9 +233,8 @@ pub mod wrappers {
) -> u32 {
match catch_unwind(|| {
let mut context = FFIContext::<M>::from(data);
- if buf.is_null() {
- panic!("null buf passed to afl_custom_fuzz")
- }
+ assert!(!buf.is_null(), "null buf passed to afl_custom_fuzz");
+
let buf_slice = slice::from_raw_parts(buf, buf_size);
// see https://doc.rust-lang.org/nomicon/borrow-splitting.html
let ctx = &mut **context;
@@ -247,37 +242,39 @@ pub mod wrappers {
mutator.fuzz_count(buf_slice)
}) {
Ok(ret) => ret,
- Err(err) => panic_handler("afl_custom_fuzz_count", err),
+ Err(err) => panic_handler("afl_custom_fuzz_count", &err),
}
}
/// Internal function used in the macro
- pub fn afl_custom_queue_new_entry_<M: RawCustomMutator>(
+ pub unsafe fn afl_custom_queue_new_entry_<M: RawCustomMutator>(
data: *mut c_void,
filename_new_queue: *const c_char,
filename_orig_queue: *const c_char,
) -> bool {
match catch_unwind(|| {
let mut context = FFIContext::<M>::from(data);
- if filename_new_queue.is_null() {
- panic!("received null filename_new_queue in afl_custom_queue_new_entry");
- }
+ assert!(
+ !filename_new_queue.is_null(),
+ "received null filename_new_queue in afl_custom_queue_new_entry"
+ );
+
let filename_new_queue = Path::new(OsStr::from_bytes(
unsafe { CStr::from_ptr(filename_new_queue) }.to_bytes(),
));
- let filename_orig_queue = if !filename_orig_queue.is_null() {
+ let filename_orig_queue = if filename_orig_queue.is_null() {
+ None
+ } else {
Some(Path::new(OsStr::from_bytes(
unsafe { CStr::from_ptr(filename_orig_queue) }.to_bytes(),
)))
- } else {
- None
};
context
.mutator
.queue_new_entry(filename_new_queue, filename_orig_queue)
}) {
Ok(ret) => ret,
- Err(err) => panic_handler("afl_custom_queue_new_entry", err),
+ Err(err) => panic_handler("afl_custom_queue_new_entry", &err),
}
}
@@ -292,7 +289,7 @@ pub mod wrappers {
ManuallyDrop::into_inner(FFIContext::<M>::from(data));
}) {
Ok(ret) => ret,
- Err(err) => panic_handler("afl_custom_deinit", err),
+ Err(err) => panic_handler("afl_custom_deinit", &err),
}
}
@@ -306,13 +303,13 @@ pub mod wrappers {
buf.extend_from_slice(res.as_bytes());
buf.push(0);
// unwrapping here, as the error case should be extremely rare
- CStr::from_bytes_with_nul(&buf).unwrap().as_ptr()
+ CStr::from_bytes_with_nul(buf).unwrap().as_ptr()
} else {
null()
}
}) {
Ok(ret) => ret,
- Err(err) => panic_handler("afl_custom_introspection", err),
+ Err(err) => panic_handler("afl_custom_introspection", &err),
}
}
@@ -329,18 +326,18 @@ pub mod wrappers {
buf.extend_from_slice(res.as_bytes());
buf.push(0);
// unwrapping here, as the error case should be extremely rare
- CStr::from_bytes_with_nul(&buf).unwrap().as_ptr()
+ CStr::from_bytes_with_nul(buf).unwrap().as_ptr()
} else {
null()
}
}) {
Ok(ret) => ret,
- Err(err) => panic_handler("afl_custom_describe", err),
+ Err(err) => panic_handler("afl_custom_describe", &err),
}
}
/// Internal function used in the macro
- pub fn afl_custom_queue_get_<M: RawCustomMutator>(
+ pub unsafe fn afl_custom_queue_get_<M: RawCustomMutator>(
data: *mut c_void,
filename: *const c_char,
) -> u8 {
@@ -348,12 +345,12 @@ pub mod wrappers {
let mut context = FFIContext::<M>::from(data);
assert!(!filename.is_null());
- context.mutator.queue_get(Path::new(OsStr::from_bytes(
+ u8::from(context.mutator.queue_get(Path::new(OsStr::from_bytes(
unsafe { CStr::from_ptr(filename) }.to_bytes(),
- ))) as u8
+ ))))
}) {
Ok(ret) => ret,
- Err(err) => panic_handler("afl_custom_queue_get", err),
+ Err(err) => panic_handler("afl_custom_queue_get", &err),
}
}
}
@@ -373,7 +370,7 @@ macro_rules! _define_afl_custom_init {
};
}
-/// An exported macro to defined afl_custom_init meant for insternal usage
+/// An exported macro to defined `afl_custom_init` meant for internal usage
#[cfg(not(feature = "afl_internals"))]
#[macro_export]
macro_rules! _define_afl_custom_init {
@@ -444,7 +441,7 @@ macro_rules! export_mutator {
}
#[no_mangle]
- pub extern "C" fn afl_custom_queue_new_entry(
+ pub unsafe extern "C" fn afl_custom_queue_new_entry(
data: *mut ::std::os::raw::c_void,
filename_new_queue: *const ::std::os::raw::c_char,
filename_orig_queue: *const ::std::os::raw::c_char,
@@ -457,7 +454,7 @@ macro_rules! export_mutator {
}
#[no_mangle]
- pub extern "C" fn afl_custom_queue_get(
+ pub unsafe extern "C" fn afl_custom_queue_get(
data: *mut ::std::os::raw::c_void,
filename: *const ::std::os::raw::c_char,
) -> u8 {
@@ -520,9 +517,10 @@ mod sanity_test {
export_mutator!(ExampleMutator);
}
-#[allow(unused_variables)]
/// A custom mutator.
/// [`CustomMutator::handle_error`] will be called in case any method returns an [`Result::Err`].
+#[allow(unused_variables)]
+#[allow(clippy::missing_errors_doc)]
pub trait CustomMutator {
/// The error type. All methods must return the same error type.
type Error: Debug;
@@ -537,7 +535,7 @@ pub trait CustomMutator {
.map(|v| !v.is_empty())
.unwrap_or(false)
{
- eprintln!("Error in custom mutator: {:?}", err)
+ eprintln!("Error in custom mutator: {err:?}");
}
}
@@ -759,8 +757,7 @@ mod truncate_test {
let actual_output = truncate_str_unicode_safe(input, *max_len);
assert_eq!(
&actual_output, expected_output,
- "{:#?} truncated to {} bytes should be {:#?}, but is {:#?}",
- input, max_len, expected_output, actual_output
+ "{input:#?} truncated to {max_len} bytes should be {expected_output:#?}, but is {actual_output:#?}"
);
}
}
diff --git a/custom_mutators/rust/example/Cargo.toml b/custom_mutators/rust/example/Cargo.toml
index 070d23b1..9d53ebe5 100644
--- a/custom_mutators/rust/example/Cargo.toml
+++ b/custom_mutators/rust/example/Cargo.toml
@@ -2,7 +2,7 @@
name = "example_mutator"
version = "0.1.0"
authors = ["Julius Hohnerlein <julihoh@users.noreply.github.com>"]
-edition = "2018"
+edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
diff --git a/custom_mutators/rust/example_lain/Cargo.toml b/custom_mutators/rust/example_lain/Cargo.toml
index 29d606a4..c52bf86f 100644
--- a/custom_mutators/rust/example_lain/Cargo.toml
+++ b/custom_mutators/rust/example_lain/Cargo.toml
@@ -2,7 +2,7 @@
name = "example_lain"
version = "0.1.0"
authors = ["Julius Hohnerlein <julihoh@users.noreply.github.com>"]
-edition = "2018"
+edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-23 19:44:57 +0000