From 5bcbb2f59affc411a1e8bb7ccaabaa5ba63e6596 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 9 Jul 2021 12:42:17 +0200 Subject: port custom mutator changes --- custom_mutators/rust/custom_mutator/src/lib.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'custom_mutators/rust/custom_mutator') diff --git a/custom_mutators/rust/custom_mutator/src/lib.rs b/custom_mutators/rust/custom_mutator/src/lib.rs index 9444e4d1..66559886 100644 --- a/custom_mutators/rust/custom_mutator/src/lib.rs +++ b/custom_mutators/rust/custom_mutator/src/lib.rs @@ -53,7 +53,9 @@ pub trait RawCustomMutator { 1 } - fn queue_new_entry(&mut self, filename_new_queue: &Path, _filename_orig_queue: Option<&Path>) {} + fn queue_new_entry(&mut self, filename_new_queue: &Path, _filename_orig_queue: Option<&Path>) -> bool { + false + } fn queue_get(&mut self, filename: &Path) -> bool { true @@ -246,7 +248,7 @@ pub mod wrappers { data: *mut c_void, filename_new_queue: *const c_char, filename_orig_queue: *const c_char, - ) { + ) -> bool { match catch_unwind(|| { let mut context = FFIContext::::from(data); if filename_new_queue.is_null() { -- cgit 1.4.1 From bbff0c88fa8a86ec0029a82d9f723a89d97315a9 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 20 Jul 2021 22:31:45 +0200 Subject: fix rust bindings --- custom_mutators/rust/custom_mutator/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'custom_mutators/rust/custom_mutator') diff --git a/custom_mutators/rust/custom_mutator/src/lib.rs b/custom_mutators/rust/custom_mutator/src/lib.rs index 66559886..6826623f 100644 --- a/custom_mutators/rust/custom_mutator/src/lib.rs +++ b/custom_mutators/rust/custom_mutator/src/lib.rs @@ -619,7 +619,7 @@ where } } - fn queue_new_entry(&mut self, filename_new_queue: &Path, filename_orig_queue: Option<&Path>) { + fn queue_new_entry(&mut self, filename_new_queue: &Path, filename_orig_queue: Option<&Path>) -> bool { match self.queue_new_entry(filename_new_queue, filename_orig_queue) { Ok(r) => r, Err(e) => { -- cgit 1.4.1 From a3a86afd0db5bf90d6bc1dc5f58d07e6bc7202c8 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Wed, 21 Jul 2021 01:44:27 +0200 Subject: fix rust mutator bindingsbuild --- custom_mutators/rust/custom_mutator/src/lib.rs | 47 +++++++++++++++----------- 1 file changed, 27 insertions(+), 20 deletions(-) (limited to 'custom_mutators/rust/custom_mutator') diff --git a/custom_mutators/rust/custom_mutator/src/lib.rs b/custom_mutators/rust/custom_mutator/src/lib.rs index 6826623f..39c2b453 100644 --- a/custom_mutators/rust/custom_mutator/src/lib.rs +++ b/custom_mutators/rust/custom_mutator/src/lib.rs @@ -53,7 +53,11 @@ pub trait RawCustomMutator { 1 } - fn queue_new_entry(&mut self, filename_new_queue: &Path, _filename_orig_queue: Option<&Path>) -> bool { + fn queue_new_entry( + &mut self, + filename_new_queue: &Path, + _filename_orig_queue: Option<&Path>, + ) -> bool { false } @@ -86,7 +90,6 @@ pub mod wrappers { use std::{ any::Any, - convert::TryInto, ffi::{c_void, CStr, OsStr}, mem::ManuallyDrop, os::{raw::c_char, unix::ffi::OsStrExt}, @@ -178,6 +181,10 @@ pub mod wrappers { } /// Internal function used in the macro + /// # Safety + /// + /// May dereference all passed-in pointers. + /// Should not be called manually, but will be called by `afl-fuzz` pub unsafe fn afl_custom_fuzz_( data: *mut c_void, buf: *mut u8, @@ -201,13 +208,10 @@ pub mod wrappers { } else { Some(slice::from_raw_parts(add_buf, add_buf_size)) }; - match context - .mutator - .fuzz(buff_slice, add_buff_slice, max_size.try_into().unwrap()) - { + match context.mutator.fuzz(buff_slice, add_buff_slice, max_size) { Some(buffer) => { *out_buf = buffer.as_ptr(); - buffer.len().try_into().unwrap() + buffer.len() } None => { // return the input buffer with 0-length to let AFL skip this mutation attempt @@ -266,7 +270,7 @@ pub mod wrappers { }; context .mutator - .queue_new_entry(filename_new_queue, filename_orig_queue); + .queue_new_entry(filename_new_queue, filename_orig_queue) }) { Ok(ret) => ret, Err(err) => panic_handler("afl_custom_queue_new_entry", err), @@ -544,8 +548,8 @@ pub trait CustomMutator { &mut self, filename_new_queue: &Path, filename_orig_queue: Option<&Path>, - ) -> Result<(), Self::Error> { - Ok(()) + ) -> Result { + Ok(false) } fn queue_get(&mut self, filename: &Path) -> Result { @@ -619,11 +623,16 @@ where } } - fn queue_new_entry(&mut self, filename_new_queue: &Path, filename_orig_queue: Option<&Path>) -> bool { + fn queue_new_entry( + &mut self, + filename_new_queue: &Path, + filename_orig_queue: Option<&Path>, + ) -> bool { match self.queue_new_entry(filename_new_queue, filename_orig_queue) { Ok(r) => r, Err(e) => { Self::handle_error(e); + false } } } @@ -698,16 +707,14 @@ mod default_mutator_describe { fn truncate_str_unicode_safe(s: &str, max_len: usize) -> &str { if s.len() <= max_len { s + } else if let Some((last_index, _)) = s + .char_indices() + .take_while(|(index, _)| *index <= max_len) + .last() + { + &s[..last_index] } else { - if let Some((last_index, _)) = s - .char_indices() - .take_while(|(index, _)| *index <= max_len) - .last() - { - &s[..last_index] - } else { - "" - } + "" } } -- cgit 1.4.1 From 3d7a2fc869a03da4c49a0a7e05d97f01a2846337 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Wed, 21 Jul 2021 02:00:15 +0200 Subject: fixed rust example --- custom_mutators/grammar_mutator/grammar_mutator | 2 +- custom_mutators/rust/custom_mutator/src/lib.rs | 42 ++++++++++++++----------- qemu_mode/qemuafl | 2 +- unicorn_mode/unicornafl | 2 +- 4 files changed, 26 insertions(+), 22 deletions(-) (limited to 'custom_mutators/rust/custom_mutator') diff --git a/custom_mutators/grammar_mutator/grammar_mutator b/custom_mutators/grammar_mutator/grammar_mutator index b79d51a8..b3c4fcfa 160000 --- a/custom_mutators/grammar_mutator/grammar_mutator +++ b/custom_mutators/grammar_mutator/grammar_mutator @@ -1 +1 @@ -Subproject commit b79d51a8daccbd7a693f9b6765c81ead14f28e26 +Subproject commit b3c4fcfa6ae28918bc410f7747135eafd4fb7263 diff --git a/custom_mutators/rust/custom_mutator/src/lib.rs b/custom_mutators/rust/custom_mutator/src/lib.rs index 39c2b453..013d3769 100644 --- a/custom_mutators/rust/custom_mutator/src/lib.rs +++ b/custom_mutators/rust/custom_mutator/src/lib.rs @@ -226,6 +226,10 @@ pub mod wrappers { } /// Internal function used in the macro + /// + /// # Safety + /// Dereferences the passed-in pointers up to `buf_size` bytes. + /// Should not be called directly. pub unsafe fn afl_custom_fuzz_count_( data: *mut c_void, buf: *const u8, @@ -278,6 +282,10 @@ pub mod wrappers { } /// Internal function used in the macro + /// + /// # Safety + /// May dereference the passed-in `data` pointer. + /// Should not be called directly. pub unsafe fn afl_custom_deinit_(data: *mut c_void) { match catch_unwind(|| { // drop the context @@ -392,18 +400,16 @@ macro_rules! export_mutator { } #[no_mangle] - pub extern "C" fn afl_custom_fuzz_count( + pub unsafe extern "C" fn afl_custom_fuzz_count( data: *mut ::std::os::raw::c_void, buf: *const u8, buf_size: usize, ) -> u32 { - unsafe { - $crate::wrappers::afl_custom_fuzz_count_::<$mutator_type>(data, buf, buf_size) - } + $crate::wrappers::afl_custom_fuzz_count_::<$mutator_type>(data, buf, buf_size) } #[no_mangle] - pub extern "C" fn afl_custom_fuzz( + pub unsafe extern "C" fn afl_custom_fuzz( data: *mut ::std::os::raw::c_void, buf: *mut u8, buf_size: usize, @@ -412,17 +418,15 @@ macro_rules! export_mutator { add_buf_size: usize, max_size: usize, ) -> usize { - unsafe { - $crate::wrappers::afl_custom_fuzz_::<$mutator_type>( - data, - buf, - buf_size, - out_buf, - add_buf, - add_buf_size, - max_size, - ) - } + $crate::wrappers::afl_custom_fuzz_::<$mutator_type>( + data, + buf, + buf_size, + out_buf, + add_buf, + add_buf_size, + max_size, + ) } #[no_mangle] @@ -430,7 +434,7 @@ macro_rules! export_mutator { data: *mut ::std::os::raw::c_void, filename_new_queue: *const ::std::os::raw::c_char, filename_orig_queue: *const ::std::os::raw::c_char, - ) { + ) -> bool { $crate::wrappers::afl_custom_queue_new_entry_::<$mutator_type>( data, filename_new_queue, @@ -462,8 +466,8 @@ macro_rules! export_mutator { } #[no_mangle] - pub extern "C" fn afl_custom_deinit(data: *mut ::std::os::raw::c_void) { - unsafe { $crate::wrappers::afl_custom_deinit_::<$mutator_type>(data) } + pub unsafe extern "C" fn afl_custom_deinit(data: *mut ::std::os::raw::c_void) { + $crate::wrappers::afl_custom_deinit_::<$mutator_type>(data) } }; } diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index a6758d1c..21ff3438 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit a6758d1cc3e4dde88fca3f0b3a903581b7c8b2e5 +Subproject commit 21ff34383764a8c6f66509b3b8d5282468c721e1 diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index 019b8715..0d82727f 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit 019b871539fe9ed3f41d882385a8b02c243d49ad +Subproject commit 0d82727f2b477de82fa355edef9bc158bd25d374 -- cgit 1.4.1