Merge branch 'main' into python/pyproject-toml

AFLplusplus · May 3, 2023 · f9377a8 · f9377a8
2 parents fb130d2 + f9c74ed
commit f9377a8
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 16 deletions.
diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml
@@ -356,14 +356,14 @@ jobs:
         mem: 2048
         release: 13.1
         prepare: |
-          pkg install -y curl bash sudo llvm14
+          pkg install -y curl bash sudo llvm16
           curl https://sh.rustup.rs -sSf | sh -s -- -y
 
         run: |
           freebsd-version
           . "$HOME/.cargo/env"
           rustup toolchain install nightly
-          export LLVM_CONFIG=/usr/local/bin/llvm-config14
+          export LLVM_CONFIG=/usr/local/bin/llvm-config16
           pwd
           ls -lah
           echo "local/bin"

diff --git a/fuzzers/fuzzbench/src/lib.rs b/fuzzers/fuzzbench/src/lib.rs
@@ -24,7 +24,7 @@ use libafl::{
         tuples::{tuple_list, Merge},
         AsSlice,
     },
-    corpus::{Corpus, OnDiskCorpus},
+    corpus::{Corpus, InMemoryOnDiskCorpus, OnDiskCorpus},
     events::SimpleRestartingEventManager,
     executors::{inprocess::InProcessExecutor, ExitKind, TimeoutExecutor},
     feedback_or,
@@ -271,7 +271,7 @@ fn fuzz(
             // RNG
             StdRand::with_seed(current_nanos()),
             // Corpus that will be evolved, we keep it in memory for performance
-            OnDiskCorpus::new(corpus_dir).unwrap(),
+            InMemoryOnDiskCorpus::new(corpus_dir).unwrap(),
             // Corpus in which we store solutions (crashes in this example),
             // on disk so the user can get them after stopping the fuzzer
             OnDiskCorpus::new(objective_dir).unwrap(),

diff --git a/libafl/src/bolts/llmp.rs b/libafl/src/bolts/llmp.rs
@@ -1053,7 +1053,7 @@ where
                 "PROGRAM ABORT : BUG: EOP does not fit in page! page {page:?}, size_current {:?}, size_total {:?}",
                 ptr::addr_of!((*page).size_used), ptr::addr_of!((*page).size_total));
 
-        let mut ret: *mut LlmpMsg = if last_msg.is_null() {
+        let ret: *mut LlmpMsg = if last_msg.is_null() {
             (*page).messages.as_mut_ptr()
         } else {
             llmp_next_msg_ptr_checked(map, last_msg, EOP_MSG_SIZE)?
@@ -1266,7 +1266,7 @@ where
         let mut new_map_shmem =
             self.new_or_unused_shmem((*old_map).sender_id, next_min_shmem_size)?;
 
-        let mut new_map = new_map_shmem.page_mut();
+        let new_map = new_map_shmem.page_mut();
 
         #[cfg(feature = "llmp_debug")]
         log::info!("got new map at: {new_map:?}");
@@ -1286,7 +1286,7 @@ where
         let out = self.alloc_eop()?;
 
         #[allow(clippy::cast_ptr_alignment)]
-        let mut end_of_page_msg = (*out).buf.as_mut_ptr() as *mut LlmpPayloadSharedMapInfo;
+        let end_of_page_msg = (*out).buf.as_mut_ptr() as *mut LlmpPayloadSharedMapInfo;
         (*end_of_page_msg).map_size = new_map_shmem.shmem.len();
         (*end_of_page_msg).shm_str = *new_map_shmem.shmem.id().as_array();
 
@@ -2091,7 +2091,7 @@ where
 
     /// For internal use: Forward the current message to the out map.
     unsafe fn forward_msg(&mut self, msg: *mut LlmpMsg) -> Result<(), Error> {
-        let mut out: *mut LlmpMsg = self.alloc_next((*msg).buf_len_padded as usize)?;
+        let out: *mut LlmpMsg = self.alloc_next((*msg).buf_len_padded as usize)?;
 
         /* Copy over the whole message.
         If we should need zero copy, we could instead post a link to the

diff --git a/libafl/src/executors/inprocess.rs b/libafl/src/executors/inprocess.rs
@@ -908,7 +908,7 @@ pub mod windows_asan_handler {
         E::State: HasSolutions + HasClientPerfMonitor + HasCorpus,
         Z: HasObjective<Objective = OF, State = E::State>,
     {
-        let mut data = &mut GLOBAL_STATE;
+        let data = &mut GLOBAL_STATE;
         // Have we set a timer_before?
         if !(data.tp_timer as *mut windows::Win32::System::Threading::TP_TIMER).is_null() {
             /*

diff --git a/libafl/src/stages/dump.rs b/libafl/src/stages/dump.rs
@@ -41,7 +41,7 @@ where
 
 impl<CB, E, EM, Z> Stage<E, EM, Z> for DumpToDiskStage<CB, EM, Z>
 where
-    CB: FnMut(&<Z::State as UsesInput>::Input) -> Vec<u8>,
+    CB: FnMut(&<Z::State as UsesInput>::Input, &Z::State) -> Vec<u8>,
     EM: UsesState<State = Z::State>,
     E: UsesState<State = Z::State>,
     Z: UsesState,
@@ -69,7 +69,7 @@ where
         while let Some(i) = corpus_idx {
             let mut testcase = state.corpus().get(i)?.borrow_mut();
             state.corpus().load_input_into(&mut testcase)?;
-            let bytes = (self.to_bytes)(testcase.input().as_ref().unwrap());
+            let bytes = (self.to_bytes)(testcase.input().as_ref().unwrap(), state);
 
             let fname = self.corpus_dir.join(format!(
                 "id_{i}_{}",
@@ -87,7 +87,7 @@ where
         while let Some(i) = solutions_idx {
             let mut testcase = state.solutions().get(i)?.borrow_mut();
             state.solutions().load_input_into(&mut testcase)?;
-            let bytes = (self.to_bytes)(testcase.input().as_ref().unwrap());
+            let bytes = (self.to_bytes)(testcase.input().as_ref().unwrap(), state);
 
             let fname = self.solutions_dir.join(format!(
                 "id_{i}_{}",
@@ -113,7 +113,6 @@ where
 
 impl<CB, EM, Z> DumpToDiskStage<CB, EM, Z>
 where
-    CB: FnMut(&<Z::State as UsesInput>::Input) -> Vec<u8>,
     EM: UsesState<State = Z::State>,
     Z: UsesState,
     Z::State: HasCorpus + HasSolutions + HasRand + HasMetadata,

diff --git a/libafl_targets/src/sancov_8bit.rs b/libafl_targets/src/sancov_8bit.rs
@@ -1,15 +1,21 @@
 //! [`LLVM` `8-bi-counters`](https://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs-with-guards) runtime for `LibAFL`.
 use alloc::vec::Vec;
-use core::slice::from_raw_parts_mut;
+
+use libafl::bolts::ownedref::OwnedMutSlice;
 
 /// A [`Vec`] of `8-bit-counters` maps for multiple modules.
 /// They are initialized by calling [`__sanitizer_cov_8bit_counters_init`](
-pub static mut COUNTERS_MAPS: Vec<&'static mut [u8]> = Vec::new();
+pub static mut COUNTERS_MAPS: Vec<OwnedMutSlice<'static, u8>> = Vec::new();
 
 /// Initialize the sancov `8-bit-counters` - usually called by `llvm`.
 #[no_mangle]
 #[allow(clippy::cast_sign_loss)]
 #[allow(clippy::not_unsafe_ptr_arg_deref)]
 pub extern "C" fn __sanitizer_cov_8bit_counters_init(start: *mut u8, stop: *mut u8) {
-    unsafe { COUNTERS_MAPS.push(from_raw_parts_mut(start, stop.offset_from(start) as usize)) }
+    unsafe {
+        COUNTERS_MAPS.push(OwnedMutSlice::from_raw_parts_mut(
+            start,
+            stop.offset_from(start) as usize,
+        ));
+    }
 }