diff --git a/Dockerfile b/Dockerfile index 8ea956e793..0265192687 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # syntax=docker/dockerfile:1.2 -FROM rust:1.73.0 AS libafl +FROM rust:1.76.0 AS libafl LABEL "maintainer"="afl++ team " LABEL "about"="LibAFL Docker image" diff --git a/fuzzers/forkserver_libafl_cc/Cargo.toml b/fuzzers/forkserver_libafl_cc/Cargo.toml index 39120c06e0..2d6efbfc7b 100644 --- a/fuzzers/forkserver_libafl_cc/Cargo.toml +++ b/fuzzers/forkserver_libafl_cc/Cargo.toml @@ -22,7 +22,7 @@ which = { version = "4.4" } [dependencies] clap = { version = "4.0", features = ["derive"] } -nix = "0.26" +nix = "0.27" libafl = { path = "../../libafl/" } libafl_bolts = { path = "../../libafl_bolts/" } libafl_cc = { path = "../../libafl_cc/" } diff --git a/fuzzers/forkserver_simple/Cargo.toml b/fuzzers/forkserver_simple/Cargo.toml index a42b7ba5e5..21943b2a32 100644 --- a/fuzzers/forkserver_simple/Cargo.toml +++ b/fuzzers/forkserver_simple/Cargo.toml @@ -19,4 +19,4 @@ opt-level = 3 libafl = { path = "../../libafl/", features = ["std", "derive"] } libafl_bolts = { path = "../../libafl_bolts/" } clap = { version = "4.0", features = ["derive"] } -nix = "0.26" +nix = "0.27" diff --git a/fuzzers/fuzzbench/Cargo.toml b/fuzzers/fuzzbench/Cargo.toml index 3c7c649f33..046c7405c0 100644 --- a/fuzzers/fuzzbench/Cargo.toml +++ b/fuzzers/fuzzbench/Cargo.toml @@ -31,7 +31,7 @@ libafl_targets = { path = "../../libafl_targets/", features = ["sancov_pcguard_h # TODO Include it only when building cc libafl_cc = { path = "../../libafl_cc/" } clap = { version = "4.0", features = ["default"] } -nix = "0.26" +nix = { version = "0.27", features = ["fs"] } mimalloc = { version = "*", default-features = false } [lib] diff --git a/fuzzers/fuzzbench_fork_qemu/Cargo.toml b/fuzzers/fuzzbench_fork_qemu/Cargo.toml index c2f903ce1e..705894e221 100644 --- a/fuzzers/fuzzbench_fork_qemu/Cargo.toml +++ b/fuzzers/fuzzbench_fork_qemu/Cargo.toml @@ -25,4 +25,4 @@ libafl_bolts = { path = "../../libafl_bolts/" } libafl_qemu = { path = "../../libafl_qemu/", features = ["x86_64", "usermode"] } clap = { version = "4.0", features = ["default"] } -nix = "0.26" +nix = { version = "0.27", features = ["fs"] } diff --git a/fuzzers/fuzzbench_forkserver/Cargo.toml b/fuzzers/fuzzbench_forkserver/Cargo.toml index 30a1b4b0cc..9c30351062 100644 --- a/fuzzers/fuzzbench_forkserver/Cargo.toml +++ b/fuzzers/fuzzbench_forkserver/Cargo.toml @@ -24,4 +24,4 @@ libafl = { path = "../../libafl/" } libafl_bolts = { path = "../../libafl_bolts/" } libafl_targets = { path = "../../libafl_targets/" } clap = { version = "4.0", features = ["default"] } -nix = "0.26" +nix = "0.27" diff --git a/fuzzers/fuzzbench_forkserver_cmplog/Cargo.toml b/fuzzers/fuzzbench_forkserver_cmplog/Cargo.toml index 72401524f2..03d2c313ef 100644 --- a/fuzzers/fuzzbench_forkserver_cmplog/Cargo.toml +++ b/fuzzers/fuzzbench_forkserver_cmplog/Cargo.toml @@ -24,4 +24,4 @@ libafl = { path = "../../libafl/" } libafl_bolts = { path = "../../libafl_bolts/" } libafl_targets = { path = "../../libafl_targets/" } clap = { version = "4.0", features = ["default"] } -nix = "0.26" \ No newline at end of file +nix = "0.27" \ No newline at end of file diff --git a/fuzzers/fuzzbench_qemu/Cargo.toml b/fuzzers/fuzzbench_qemu/Cargo.toml index 44659e9e2d..c6e754e7bd 100644 --- a/fuzzers/fuzzbench_qemu/Cargo.toml +++ b/fuzzers/fuzzbench_qemu/Cargo.toml @@ -25,5 +25,5 @@ libafl_bolts = { path = "../../libafl_bolts/" } libafl_qemu = { path = "../../libafl_qemu/", features = ["x86_64", "usermode"] } clap = { version = "4.0", features = ["default"] } -nix = "0.26" +nix = { version = "0.27", features = ["fs"] } diff --git a/fuzzers/fuzzbench_text/Cargo.toml b/fuzzers/fuzzbench_text/Cargo.toml index 32d1442ef8..76b772e643 100644 --- a/fuzzers/fuzzbench_text/Cargo.toml +++ b/fuzzers/fuzzbench_text/Cargo.toml @@ -26,7 +26,7 @@ libafl_targets = { path = "../../libafl_targets/", features = ["sancov_pcguard_h # TODO Include it only when building cc libafl_cc = { path = "../../libafl_cc/" } clap = { version = "4.0", features = ["default"] } -nix = "0.26" +nix = { version = "0.27", features = ["fs"] } mimalloc = { version = "*", default-features = false } content_inspector = "0.2.4" #log = "0.4" diff --git a/fuzzers/qemu_launcher/Cargo.toml b/fuzzers/qemu_launcher/Cargo.toml index 2334ced11c..00bb1c2941 100644 --- a/fuzzers/qemu_launcher/Cargo.toml +++ b/fuzzers/qemu_launcher/Cargo.toml @@ -41,7 +41,7 @@ libafl = { path = "../../libafl/" } libafl_bolts = { path = "../../libafl_bolts/" } libafl_qemu = { path = "../../libafl_qemu/", features = ["usermode"] } log = {version = "0.4.20" } -nix = { version = "0.26" } +nix = { version = "0.27", features = ["fs"] } rangemap = { version = "1.3" } readonly = { version = "0.2.10" } typed-builder = { version = "0.15.1" } diff --git a/fuzzers/qemu_launcher/Makefile.toml b/fuzzers/qemu_launcher/Makefile.toml index e4f0e1eac3..b64103f258 100644 --- a/fuzzers/qemu_launcher/Makefile.toml +++ b/fuzzers/qemu_launcher/Makefile.toml @@ -163,7 +163,8 @@ mkdir ${TARGET_DIR}/build-png/ cd ${TARGET_DIR}/build-png/ && \ CC=$CROSS_CC \ - CFLAGS="${CROSS_CFLAGS} -I"${TARGET_DIR}/build-zlib/zlib/lib"" \ + CFLAGS="${CROSS_CFLAGS}" \ + CPPFLAGS="-I${TARGET_DIR}/build-zlib/zlib/include" \ LDFLAGS=-L"${TARGET_DIR}/build-zlib/zlib/lib" \ ${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/libpng-1.6.37/configure \ --enable-shared=no \ @@ -212,7 +213,7 @@ ${CROSS_CXX} \ "${TARGET_DIR}/build-zlib/libz.a" \ -I"${TARGET_DIR}/build-png" \ -I"${CARGO_MAKE_CRATE_TARGET_DIRECTORY}/deps/libpng-1.6.37" \ - -I"${TARGET_DIR}/build-zlib/zlib/lib" \ + -I"${TARGET_DIR}/build-zlib/zlib/include" \ -L"${TARGET_DIR}/build-zlib/zlib/lib" \ -o"${TARGET_DIR}/libpng-harness-${CARGO_MAKE_PROFILE}" \ -lm \ diff --git a/libafl/Cargo.toml b/libafl/Cargo.toml index e0a79e8c5a..a365de7483 100644 --- a/libafl/Cargo.toml +++ b/libafl/Cargo.toml @@ -163,7 +163,7 @@ backtrace = {version = "0.3", optional = true} # Used to get the stacktrace in S typed-builder = { version = "0.16", optional = true } # Implement the builder pattern at compiletime serde_json = { version = "1.0", optional = true, default-features = false, features = ["alloc"] } -nix = { version = "0.26", optional = true } +nix = { version = "0.27", optional = true } regex = { version = "1", optional = true } uuid = { version = "1.4", optional = true, features = ["serde", "v4"] } libm = "0.2.2" diff --git a/libafl/src/corpus/mod.rs b/libafl/src/corpus/mod.rs index 47f01d22e4..0cfcc39c27 100644 --- a/libafl/src/corpus/mod.rs +++ b/libafl/src/corpus/mod.rs @@ -361,21 +361,23 @@ pub mod pybind { fn get(&self, idx: CorpusId) -> Result<&RefCell>, Error> { let ptr = unwrap_me!(self.wrapper, c, { c.get(idx) - .map(|v| v as *const RefCell>) + .map(core::ptr::from_ref::>>) })?; Ok(unsafe { ptr.as_ref().unwrap() }) } #[inline] fn current(&self) -> &Option { - let ptr = unwrap_me!(self.wrapper, c, { c.current() as *const Option }); + let ptr = unwrap_me!(self.wrapper, c, { + core::ptr::from_ref::>(c.current()) + }); unsafe { ptr.as_ref().unwrap() } } #[inline] fn current_mut(&mut self) -> &mut Option { let ptr = unwrap_me_mut!(self.wrapper, c, { - c.current_mut() as *mut Option + core::ptr::from_mut::>(c.current_mut()) }); unsafe { ptr.as_mut().unwrap() } } diff --git a/libafl/src/events/centralized.rs b/libafl/src/events/centralized.rs index 2381aa6960..515e991144 100644 --- a/libafl/src/events/centralized.rs +++ b/libafl/src/events/centralized.rs @@ -86,10 +86,19 @@ where /// /// The port must not be bound yet to have a broker. #[cfg(feature = "std")] - pub fn on_port(shmem_provider: SP, port: u16) -> Result { + pub fn on_port( + shmem_provider: SP, + port: u16, + client_timeout: Option, + ) -> Result { Ok(Self { // TODO switch to false after solving the bug - llmp: LlmpBroker::with_keep_pages_attach_to_tcp(shmem_provider, port, true)?, + llmp: LlmpBroker::with_keep_pages_attach_to_tcp( + shmem_provider, + port, + true, + client_timeout, + )?, #[cfg(feature = "llmp_compression")] compressor: GzipCompressor::new(COMPRESS_THRESHOLD), phantom: PhantomData, diff --git a/libafl/src/events/launcher.rs b/libafl/src/events/launcher.rs index 18181c46b8..75f250e9fb 100644 --- a/libafl/src/events/launcher.rs +++ b/libafl/src/events/launcher.rs @@ -24,7 +24,7 @@ use std::net::SocketAddr; #[cfg(all(feature = "std", any(windows, not(feature = "fork"))))] use std::process::Stdio; #[cfg(all(unix, feature = "std", feature = "fork"))] -use std::{fs::File, os::unix::io::AsRawFd}; +use std::{fs::File, os::unix::io::AsRawFd, time::Duration}; #[cfg(all(feature = "std", any(windows, not(feature = "fork"))))] use libafl_bolts::os::startable_self; @@ -496,10 +496,9 @@ where S: State + HasExecutions, SP: ShMemProvider + 'static, { - /// Launch the broker and the clients and fuzz #[allow(clippy::similar_names)] #[allow(clippy::too_many_lines)] - pub fn launch(&mut self) -> Result<(), Error> { + fn launch_internal(&mut self, client_timeout: Option) -> Result<(), Error> { if self.cores.ids.is_empty() { return Err(Error::illegal_argument( "No cores to spawn on given, cannot launch anything.", @@ -544,6 +543,7 @@ where CentralizedLlmpEventBroker::on_port( self.shmem_provider.clone(), self.centralized_broker_port, + client_timeout, )?; broker.broker_loop()?; } @@ -643,4 +643,14 @@ where Ok(()) } + + /// Launch the broker and the clients and fuzz + pub fn launch(&mut self) -> Result<(), Error> { + self.launch_internal(None) + } + + /// Launch the broker and the clients and fuzz with a given timeout for the clients + pub fn launch_with_client_timeout(&mut self, client_timeout: Duration) -> Result<(), Error> { + self.launch_internal(Some(client_timeout)) + } } diff --git a/libafl/src/events/llmp.rs b/libafl/src/events/llmp.rs index 808a56e9c9..5cc02ad97c 100644 --- a/libafl/src/events/llmp.rs +++ b/libafl/src/events/llmp.rs @@ -109,10 +109,15 @@ where /// /// The port must not be bound yet to have a broker. #[cfg(feature = "std")] - pub fn on_port(shmem_provider: SP, monitor: MT, port: u16) -> Result { + pub fn on_port( + shmem_provider: SP, + monitor: MT, + port: u16, + client_timeout: Option, + ) -> Result { Ok(Self { monitor, - llmp: llmp::LlmpBroker::create_attach_to_tcp(shmem_provider, port)?, + llmp: llmp::LlmpBroker::create_attach_to_tcp(shmem_provider, port, client_timeout)?, #[cfg(feature = "llmp_compression")] compressor: GzipCompressor::new(COMPRESS_THRESHOLD), phantom: PhantomData, @@ -1172,8 +1177,10 @@ where false } - /// Launch the restarting manager - pub fn launch(&mut self) -> Result<(Option, LlmpRestartingEventManager), Error> { + fn launch_internal( + &mut self, + client_timeout: Option, + ) -> Result<(Option, LlmpRestartingEventManager), Error> { // We start ourself as child process to actually fuzz let (staterestorer, new_shmem_provider, core_id) = if std::env::var(_ENV_FUZZER_SENDER) .is_err() @@ -1195,8 +1202,11 @@ where // We get here if we are on Unix, or we are a broker on Windows (or without forks). let (mgr, core_id) = match self.kind { ManagerKind::Any => { - let connection = - LlmpConnection::on_port(self.shmem_provider.clone(), self.broker_port)?; + let connection = LlmpConnection::on_port( + self.shmem_provider.clone(), + self.broker_port, + client_timeout, + )?; match connection { LlmpConnection::IsBroker { broker } => { let event_broker = LlmpEventBroker::::new( @@ -1224,6 +1234,7 @@ where self.shmem_provider.clone(), self.monitor.take().unwrap(), self.broker_port, + client_timeout, )?; broker_things(event_broker, self.remote_broker_addr)?; @@ -1386,6 +1397,19 @@ where Ok((state, mgr)) } + + /// Launch the restarting manager + pub fn launch(&mut self) -> Result<(Option, LlmpRestartingEventManager), Error> { + self.launch_internal(None) + } + + /// Launch the restarting manager with a custom client timeout + pub fn launch_with_client_timeout( + &mut self, + client_timeout: Duration, + ) -> Result<(Option, LlmpRestartingEventManager), Error> { + self.launch_internal(Some(client_timeout)) + } } /// A manager-like llmp client that converts between input types diff --git a/libafl/src/executors/differential.rs b/libafl/src/executors/differential.rs index 8da268f4cb..745c4ed1b7 100644 --- a/libafl/src/executors/differential.rs +++ b/libafl/src/executors/differential.rs @@ -205,8 +205,8 @@ where impl ProxyObserversTuple { fn set(&mut self, primary: &A, secondary: &B) { - self.primary = OwnedMutPtr::Ptr(primary as *const A as *mut A); - self.secondary = OwnedMutPtr::Ptr(secondary as *const B as *mut B); + self.primary = OwnedMutPtr::Ptr(core::ptr::from_ref::(primary) as *mut A); + self.secondary = OwnedMutPtr::Ptr(core::ptr::from_ref::(secondary) as *mut B); } } diff --git a/libafl/src/executors/forkserver.rs b/libafl/src/executors/forkserver.rs index f960da63c8..5e042a204b 100644 --- a/libafl/src/executors/forkserver.rs +++ b/libafl/src/executors/forkserver.rs @@ -9,7 +9,10 @@ use core::{ use std::{ ffi::{OsStr, OsString}, io::{self, prelude::*, ErrorKind}, - os::unix::{io::RawFd, process::CommandExt}, + os::{ + fd::{AsRawFd, BorrowedFd}, + unix::{io::RawFd, process::CommandExt}, + }, path::Path, process::{Child, Command, Stdio}, }; @@ -439,11 +442,15 @@ impl Forkserver { ))); }; + // # Safety + // The FDs are valid as this point in time. + let st_read = unsafe { BorrowedFd::borrow_raw(st_read) }; + let mut readfds = FdSet::new(); - readfds.insert(st_read); + readfds.insert(&st_read); // We'll pass a copied timeout to keep the original timeout intact, because select updates timeout to indicate how much time was left. See select(2) let sret = pselect( - Some(readfds.highest().unwrap() + 1), + Some(readfds.highest().unwrap().as_raw_fd() + 1), &mut readfds, None, None, @@ -526,11 +533,16 @@ where &self.args } - /// The [`Forkserver`] instance. + /// Get a reference to the [`Forkserver`] instance. pub fn forkserver(&self) -> &Forkserver { &self.forkserver } + /// Get a mutable reference to the [`Forkserver`] instance. + pub fn forkserver_mut(&mut self) -> &mut Forkserver { + &mut self.forkserver + } + /// The [`InputFile`] used by this [`Executor`]. pub fn input_file(&self) -> &InputFile { &self.input_file diff --git a/libafl/src/executors/hooks/timer.rs b/libafl/src/executors/hooks/timer.rs index e402656bee..2f93f2192e 100644 --- a/libafl/src/executors/hooks/timer.rs +++ b/libafl/src/executors/hooks/timer.rs @@ -299,7 +299,7 @@ impl TimerStruct { let data = addr_of_mut!(GLOBAL_STATE); write_volatile( addr_of_mut!((*data).executor_ptr), - self as *mut _ as *mut c_void, + core::ptr::from_mut(self) as *mut c_void, ); if self.executions == 0 { diff --git a/libafl/src/executors/inprocess.rs b/libafl/src/executors/inprocess.rs index b28e6677dc..f405118507 100644 --- a/libafl/src/executors/inprocess.rs +++ b/libafl/src/executors/inprocess.rs @@ -178,25 +178,25 @@ where let data = addr_of_mut!(GLOBAL_STATE); write_volatile( addr_of_mut!((*data).current_input_ptr), - input as *const _ as *const c_void, + core::ptr::from_ref(input) as *const c_void, ); write_volatile( addr_of_mut!((*data).executor_ptr), - self as *const _ as *const c_void, + core::ptr::from_ref(self) as *const c_void, ); // Direct raw pointers access /aliasing is pretty undefined behavior. // Since the state and event may have moved in memory, refresh them right before the signal may happen write_volatile( addr_of_mut!((*data).state_ptr), - state as *mut _ as *mut c_void, + core::ptr::from_mut(state) as *mut c_void, ); write_volatile( addr_of_mut!((*data).event_mgr_ptr), - mgr as *mut _ as *mut c_void, + core::ptr::from_mut(mgr) as *mut c_void, ); write_volatile( addr_of_mut!((*data).fuzzer_ptr), - fuzzer as *mut _ as *mut c_void, + core::ptr::from_mut(fuzzer) as *mut c_void, ); compiler_fence(Ordering::SeqCst); } @@ -252,7 +252,8 @@ where ) } - /// Create a new in mem executor with the default timeout and use batch mode(5 sec) + /// Create a new in mem executor with the default timeout and use batch mode (5 sec) + /// Do not use batched mode timeouts with cmplog cores. It is not supported #[cfg(all(feature = "std", target_os = "linux"))] pub fn batched_timeouts( harness_fn: &'a mut H, diff --git a/libafl/src/executors/inprocess_fork.rs b/libafl/src/executors/inprocess_fork.rs index 289392c6a1..51e03ee862 100644 --- a/libafl/src/executors/inprocess_fork.rs +++ b/libafl/src/executors/inprocess_fork.rs @@ -278,15 +278,15 @@ where let data = addr_of_mut!(FORK_EXECUTOR_GLOBAL_DATA); write_volatile( addr_of_mut!((*data).executor_ptr), - self as *const _ as *const c_void, + core::ptr::from_ref(self) as *const c_void, ); write_volatile( addr_of_mut!((*data).current_input_ptr), - input as *const _ as *const c_void, + core::ptr::from_ref(input) as *const c_void, ); write_volatile( addr_of_mut!((*data).state_ptr), - state as *mut _ as *mut c_void, + core::ptr::from_mut(state) as *mut c_void, ); compiler_fence(Ordering::SeqCst); } diff --git a/libafl/src/executors/mod.rs b/libafl/src/executors/mod.rs index 91b4140ab3..9fed40d22f 100644 --- a/libafl/src/executors/mod.rs +++ b/libafl/src/executors/mod.rs @@ -498,7 +498,7 @@ pub mod pybind { #[inline] fn observers(&self) -> &PythonObserversTuple { let ptr = unwrap_me!(self.wrapper, e, { - e.observers() as *const PythonObserversTuple + core::ptr::from_ref::(e.observers()) }); unsafe { ptr.as_ref().unwrap() } } @@ -506,7 +506,7 @@ pub mod pybind { #[inline] fn observers_mut(&mut self) -> &mut PythonObserversTuple { let ptr = unwrap_me_mut!(self.wrapper, e, { - e.observers_mut() as *mut PythonObserversTuple + core::ptr::from_mut::(e.observers_mut()) }); unsafe { ptr.as_mut().unwrap() } } diff --git a/libafl/src/feedbacks/mod.rs b/libafl/src/feedbacks/mod.rs index eaa094aa5a..af57449d6d 100644 --- a/libafl/src/feedbacks/mod.rs +++ b/libafl/src/feedbacks/mod.rs @@ -1187,9 +1187,9 @@ pub mod pybind { // # Safety // We use this observer in Python ony when the ObserverTuple is PythonObserversTuple let dont_look_at_this: &PythonObserversTuple = - unsafe { &*(observers as *const OT as *const PythonObserversTuple) }; + unsafe { &*(core::ptr::from_ref::(observers) as *const PythonObserversTuple) }; let dont_look_at_this2: &PythonEventManager = - unsafe { &*(manager as *mut EM as *const PythonEventManager) }; + unsafe { &*(core::ptr::from_mut::(manager) as *const PythonEventManager) }; Ok(Python::with_gil(|py| -> PyResult { let r: bool = self .inner @@ -1221,7 +1221,7 @@ pub mod pybind { // # Safety // We use this observer in Python ony when the ObserverTuple is PythonObserversTuple let dont_look_at_this: &PythonObserversTuple = - unsafe { &*(observers as *const OT as *const PythonObserversTuple) }; + unsafe { &*(core::ptr::from_ref::(observers) as *const PythonObserversTuple) }; Python::with_gil(|py| -> PyResult<()> { self.inner.call_method1( py, diff --git a/libafl/src/monitors/mod.rs b/libafl/src/monitors/mod.rs index f2bbe0e937..e86ca7f8b8 100644 --- a/libafl/src/monitors/mod.rs +++ b/libafl/src/monitors/mod.rs @@ -1407,14 +1407,14 @@ pub mod pybind { impl Monitor for PythonMonitor { fn client_stats_mut(&mut self) -> &mut Vec { let ptr = unwrap_me_mut!(self.wrapper, m, { - m.client_stats_mut() as *mut Vec + core::ptr::from_mut::>(m.client_stats_mut()) }); unsafe { ptr.as_mut().unwrap() } } fn client_stats(&self) -> &[ClientStats] { let ptr = unwrap_me!(self.wrapper, m, { - m.client_stats() as *const [ClientStats] + core::ptr::from_ref::<[ClientStats]>(m.client_stats()) }); unsafe { ptr.as_ref().unwrap() } } diff --git a/libafl/src/mutators/token_mutations.rs b/libafl/src/mutators/token_mutations.rs index e0067b5527..6f229d2154 100644 --- a/libafl/src/mutators/token_mutations.rs +++ b/libafl/src/mutators/token_mutations.rs @@ -661,7 +661,7 @@ impl AFLppRedQueen { input_len: usize, hshape: usize, vec: &mut Vec>, - ) -> bool { + ) -> Result { // TODO: ascii2num (we need check q->is_ascii (in calibration stage(?))) // try Transform @@ -679,7 +679,7 @@ impl AFLppRedQueen { _ => 8, }; // prevent overflow - bytes = core::cmp::min(bytes, input_len - buf_idx); + bytes = core::cmp::min(bytes, input_len.wrapping_sub(buf_idx)); let (b_val, o_b_val, mask): (u64, u64, u64) = match bytes { 0 => { @@ -716,11 +716,11 @@ impl AFLppRedQueen { }; // Try arith - let diff = pattern as i64 - b_val as i64; - let new_diff = another_pattern as i64 - o_b_val as i64; + let diff = (pattern as i64).wrapping_sub(b_val as i64); + let new_diff = (another_pattern as i64).wrapping_sub(o_b_val as i64); if diff == new_diff && diff != 0 { - let new_repl: u64 = (repl as i64 - diff) as u64; + let new_repl: u64 = (repl as i64).wrapping_sub(diff) as u64; let ret = self.cmp_extend_encoding( pattern, @@ -735,9 +735,9 @@ impl AFLppRedQueen { input_len, hshape, vec, - ); + )?; if ret { - return true; + return Ok(true); } } @@ -762,10 +762,10 @@ impl AFLppRedQueen { input_len, hshape, vec, - ); + )?; if ret { - return true; + return Ok(true); } } @@ -790,10 +790,10 @@ impl AFLppRedQueen { input_len, hshape, vec, - ); + )?; if ret { - return true; + return Ok(true); } } @@ -818,15 +818,15 @@ impl AFLppRedQueen { input_len, hshape, vec, - ); + )?; if ret { - return true; + return Ok(true); } } } - let its_len = core::cmp::min(input_len - buf_idx, taint_len); + let its_len = core::cmp::min(input_len.wrapping_sub(buf_idx), taint_len); // Try pattern matching // println!("Pattern match"); @@ -840,29 +840,29 @@ impl AFLppRedQueen { let mut cloned = buf.to_vec(); cloned[buf_idx] = repl as u8; vec.push(cloned); - return true; + return Ok(true); } } 2 | 3 => { if its_len >= 2 { - let buf_16 = u16::from_be_bytes(buf[buf_idx..buf_idx + 2].try_into().unwrap()); + let buf_16 = u16::from_be_bytes(buf[buf_idx..buf_idx + 2].try_into()?); let another_buf_16 = - u16::from_be_bytes(another_buf[buf_idx..buf_idx + 2].try_into().unwrap()); + u16::from_be_bytes(another_buf[buf_idx..buf_idx + 2].try_into()?); if buf_16 == pattern as u16 && another_buf_16 == another_pattern as u16 { let mut cloned = buf.to_vec(); cloned[buf_idx + 1] = (repl & 0xff) as u8; cloned[buf_idx] = (repl >> 8 & 0xff) as u8; vec.push(cloned); - return true; + return Ok(true); } } } 4..=7 => { if its_len >= 4 { - let buf_32 = u32::from_be_bytes(buf[buf_idx..buf_idx + 4].try_into().unwrap()); + let buf_32 = u32::from_be_bytes(buf[buf_idx..buf_idx + 4].try_into()?); let another_buf_32 = - u32::from_be_bytes(another_buf[buf_idx..buf_idx + 4].try_into().unwrap()); + u32::from_be_bytes(another_buf[buf_idx..buf_idx + 4].try_into()?); // println!("buf: {buf_32} {another_buf_32} {pattern} {another_pattern}"); if buf_32 == pattern as u32 && another_buf_32 == another_pattern as u32 { let mut cloned = buf.to_vec(); @@ -872,15 +872,15 @@ impl AFLppRedQueen { cloned[buf_idx] = (repl >> 24 & 0xff) as u8; vec.push(cloned); - return true; + return Ok(true); } } } _ => { if its_len >= 8 { - let buf_64 = u64::from_be_bytes(buf[buf_idx..buf_idx + 8].try_into().unwrap()); + let buf_64 = u64::from_be_bytes(buf[buf_idx..buf_idx + 8].try_into()?); let another_buf_64 = - u64::from_be_bytes(another_buf[buf_idx..buf_idx + 8].try_into().unwrap()); + u64::from_be_bytes(another_buf[buf_idx..buf_idx + 8].try_into()?); if buf_64 == pattern && another_buf_64 == another_pattern { let mut cloned = buf.to_vec(); @@ -895,7 +895,7 @@ impl AFLppRedQueen { cloned[buf_idx] = (repl >> 48 & 0xff) as u8; vec.push(cloned); - return true; + return Ok(true); } } } @@ -904,7 +904,7 @@ impl AFLppRedQueen { // Try arith if self.enable_arith || attr != CMP_ATTRIBUTE_IS_TRANSFORM { if (attr & (CMP_ATTRIBUTE_IS_GREATER | CMP_ATTRIBUTE_IS_LESSER)) == 0 || hshape < 4 { - return false; + return Ok(false); } // Transform >= to < and <= to > @@ -934,7 +934,7 @@ impl AFLppRedQueen { g += 1.0; repl_new = g as u64; } else { - return false; + return Ok(false); } let ret = self.cmp_extend_encoding( @@ -950,9 +950,9 @@ impl AFLppRedQueen { input_len, hshape, vec, - ); + )?; if ret { - return true; + return Ok(true); } } else { if hshape == 4 && its_len >= 4 { @@ -964,7 +964,7 @@ impl AFLppRedQueen { g -= 1.0; repl_new = g as u64; } else { - return false; + return Ok(false); } let ret = self.cmp_extend_encoding( @@ -980,14 +980,14 @@ impl AFLppRedQueen { input_len, hshape, vec, - ); + )?; if ret { - return true; + return Ok(true); } } } else if attr < CMP_ATTRIBUTE_IS_FP { if attr & CMP_ATTRIBUTE_IS_GREATER != 0 { - let repl_new = repl + 1; + let repl_new = repl.wrapping_add(1); let ret = self.cmp_extend_encoding( pattern, @@ -1002,13 +1002,13 @@ impl AFLppRedQueen { input_len, hshape, vec, - ); + )?; if ret { - return true; + return Ok(true); } } else { - let repl_new = repl - 1; + let repl_new = repl.wrapping_sub(1); let ret = self.cmp_extend_encoding( pattern, @@ -1023,18 +1023,18 @@ impl AFLppRedQueen { input_len, hshape, vec, - ); + )?; if ret { - return true; + return Ok(true); } } } else { - return false; + return Ok(false); } } - false + Ok(false) } /// rtn part from AFL++ @@ -1057,7 +1057,7 @@ impl AFLppRedQueen { let ol0 = o_pattern.len(); let lmax = core::cmp::max(l0, ol0); let its_len = core::cmp::min( - core::cmp::min(input_len - buf_idx, taint_len), + core::cmp::min(input_len.wrapping_sub(buf_idx), taint_len), core::cmp::min(lmax, hshape), ); @@ -1315,7 +1315,7 @@ where input_len, hshape, &mut ret, - ); + )?; // Swapped // Compare v0 against v1 @@ -1332,7 +1332,7 @@ where input_len, hshape, &mut ret, - ); + )?; } if new_v1 != orig_v1 && orig_v0 != orig_v1 { @@ -1350,7 +1350,7 @@ where input_len, hshape, &mut ret, - ); + )?; // Swapped self.cmp_extend_encoding( @@ -1366,7 +1366,7 @@ where input_len, hshape, &mut ret, - ); + )?; } /* @@ -1404,7 +1404,7 @@ where input_len, hshape, &mut ret, - ); + )?; // swapped // Compare v0 against v1 @@ -1421,7 +1421,7 @@ where input_len, hshape, &mut ret, - ); + )?; } if new_v1 != orig_v1 && orig_v0 != orig_v1 { @@ -1439,7 +1439,7 @@ where input_len, hshape, &mut ret, - ); + )?; // Swapped // Compare v1 against v0 @@ -1456,7 +1456,7 @@ where input_len, hshape, &mut ret, - ); + )?; } if !cmp_found { @@ -1497,7 +1497,7 @@ where input_len, hshape, &mut ret, - ); + )?; // Swapped // Compare v0 against v1 @@ -1514,7 +1514,7 @@ where input_len, hshape, &mut ret, - ); + )?; } if new_v1 != orig_v1 && orig_v0 != orig_v1 { @@ -1532,7 +1532,7 @@ where input_len, hshape, &mut ret, - ); + )?; // Swapped // Compare v1 against v0 @@ -1549,7 +1549,7 @@ where input_len, hshape, &mut ret, - ); + )?; } if !cmp_found { @@ -1872,7 +1872,7 @@ mod tests { use std::fs; #[cfg(feature = "std")] - use super::Tokens; + use super::{AFLppRedQueen, Tokens}; #[cfg(feature = "std")] #[test] @@ -1891,4 +1891,37 @@ token2="B" assert_eq!(tokens.tokens().len(), 2); let _res = fs::remove_file("test.tkns"); } + + #[cfg(feature = "std")] + #[test] + fn test_token_mutations() { + let rq = AFLppRedQueen::with_cmplog_options(true, true); + let pattern = 0; + let repl = 0; + let another_pattern = 0; + let changed_val = 0; + let attr = 0; + let another_buf = &[0, 0, 0, 0]; + let buf = &[0, 0, 0, 0]; + let buf_idx = 0; + let taint_len = 0; + let input_len = 0; + let hshape = 0; + let mut vec = std::vec::Vec::new(); + + let _res = rq.cmp_extend_encoding( + pattern, + repl, + another_pattern, + changed_val, + attr, + another_buf, + buf, + buf_idx, + taint_len, + input_len, + hshape, + &mut vec, + ); + } } diff --git a/libafl/src/observers/mod.rs b/libafl/src/observers/mod.rs index 46c0e0e46f..ec4a0e3974 100644 --- a/libafl/src/observers/mod.rs +++ b/libafl/src/observers/mod.rs @@ -1047,7 +1047,7 @@ pub mod pybind { impl Named for PythonObserver { fn name(&self) -> &str { - let ptr = unwrap_me!(self.wrapper, o, { o.name() as *const str }); + let ptr = unwrap_me!(self.wrapper, o, { core::ptr::from_ref::(o.name()) }); unsafe { ptr.as_ref().unwrap() } } } @@ -1266,7 +1266,7 @@ pub mod pybind { } PythonObserverWrapper::Python(py_wrapper) => { if type_eq::() && py_wrapper.name() == name { - r = (py_wrapper as *const _ as *const T).as_ref(); + r = (core::ptr::from_ref(py_wrapper) as *const T).as_ref(); } } } @@ -1359,7 +1359,7 @@ pub mod pybind { } PythonObserverWrapper::Python(py_wrapper) => { if type_eq::() && py_wrapper.name() == name { - r = (py_wrapper as *mut _ as *mut T).as_mut(); + r = (core::ptr::from_mut(py_wrapper) as *mut T).as_mut(); } } } diff --git a/libafl/src/stages/logics.rs b/libafl/src/stages/logics.rs index da28017b1a..2ae9e6b651 100644 --- a/libafl/src/stages/logics.rs +++ b/libafl/src/stages/logics.rs @@ -305,7 +305,7 @@ where Z: UsesState, E::State: HasNestedStageStatus, { - type Progress = (); + type Progress = NestedStageProgress; fn perform( &mut self, diff --git a/libafl/src/state/mod.rs b/libafl/src/state/mod.rs index 3710f356e7..9bd2af6992 100644 --- a/libafl/src/state/mod.rs +++ b/libafl/src/state/mod.rs @@ -556,13 +556,7 @@ impl HasCurrentStage for StdState { } fn clear_stage(&mut self) -> Result<(), Error> { - self.stage_idx_stack.pop(); - // ensure we are in the right frame - if self.stage_depth != self.stage_idx_stack.len() { - return Err(Error::illegal_state( - "we somehow cleared too many or too few states!", - )); - } + self.stage_idx_stack.truncate(self.stage_depth); Ok(()) } diff --git a/libafl_bolts/Cargo.toml b/libafl_bolts/Cargo.toml index 2b52f18cdb..c716fe30c5 100644 --- a/libafl_bolts/Cargo.toml +++ b/libafl_bolts/Cargo.toml @@ -103,9 +103,9 @@ serde_json = { version = "1.0", optional = true, default-features = false, featu miniz_oxide = { version = "0.7.1", optional = true} hostname = { version = "^0.3", optional = true } # Is there really no gethostname in the stdlib? rand_core = { version = "0.6", optional = true } -nix = { version = "0.26", default-features = false, optional = true, features = ["signal", "socket", "poll"] } +nix = { version = "0.27", default-features = false, optional = true, features = ["signal", "socket", "poll"] } uuid = { version = "1.4", optional = true, features = ["serde", "v4"] } -clap = {version = "4.0", features = ["derive", "wrap_help"], optional = true} # CLI parsing, for libafl_bolts::cli / the `cli` feature +clap = {version = "4.5", features = ["derive", "wrap_help"], optional = true} # CLI parsing, for libafl_bolts::cli / the `cli` feature log = "0.4.20" pyo3 = { version = "0.18", optional = true, features = ["serde", "macros"] } diff --git a/libafl_bolts/examples/llmp_test/main.rs b/libafl_bolts/examples/llmp_test/main.rs index 5c193c436c..f247c5f31b 100644 --- a/libafl_bolts/examples/llmp_test/main.rs +++ b/libafl_bolts/examples/llmp_test/main.rs @@ -155,7 +155,7 @@ fn main() -> Result<(), Box> { match mode.as_str() { "broker" => { - let mut broker = llmp::LlmpBroker::new(StdShMemProvider::new()?)?; + let mut broker = llmp::LlmpBroker::new(StdShMemProvider::new()?, None)?; broker.launch_tcp_listener_on(port)?; // Exit when we got at least _n_ nodes, and all of them quit. broker.set_exit_cleanly_after(NonZeroUsize::new(1_usize).unwrap()); @@ -166,7 +166,7 @@ fn main() -> Result<(), Box> { ); } "b2b" => { - let mut broker = llmp::LlmpBroker::new(StdShMemProvider::new()?)?; + let mut broker = llmp::LlmpBroker::new(StdShMemProvider::new()?, None)?; broker.launch_tcp_listener_on(b2b_port)?; // connect back to the main broker. broker.connect_b2b(("127.0.0.1", port))?; diff --git a/libafl_bolts/src/llmp.rs b/libafl_bolts/src/llmp.rs index 00d0cd8a8e..bf0a4fd40f 100644 --- a/libafl_bolts/src/llmp.rs +++ b/libafl_bolts/src/llmp.rs @@ -75,9 +75,6 @@ use core::{ sync::atomic::{fence, AtomicU16, Ordering}, time::Duration, }; -#[cfg(all(unix, feature = "std"))] -#[cfg(not(any(target_os = "solaris", target_os = "illumos")))] -use std::os::unix::io::AsRawFd; #[cfg(feature = "std")] use std::{ env, @@ -107,9 +104,9 @@ use crate::{ ClientId, Error, }; -/// The timeout after which a client will be considered stale, and removed. +/// The default timeout in seconds after which a client will be considered stale, and removed. #[cfg(feature = "std")] -const CLIENT_TIMEOUT: Duration = Duration::from_secs(60 * 5); +const DEFAULT_CLIENT_TIMEOUT_SECS: u64 = 60 * 5; /// The max number of pages a [`client`] may have mapped that were not yet read by the [`broker`] /// Usually, this value should not exceed `1`, else the broker cannot keep up with the amount of incoming messages. @@ -452,7 +449,7 @@ fn tcp_bind(port: u16) -> Result { #[cfg(unix)] #[cfg(not(any(target_os = "solaris", target_os = "illumos")))] - socket::setsockopt(listener.as_raw_fd(), ReusePort, &true)?; + socket::setsockopt(&listener, ReusePort, &true)?; Ok(listener) } @@ -699,13 +696,17 @@ where { #[cfg(feature = "std")] /// Creates either a broker, if the tcp port is not bound, or a client, connected to this port. - pub fn on_port(shmem_provider: SP, port: u16) -> Result { + pub fn on_port( + shmem_provider: SP, + port: u16, + client_timeout: Option, + ) -> Result { match tcp_bind(port) { Ok(listener) => { // We got the port. We are the broker! :) log::info!("We're the broker"); - let mut broker = LlmpBroker::new(shmem_provider)?; + let mut broker = LlmpBroker::new(shmem_provider, client_timeout)?; let _listener_thread = broker.launch_listener(Listener::Tcp(listener))?; Ok(LlmpConnection::IsBroker { broker }) } @@ -725,9 +726,13 @@ where /// Creates a new broker on the given port #[cfg(feature = "std")] - pub fn broker_on_port(shmem_provider: SP, port: u16) -> Result { + pub fn broker_on_port( + shmem_provider: SP, + port: u16, + client_timeout: Option, + ) -> Result { Ok(LlmpConnection::IsBroker { - broker: LlmpBroker::create_attach_to_tcp(shmem_provider, port)?, + broker: LlmpBroker::create_attach_to_tcp(shmem_provider, port, client_timeout)?, }) } @@ -1961,6 +1966,9 @@ where clients_to_remove: Vec, /// The ShMemProvider to use shmem_provider: SP, + #[cfg(feature = "std")] + /// The timeout after which a client will be considered stale, and removed. + client_timeout: Duration, } /// A signal handler for the [`LlmpBroker`]. @@ -2009,16 +2017,28 @@ where SP: ShMemProvider + 'static, { /// Create and initialize a new [`LlmpBroker`] - pub fn new(shmem_provider: SP) -> Result { + pub fn new( + shmem_provider: SP, + #[cfg(feature = "std")] client_timeout: Option, + ) -> Result { // Broker never cleans up the pages so that new // clients may join at any time - Self::with_keep_pages(shmem_provider, true) + #[cfg(feature = "std")] + { + Self::with_keep_pages(shmem_provider, true, client_timeout) + } + + #[cfg(not(feature = "std"))] + { + Self::with_keep_pages(shmem_provider, true) + } } /// Create and initialize a new [`LlmpBroker`] telling if it has to keep pages forever pub fn with_keep_pages( mut shmem_provider: SP, keep_pages_forever: bool, + #[cfg(feature = "std")] client_timeout: Option, ) -> Result { Ok(LlmpBroker { llmp_out: LlmpSender { @@ -2039,6 +2059,12 @@ where listeners: vec![], exit_cleanly_after: None, num_clients_total: 0, + #[cfg(feature = "std")] + client_timeout: if let Some(to) = client_timeout { + to + } else { + Duration::from_secs(DEFAULT_CLIENT_TIMEOUT_SECS) + }, }) } @@ -2058,8 +2084,12 @@ where /// Create a new [`LlmpBroker`] attaching to a TCP port #[cfg(feature = "std")] - pub fn create_attach_to_tcp(shmem_provider: SP, port: u16) -> Result { - Self::with_keep_pages_attach_to_tcp(shmem_provider, port, true) + pub fn create_attach_to_tcp( + shmem_provider: SP, + port: u16, + client_timeout: Option, + ) -> Result { + Self::with_keep_pages_attach_to_tcp(shmem_provider, port, true, client_timeout) } /// Create a new [`LlmpBroker`] attaching to a TCP port and telling if it has to keep pages forever @@ -2068,10 +2098,15 @@ where shmem_provider: SP, port: u16, keep_pages_forever: bool, + client_timeout: Option, ) -> Result { match tcp_bind(port) { Ok(listener) => { - let mut broker = LlmpBroker::with_keep_pages(shmem_provider, keep_pages_forever)?; + let mut broker = LlmpBroker::with_keep_pages( + shmem_provider, + keep_pages_forever, + client_timeout, + )?; let _listener_thread = broker.launch_listener(Listener::Tcp(listener))?; Ok(broker) } @@ -2233,7 +2268,7 @@ where if !has_messages && !self.listeners.iter().any(|&x| x == client_id) { let last_msg_time = self.llmp_clients[i].last_msg_time; if last_msg_time < current_time - && current_time - last_msg_time > CLIENT_TIMEOUT + && current_time - last_msg_time > self.client_timeout { self.clients_to_remove.push(i); #[cfg(feature = "llmp_debug")] @@ -3257,13 +3292,15 @@ mod tests { pub fn test_llmp_connection() { #[allow(unused_variables)] let shmem_provider = StdShMemProvider::new().unwrap(); - let mut broker = match LlmpConnection::on_port(shmem_provider.clone(), 1337).unwrap() { + let mut broker = match LlmpConnection::on_port(shmem_provider.clone(), 1337, None).unwrap() + { IsClient { client: _ } => panic!("Could not bind to port as broker"), IsBroker { broker } => broker, }; // Add the first client (2nd, actually, because of the tcp listener client) - let mut client = match LlmpConnection::on_port(shmem_provider.clone(), 1337).unwrap() { + let mut client = match LlmpConnection::on_port(shmem_provider.clone(), 1337, None).unwrap() + { IsBroker { broker: _ } => panic!("Second connect should be a client!"), IsClient { client } => client, }; diff --git a/libafl_bolts/src/math.rs b/libafl_bolts/src/math.rs index a794a0e1bf..947a317b61 100644 --- a/libafl_bolts/src/math.rs +++ b/libafl_bolts/src/math.rs @@ -59,23 +59,6 @@ pub const fn integer_sqrt(val: u64) -> u64 { ret } -/// Given a u64 number, return a hashed number using this mixing function -/// This function is used to hash an address into a more random number (used in `libafl_frida`). -/// Mixing function: -#[inline] -#[must_use] -pub const fn xxh3_rrmxmx_mixer(v: u64) -> u64 { - let tmp = (v >> 32) + ((v & 0xffffffff) << 32); - let bitflip = 0x1cad21f72c81017c ^ 0xdb979082e96dd4de; - let mut h64 = tmp ^ bitflip; - h64 = h64.rotate_left(49) & h64.rotate_left(24); - h64 = h64.wrapping_mul(0x9FB21C651E98DF25); - h64 ^= (h64 >> 35) + 8; - h64 = h64.wrapping_mul(0x9FB21C651E98DF25); - h64 ^= h64 >> 28; - h64 -} - /// Calculates the cumulative sum for a slice, in-place. /// The values are useful for example for cumulative probabilities. /// diff --git a/libafl_bolts/src/os/unix_shmem_server.rs b/libafl_bolts/src/os/unix_shmem_server.rs index a6c3f9f21d..a402902a97 100644 --- a/libafl_bolts/src/os/unix_shmem_server.rs +++ b/libafl_bolts/src/os/unix_shmem_server.rs @@ -53,7 +53,7 @@ const UNIX_SERVER_NAME: &str = "./libafl_unix_shmem_server"; /// Env variable. If set, we won't try to spawn the service const AFL_SHMEM_SERVICE_STARTED: &str = "AFL_SHMEM_SERVICE_STARTED"; -/// Hands out served shared maps, as used on Android. +/// s out served shared maps, as used on Android. #[derive(Debug)] pub struct ServedShMemProvider where @@ -671,7 +671,7 @@ where }; let mut poll_fds: Vec = vec![PollFd::new( - listener.as_raw_fd(), + &listener, PollFlags::POLLIN | PollFlags::POLLRDNORM | PollFlags::POLLRDBAND, )]; @@ -714,12 +714,20 @@ where }; log::info!("Received connection from {_addr:?}"); + let pollfd = PollFd::new( - stream.as_raw_fd(), + // # Safety + // This cast will make `PollFd::new` ignore the lifetime of our stream. + // As of nix 0.27, the `PollFd` is safer, in that it checks the lifetime of the given stream. + // We did not develop this server with that new constraint in mind, but it is upheld. + // The `new` function then gets the `raw_fd` from this stream, and operate on that int internally. + unsafe { &*(&stream as *const _) }, PollFlags::POLLIN | PollFlags::POLLRDNORM | PollFlags::POLLRDBAND, ); - poll_fds.push(pollfd); + let client = SharedShMemClient::new(stream); + + poll_fds.push(pollfd); let client_id = client.stream.as_raw_fd(); self.clients.insert(client_id, client); match self.handle_client(client_id) { diff --git a/libafl_bolts/src/shmem.rs b/libafl_bolts/src/shmem.rs index fb55a9f2cd..c85546ab14 100644 --- a/libafl_bolts/src/shmem.rs +++ b/libafl_bolts/src/shmem.rs @@ -593,8 +593,8 @@ pub mod unix_shmem { use std::{io::Write, process}; use libc::{ - c_int, c_long, c_uchar, c_uint, c_ulong, c_ushort, close, ftruncate, mmap, munmap, - perror, shm_open, shm_unlink, shmat, shmctl, shmdt, shmget, + c_int, c_uchar, close, ftruncate, mmap, munmap, perror, shm_open, shm_unlink, shmat, + shmctl, shmdt, shmget, }; use crate::{ @@ -602,38 +602,6 @@ pub mod unix_shmem { shmem::{ShMem, ShMemId, ShMemProvider}, AsMutSlice, AsSlice, Error, }; - #[cfg(unix)] - #[derive(Copy, Clone)] - #[repr(C)] - struct ipc_perm { - pub __key: c_int, - pub uid: c_uint, - pub gid: c_uint, - pub cuid: c_uint, - pub cgid: c_uint, - pub mode: c_ushort, - pub __pad1: c_ushort, - pub __seq: c_ushort, - pub __pad2: c_ushort, - pub __glibc_reserved1: c_ulong, - pub __glibc_reserved2: c_ulong, - } - - #[cfg(unix)] - #[derive(Copy, Clone)] - #[repr(C)] - struct shmid_ds { - pub shm_perm: ipc_perm, - pub shm_segsz: c_ulong, - pub shm_atime: c_long, - pub shm_dtime: c_long, - pub shm_ctime: c_long, - pub shm_cpid: c_int, - pub shm_lpid: c_int, - pub shm_nattch: c_ulong, - pub __glibc_reserved4: c_ulong, - pub __glibc_reserved5: c_ulong, - } // This is macOS's limit // https://stackoverflow.com/questions/38049068/osx-shm-open-returns-enametoolong diff --git a/libafl_cc/src/no-link-rt.c b/libafl_cc/src/no-link-rt.c index daaddae2a4..e1cc59e55e 100644 --- a/libafl_cc/src/no-link-rt.c +++ b/libafl_cc/src/no-link-rt.c @@ -56,7 +56,7 @@ void __cmplog_ins_hook8(uint64_t arg1, uint64_t arg2) { (void)arg2; } -#ifndef _WIN32 +#if !defined(_WIN32) && defined(__SIZEOF_INT128__) void __cmplog_ins_hook16_extended(uint128_t arg1, uint128_t arg2, uint8_t attr) { (void)attr; diff --git a/libafl_concolic/test/dump_constraints/Cargo.toml b/libafl_concolic/test/dump_constraints/Cargo.toml index 1621d33fe4..5b441b6074 100644 --- a/libafl_concolic/test/dump_constraints/Cargo.toml +++ b/libafl_concolic/test/dump_constraints/Cargo.toml @@ -16,4 +16,4 @@ categories = ["development-tools::testing", "emulators", "embedded", "os", "no-s [dependencies] libafl = {path = "../../../libafl"} libafl_bolts = {path = "../../../libafl_bolts"} -clap = { version = "4.0", features = ["derive"] } +clap = { version = "4.5", features = ["derive"] } diff --git a/libafl_frida/Cargo.toml b/libafl_frida/Cargo.toml index fd27cc6d13..e146ea87c9 100644 --- a/libafl_frida/Cargo.toml +++ b/libafl_frida/Cargo.toml @@ -51,7 +51,7 @@ libafl_targets = { path = "../libafl_targets", version = "0.11.2", features = [ "sancov_cmplog", ] } -nix = "0.26" +nix = { version = "0.27", features = ["mman"] } libc = "0.2" hashbrown = "0.14" rangemap = "1.3" @@ -89,5 +89,5 @@ winsafe = {version = "0.0.18", features = ["kernel"]} [dev-dependencies] serial_test = { version = "2", default-features = false, features = ["logging"] } -clap = {version = "4.0", features = ["derive"]} +clap = {version = "4.5", features = ["derive"]} libloading = "0.7" diff --git a/libafl_frida/src/asan/asan_rt.rs b/libafl_frida/src/asan/asan_rt.rs index 80886e4bbd..ad0ba0085d 100644 --- a/libafl_frida/src/asan/asan_rt.rs +++ b/libafl_frida/src/asan/asan_rt.rs @@ -1469,7 +1469,7 @@ impl AsanRuntime { .operands .iter() .position(|item| *item == Operand::Nothing) - .unwrap_or_else(|| 4); + .unwrap_or(4); //the memory operand is always the last operand in aarch64 let (base_reg, index_reg, displacement) = match insn.operands[operands_len - 1] { @@ -1500,7 +1500,7 @@ impl AsanRuntime { actual_pc, ( Some(base_reg), - Some(index_reg.unwrap_or_else(|| 0xffff)), + Some(index_reg.unwrap_or(0xffff)), displacement as usize, fault_address, ), @@ -1512,7 +1512,7 @@ impl AsanRuntime { actual_pc, ( Some(base_reg), - Some(index_reg.unwrap_or_else(|| 0xffff)), + Some(index_reg.unwrap_or(0xffff)), displacement as usize, fault_address, ), @@ -1528,7 +1528,7 @@ impl AsanRuntime { pc: actual_pc, fault: ( Some(base_reg), - Some(index_reg.unwrap_or_else(|| 0xffff)), + Some(index_reg.unwrap_or(0xffff)), displacement as usize, fault_address, ), @@ -1552,7 +1552,7 @@ impl AsanRuntime { actual_pc, ( Some(base_reg), - Some(index_reg.unwrap_or_else(|| 0xffff)), + Some(index_reg.unwrap_or(0xffff)), displacement as usize, fault_address, ), @@ -1875,7 +1875,7 @@ impl AsanRuntime { ;->accessed_address: ; .dword 0x0 ; self_addr: - ; .qword self as *mut _ as *mut c_void as i64 + ; .qword core::ptr::from_mut(self) as *mut c_void as i64 ; self_regs_addr: ; .qword addr_of_mut!(self.regs) as i64 ; trap_func: @@ -2112,6 +2112,7 @@ impl AsanRuntime { #[cfg(target_arch = "aarch64")] #[must_use] #[inline] + #[allow(clippy::similar_names, clippy::type_complexity)] pub fn asan_is_interesting_instruction( decoder: InstDecoder, _address: u64, @@ -2155,7 +2156,7 @@ impl AsanRuntime { .operands .iter() .position(|item| *item == Operand::Nothing) - .unwrap_or_else(|| 4); + .unwrap_or(4); if operands_len < 2 { return None; } @@ -2174,6 +2175,7 @@ impl AsanRuntime { // println!("{:?} {}", instr, memory_access_size); //abuse the fact that the last operand is always the mem operand + #[allow(clippy::let_and_return)] match instr.operands[operands_len - 1] { Operand::RegRegOffset(reg1, reg2, size, shift, shift_size) => { let ret = Some(( @@ -2184,27 +2186,25 @@ impl AsanRuntime { Some((shift, shift_size)), )); // log::trace!("Interesting instruction: {}, {:?}", instr.to_string(), ret); - return ret; + ret } Operand::RegPreIndex(reg, disp, _) => { let ret = Some((reg, None, disp, instruction_width(&instr), None)); // log::trace!("Interesting instruction: {}, {:?}", instr.to_string(), ret); - return ret; + ret } Operand::RegPostIndex(reg, _) => { //in post index the disp is applied after so it doesn't matter for this memory access let ret = Some((reg, None, 0, instruction_width(&instr), None)); // log::trace!("Interesting instruction: {}, {:?}", instr.to_string(), ret); - return ret; + ret } Operand::RegPostIndexReg(reg, _) => { let ret = Some((reg, None, 0, instruction_width(&instr), None)); // log::trace!("Interesting instruction: {}, {:?}", instr.to_string(), ret); - return ret; - } - _ => { - return None; + ret } + _ => None, } } @@ -2538,9 +2538,9 @@ impl AsanRuntime { _ => -1, }; let (shift_encoding, shift_amount): (i32, u32) = match shift_type { - ShiftStyle::LSL => (0b00, amount as u32), - ShiftStyle::LSR => (0b01, amount as u32), - ShiftStyle::ASR => (0b10, amount as u32), + ShiftStyle::LSL => (0b00, u32::from(amount)), + ShiftStyle::LSR => (0b01, u32::from(amount)), + ShiftStyle::ASR => (0b10, u32::from(amount)), _ => (-1, 0), }; diff --git a/libafl_frida/src/coverage_rt.rs b/libafl_frida/src/coverage_rt.rs index a5215f750d..a4a5008a8c 100644 --- a/libafl_frida/src/coverage_rt.rs +++ b/libafl_frida/src/coverage_rt.rs @@ -6,7 +6,7 @@ use std::{cell::RefCell, marker::PhantomPinned, pin::Pin, rc::Rc}; use dynasmrt::DynasmLabelApi; use dynasmrt::{dynasm, DynasmApi}; use frida_gum::{instruction_writer::InstructionWriter, stalker::StalkerOutput, ModuleMap}; -use libafl_bolts::math::xxh3_rrmxmx_mixer; +use libafl_bolts::hash_std; use rangemap::RangeMap; use crate::helper::FridaRuntime; @@ -186,7 +186,7 @@ impl CoverageRuntime { /// Emits coverage mapping into the current basic block. #[inline] pub fn emit_coverage_mapping(&mut self, address: u64, output: &StalkerOutput) { - let h64 = xxh3_rrmxmx_mixer(address); + let h64 = hash_std(&address.to_le_bytes()); let writer = output.writer(); // Since the AARCH64 instruction set requires that a register be used if diff --git a/libafl_frida/src/helper.rs b/libafl_frida/src/helper.rs index 1bac7f729a..14e0937689 100644 --- a/libafl_frida/src/helper.rs +++ b/libafl_frida/src/helper.rs @@ -531,7 +531,7 @@ where if let Some(rt) = runtimes.match_first_type_mut::() { rt.emit_shadow_check( address, - &output, + output, basereg, indexreg, displacement, @@ -612,23 +612,25 @@ where // workaround frida's frida-gum-allocate-near bug: #[cfg(unix)] fn workaround_gum_allocate_near() { + use std::fs::File; + unsafe { for _ in 0..512 { - mmap( + mmap::( None, std::num::NonZeroUsize::new_unchecked(128 * 1024), ProtFlags::PROT_NONE, ANONYMOUS_FLAG | MapFlags::MAP_PRIVATE | MapFlags::MAP_NORESERVE, - -1, + None, 0, ) .expect("Failed to map dummy regions for frida workaround"); - mmap( + mmap::( None, std::num::NonZeroUsize::new_unchecked(4 * 1024 * 1024), ProtFlags::PROT_NONE, ANONYMOUS_FLAG | MapFlags::MAP_PRIVATE | MapFlags::MAP_NORESERVE, - -1, + None, 0, ) .expect("Failed to map dummy regions for frida workaround"); diff --git a/libafl_frida/src/utils.rs b/libafl_frida/src/utils.rs index 834cde5938..55909c1695 100644 --- a/libafl_frida/src/utils.rs +++ b/libafl_frida/src/utils.rs @@ -83,11 +83,11 @@ pub fn instruction_width(instr: &Instruction) -> u32 { Operand::SIMDRegisterGroup(sizecode, _, _, num) => { ////This is used for cases such as ld4 {v1.2s, v2.2s, v3.2s, v4.2s}, [x0]. //the sizecode is the size of each simd structure (This can only be D or Q), num is the number of them (i.e. ld4 would be 4) - get_simd_size(*sizecode) * *num as u32 + get_simd_size(*sizecode) * u32::from(*num) } Operand::SIMDRegisterGroupLane(_, sizecode, num, _) => { //This is used for cases such as ld4 {v0.s, v1.s, v2.s, v3.s}[0], [x0]. In this case sizecode is the size of each lane, num is the number of them - get_simd_size(*sizecode) * *num as u32 + get_simd_size(*sizecode) * u32::from(*num) } _ => { return 0; @@ -104,10 +104,10 @@ pub fn writer_register(reg: u16, sizecode: SizeCode, zr: bool) -> Aarch64Registe //yaxpeax and arm both make it so that depending on the opcode reg=31 can be EITHER SP or XZR. match (reg, sizecode, zr) { (0..=28, SizeCode::X, _) => { - Aarch64Register::from_u32(Aarch64Register::X0 as u32 + reg as u32).unwrap() + Aarch64Register::from_u32(Aarch64Register::X0 as u32 + u32::from(reg)).unwrap() } (0..=30, SizeCode::W, _) => { - Aarch64Register::from_u32(Aarch64Register::W0 as u32 + reg as u32).unwrap() + Aarch64Register::from_u32(Aarch64Register::W0 as u32 + u32::from(reg)).unwrap() } (29, SizeCode::X, _) => Aarch64Register::Fp, (30, SizeCode::X, _) => Aarch64Register::Lr, @@ -280,10 +280,8 @@ pub fn disas_count(decoder: &InstDecoder, data: &[u8], count: usize) -> Vec Vec { - let _counter = count; +pub fn disas_count(decoder: &InstDecoder, data: &[u8], _count: usize) -> Vec { let mut ret = vec![]; - let _start = 0; let mut reader = ReaderBuilder::::read_from(data); diff --git a/libafl_libfuzzer/libafl_libfuzzer_runtime/Cargo.toml b/libafl_libfuzzer/libafl_libfuzzer_runtime/Cargo.toml index a64c0bb69c..c4560bc7e8 100644 --- a/libafl_libfuzzer/libafl_libfuzzer_runtime/Cargo.toml +++ b/libafl_libfuzzer/libafl_libfuzzer_runtime/Cargo.toml @@ -36,7 +36,7 @@ libafl_targets = { path = "../../libafl_targets", features = ["sancov_8bit", "sa ahash = { version = "0.8.3", default-features = false } libc = "0.2.139" -log = "0.4.17" +log = "0.4.20" mimalloc = { version = "0.1.34", default-features = false } num-traits = "0.2.15" rand = "0.8.5" diff --git a/libafl_qemu/Cargo.toml b/libafl_qemu/Cargo.toml index 9244d2821b..8dcc30d4e7 100644 --- a/libafl_qemu/Cargo.toml +++ b/libafl_qemu/Cargo.toml @@ -56,9 +56,11 @@ systemmode = ["libafl_qemu_sys/systemmode"] ## Automatically register all `#[derive(SerdeAny)]` types at startup. serdeany_autoreg = ["libafl_bolts/serdeany_autoreg"] -## Automatically register all `#[derive(SerdeAny)]` types at startup. slirp = [ "systemmode", "libafl_qemu_sys/slirp" ] # build qemu with host libslirp (for user networking) +# disabled atm, enabled when fixed with dynamic list +# shared = [ "libafl_qemu_sys/shared" ] + [dependencies] libafl = { path = "../libafl", version = "0.11.2", default-features = false, features = ["std", "derive", "regex"] } libafl_bolts = { path = "../libafl_bolts", version = "0.11.2", default-features = false, features = ["std", "derive"] } diff --git a/libafl_qemu/build_linux.rs b/libafl_qemu/build_linux.rs index 516089432a..f6dcbd0b60 100644 --- a/libafl_qemu/build_linux.rs +++ b/libafl_qemu/build_linux.rs @@ -72,16 +72,6 @@ pub fn build() { let qasan_dir = fs::canonicalize(qasan_dir).unwrap(); println!("cargo:rerun-if-changed={}", qasan_dir.display()); - assert!(Command::new("make") - .current_dir(out_dir_path) - .env("CC", &cross_cc) - .env("OUT_DIR", &target_dir) - .arg("-C") - .arg(&qasan_dir) - .arg("clean") - .status() - .expect("make failed") - .success()); let mut make = Command::new("make"); if cfg!(debug_assertions) { make.env("CFLAGS", "-DDEBUG=1"); @@ -95,6 +85,6 @@ pub fn build() { .status() .expect("make failed") .success()); - println!("cargo:rerun-if-changed={}/libqasan.so", target_dir.display()); + // println!("cargo:rerun-if-changed={}/libqasan.so", target_dir.display()); } } diff --git a/libafl_qemu/libafl_qemu_build/Cargo.toml b/libafl_qemu/libafl_qemu_build/Cargo.toml index 9da7ea1cb7..6a3b1aa51a 100644 --- a/libafl_qemu/libafl_qemu_build/Cargo.toml +++ b/libafl_qemu/libafl_qemu_build/Cargo.toml @@ -21,6 +21,7 @@ categories = [ all-features = true [features] +shared = [] slirp = [] # build qemu with host libslirp (for user networking) clippy = [] # special feature for clippy, don't use in normal projects§ diff --git a/libafl_qemu/libafl_qemu_build/src/build.rs b/libafl_qemu/libafl_qemu_build/src/build.rs index a852b1f84f..cec7203f40 100644 --- a/libafl_qemu/libafl_qemu_build/src/build.rs +++ b/libafl_qemu/libafl_qemu_build/src/build.rs @@ -8,7 +8,12 @@ use which::which; const QEMU_URL: &str = "https://github.com/AFLplusplus/qemu-libafl-bridge"; const QEMU_DIRNAME: &str = "qemu-libafl-bridge"; -const QEMU_REVISION: &str = "51abe6fbcc34a7a8f6a19f4dea219e6a05ccb15f"; +const QEMU_REVISION: &str = "75d15d54f4417a4766d2dcb493982d9df0e8eac4"; + +pub struct BuildResult { + pub qemu_path: PathBuf, + pub build_dir: PathBuf, +} fn build_dep_check(tools: &[&str]) { for tool in tools { @@ -23,7 +28,7 @@ pub fn build( is_big_endian: bool, is_usermode: bool, jobs: Option, -) -> (PathBuf, PathBuf) { +) -> BuildResult { let mut cpu_target = cpu_target.to_string(); // qemu-system-arm supports both big and little endian configurations and so // therefore the "be" feature should ignored in this configuration. Also @@ -120,13 +125,19 @@ pub fn build( "softmmu".to_string() }; - let output_lib = if is_usermode { - build_dir.join(format!("libqemu-{cpu_target}.so")) + let (output_lib, output_lib_link) = if is_usermode { + ( + build_dir.join(format!("libqemu-{cpu_target}.so")), + format!("qemu-{cpu_target}"), + ) } else { - build_dir.join(format!("libqemu-system-{cpu_target}.so")) + ( + build_dir.join(format!("libqemu-system-{cpu_target}.so")), + format!("qemu-system-{cpu_target}"), + ) }; - println!("cargo:rerun-if-changed={}", output_lib.to_string_lossy()); + // println!("cargo:rerun-if-changed={}", output_lib.to_string_lossy()); if !output_lib.is_file() || (custom_qemu_dir.is_some() && !custom_qemu_no_build) { /*drop( @@ -337,137 +348,145 @@ pub fn build( } */ - let compile_commands_string = - &fs::read_to_string(build_dir.join("linkinfo.json")).expect("Failed to read linkinfo.json"); + if cfg!(feature = "shared") { + println!( + "cargo:rustc-link-search=native={}", + build_dir.to_string_lossy() + ); + println!("cargo:rustc-link-lib=dylib={output_lib_link}"); + } else { + let compile_commands_string = &fs::read_to_string(build_dir.join("linkinfo.json")) + .expect("Failed to read linkinfo.json"); - let linkinfo = json::parse(compile_commands_string).expect("Failed to parse linkinfo.json"); + let linkinfo = json::parse(compile_commands_string).expect("Failed to parse linkinfo.json"); - let mut cmd = vec![]; - for arg in linkinfo["cmd"].members() { - cmd.push( - arg.as_str() - .expect("linkinfo.json `cmd` values must be strings"), - ); - } + let mut cmd = vec![]; + for arg in linkinfo["cmd"].members() { + cmd.push( + arg.as_str() + .expect("linkinfo.json `cmd` values must be strings"), + ); + } - assert!(cpp_compiler - .to_command() - .current_dir(&build_dir) - .arg("-o") - .arg("libqemu-partially-linked.o") - .arg("-r") - .args(cmd) - .status() - .expect("Partial linked failure") - .success()); - - /* // Old manual linking, kept here for reference and debugging - if is_usermode { - Command::new("ld") - .current_dir(out_dir_path) + assert!(cpp_compiler + .to_command() + .current_dir(&build_dir) .arg("-o") .arg("libqemu-partially-linked.o") .arg("-r") - .args(objects) - .arg("--start-group") - .arg("--whole-archive") - .arg(format!("{}/libhwcore.fa", build_dir.display())) - .arg(format!("{}/libqom.fa", build_dir.display())) - .arg(format!("{}/libevent-loop-base.a", build_dir.display())) - .arg(format!("{}/gdbstub/libgdb_user.fa", build_dir.display())) - .arg("--no-whole-archive") - .arg(format!("{}/libqemuutil.a", build_dir.display())) - .arg(format!("{}/libhwcore.fa", build_dir.display())) - .arg(format!("{}/libqom.fa", build_dir.display())) - .arg(format!("{}/gdbstub/libgdb_user.fa", build_dir.display())) - .arg(format!( - "--dynamic-list={}/plugins/qemu-plugins.symbols", - qemu_path.display() - )) - .arg("--end-group") + .args(cmd) .status() - .expect("Partial linked failure"); - } else { - Command::new("ld") + .expect("Partial linked failure") + .success()); + + /* // Old manual linking, kept here for reference and debugging + if is_usermode { + Command::new("ld") + .current_dir(out_dir_path) + .arg("-o") + .arg("libqemu-partially-linked.o") + .arg("-r") + .args(objects) + .arg("--start-group") + .arg("--whole-archive") + .arg(format!("{}/libhwcore.fa", build_dir.display())) + .arg(format!("{}/libqom.fa", build_dir.display())) + .arg(format!("{}/libevent-loop-base.a", build_dir.display())) + .arg(format!("{}/gdbstub/libgdb_user.fa", build_dir.display())) + .arg("--no-whole-archive") + .arg(format!("{}/libqemuutil.a", build_dir.display())) + .arg(format!("{}/libhwcore.fa", build_dir.display())) + .arg(format!("{}/libqom.fa", build_dir.display())) + .arg(format!("{}/gdbstub/libgdb_user.fa", build_dir.display())) + .arg(format!( + "--dynamic-list={}/plugins/qemu-plugins.symbols", + qemu_path.display() + )) + .arg("--end-group") + .status() + .expect("Partial linked failure"); + } else { + Command::new("ld") + .current_dir(out_dir_path) + .arg("-o") + .arg("libqemu-partially-linked.o") + .arg("-r") + .args(objects) + .arg("--start-group") + .arg("--whole-archive") + .arg(format!("{}/libhwcore.fa", build_dir.display())) + .arg(format!("{}/libqom.fa", build_dir.display())) + .arg(format!("{}/libevent-loop-base.a", build_dir.display())) + .arg(format!("{}/gdbstub/libgdb_softmmu.fa", build_dir.display())) + .arg(format!("{}/libio.fa", build_dir.display())) + .arg(format!("{}/libcrypto.fa", build_dir.display())) + .arg(format!("{}/libauthz.fa", build_dir.display())) + .arg(format!("{}/libblockdev.fa", build_dir.display())) + .arg(format!("{}/libblock.fa", build_dir.display())) + .arg(format!("{}/libchardev.fa", build_dir.display())) + .arg(format!("{}/libqmp.fa", build_dir.display())) + .arg("--no-whole-archive") + .arg(format!("{}/libqemuutil.a", build_dir.display())) + .arg(format!( + "{}/subprojects/dtc/libfdt/libfdt.a", + build_dir.display() + )) + .arg(format!( + "{}/subprojects/libvhost-user/libvhost-user-glib.a", + build_dir.display() + )) + .arg(format!( + "{}/subprojects/libvhost-user/libvhost-user.a", + build_dir.display() + )) + .arg(format!( + "{}/subprojects/libvduse/libvduse.a", + build_dir.display() + )) + .arg(format!("{}/libmigration.fa", build_dir.display())) + .arg(format!("{}/libhwcore.fa", build_dir.display())) + .arg(format!("{}/libqom.fa", build_dir.display())) + .arg(format!("{}/gdbstub/libgdb_softmmu.fa", build_dir.display())) + .arg(format!("{}/libio.fa", build_dir.display())) + .arg(format!("{}/libcrypto.fa", build_dir.display())) + .arg(format!("{}/libauthz.fa", build_dir.display())) + .arg(format!("{}/libblockdev.fa", build_dir.display())) + .arg(format!("{}/libblock.fa", build_dir.display())) + .arg(format!("{}/libchardev.fa", build_dir.display())) + .arg(format!("{}/libqmp.fa", build_dir.display())) + .arg(format!( + "--dynamic-list={}/plugins/qemu-plugins.symbols", + qemu_path.display() + )) + .arg("--end-group") + .status() + .expect("Partial linked failure"); + }*/ + + Command::new("ar") .current_dir(out_dir_path) - .arg("-o") - .arg("libqemu-partially-linked.o") - .arg("-r") - .args(objects) - .arg("--start-group") - .arg("--whole-archive") - .arg(format!("{}/libhwcore.fa", build_dir.display())) - .arg(format!("{}/libqom.fa", build_dir.display())) - .arg(format!("{}/libevent-loop-base.a", build_dir.display())) - .arg(format!("{}/gdbstub/libgdb_softmmu.fa", build_dir.display())) - .arg(format!("{}/libio.fa", build_dir.display())) - .arg(format!("{}/libcrypto.fa", build_dir.display())) - .arg(format!("{}/libauthz.fa", build_dir.display())) - .arg(format!("{}/libblockdev.fa", build_dir.display())) - .arg(format!("{}/libblock.fa", build_dir.display())) - .arg(format!("{}/libchardev.fa", build_dir.display())) - .arg(format!("{}/libqmp.fa", build_dir.display())) - .arg("--no-whole-archive") - .arg(format!("{}/libqemuutil.a", build_dir.display())) - .arg(format!( - "{}/subprojects/dtc/libfdt/libfdt.a", - build_dir.display() - )) - .arg(format!( - "{}/subprojects/libvhost-user/libvhost-user-glib.a", - build_dir.display() - )) - .arg(format!( - "{}/subprojects/libvhost-user/libvhost-user.a", - build_dir.display() - )) - .arg(format!( - "{}/subprojects/libvduse/libvduse.a", - build_dir.display() - )) - .arg(format!("{}/libmigration.fa", build_dir.display())) - .arg(format!("{}/libhwcore.fa", build_dir.display())) - .arg(format!("{}/libqom.fa", build_dir.display())) - .arg(format!("{}/gdbstub/libgdb_softmmu.fa", build_dir.display())) - .arg(format!("{}/libio.fa", build_dir.display())) - .arg(format!("{}/libcrypto.fa", build_dir.display())) - .arg(format!("{}/libauthz.fa", build_dir.display())) - .arg(format!("{}/libblockdev.fa", build_dir.display())) - .arg(format!("{}/libblock.fa", build_dir.display())) - .arg(format!("{}/libchardev.fa", build_dir.display())) - .arg(format!("{}/libqmp.fa", build_dir.display())) - .arg(format!( - "--dynamic-list={}/plugins/qemu-plugins.symbols", - qemu_path.display() - )) - .arg("--end-group") + .arg("crs") + .arg("libqemu-partially-linked.a") + .arg(build_dir.join("libqemu-partially-linked.o")) .status() - .expect("Partial linked failure"); - }*/ - - Command::new("ar") - .current_dir(out_dir_path) - .arg("crs") - .arg("libqemu-partially-linked.a") - .arg(build_dir.join("libqemu-partially-linked.o")) - .status() - .expect("Ar creation"); - - println!("cargo:rustc-link-search=native={out_dir}"); - println!("cargo:rustc-link-lib=static=qemu-partially-linked"); - - for arg in linkinfo["search"].members() { - let val = arg - .as_str() - .expect("linkinfo.json `search` values must be strings"); - println!("cargo:rustc-link-search={val}"); - } + .expect("Ar creation"); - for arg in linkinfo["libs"].members() { - let val = arg - .as_str() - .expect("linkinfo.json `libs` values must be strings"); - println!("cargo:rustc-link-lib={val}"); + println!("cargo:rustc-link-search=native={out_dir}"); + println!("cargo:rustc-link-lib=static=qemu-partially-linked"); + + for arg in linkinfo["search"].members() { + let val = arg + .as_str() + .expect("linkinfo.json `search` values must be strings"); + println!("cargo:rustc-link-search={val}"); + } + + for arg in linkinfo["libs"].members() { + let val = arg + .as_str() + .expect("linkinfo.json `libs` values must be strings"); + println!("cargo:rustc-link-lib={val}"); + } } /* @@ -500,5 +519,8 @@ pub fn build( } } - (qemu_path, build_dir) + BuildResult { + qemu_path, + build_dir, + } } diff --git a/libafl_qemu/libafl_qemu_build/src/lib.rs b/libafl_qemu/libafl_qemu_build/src/lib.rs index a6fedff623..c112adf678 100644 --- a/libafl_qemu/libafl_qemu_build/src/lib.rs +++ b/libafl_qemu/libafl_qemu_build/src/lib.rs @@ -22,10 +22,16 @@ pub fn build_with_bindings( jobs: Option, bindings_file: &Path, ) { - let (qemu_dir, build_dir) = build::build(cpu_target, is_big_endian, is_usermode, jobs); - let clang_args = qemu_bindgen_clang_args(&qemu_dir, &build_dir, cpu_target, is_usermode); + let build_result = build::build(cpu_target, is_big_endian, is_usermode, jobs); - let bind = bindings::generate(&build_dir, cpu_target, clang_args) + let clang_args = qemu_bindgen_clang_args( + &build_result.qemu_path, + &build_result.build_dir, + cpu_target, + is_usermode, + ); + + let bind = bindings::generate(&build_result.build_dir, cpu_target, clang_args) .expect("Failed to generate the bindings"); bind.write_to_file(bindings_file) .expect("Faield to write to the bindings file"); diff --git a/libafl_qemu/libafl_qemu_sys/Cargo.toml b/libafl_qemu/libafl_qemu_sys/Cargo.toml index f96f182499..d04c6a69ab 100644 --- a/libafl_qemu/libafl_qemu_sys/Cargo.toml +++ b/libafl_qemu/libafl_qemu_sys/Cargo.toml @@ -31,6 +31,7 @@ usermode = [] systemmode = [] slirp = [ "systemmode", "libafl_qemu_build/slirp" ] # build qemu with host libslirp (for user networking) +shared = [ "libafl_qemu_build/shared" ] clippy = [ "libafl_qemu_build/clippy" ] # special feature for clippy, don't use in normal projects§ diff --git a/libafl_qemu/libqasan/Makefile b/libafl_qemu/libqasan/Makefile index 858cb49aa2..1044994f7c 100644 --- a/libafl_qemu/libqasan/Makefile +++ b/libafl_qemu/libqasan/Makefile @@ -21,13 +21,13 @@ override LDFLAGS += -ldl -pthread SRC := libqasan.c hooks.c malloc.c string.c uninstrument.c patch.c dlmalloc.c printf/printf.c HDR := libqasan.h qasan.h map_macro.h printf/printf.h -all: libqasan.so +all: $(OUT_DIR)/libqasan.so -libqasan.so: $(HDR) $(SRC) - $(CC) $(CFLAGS) -fPIC -shared $(SRC) -o $(OUT_DIR)/$@ $(LDFLAGS) +$(OUT_DIR)/libqasan.so: $(HDR) $(SRC) + $(CC) $(CFLAGS) -fPIC -shared $(SRC) -o $@ $(LDFLAGS) .NOTPARALLEL: clean clean: rm -f *.o *.so *~ a.out core core.[1-9][0-9]* - rm -f libqasan.so + rm -f $(OUT_DIR)/libqasan.so diff --git a/libafl_qemu/src/emu.rs b/libafl_qemu/src/emu.rs index b0c3cc5e44..e870dbeeca 100644 --- a/libafl_qemu/src/emu.rs +++ b/libafl_qemu/src/emu.rs @@ -1700,7 +1700,7 @@ impl Emulator { pub fn add_gdb_cmd(&self, callback: Box bool>) { unsafe { let fat: Box = Box::new(transmute(callback)); - libafl_qemu_add_gdb_cmd(gdb_cmd, &*fat as *const _ as *const ()); + libafl_qemu_add_gdb_cmd(gdb_cmd, core::ptr::from_ref(&*fat) as *const ()); GDB_COMMANDS.push(fat); } } diff --git a/libafl_qemu/src/executor.rs b/libafl_qemu/src/executor.rs index 2e4be7b7f9..f1eff488b6 100644 --- a/libafl_qemu/src/executor.rs +++ b/libafl_qemu/src/executor.rs @@ -79,7 +79,7 @@ pub unsafe fn inproc_qemu_crash_handler( Z: HasObjective, { let puc = match &mut context { - Some(v) => (*v) as *mut ucontext_t as *mut c_void, + Some(v) => core::ptr::from_mut::(*v) as *mut c_void, None => core::ptr::null_mut(), }; libafl_qemu_handle_crash(signal as i32, info, puc); diff --git a/libafl_qemu/src/hooks.rs b/libafl_qemu/src/hooks.rs index b6ba387518..a1a6aad8be 100644 --- a/libafl_qemu/src/hooks.rs +++ b/libafl_qemu/src/hooks.rs @@ -6,6 +6,7 @@ use core::{ fmt::{self, Debug, Formatter}, marker::PhantomData, mem::transmute, + pin::Pin, ptr::{self, addr_of, addr_of_mut}, }; @@ -25,7 +26,7 @@ use crate::{ #[derive(Clone, Copy, PartialEq, Eq, Debug)] pub(crate) enum Hook { Function(*const c_void), - Closure(Box), + Closure(FatPtr), #[cfg(emulation_mode = "usermode")] Once(Box), Empty, @@ -36,7 +37,7 @@ pub(crate) enum Hook { #[derive(Clone, PartialEq, Eq, Debug)] pub(crate) enum HookRepr { Function(*const c_void), - Closure(Box), + Closure(FatPtr), Empty, } @@ -77,7 +78,7 @@ macro_rules! hook_to_repr { ($h:expr) => { match $h { Hook::Function(f) => HookRepr::Function(f as *const libc::c_void), - Hook::Closure(c) => HookRepr::Closure(Box::new(transmute(c))), + Hook::Closure(c) => HookRepr::Closure(transmute(c)), Hook::Raw(_) => HookRepr::Empty, // managed by emu Hook::Empty => HookRepr::Empty, } @@ -242,13 +243,13 @@ macro_rules! create_exec_wrapper { } } -static mut GENERIC_HOOKS: Vec<(InstructionHookId, Box)> = vec![]; +static mut GENERIC_HOOKS: Vec>> = vec![]; create_wrapper!(generic, (pc: GuestAddr)); -static mut BACKDOOR_HOOKS: Vec<(BackdoorHookId, Box)> = vec![]; +static mut BACKDOOR_HOOKS: Vec>> = vec![]; create_wrapper!(backdoor, (pc: GuestAddr)); #[cfg(emulation_mode = "usermode")] -static mut PRE_SYSCALL_HOOKS: Vec<(PreSyscallHookId, Box)> = vec![]; +static mut PRE_SYSCALL_HOOKS: Vec>> = vec![]; #[cfg(emulation_mode = "usermode")] create_wrapper!(pre_syscall, (sys_num: i32, a0: GuestAddr, @@ -260,7 +261,7 @@ create_wrapper!(pre_syscall, (sys_num: i32, a6: GuestAddr, a7: GuestAddr), SyscallHookResult); #[cfg(emulation_mode = "usermode")] -static mut POST_SYSCALL_HOOKS: Vec<(PostSyscallHookId, Box)> = vec![]; +static mut POST_SYSCALL_HOOKS: Vec>> = vec![]; #[cfg(emulation_mode = "usermode")] create_wrapper!(post_syscall, (res: GuestAddr, sys_num: i32, a0: GuestAddr, @@ -272,20 +273,20 @@ create_wrapper!(post_syscall, (res: GuestAddr, sys_num: i32, a6: GuestAddr, a7: GuestAddr), GuestAddr); #[cfg(emulation_mode = "usermode")] -static mut NEW_THREAD_HOOKS: Vec<(NewThreadHookId, Box)> = vec![]; +static mut NEW_THREAD_HOOKS: Vec>> = vec![]; #[cfg(emulation_mode = "usermode")] create_wrapper!(new_thread, (tid: u32), bool); -static mut EDGE_HOOKS: Vec> = vec![]; +static mut EDGE_HOOKS: Vec>>> = vec![]; create_gen_wrapper!(edge, (src: GuestAddr, dest: GuestAddr), u64, 1, EdgeHookId); create_exec_wrapper!(edge, (id: u64), 0, 1, EdgeHookId); -static mut BLOCK_HOOKS: Vec> = vec![]; +static mut BLOCK_HOOKS: Vec>>> = vec![]; create_gen_wrapper!(block, (addr: GuestAddr), u64, 1, BlockHookId); create_post_gen_wrapper!(block, (addr: GuestAddr, len: GuestUsize), 1, BlockHookId); create_exec_wrapper!(block, (id: u64), 0, 1, BlockHookId); -static mut READ_HOOKS: Vec> = vec![]; +static mut READ_HOOKS: Vec>>> = vec![]; create_gen_wrapper!(read, (pc: GuestAddr, info: MemAccessInfo), u64, 5, ReadHookId); create_exec_wrapper!(read, (id: u64, addr: GuestAddr), 0, 5, ReadHookId); create_exec_wrapper!(read, (id: u64, addr: GuestAddr), 1, 5, ReadHookId); @@ -293,7 +294,7 @@ create_exec_wrapper!(read, (id: u64, addr: GuestAddr), 2, 5, ReadHookId); create_exec_wrapper!(read, (id: u64, addr: GuestAddr), 3, 5, ReadHookId); create_exec_wrapper!(read, (id: u64, addr: GuestAddr, size: usize), 4, 5, ReadHookId); -static mut WRITE_HOOKS: Vec> = vec![]; +static mut WRITE_HOOKS: Vec>>> = vec![]; create_gen_wrapper!(write, (pc: GuestAddr, info: MemAccessInfo), u64, 5, WriteHookId); create_exec_wrapper!(write, (id: u64, addr: GuestAddr), 0, 5, WriteHookId); create_exec_wrapper!(write, (id: u64, addr: GuestAddr), 1, 5, WriteHookId); @@ -301,7 +302,7 @@ create_exec_wrapper!(write, (id: u64, addr: GuestAddr), 2, 5, WriteHookId); create_exec_wrapper!(write, (id: u64, addr: GuestAddr), 3, 5, WriteHookId); create_exec_wrapper!(write, (id: u64, addr: GuestAddr, size: usize), 4, 5, WriteHookId); -static mut CMP_HOOKS: Vec> = vec![]; +static mut CMP_HOOKS: Vec>>> = vec![]; create_gen_wrapper!(cmp, (pc: GuestAddr, size: usize), u64, 4, CmpHookId); create_exec_wrapper!(cmp, (id: u64, v0: u8, v1: u8), 0, 4, CmpHookId); create_exec_wrapper!(cmp, (id: u64, v0: u16, v1: u16), 1, 4, CmpHookId); @@ -459,14 +460,25 @@ where invalidate_block: bool, ) -> InstructionHookId { unsafe { - let mut fat: Box = Box::new(transmute(hook)); + let fat: FatPtr = transmute(hook); + GENERIC_HOOKS.push(Box::pin((InstructionHookId(0), fat))); let id = self.emulator.set_hook( - transmute::<&mut FatPtr, &mut FatPtr>(&mut *fat), //transmute satisfy the lifetime + &mut GENERIC_HOOKS + .last_mut() + .unwrap() + .as_mut() + .get_unchecked_mut() + .1, addr, closure_generic_hook_wrapper::, invalidate_block, ); - GENERIC_HOOKS.push((id, fat)); + GENERIC_HOOKS + .last_mut() + .unwrap() + .as_mut() + .get_unchecked_mut() + .0 = id; id } } @@ -506,16 +518,23 @@ where edge_0_exec_hook_wrapper::, extern "C" fn(&mut HookState<1, EdgeHookId>, id: u64) ); - EDGE_HOOKS.push(HookState { + EDGE_HOOKS.push(Box::pin(HookState { id: EdgeHookId(0), gen: hook_to_repr!(generation_hook), post_gen: HookRepr::Empty, execs: [hook_to_repr!(execution_hook)], - }); - let id = self - .emulator - .add_edge_hooks(EDGE_HOOKS.last_mut().unwrap(), gen, exec); - EDGE_HOOKS.last_mut().unwrap().id = id; + })); + let id = self.emulator.add_edge_hooks( + EDGE_HOOKS.last_mut().unwrap().as_mut().get_unchecked_mut(), + gen, + exec, + ); + EDGE_HOOKS + .last_mut() + .unwrap() + .as_mut() + .get_unchecked_mut() + .id = id; id } } @@ -558,16 +577,24 @@ where block_0_exec_hook_wrapper::, extern "C" fn(&mut HookState<1, BlockHookId>, id: u64) ); - BLOCK_HOOKS.push(HookState { + BLOCK_HOOKS.push(Box::pin(HookState { id: BlockHookId(0), gen: hook_to_repr!(generation_hook), post_gen: hook_to_repr!(post_generation_hook), execs: [hook_to_repr!(execution_hook)], - }); - let id = - self.emulator - .add_block_hooks(BLOCK_HOOKS.last_mut().unwrap(), gen, postgen, exec); - BLOCK_HOOKS.last_mut().unwrap().id = id; + })); + let id = self.emulator.add_block_hooks( + BLOCK_HOOKS.last_mut().unwrap().as_mut().get_unchecked_mut(), + gen, + postgen, + exec, + ); + BLOCK_HOOKS + .last_mut() + .unwrap() + .as_mut() + .get_unchecked_mut() + .id = id; id } } @@ -648,7 +675,7 @@ where read_4_exec_hook_wrapper::, extern "C" fn(&mut HookState<5, ReadHookId>, id: u64, addr: GuestAddr, size: usize) ); - READ_HOOKS.push(HookState { + READ_HOOKS.push(Box::pin(HookState { id: ReadHookId(0), gen: hook_to_repr!(generation_hook), post_gen: HookRepr::Empty, @@ -659,9 +686,9 @@ where hook_to_repr!(execution_hook_8), hook_to_repr!(execution_hook_n), ], - }); + })); let id = self.emulator.add_read_hooks( - READ_HOOKS.last_mut().unwrap(), + READ_HOOKS.last_mut().unwrap().as_mut().get_unchecked_mut(), gen, exec1, exec2, @@ -669,7 +696,12 @@ where exec8, execn, ); - READ_HOOKS.last_mut().unwrap().id = id; + READ_HOOKS + .last_mut() + .unwrap() + .as_mut() + .get_unchecked_mut() + .id = id; id } } @@ -755,7 +787,7 @@ where size: usize, ) ); - WRITE_HOOKS.push(HookState { + WRITE_HOOKS.push(Box::pin(HookState { id: WriteHookId(0), gen: hook_to_repr!(generation_hook), post_gen: HookRepr::Empty, @@ -766,9 +798,9 @@ where hook_to_repr!(execution_hook_8), hook_to_repr!(execution_hook_n), ], - }); + })); let id = self.emulator.add_write_hooks( - WRITE_HOOKS.last_mut().unwrap(), + WRITE_HOOKS.last_mut().unwrap().as_mut().get_unchecked_mut(), gen, exec1, exec2, @@ -776,7 +808,12 @@ where exec8, execn, ); - WRITE_HOOKS.last_mut().unwrap().id = id; + WRITE_HOOKS + .last_mut() + .unwrap() + .as_mut() + .get_unchecked_mut() + .id = id; id } } @@ -837,7 +874,7 @@ where cmp_3_exec_hook_wrapper::, extern "C" fn(&mut HookState<4, CmpHookId>, id: u64, v0: u64, v1: u64) ); - CMP_HOOKS.push(HookState { + CMP_HOOKS.push(Box::pin(HookState { id: CmpHookId(0), gen: hook_to_repr!(generation_hook), post_gen: HookRepr::Empty, @@ -847,16 +884,21 @@ where hook_to_repr!(execution_hook_4), hook_to_repr!(execution_hook_8), ], - }); + })); let id = self.emulator.add_cmp_hooks( - CMP_HOOKS.last_mut().unwrap(), + CMP_HOOKS.last_mut().unwrap().as_mut().get_unchecked_mut(), gen, exec1, exec2, exec4, exec8, ); - CMP_HOOKS.last_mut().unwrap().id = id; + CMP_HOOKS + .last_mut() + .unwrap() + .as_mut() + .get_unchecked_mut() + .id = id; id } } @@ -895,12 +937,23 @@ where hook: Box FnMut(&'a mut Self, Option<&'a mut S>, GuestAddr)>, ) -> BackdoorHookId { unsafe { - let mut fat: Box = Box::new(transmute(hook)); + let fat: FatPtr = transmute(hook); + BACKDOOR_HOOKS.push(Box::pin((BackdoorHookId(0), fat))); let id = self.emulator.add_backdoor_hook( - transmute::<&mut FatPtr, &mut FatPtr>(&mut *fat), //transmute satisfy the lifetime + &mut BACKDOOR_HOOKS + .last_mut() + .unwrap() + .as_mut() + .get_unchecked_mut() + .1, closure_backdoor_hook_wrapper::, ); - BACKDOOR_HOOKS.push((id, fat)); + BACKDOOR_HOOKS + .last_mut() + .unwrap() + .as_mut() + .get_unchecked_mut() + .0 = id; id } } @@ -1008,12 +1061,23 @@ where >, ) -> PreSyscallHookId { unsafe { - let mut fat: Box = Box::new(transmute(hook)); + let fat: FatPtr = transmute(hook); + PRE_SYSCALL_HOOKS.push(Box::pin((PreSyscallHookId(0), fat))); let id = self.emulator.add_pre_syscall_hook( - transmute::<&mut FatPtr, &mut FatPtr>(&mut *fat), //transmute satisfy the lifetime + &mut PRE_SYSCALL_HOOKS + .last_mut() + .unwrap() + .as_mut() + .get_unchecked_mut() + .1, closure_pre_syscall_hook_wrapper::, ); - PRE_SYSCALL_HOOKS.push((id, fat)); + PRE_SYSCALL_HOOKS + .last_mut() + .unwrap() + .as_mut() + .get_unchecked_mut() + .0 = id; id } } @@ -1126,12 +1190,23 @@ where >, ) -> PostSyscallHookId { unsafe { - let mut fat: Box = Box::new(transmute(hook)); + let fat: FatPtr = transmute(hook); + POST_SYSCALL_HOOKS.push(Box::pin((PostSyscallHookId(0), fat))); let id = self.emulator.add_post_syscall_hook( - transmute::<&mut FatPtr, &mut FatPtr>(&mut *fat), //transmute satisfy the lifetime + &mut POST_SYSCALL_HOOKS + .last_mut() + .unwrap() + .as_mut() + .get_unchecked_mut() + .1, closure_post_syscall_hook_wrapper::, ); - POST_SYSCALL_HOOKS.push((id, fat)); + POST_SYSCALL_HOOKS + .last_mut() + .unwrap() + .as_mut() + .get_unchecked_mut() + .0 = id; id } } @@ -1173,12 +1248,23 @@ where hook: Box FnMut(&'a mut Self, Option<&'a mut S>, u32) -> bool>, ) -> NewThreadHookId { unsafe { - let mut fat: Box = Box::new(transmute(hook)); + let fat: FatPtr = transmute(hook); + NEW_THREAD_HOOKS.push(Box::pin((NewThreadHookId(0), fat))); let id = self.emulator.add_new_thread_hook( - transmute::<&mut FatPtr, &mut FatPtr>(&mut *fat), //transmute satisfy the lifetime + &mut NEW_THREAD_HOOKS + .last_mut() + .unwrap() + .as_mut() + .get_unchecked_mut() + .1, closure_new_thread_hook_wrapper::, ); - NEW_THREAD_HOOKS.push((id, fat)); + NEW_THREAD_HOOKS + .last_mut() + .unwrap() + .as_mut() + .get_unchecked_mut() + .0 = id; id } } @@ -1195,7 +1281,7 @@ where pub fn crash_closure(&self, hook: Box) { unsafe { self.emulator.set_crash_hook(crash_hook_wrapper::); - CRASH_HOOKS.push(HookRepr::Closure(Box::new(transmute(hook)))); + CRASH_HOOKS.push(HookRepr::Closure(transmute(hook))); } } } diff --git a/libafl_targets/src/cmps/mod.rs b/libafl_targets/src/cmps/mod.rs index b59171b5df..095103484d 100644 --- a/libafl_targets/src/cmps/mod.rs +++ b/libafl_targets/src/cmps/mod.rs @@ -481,7 +481,7 @@ impl Serialize for AFLppCmpLogMap { { let slice = unsafe { core::slice::from_raw_parts( - (self as *const Self) as *const u8, + (core::ptr::from_ref::(self)) as *const u8, core::mem::size_of::(), ) }; diff --git a/utils/gdb_qemu/demo/Cargo.toml b/utils/gdb_qemu/demo/Cargo.toml index 17ab4d8c6a..3f1d0e2600 100644 --- a/utils/gdb_qemu/demo/Cargo.toml +++ b/utils/gdb_qemu/demo/Cargo.toml @@ -7,5 +7,5 @@ edition = "2021" vergen = { version = "8.1.1", features = ["build", "cargo", "git", "gitcl", "rustc", "si"] } [dependencies] -anyhow = { version = "1.0.71", default-features = false } -clap = { version = "4.2.0", default-features = false, features = ["derive", "string", "std", "help"] } +anyhow = { version = "1.0", default-features = false } +clap = { version = "4.5", default-features = false, features = ["derive", "string", "std", "help"] } diff --git a/utils/gdb_qemu/gdb_qemu/Cargo.toml b/utils/gdb_qemu/gdb_qemu/Cargo.toml index 6d35917d43..2860e018c3 100644 --- a/utils/gdb_qemu/gdb_qemu/Cargo.toml +++ b/utils/gdb_qemu/gdb_qemu/Cargo.toml @@ -8,9 +8,9 @@ vergen = { version = "8.1.1", features = ["build", "cargo", "git", "gitcl", "rus [dependencies] anyhow = { version = "1.0", default-features = false } -clap = { version = "4.2", default-features = false, features = ["derive", "string", "std", "help", "derive", "error-context", "usage"] } +clap = { version = "4.5", default-features = false, features = ["derive", "string", "std", "help", "derive", "error-context", "usage"] } libc = {version = "0.2", default-features = false } -log = { version = "0.4", default-features = false } -nix = { version = "0.26", default-features = false, features = ["signal", "fs"] } +log = { version = "0.4.20", default-features = false } +nix = { version = "0.27", default-features = false, features = ["signal", "fs"] } readonly = { version = "0.2.8", default-features = false } simplelog = { version = "0.12.1", default-features = false } diff --git a/utils/gramatron/construct_automata/Cargo.toml b/utils/gramatron/construct_automata/Cargo.toml index 60853c61d7..958b38fb03 100644 --- a/utils/gramatron/construct_automata/Cargo.toml +++ b/utils/gramatron/construct_automata/Cargo.toml @@ -19,5 +19,5 @@ libafl = { path = "../../../libafl", default-features = false } serde_json = "1.0" regex = "1" postcard = { version = "1.0", features = ["alloc"], default-features = false } # no_std compatible serde serialization format -clap = { version = "4.0", features = ["derive"] } +clap = { version = "4.5", features = ["derive"] } # log = "0.4.20" diff --git a/utils/libafl_benches/Cargo.toml b/utils/libafl_benches/Cargo.toml index cd5e8914f3..335b8979b2 100644 --- a/utils/libafl_benches/Cargo.toml +++ b/utils/libafl_benches/Cargo.toml @@ -16,7 +16,7 @@ criterion = "0.5" # Benchmarking ahash = { version = "0.8", default-features=false } # The hash function already used in hashbrown rustc-hash = { version = "1.1", default-features=false } # yet another hash xxhash-rust = { version = "0.8.5", features = ["xxh3"] } # xxh3 hashing for rust -libafl_bolts = { path = "../../libafl_bolts", default-features=false } # libafl_bolts +libafl_bolts = { path = "../../libafl_bolts", default-features=false, features = ["xxh3", "alloc"] } # libafl_bolts [[bench]] name = "rand_speeds" diff --git a/utils/libafl_benches/benches/hash_speeds.rs b/utils/libafl_benches/benches/hash_speeds.rs index 35f61b3fcc..e1aee1cab2 100644 --- a/utils/libafl_benches/benches/hash_speeds.rs +++ b/utils/libafl_benches/benches/hash_speeds.rs @@ -22,14 +22,15 @@ fn criterion_benchmark(c: &mut Criterion) { });*/ c.bench_function("ahash", |b| { b.iter(|| { - let mut hasher = ahash::RandomState::with_seeds(123, 456, 789, 123).build_hasher(); + let mut hasher = + black_box(ahash::RandomState::with_seeds(123, 456, 789, 123).build_hasher()); hasher.write(black_box(&bench_vec)); hasher.finish(); }); }); c.bench_function("fxhash", |b| { b.iter(|| { - let mut hasher = rustc_hash::FxHasher::default(); + let mut hasher = black_box(rustc_hash::FxHasher::default()); hasher.write(black_box(&bench_vec)); hasher.finish(); }); diff --git a/utils/noaslr/demo/Cargo.toml b/utils/noaslr/demo/Cargo.toml index ad3e036b55..d603fab37e 100644 --- a/utils/noaslr/demo/Cargo.toml +++ b/utils/noaslr/demo/Cargo.toml @@ -7,6 +7,6 @@ edition = "2021" vergen = { version = "8.1.1", features = ["build", "cargo", "git", "gitcl", "rustc", "si"] } [dependencies] -anyhow = { version = "1.0.71", default-features = false } -clap = { version = "4.2.0", default-features = false, features = ["derive", "string", "std", "help"] } +anyhow = { version = "1.0", default-features = false } +clap = { version = "4.5", default-features = false, features = ["derive", "string", "std", "help"] } readonly = { version = "0.2.8", default-features = false } diff --git a/utils/noaslr/libnoaslr/Cargo.toml b/utils/noaslr/libnoaslr/Cargo.toml index 6b6c8db7e2..e331177773 100644 --- a/utils/noaslr/libnoaslr/Cargo.toml +++ b/utils/noaslr/libnoaslr/Cargo.toml @@ -11,9 +11,9 @@ crate-type = ["dylib"] # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html [dependencies] -anyhow = { version = "1.0.71", default-features = false } +anyhow = { version = "1.0", default-features = false } ctor = { version = "0.2", default-features = false } -nix = { version = "0.26.2", default-features = false, features = ["process", "personality"] } +nix = { version = "0.27", default-features = false, features = ["process", "personality"] } [target.'cfg(any(target_os = "freebsd", target_os = "netbsd"))'.dependencies] libc = "0.2" diff --git a/utils/noaslr/noaslr/Cargo.toml b/utils/noaslr/noaslr/Cargo.toml index 51d6d3b65c..ccf927a244 100644 --- a/utils/noaslr/noaslr/Cargo.toml +++ b/utils/noaslr/noaslr/Cargo.toml @@ -7,10 +7,10 @@ edition = "2021" vergen = { version = "8.1.1", features = ["build", "cargo", "git", "gitcl", "rustc", "si"] } [dependencies] -anyhow = { version = "1.0.71", default-features = false } -clap = { version = "4.2.0", default-features = false, features = ["derive", "string", "std", "help", "derive", "error-context", "usage"] } +anyhow = { version = "1.0", default-features = false } +clap = { version = "4.5", default-features = false, features = ["derive", "string", "std", "help", "derive", "error-context", "usage"] } log = { version = "0.4.20", default-features = false } -nix = { version = "0.26.2", default-features = false, features = ["process", "personality"] } +nix = { version = "0.27", default-features = false, features = ["process", "personality"] } readonly = { version = "0.2.8", default-features = false } simplelog = { version = "0.12.1", default-features = false }