Skip to content

Commit

Permalink
Mark unsafe functions unsafe, as Ferris intended (AFLplusplus#2559)
Browse files Browse the repository at this point in the history
* Mark unsafe functions unsafe, as Ferris inteded

* More

* more safety?

* more fix

* actually safe

* More cleanup

* More fix

* more unsafe

* fix imports

* more unsafe

* fixes

* bring back the memories
  • Loading branch information
domenukk authored Sep 28, 2024
1 parent afb682b commit 8211047
Show file tree
Hide file tree
Showing 50 changed files with 426 additions and 159 deletions.
2 changes: 1 addition & 1 deletion fuzzers/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ They are sorted by focus:
- [`binary_only`](./binary_only/): Fuzzers for binary-only targets.
- [`forkserver`](./forkserver/): Fuzzers that use a forkserver-style executor.
- [`full_system`](./full_system/): Fuzzers for full-system targets (kernels, firmwares, etc...).
- [`fuzz-anything`](./fuzz_anything/): Fuzzers for advanced targets like WASM or python, and other fuzzers that can be used for anything.
- [`fuzz_anything`](./fuzz_anything/): Fuzzers for advanced targets like WASM or python, and other fuzzers that can be used for anything.
- [`inprocess`](./inprocess/): Common In-process fuzzers. Most of the time, this is what you want.
- [`structure_aware`](./structure_aware/): Grammar fuzzers, fuzzers for certain languages, fuzzers with custom inputs, and more.

Expand Down
8 changes: 6 additions & 2 deletions fuzzers/baby/tutorial/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,11 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
let mut harness = |input: &PacketData| {
let target = input.target_bytes();
let buf = target.as_slice();
libfuzzer_test_one_input(buf);
// # Safety
// We're looking for crashes in there!
unsafe {
libfuzzer_test_one_input(buf);
}
ExitKind::Ok
};

Expand Down Expand Up @@ -155,7 +159,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
// The actual target run starts here.
// Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 {
if unsafe { libfuzzer_initialize(&args) } == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1");
}

Expand Down
14 changes: 14 additions & 0 deletions fuzzers/fuzz_anything/baby_fuzzer_wasm/pkg/index.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>libafl_wasm test</title>
</head>
<body>
<script type="module">
import libafl_wasm from './libafl_wasm.js'

libafl_wasm().then(wasm => wasm.fuzz())
</script>
</body>
</html>
17 changes: 17 additions & 0 deletions fuzzers/fuzz_anything/baby_fuzzer_wasm/pkg/package.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"name": "baby_fuzzer_wasm",
"collaborators": [
"Addison Crump <[email protected]>"
],
"version": "0.1.0",
"files": [
"baby_fuzzer_wasm_bg.wasm",
"baby_fuzzer_wasm.js",
"baby_fuzzer_wasm.d.ts"
],
"module": "baby_fuzzer_wasm.js",
"types": "baby_fuzzer_wasm.d.ts",
"sideEffects": [
"./snippets/*"
]
}
12 changes: 8 additions & 4 deletions fuzzers/inprocess/dynamic_analysis/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@ fn run_testcases(filenames: &[&str]) {
// The actual target run starts here.
// Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 {
if unsafe { libfuzzer_initialize(&args) } == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1");
}

Expand All @@ -191,7 +191,9 @@ fn run_testcases(filenames: &[&str]) {
let mut buffer = vec![];
file.read_to_end(&mut buffer).expect("Buffer overflow");

libfuzzer_test_one_input(&buffer);
unsafe {
libfuzzer_test_one_input(&buffer);
}
}
}

Expand Down Expand Up @@ -296,7 +298,7 @@ fn fuzz(
// The actual target run starts here.
// Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 {
if unsafe { libfuzzer_initialize(&args) } == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1");
}

Expand Down Expand Up @@ -331,7 +333,9 @@ fn fuzz(
let mut harness = |input: &BytesInput| {
let target = input.target_bytes();
let buf = target.as_slice();
libfuzzer_test_one_input(buf);
unsafe {
libfuzzer_test_one_input(buf);
}
ExitKind::Ok
};

Expand Down
12 changes: 8 additions & 4 deletions fuzzers/inprocess/fuzzbench/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,7 @@ fn run_testcases(filenames: &[&str]) {
// The actual target run starts here.
// Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 {
if unsafe { libfuzzer_initialize(&args) } == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1");
}

Expand All @@ -189,7 +189,9 @@ fn run_testcases(filenames: &[&str]) {
let mut buffer = vec![];
file.read_to_end(&mut buffer).expect("Buffer overflow");

libfuzzer_test_one_input(&buffer);
unsafe {
libfuzzer_test_one_input(&buffer);
}
}
}

Expand Down Expand Up @@ -290,7 +292,7 @@ fn fuzz(
// The actual target run starts here.
// Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 {
if unsafe { libfuzzer_initialize(&args) } == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1");
}

Expand Down Expand Up @@ -325,7 +327,9 @@ fn fuzz(
let mut harness = |input: &BytesInput| {
let target = input.target_bytes();
let buf = target.as_slice();
libfuzzer_test_one_input(buf);
unsafe {
libfuzzer_test_one_input(buf);
}
ExitKind::Ok
};

Expand Down
12 changes: 8 additions & 4 deletions fuzzers/inprocess/fuzzbench_ctx/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,7 @@ fn run_testcases(filenames: &[&str]) {
// The actual target run starts here.
// Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 {
if unsafe { libfuzzer_initialize(&args) } == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1");
}

Expand All @@ -194,7 +194,9 @@ fn run_testcases(filenames: &[&str]) {
let mut buffer = vec![];
file.read_to_end(&mut buffer).expect("Buffer overflow");

libfuzzer_test_one_input(&buffer);
unsafe {
libfuzzer_test_one_input(&buffer);
}
}
}

Expand Down Expand Up @@ -300,7 +302,7 @@ fn fuzz(
// The actual target run starts here.
// Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 {
if unsafe { libfuzzer_initialize(&args) } == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1");
}

Expand Down Expand Up @@ -335,7 +337,9 @@ fn fuzz(
let mut harness = |input: &BytesInput| {
let target = input.target_bytes();
let buf = target.as_slice();
libfuzzer_test_one_input(buf);
unsafe {
libfuzzer_test_one_input(buf);
}
ExitKind::Ok
};

Expand Down
18 changes: 12 additions & 6 deletions fuzzers/inprocess/fuzzbench_text/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,7 @@ fn run_testcases(filenames: &[&str]) {
// The actual target run starts here.
// Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 {
if unsafe { libfuzzer_initialize(&args) } == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1");
}

Expand All @@ -251,7 +251,9 @@ fn run_testcases(filenames: &[&str]) {
let mut buffer = vec![];
file.read_to_end(&mut buffer).expect("Buffer overflow");

libfuzzer_test_one_input(&buffer);
unsafe {
libfuzzer_test_one_input(&buffer);
}
}
}

Expand Down Expand Up @@ -357,7 +359,7 @@ fn fuzz_binary(
// The actual target run starts here.
// Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 {
if unsafe { libfuzzer_initialize(&args) } == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1");
}

Expand Down Expand Up @@ -392,7 +394,9 @@ fn fuzz_binary(
let mut harness = |input: &BytesInput| {
let target = input.target_bytes();
let buf = target.as_slice();
libfuzzer_test_one_input(buf);
unsafe {
libfuzzer_test_one_input(buf);
}
ExitKind::Ok
};

Expand Down Expand Up @@ -570,7 +574,7 @@ fn fuzz_text(
// The actual target run starts here.
// Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 {
if unsafe { libfuzzer_initialize(&args) } == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1");
}

Expand Down Expand Up @@ -618,7 +622,9 @@ fn fuzz_text(
let mut harness = |input: &BytesInput| {
let target = input.target_bytes();
let buf = target.as_slice();
libfuzzer_test_one_input(buf);
unsafe {
libfuzzer_test_one_input(buf);
}
ExitKind::Ok
};

Expand Down
6 changes: 4 additions & 2 deletions fuzzers/inprocess/libfuzzer_libmozjpeg/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,9 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
let mut harness = |input: &BytesInput| {
let target = input.target_bytes();
let buf = target.as_slice();
libfuzzer_test_one_input(buf);
unsafe {
libfuzzer_test_one_input(buf);
}
ExitKind::Ok
};

Expand All @@ -159,7 +161,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
// The actual target run starts here.
// Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 {
if unsafe { libfuzzer_initialize(&args) } == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1");
}

Expand Down
6 changes: 4 additions & 2 deletions fuzzers/inprocess/libfuzzer_libpng/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,9 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
*addr = 1;
}
}
libfuzzer_test_one_input(buf);
unsafe {
libfuzzer_test_one_input(buf);
}
ExitKind::Ok
};

Expand All @@ -191,7 +193,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
// The actual target run starts here.
// Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 {
if unsafe { libfuzzer_initialize(&args) } == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1");
}

Expand Down
6 changes: 4 additions & 2 deletions fuzzers/inprocess/libfuzzer_libpng_accounting/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,9 @@ pub extern "C" fn libafl_main() {
let mut harness = |input: &BytesInput| {
let target = input.target_bytes();
let buf = target.as_slice();
libfuzzer_test_one_input(buf);
unsafe {
libfuzzer_test_one_input(buf);
}
ExitKind::Ok
};

Expand All @@ -227,7 +229,7 @@ pub extern "C" fn libafl_main() {
// The actual target run starts here.
// Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 {
if unsafe { libfuzzer_initialize(&args) } == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1");
}

Expand Down
6 changes: 4 additions & 2 deletions fuzzers/inprocess/libfuzzer_libpng_centralized/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -205,7 +205,9 @@ pub extern "C" fn libafl_main() {
let mut harness = |input: &BytesInput| {
let target = input.target_bytes();
let buf = target.as_slice();
libfuzzer_test_one_input(buf);
unsafe {
libfuzzer_test_one_input(buf);
}
ExitKind::Ok
};

Expand Down Expand Up @@ -233,7 +235,7 @@ pub extern "C" fn libafl_main() {
// The actual target run starts here.
// Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 {
if unsafe { libfuzzer_initialize(&args) } == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1");
}

Expand Down
6 changes: 4 additions & 2 deletions fuzzers/inprocess/libfuzzer_libpng_cmin/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,9 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
*addr = 1;
}
}
libfuzzer_test_one_input(buf);
unsafe {
libfuzzer_test_one_input(buf);
}
ExitKind::Ok
};

Expand All @@ -187,7 +189,7 @@ fn fuzz(corpus_dirs: &[PathBuf], objective_dir: PathBuf, broker_port: u16) -> Re
// The actual target run starts here.
// Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 {
if unsafe { libfuzzer_initialize(&args) } == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1");
}

Expand Down
6 changes: 4 additions & 2 deletions fuzzers/inprocess/libfuzzer_libpng_launcher/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -204,7 +204,9 @@ pub extern "C" fn libafl_main() {
let mut harness = |input: &BytesInput| {
let target = input.target_bytes();
let buf = target.as_slice();
libfuzzer_test_one_input(buf);
unsafe {
libfuzzer_test_one_input(buf);
}
ExitKind::Ok
};

Expand Down Expand Up @@ -232,7 +234,7 @@ pub extern "C" fn libafl_main() {
// The actual target run starts here.
// Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 {
if unsafe { libfuzzer_initialize(&args) } == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1");
}

Expand Down
6 changes: 4 additions & 2 deletions fuzzers/inprocess/libfuzzer_libpng_norestart/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -229,7 +229,9 @@ pub extern "C" fn libafl_main() {
let mut harness = |input: &BytesInput| {
let target = input.target_bytes();
let buf = target.as_slice();
libfuzzer_test_one_input(buf);
unsafe {
libfuzzer_test_one_input(buf);
}
ExitKind::Ok
};

Expand All @@ -245,7 +247,7 @@ pub extern "C" fn libafl_main() {
// The actual target run starts here.
// Call LLVMFUzzerInitialize() if present.
let args: Vec<String> = env::args().collect();
if libfuzzer_initialize(&args) == -1 {
if unsafe { libfuzzer_initialize(&args) } == -1 {
println!("Warning: LLVMFuzzerInitialize failed with -1");
}

Expand Down
Loading

0 comments on commit 8211047

Please sign in to comment.