From b5c5c544dbeee848b17dbd67edfea091d2a980b1 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 26 Nov 2024 11:04:35 +0100 Subject: [PATCH] update libaflfuzz --- fuzzers/libafl_fuzz/builder.Dockerfile | 12 ++++++------ fuzzers/libafl_fuzz/fuzzer.py | 24 +++++++++++------------- 2 files changed, 17 insertions(+), 19 deletions(-) diff --git a/fuzzers/libafl_fuzz/builder.Dockerfile b/fuzzers/libafl_fuzz/builder.Dockerfile index 5eb7780b5..1f87ca5f2 100644 --- a/fuzzers/libafl_fuzz/builder.Dockerfile +++ b/fuzzers/libafl_fuzz/builder.Dockerfile @@ -24,14 +24,14 @@ RUN apt-get update && \ # Uninstall old Rust & Install the latest one. RUN if which rustup; then rustup self uninstall -y; fi && \ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > /rustup.sh && \ - sh /rustup.sh --default-toolchain nightly-2024-07-04 -y && \ + sh /rustup.sh --default-toolchain nightly-2024-11-25 -y && \ rm /rustup.sh # Download afl++. RUN git clone https://github.com/AFLplusplus/AFLplusplus /afl # Checkout a current commit -RUN cd /afl && git pull && git checkout ab5f95e17ac7d957e26f5c1789a8624a238ac0e0 +RUN cd /afl && git pull && git checkout 5777ceaf23f48ae4ceae60e4f3a79263802633c6 # Build without Python support as we don't need it. # Set AFL_NO_X86 to skip flaky tests. @@ -43,14 +43,14 @@ RUN cd /afl && \ cp utils/aflpp_driver/libAFLDriver.a / # Download libafl. -RUN git clone https://github.com/R9295/LibAFL /libafl +RUN git clone https://github.com/AFLplusplus/LibAFL /libafl # Checkout a current commit -RUN cd /libafl && git pull && \ - git checkout libafl-fuzz/frida-mode-separate +RUN cd /libafl && git pull # Compile libafl. RUN cd /libafl && \ unset CFLAGS CXXFLAGS && \ cd ./fuzzers/forkserver/libafl-fuzz && \ - PATH="/root/.cargo/bin/:$PATH" cargo build --profile release + PATH="/root/.cargo/bin/:$PATH" cargo build --profile release --features fuzzbench + diff --git a/fuzzers/libafl_fuzz/fuzzer.py b/fuzzers/libafl_fuzz/fuzzer.py index 2db8e89d3..46e31124e 100644 --- a/fuzzers/libafl_fuzz/fuzzer.py +++ b/fuzzers/libafl_fuzz/fuzzer.py @@ -25,8 +25,7 @@ def build(): """Build benchmark.""" # Build the target with AFL++ - #aflplusplus_fuzzer.build('tracepc', 'cmplog', 'dict2file') - aflplusplus_fuzzer.build('tracepc', 'dict2file') + aflplusplus_fuzzer.build('tracepc', 'cmplog', 'dict2file') # Copy to fuzzer to OUT build_directory = os.environ['OUT'] @@ -37,12 +36,12 @@ def build(): def fuzz(input_corpus, output_corpus, target_binary): """Run fuzzer.""" # Calculate CmpLog binary path from the instrumented target binary. - #target_binary_directory = os.path.dirname(target_binary) - #cmplog_target_binary_directory = \ - # aflplusplus_fuzzer.get_cmplog_build_directory(target_binary_directory) - #target_binary_name = os.path.basename(target_binary) - #cmplog_target_binary = os.path.join(cmplog_target_binary_directory, - # target_binary_name) + target_binary_directory = os.path.dirname(target_binary) + cmplog_target_binary_directory = \ + aflplusplus_fuzzer.get_cmplog_build_directory(target_binary_directory) + target_binary_name = os.path.basename(target_binary) + cmplog_target_binary = os.path.join(cmplog_target_binary_directory, + target_binary_name) # Setup env vars libafl_fuzzer.prepare_fuzz_environment(input_corpus) @@ -59,17 +58,16 @@ def fuzz(input_corpus, output_corpus, target_binary): dictionary_path = './afl++.dict' # Run the fuzzer - #command = ['./libafl-fuzz', '-c', cmplog_target_binary] - command = ['./libafl-fuzz'] + command = ['./libafl-fuzz', '-c', cmplog_target_binary] if dictionary_path: command += (['-x', dictionary_path]) command += (['-o', output_corpus, '-i', input_corpus, target_binary]) - #command += (['-t', '1000']) + command += (['-t', '1000']) print(command) env = { 'AFL_CORES': '0', 'AFL_IGNORE_TIMEOUT': '1', - 'AFL_CMPLOG_ONLY_NEW': '1', - 'AFL_MAP_SIZE': '2621440' + 'AFL_MAP_SIZE': '2621440', + 'AFL_CMPLOG_ONLY_NEW': '1' } subprocess.check_call(command, cwd=os.environ['OUT'], env=env)