Skip to content

Commit ab30eac

Browse files
addisoncrumpaddisoncrump
committed
minor fix
1 parent 557ee00 commit ab30eac

File tree

3 files changed

+79
-51
lines changed

3 files changed

+79
-51
lines changed

libafl_libfuzzer/libafl_libfuzzer_runtime/src/lib.rs

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -428,9 +428,6 @@ pub fn LLVMFuzzerRunDriver(
428428
.map(|cstr| cstr.to_str().unwrap()),
429429
)
430430
.unwrap();
431-
for unknown in options.unknown() {
432-
eprintln!("warning: skipping unrecognised option `{unknown}'");
433-
}
434431
let res = match options.mode() {
435432
LibfuzzerMode::Fuzz => fuzz::fuzz(options, harness),
436433
LibfuzzerMode::Merge => unimplemented!(),

libafl_libfuzzer/libafl_libfuzzer_runtime/src/options.rs

Lines changed: 75 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -11,10 +11,13 @@ enum RawOption<'a> {
1111
}
1212

1313
fn parse_option(arg: &str) -> Option<RawOption> {
14-
if arg.starts_with('-') {
14+
if arg.starts_with("--") {
15+
None
16+
} else if arg.starts_with('-') {
1517
if let Some((name, value)) = arg.split_at(1).1.split_once('=') {
1618
Some(Flag { name, value })
1719
} else {
20+
eprintln!("warning: flag {arg} provided without a value; did you mean `{arg}=1'?");
1821
None
1922
}
2023
} else {
@@ -100,6 +103,7 @@ pub struct LibfuzzerOptions {
100103
ignore_ooms: bool,
101104
rss_limit: usize,
102105
unknown: Vec<String>,
106+
pub malloc_limit: usize,
103107
}
104108

105109
impl LibfuzzerOptions {
@@ -185,7 +189,9 @@ struct LibfuzzerOptionsBuilder<'a> {
185189
ignore_crashes: bool,
186190
ignore_timeouts: bool,
187191
ignore_ooms: bool,
188-
rss_limit: usize,
192+
rss_limit: Option<usize>,
193+
malloc_limit: Option<usize>,
194+
ignore_remaining: bool,
189195
unknown: Vec<&'a str>,
190196
}
191197

@@ -201,52 +207,68 @@ macro_rules! parse_or_bail {
201207

202208
impl<'a> LibfuzzerOptionsBuilder<'a> {
203209
fn consume(mut self, arg: &'a str) -> Result<Self, OptionsParseError<'a>> {
204-
if let Some(option) = parse_option(arg) {
205-
match option {
206-
Directory(dir) => {
207-
self.dirs.push(dir);
208-
}
209-
Flag { name, value } => match name {
210-
"merge" => {
211-
if parse_or_bail!(name, value, u64) > 0
212-
&& *self.mode.get_or_insert(LibfuzzerMode::Merge)
213-
!= LibfuzzerMode::Merge
214-
{
215-
return Err(OptionsParseError::MultipleModesSelected);
216-
}
210+
if !self.ignore_remaining {
211+
if let Some(option) = parse_option(arg) {
212+
match option {
213+
Directory(dir) => {
214+
self.dirs.push(dir);
217215
}
218-
"minimize_crash" => {
219-
if parse_or_bail!(name, value, u64) > 0
220-
&& *self.mode.get_or_insert(LibfuzzerMode::Cmin) != LibfuzzerMode::Cmin
221-
{
222-
return Err(OptionsParseError::MultipleModesSelected);
216+
Flag { name, value } => match name {
217+
"merge" => {
218+
if parse_or_bail!(name, value, u64) > 0
219+
&& *self.mode.get_or_insert(LibfuzzerMode::Merge)
220+
!= LibfuzzerMode::Merge
221+
{
222+
return Err(OptionsParseError::MultipleModesSelected);
223+
}
223224
}
224-
}
225-
"grimoire" => self.grimoire = Some(parse_or_bail!(name, value, u64) > 0),
226-
"artifact_prefix" => {
227-
self.artifact_prefix = Some(value);
228-
}
229-
"timeout" => {
230-
self.timeout =
231-
Some(value.parse().map(Duration::from_secs_f64).map_err(|_| {
232-
OptionsParseError::OptionValueParseFailed(name, value)
233-
})?);
234-
}
235-
"dict" => self.dict = Some(value),
236-
"fork" | "jobs" => {
237-
self.forks = Some(parse_or_bail!(name, value, usize));
238-
}
239-
"ignore_crashes" => self.ignore_crashes = parse_or_bail!(name, value, u64) > 0,
240-
"ignore_timeouts" => {
241-
self.ignore_timeouts = parse_or_bail!(name, value, u64) > 0
242-
}
243-
"ignore_ooms" => self.ignore_ooms = parse_or_bail!(name, value, u64) > 0,
244-
"rss_limit_mb" => self.rss_limit = parse_or_bail!(name, value, usize) << 20,
245-
_ => self.unknown.push(arg),
246-
},
225+
"minimize_crash" => {
226+
if parse_or_bail!(name, value, u64) > 0
227+
&& *self.mode.get_or_insert(LibfuzzerMode::Cmin)
228+
!= LibfuzzerMode::Cmin
229+
{
230+
return Err(OptionsParseError::MultipleModesSelected);
231+
}
232+
}
233+
"grimoire" => self.grimoire = Some(parse_or_bail!(name, value, u64) > 0),
234+
"artifact_prefix" => {
235+
self.artifact_prefix = Some(value);
236+
}
237+
"timeout" => {
238+
self.timeout =
239+
Some(value.parse().map(Duration::from_secs_f64).map_err(|_| {
240+
OptionsParseError::OptionValueParseFailed(name, value)
241+
})?);
242+
}
243+
"dict" => self.dict = Some(value),
244+
"fork" | "jobs" => {
245+
self.forks = Some(parse_or_bail!(name, value, usize));
246+
}
247+
"ignore_crashes" => {
248+
self.ignore_crashes = parse_or_bail!(name, value, u64) > 0
249+
}
250+
"ignore_timeouts" => {
251+
self.ignore_timeouts = parse_or_bail!(name, value, u64) > 0
252+
}
253+
"ignore_ooms" => self.ignore_ooms = parse_or_bail!(name, value, u64) > 0,
254+
"rss_limit_mb" => {
255+
self.rss_limit = Some(parse_or_bail!(name, value, usize) << 20)
256+
}
257+
"malloc_limit_mb" => {
258+
self.malloc_limit = Some(parse_or_bail!(name, value, usize) << 20)
259+
}
260+
"ignore_remaining_args" => {
261+
self.ignore_remaining = parse_or_bail!(name, value, u64) > 0
262+
}
263+
_ => {
264+
eprintln!("warning: unrecognised flag {name}");
265+
self.unknown.push(arg)
266+
}
267+
},
268+
}
269+
} else {
270+
self.unknown.push(arg)
247271
}
248-
} else {
249-
self.unknown.push(arg);
250272
}
251273
Ok(self)
252274
}
@@ -266,7 +288,14 @@ impl<'a> LibfuzzerOptionsBuilder<'a> {
266288
ignore_crashes: self.ignore_crashes,
267289
ignore_timeouts: self.ignore_timeouts,
268290
ignore_ooms: self.ignore_ooms,
269-
rss_limit: self.rss_limit,
291+
rss_limit: match self.rss_limit.unwrap_or(2 << 30) {
292+
0 => usize::MAX,
293+
value => value,
294+
},
295+
malloc_limit: match self.malloc_limit.or(self.rss_limit).unwrap_or(2 << 30) {
296+
0 => usize::MAX,
297+
value => value,
298+
},
270299
unknown: self.unknown.into_iter().map(|s| s.to_string()).collect(),
271300
})
272301
}

libafl_targets/src/libfuzzer/observers.rs

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,11 +31,13 @@ extern "C" fn oom_malloc_hook(ptr: *const c_void, size: usize) {
3131
};
3232

3333
let total = MALLOC_SIZE.fetch_add(size, Ordering::Relaxed) + size;
34-
if total > unsafe { RSS_MAX } {
34+
if total > unsafe { RSS_MAX } && !OOMED.load(Ordering::Relaxed) {
3535
OOMED.store(true, Ordering::Relaxed);
3636
unsafe {
3737
// we need to kill the process in a way that immediately triggers the crash handler
38-
libc::abort();
38+
let null = core::ptr::null_mut();
39+
*null = 0;
40+
panic!("We somehow didn't crash on a null pointer write. Strange...");
3941
}
4042
}
4143
}

0 commit comments

Comments
 (0)