From 959ecb32e934f76f20fe0ffbf804ba759c79f140 Mon Sep 17 00:00:00 2001 From: "Marco C." <46560192+Marcondiro@users.noreply.github.com> Date: Fri, 22 Nov 2024 15:58:23 +0100 Subject: [PATCH] Bump libipt, fix tui in intel_pt baby fuzzer (#2714) * Bump libipt, fix tui in intel_pt baby fuzzer * libipt = "0.2.0" * Use end_ip for previous block instead of ip + 1 --- Cargo.toml | 2 +- fuzzers/binary_only/intel_pt_baby_fuzzer/Cargo.toml | 2 +- libafl_intelpt/Cargo.toml | 4 ---- libafl_intelpt/src/lib.rs | 11 +++++------ .../tests/run_integration_tests_linux_with_caps.sh | 2 +- 5 files changed, 8 insertions(+), 13 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index ef6aa0e194..ef625ea260 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -91,7 +91,7 @@ cmake = "0.1.51" document-features = "0.2.10" hashbrown = { version = "0.14.5", default-features = false } # A faster hashmap, nostd compatible libc = "0.2.159" # For (*nix) libc -libipt = "0.1.4" +libipt = "0.2.0" log = "0.4.22" meminterval = "0.4.1" mimalloc = { version = "0.1.43", default-features = false } diff --git a/fuzzers/binary_only/intel_pt_baby_fuzzer/Cargo.toml b/fuzzers/binary_only/intel_pt_baby_fuzzer/Cargo.toml index b64680f9f5..276db03558 100644 --- a/fuzzers/binary_only/intel_pt_baby_fuzzer/Cargo.toml +++ b/fuzzers/binary_only/intel_pt_baby_fuzzer/Cargo.toml @@ -9,7 +9,7 @@ authors = [ edition = "2021" [features] -tui = [] +tui = ["libafl/tui_monitor"] [dependencies] libafl = { path = "../../../libafl/", default-features = false, features = [ diff --git a/libafl_intelpt/Cargo.toml b/libafl_intelpt/Cargo.toml index c976b20ee3..200882507f 100644 --- a/libafl_intelpt/Cargo.toml +++ b/libafl_intelpt/Cargo.toml @@ -10,10 +10,6 @@ readme = "./README.md" keywords = ["fuzzing", "testing", "security", "intelpt"] categories = ["development-tools::testing", "no-std"] -[package.metadata.docs.rs] -features = ["std"] -no-default-features = true # because libipt won't build - [features] default = ["std", "libipt"] std = ["libafl_bolts/std"] diff --git a/libafl_intelpt/src/lib.rs b/libafl_intelpt/src/lib.rs index 0493a715f7..c6a0a140c9 100644 --- a/libafl_intelpt/src/lib.rs +++ b/libafl_intelpt/src/lib.rs @@ -317,7 +317,7 @@ impl IntelPT { .set_image(Some(image)) .map_err(error_from_pt_error)?; - let mut previous_block_ip = 0; + let mut previous_block_end_ip = 0; let mut status; 'sync: loop { match decoder.sync_forward() { @@ -326,7 +326,7 @@ impl IntelPT { Self::decode_blocks( &mut decoder, &mut status, - &mut previous_block_ip, + &mut previous_block_end_ip, skip, map, )?; @@ -370,7 +370,7 @@ impl IntelPT { fn decode_blocks( decoder: &mut BlockDecoder<()>, status: &mut Status, - previous_block_ip: &mut u64, + previous_block_end_ip: &mut u64, skip: u64, map: &mut [T], ) -> Result<(), Error> @@ -396,13 +396,12 @@ impl IntelPT { let offset = decoder.offset().map_err(error_from_pt_error)?; if !b.speculative() && skip < offset { - // add 1 to `previous_block_ip` to avoid that all the recursive basic blocks map to 0 - let id = hash_me(*previous_block_ip + 1) ^ hash_me(b.ip()); + let id = hash_me(*previous_block_end_ip) ^ hash_me(b.ip()); // SAFETY: the index is < map.len() since the modulo operation is applied let map_loc = unsafe { map.get_unchecked_mut(id as usize % map.len()) }; *map_loc = (*map_loc).saturating_add(&1u8.into()); - *previous_block_ip = b.ip(); + *previous_block_end_ip = b.end_ip(); } } Err(e) => { diff --git a/libafl_intelpt/tests/run_integration_tests_linux_with_caps.sh b/libafl_intelpt/tests/run_integration_tests_linux_with_caps.sh index 00b001650f..78a1f41bee 100755 --- a/libafl_intelpt/tests/run_integration_tests_linux_with_caps.sh +++ b/libafl_intelpt/tests/run_integration_tests_linux_with_caps.sh @@ -8,4 +8,4 @@ for test_bin in ../target/debug/deps/integration_tests_linux-*; do fi done -cargo test intel_pt_trace_fork +cargo test intel_pt_trace_fork -- --show-output