Merge remote-tracking branch 'upstream/main'

Author: Marcondiro

.github/workflows/build_and_test.yml

@@ -369,58 +369,58 @@ jobs:
         shell: bash
         run: RUN_ON_CI=1 LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} ./scripts/test_fuzzer.sh ${{ matrix.fuzzer }}
 
-  fuzzers-qemu-user:
-    needs:
-      - changes
-    if: ${{ needs.changes.outputs.qemu == 'true' }}
-    strategy:
-      matrix:
-        os: [ubuntu-24.04]
-        fuzzer:
-          # Binary only
-          - ./fuzzers/binary_only/qemu_cmin
-          - ./fuzzers/binary_only/qemu_coverage
-          - ./fuzzers/binary_only/qemu_launcher
-        arch:
-          # unless somebody pays us for the servers.
-          # - aarch64
-          # - arm
-          # - i386
-          # - ppc
-          - x86_64
-
-    runs-on: [ self-hosted, qemu ]
-    container: registry.gitlab.com/qemu-project/qemu/qemu/ubuntu2204:latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/workflows/qemu-fuzzer-tester-prepare
-      - name: Build and run example QEMU fuzzers (Linux)
-        if: runner.os == 'Linux'
-        shell: bash
-        run: ARCH=${{ matrix.arch }} RUN_ON_CI=1 LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} ./scripts/test_fuzzer.sh ${{ matrix.fuzzer }}
-
-  fuzzers-qemu-system:
-    needs:
-      - changes
-    if: ${{ needs.changes.outputs.qemu == 'true' }}
-    strategy:
-      matrix:
-        os: [ubuntu-24.04]
-        fuzzer:
-          # Full-system
-          - ./fuzzers/full_system/qemu_baremetal
-          - ./fuzzers/full_system/qemu_linux_kernel
-          - ./fuzzers/full_system/qemu_linux_process
-
-    runs-on: [ self-hosted, qemu ]
-    container: registry.gitlab.com/qemu-project/qemu/qemu/ubuntu2204:latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/workflows/qemu-fuzzer-tester-prepare
-      - name: Build and run example QEMU fuzzers (Linux)
-        if: runner.os == 'Linux'
-        shell: bash
-        run: RUN_ON_CI=1 LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} ./scripts/test_fuzzer.sh ${{ matrix.fuzzer }}
+  # fuzzers-qemu-user:
+  #   needs:
+  #     - changes
+  #   if: ${{ needs.changes.outputs.qemu == 'true' }}
+  #   strategy:
+  #     matrix:
+  #       os: [ubuntu-24.04]
+  #       fuzzer:
+  #         Binary only
+  #         - ./fuzzers/binary_only/qemu_cmin
+  #         - ./fuzzers/binary_only/qemu_coverage
+  #         - ./fuzzers/binary_only/qemu_launcher
+  #       arch:
+  #         # unless somebody pays us for the servers.
+  #         # - aarch64
+  #         # - arm
+  #         # - i386
+  #         # - ppc
+  #         - x86_64
+  #
+  #   runs-on: [ self-hosted, qemu ]
+  #   container: registry.gitlab.com/qemu-project/qemu/qemu/ubuntu2204:latest
+  #   steps:
+  #     - uses: actions/checkout@v4
+  #     - uses: ./.github/workflows/qemu-fuzzer-tester-prepare
+  #     - name: Build and run example QEMU fuzzers (Linux)
+  #       if: runner.os == 'Linux'
+  #       shell: bash
+  #       run: ARCH=${{ matrix.arch }} RUN_ON_CI=1 LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} ./scripts/test_fuzzer.sh ${{ matrix.fuzzer }}
+  #
+  # fuzzers-qemu-system:
+  #   needs:
+  #     - changes
+  #   if: ${{ needs.changes.outputs.qemu == 'true' }}
+  #   strategy:
+  #     matrix:
+  #       os: [ubuntu-24.04]
+  #       fuzzer:
+  #         Full-system
+  #         - ./fuzzers/full_system/qemu_baremetal
+  #         - ./fuzzers/full_system/qemu_linux_kernel
+  #         - ./fuzzers/full_system/qemu_linux_process
+  #
+  #   runs-on: [ self-hosted, qemu ]
+  #   container: registry.gitlab.com/qemu-project/qemu/qemu/ubuntu2204:latest
+  #   steps:
+  #     - uses: actions/checkout@v4
+  #     - uses: ./.github/workflows/qemu-fuzzer-tester-prepare
+  #     - name: Build and run example QEMU fuzzers (Linux)
+  #       if: runner.os == 'Linux'
+  #       shell: bash
+  #       run: RUN_ON_CI=1 LLVM_CONFIG=llvm-config-${{env.MAIN_LLVM_VERSION}} ./scripts/test_fuzzer.sh ${{ matrix.fuzzer }}
 
   nostd-build:
     runs-on: ubuntu-24.04

.gitignore

@@ -85,3 +85,6 @@ rustc-ice-*
 
 # backup files
 *.bak
+
+# log
+log

Cargo.toml

@@ -156,8 +156,8 @@ std_instead_of_core = "deny"
 cargo = { level = "warn", priority = -1 }
 
 # Allow
-negative_feature_names = "allow"    # TODO: turn into 'warn' when working
-multiple_crate_versions = "allow"   # TODO: turn into `warn` when working
+negative_feature_names = "allow"       # TODO: turn into 'warn' when working
+multiple_crate_versions = "allow"      # TODO: turn into `warn` when working
 unreadable_literal = "allow"
 type_repetition_in_bounds = "allow"
 missing_errors_doc = "allow"
@@ -169,8 +169,8 @@ module_name_repetitions = "allow"
 unsafe_derive_deserialize = "allow"
 similar_names = "allow"
 too_many_lines = "allow"
-comparison_chain = "allow"          # This lint makes **ZERO** sense
-
+comparison_chain = "allow"             # This lint makes **ZERO** sense
+unnecessary_debug_formatting = "allow" # :thumbsdown: :thumbsdown: :thumbsdown: :thumbsdown: :thumbsdown: :thumbsdown: 
 
 [workspace.lints.rustdoc]
 # Deny

Dockerfile

@@ -68,28 +68,33 @@ RUN set -ex &&\
   chmod +x llvm.sh &&\
   ./llvm.sh ${LLVM_VERSION}
 
+RUN apt-get update && \
+  apt-get install -y \
+  clang-format-${LLVM_VERSION}
+
 RUN git config --global core.pager cat
 
 # Install a modern version of QEMU
-
 WORKDIR /root
 ENV QEMU_VER=9.2.1
-RUN wget https://download.qemu.org/qemu-${QEMU_VER}.tar.xz
-RUN tar xvJf qemu-${QEMU_VER}.tar.xz
-WORKDIR /root/qemu-${QEMU_VER}
-RUN ./configure --target-list="\
-    arm-linux-user,\
-    aarch64-linux-user,\
-    i386-linux-user,\
-    ppc-linux-user,\
-    mips-linux-user,\
-    arm-softmmu,\
-    aarch64-softmmu,\
-    i386-softmmu,\
-    ppc-softmmu,\
-    mips-softmmu"
-RUN make -j
-RUN make install
+RUN wget https://download.qemu.org/qemu-${QEMU_VER}.tar.xz && \
+    tar xvJf qemu-${QEMU_VER}.tar.xz && \
+    cd /root/qemu-${QEMU_VER} && \
+   ./configure --target-list="\
+      arm-linux-user,\
+      aarch64-linux-user,\
+      i386-linux-user,\
+      ppc-linux-user,\
+      mips-linux-user,\
+      arm-softmmu,\
+      aarch64-softmmu,\
+      i386-softmmu,\
+      ppc-softmmu,\
+      mips-softmmu" && \
+    make -j && \
+    make install && \
+    cd /root && \
+    rm -rf qemu-${QEMU_VER}
 
 # Copy a dummy.rs and Cargo.toml first, so that dependencies are cached
 WORKDIR /libafl

fuzzers/forkserver/libafl-fuzz/src/corpus.rs

@@ -146,12 +146,10 @@ pub fn check_autoresume(fuzzer_dir: &Path, auto_resume: bool) -> Result<Flock<Fi
 
 pub fn create_dir_if_not_exists(path: &Path) -> io::Result<()> {
     if path.is_file() {
-        return Err(io::Error::new(
-            // TODO: change this to ErrorKind::NotADirectory
-            // when stabilitzed https://github.com/rust-lang/rust/issues/86442
-            io::ErrorKind::Other,
-            format!("{} expected a directory; got a file", path.display()),
-        ));
+        return Err(io::Error::other(format!(
+            "{} expected a directory; got a file",
+            path.display()
+        )));
     }
     match std::fs::create_dir(path) {
         Ok(()) => Ok(()),

fuzzers/forkserver/libafl-fuzz/src/feedback/seed.rs

@@ -100,12 +100,6 @@ where
         Ok(())
     }
 
-    /// Discard the stored metadata in case that the testcase is not added to the corpus
-    #[inline]
-    fn discard_metadata(&mut self, state: &mut S, input: &I) -> Result<(), Error> {
-        self.inner.discard_metadata(state, input)?;
-        Ok(())
-    }
     #[cfg(feature = "track_hit_feedbacks")]
     fn last_result(&self) -> Result<bool, Error> {
         self.inner.last_result()

fuzzers/inprocess/fuzzbench_ctx/src/lib.rs

@@ -345,16 +345,6 @@ fn fuzz(
 
     let mut tracing_harness = harness;
     let ctx_hook = CtxHook::new();
-    // Create the executor for an in-process function with one observer for edge coverage and one for the execution time
-    let mut executor = HookableInProcessExecutor::with_timeout_generic(
-        tuple_list!(ctx_hook),
-        &mut harness,
-        tuple_list!(edges_observer, time_observer),
-        &mut fuzzer,
-        &mut state,
-        &mut mgr,
-        timeout,
-    )?;
 
     // Setup a tracing stage in which we log comparisons
     let tracing = TracingStage::new(
@@ -369,6 +359,17 @@ fn fuzz(
         // Give it more time!
     );
 
+    // Create the executor for an in-process function with one observer for edge coverage and one for the execution time
+    let mut executor = HookableInProcessExecutor::with_timeout_generic(
+        tuple_list!(ctx_hook),
+        &mut harness,
+        tuple_list!(edges_observer, time_observer),
+        &mut fuzzer,
+        &mut state,
+        &mut mgr,
+        timeout,
+    )?;
+
     // The order of the stages matter!
     let mut stages = tuple_list!(calibration, tracing, i2s, power);
 

libafl/src/events/launcher.rs

@@ -274,7 +274,7 @@ where
         // Spawn clients
         let mut index = 0_usize;
         for bind_to in core_ids {
-            if self.cores.ids.iter().any(|&x| x == bind_to) {
+            if self.cores.ids.contains(&bind_to) {
                 for overcommit_id in 0..self.overcommit {
                     index += 1;
                     self.shmem_provider.pre_fork()?;
@@ -456,7 +456,7 @@ where
                 //spawn clients
                 let mut index = 0;
                 for core_id in core_ids {
-                    if self.cores.ids.iter().any(|&x| x == core_id) {
+                    if self.cores.ids.contains(&core_id) {
                         for overcommit_i in 0..self.overcommit {
                             index += 1;
                             // Forward own stdio to child processes, if requested by user
@@ -748,7 +748,7 @@ where
         // Spawn clients
         let mut index = 0_usize;
         for bind_to in core_ids {
-            if self.cores.ids.iter().any(|&x| x == bind_to) {
+            if self.cores.ids.contains(&bind_to) {
                 for overcommit_id in 0..self.overcommit {
                     index += 1;
                     self.shmem_provider.pre_fork()?;