libafl_libfuzzer: rename all symbols #1565
Conversation
addisoncrump
changed the title
|
Seems that the target is sometimes using data from the fuzzer runtime, leading to invalid frees. Investigating. |
addisoncrump
changed the title
|
In the process of doing this, I discovered that it was necessary to rename just about everything. So I did. |
|
i'll build it, run it and tomorrow morning we see if the problem still lingers. |
|
jlumbroso/free-disk-space#17 |
|
#1559 |
|
let's see if it's fixed |
|
This affects way more than this PR 😅 Maybe make a separate PR if this works? |
|
now you have clippy |
addisoncrump
force-pushed
the
libfuzzer-allocator
branch
from
7ef1de9 to
f775788
Compare
|
GDB and LLDB both support the new renaming pattern. c++filt, llvm-cxxfilt, and rustc-demangle do not correctly decode the renaming, but that is a sacrifice I'm willing to make. |
|
should we make this default-features? for sandwich, most people don't disable asan. so i think it's better to have this as default |
| let mut command = Command::new(rust_lld); | ||
| command | ||
| .args(["-flavor", "gnu"]) | ||
| .arg("-r") |
There was a problem hiding this comment.
partial linking works with GNU ld too in case
|
|
||
| // redefine all the rust-mangled symbols we can | ||
| // TODO this will break when v0 mangling is stabilised | ||
| for line in BufReader::new(child.stdout.take().unwrap()).lines() { |
There was a problem hiding this comment.
can't we just avoid to export symbols when generating the runtime lib? like partial linking and then remove all symbols
There was a problem hiding this comment.
We want to retain these symbols for both debugging purposes and because we need to retain certain unmangled symbols (e.g. LLVMFuzzerRuntime, LLVMFuzzerMutate, etc.)
This is always enabled on Unix. Not sure how to do this on Windows. |
addisoncrump
force-pushed
the
libfuzzer-allocator
branch
2 times, most recently
from
32a749b to
02d8b87
Compare
|
Status of this? |
|
Just fighting the CI at this point. Something weird is happening with the FreeBSD test. |
|
Can we merge? |
addisoncrump
force-pushed
the
libfuzzer-allocator
branch
from
02d8b87 to
d7c40de
Compare
addisoncrump
force-pushed
the
libfuzzer-allocator
branch
from
d7c40de to
b363ca3
Compare
addisoncrump
force-pushed
the
libfuzzer-allocator
branch
from
b363ca3 to
87fdcaf
Compare
|
This is ready to go if anyone wants to give it a final pass. |
* rename allocator symbols to avoid conflict with mimalloc * re-add llvm-tools to CI * rename everything * fixup clippy lint * make fuzzer entries more noticeable :) * rabbit mode * clippy
Previously we were unable to use mimalloc due to symbol conflict with the default rust allocator. This avoids this issue by renaming the symbols responsible for allocation.
Note that, in rare circumstances, we would deadlock while handling an ASAN error due to allocations inside of a signal handler. This sidesteps the issue by avoiding the use of the async-signal-unsafe malloc.