Releases: AFLplusplus/LibAFL
Releases · AFLplusplus/LibAFL
0.15.1
What's Changed
- Dedup stdout/stdin observer by @tokatoka in #2871
- Dedup StdOut/StdErr observer pt.2 by @tokatoka in #2876
- Fix qemu cov by @rmalmain in #2875
- Fix qemu_coverage v2 by @rmalmain in #2882
- Add a qemu_coverage test in ci by @rmalmain in #2883
- Add SnapshotModule to qemu_coverage tool by @WorksButNotTested in #2885
- Fix drcov path parsing by @rmalmain in #2884
- Expose qemu's image_info for qemu usermode by @rmalmain in #2889
- Merge LlmpEventManager and LlmpRestartingEventManager by @tokatoka in #2891
- Add PC to QEMU's read / write callbacks by @rmalmain in #2896
- Fix qasan type confusion by @rmalmain in #2899
- Frida updates and FASAN fixes by @s1341 in #2838
- Add combined monitor by @Evian-Zhang in #2900
- LLVM 20 update by @tokatoka in #2902
- Qemu fuzzer tips for WSL users by @tokatoka in #2903
- Make drcov_dump_address.rs accept list of directories by @tokatoka in #2904
- Delete evaluate_input_events by @tokatoka in #2906
- Delete useless trait bounds from share_objectives feature by @tokatoka in #2908
- Fix Clippy by @tokatoka in #2913
- Fix Lehmer64 implementation of
next. by @Railroad6230 in #2912 - Rename
libafl_bolts::rands::Rand::zero_uptotobelow_or_zero. by @Railroad6230 in #2911 - Add license file symlinks by @tokatoka in #2916
- 0.15.1 by @tokatoka in #2917
- Add builder and tests for QASAN by @rmalmain in #2898
- rand_core upd by @tokatoka in #2919
- Decouple fuzzer functions from event manager by @tokatoka in #2915
- Make sure EM and Z remain consistent in InProcessExecutor by @domenukk in #2873
- Collect envs in AsanModuleBuilder::default() by @tokatoka in #2921
- Introduce BoolMutator by @riesentoaster in #2926
- Rename BoolMutator to BoolInvertMutator by @riesentoaster in #2929
- Revert "Fix qasan type confusion" by @domenukk in #2928
- Deduplicate OnDisk Corpus by @BAGUVIX456 in #2827
- Change Monitor API for more flexibility by @Evian-Zhang in #2927
- Fix EdgeCoverageModuleBuilder by @tokatoka in #2931
- Qemu signal refactoring by @rmalmain in #2920
- Don't write pointers to the crash handlers at every execution by @tokatoka in #2935
- Fix the python binding configuration by @fourdim in #2937
- Update capstone requirement from 0.12.0 to 0.13.0 by @dependabot in #2930
New Contributors
- @Evian-Zhang made their first contribution in #2900
- @fourdim made their first contribution in #2937
Full Changelog: 0.15.0...0.15.1
Contributors
domenukk, rmalmain, and 9 other contributors
Assets 2
0.15.0
Highlights
- Big steps towards 1.0 stable: cleaned up a generics, associated types and constraints
- Mutators for Numeric Types
- Bloomfilter-based deduplication for to-be-executed inputs
- Bloomfilter-based feedback for observed values
- Nyx hypercall API support for LibAFL QEMU and new utilities for binary-only fuzzing
What's Changed
- Snapshot size assertion by @scottmpowell in #2738
- Remove non_basic const_panic features by @domenukk in #2739
- Make FridaInProcessExecutor compatible with TargetBytesConverter, decouple input type from FridaRuntime trait by @jejuisland87654 in #2741
- drcov_merge: Make inputs seperated by space by @domenukk in #2740
- Make MmapShMem::new take a AsRef instead of a byte array by @riesentoaster in #2742
- remove another unecessary HasTargetBytes constraint by @jejuisland87654 in #2743
- New rules for the contributing by @tokatoka in #2752
- Improve Flexibility of DumpToDiskStage by @riesentoaster in #2753
- No Use* from stages by @tokatoka in #2745
- No Uses* from
fuzzerby @tokatoka in #2761 - Remove useless cfgs by @tokatoka in #2764
- Add Input Types and Mutators for Numeric Types by @riesentoaster in #2760
- libafl_{cc,derive}: Bump MSRV to 1.82 for
homecrate update by @Mrmaxmeier in #2775 - Add Makefile.toml to intel_pt_baby_fuzzer by @Marcondiro in #2779
- Remove Redundant Error Warning in Docs by @riesentoaster in #2778
- Cleanup clippy warnings in example fuzzers by @mzfr in #2770
- Separate Prometheus metrics into global and per-client categories with refactoring by @cube0x8 in #2781
- Remove MutVecInput and MappedInput in Favour of Impls on References by @riesentoaster in #2783
- Update last found time when evaluating an input by @celi0n in #2782
- Use #[expect(…)] instead of #[allow(…)], remove unnecessary allows by @riesentoaster in #2784
- Add macros to libafl_bolts tuples for mapping and merging types by @riesentoaster in #2788
- libafl_cc: Automatically find llvm_ar path by @s1341 in #2790
- imemory_ondisk: Don't fail write under any circumstances if locking is disabled by @s1341 in #2791
- frida: Deduplicate with IfElseRuntime by @s1341 in #2792
- Filter Duplicate Input Execution by @riesentoaster in #2771
- bolts limit ashmem concept to Linux/Android only. by @devnexen in #2795
- Optimize event serialization with pre-allocated buffer by @mzfr in #2794
- Added expect error message to TimeFeedback where there used to be an unwrap by @AshrafIbrahim03 in #2777
- Specify that InProcessForkExecutor should abort on panic by @henri2h in #2803
- Add dynamic frida runtime list called
FridaRuntimeVecby @jejuisland87654 in #2799 - Add Bloomfilter-based Feedback for Values by @domenukk in #2813
- Cargo Format by @domenukk in #2814
- Add BoolValueFeedback by @domenukk in #2815
- Change
qemu_launcherto use InMemoryCorpus by @WorksButNotTested in #2816 - Refactor of Qemu configuration by @rmalmain in #2707
- Nyx hypercall API support for LibAFL QEMU by @rmalmain in #2801
- Continue loading inputs even if some fail to deserialize by @domenukk in #2820
- Make more Int Mutator types public by @riesentoaster in #2821
- Fix snapshot reset function when brk shrunk below the snapshotted value by @cube0x8 in #2812
- CI check-md-links fix by @Marcondiro in #2824
- No Uses* from executor by @tokatoka in #2766
- Remove CustomBufHandlers by @tokatoka in #2829
- More Nyx hypercalls supported in libafl qemu. add tests for filters. by @rmalmain in #2825
- libafl_ar: fix error message by @s1341 in #2833
- Remove UsesInput from libafl qemu by @rmalmain in #2832
- remove unecessary default features by @jejuisland87654 in #2836
- Link debugging.md in readme for better visibility by @tokatoka in #2839
- Add OnDiskJsonAggregateMonitor by @riesentoaster in #2845
- No uses for EventManager by @tokatoka in #2831
- Remove UsesState from libafl-fuzz by @tokatoka in #2849
- Remove unnecessary HasTargetBytes constraint by @bernhl in #2852
- Fix #2853: split
HasMutatorBytestrait into two traits. by @Railroad6230 in #2856 - Remove MapObserver dependency from observer-dependent stages and schedulers in favour of generic hashing by @riesentoaster in #2851
- Add comments for EmulatorModule trait by @noobone123 in #2842
- Remove Input associated type by @rmalmain in #2854
- Add NyxCmpObserver and nyx_launcher example fuzzer by @d0ntrash in #2826
- Share objectives between nodes by @BAGUVIX456 in #2754
- Rename ResizableMutator, make it generic by @domenukk in #2859
- Qemu launcher bugfix by @noobone123 in #2858
- Add support for env_logger for qemu binary only fuzzers by @WorksButNotTested in #2817
- Remove ShMemProvider bound from struct definitions by @rmalmain in #2861
- Decouple address_filters() from EmulatorModuleTuple into HasAddressFilters by @tokatoka in #2869
- Remove shmem associated type by @domenukk in #2870
Fixes
- Intel PT minor fixes/improvements by @Marcondiro in https://github.com/AFLplusplus/LibAFL/pull/2724\
- Fix Empty MultipartInput Name by @riesentoaster in #2750
- Intel PT minor fixes and improvements by @Marcondiro in #2749
- Link libresolv on all apple OSs by @mineo333 in #2767
- Fix gdb-qemu by @WorksButNotTested in #2773
- Fix incorrect handling of brk syscall when shrinking the heap by @cube0x8 in #2776
- Fix Empty Multipart Crossover Bug by @riesentoaster in #2789
- Fix libafl-jumper for powerpc by @domenukk in #2866
- Fix libafl_targets cmplog linking by @mineo333 in #2840
- Make Stats stage send stats again by @domenukk in #2830
- Fix command line parsing of ranges in
qemu_launcherby @WorksButNotTested in #2804
New Contributors
- @mzfr made their first contribution in #2770
- @celi0n made their first contribution in #2782
- @AshrafIbrahim03 made their first contribution in #2777
- @henri2h made their first contribution in #2803
- @Railroad6230 made their first contribution in #2856
- @noobone123 made their first contribution in #2842
Full Changelog: 0.14.1...0.15.0
Contributors
domenukk, rmalmain, and 20 other contributors
Assets 2
0.14.1
Highlights
- LibAFL docs on docs.rs are working again
- Cmplog regression from 0.14.0 fixed
- Builds again on latest nightly
What's Changed
StdMOptMutator::new: remove unused type parameter by @Mrmaxmeier in #2695- remove test_harness from source directory by @mineo333 in #2694
- Add package.metadata.docs.rs for libafl_intelpt by @tokatoka in #2696
- Libafl workspace internal deps in workspace Cargo.toml by @Marcondiro in #2691
- Pre init module hooks by @rmalmain in #2704
- Fix edge module generators by @rmalmain in #2702
- libafl-fuzz: feature-flag nyx mode by @R9295 in #2712
- Batched timeout doc by @tokatoka in #2716
- Bump libipt, fix tui in intel_pt baby fuzzer by @Marcondiro in #2714
- Add MIGRATION.md by @tokatoka in #2727
- update baby_fuzzer example to 0.14 by @golem9247 in #2728
- Delete with_observers by @tokatoka in #2730
- Adding function to manually name a Mmap ShMem by @riesentoaster in #2729
- Update pyo3 to version 0.23.2 by @rmalmain in #2732
- Make exit status interpretable by CommandConfigurator by @momvart in #2723
- Make Launcher use ClientDescription instead of CoreId by @riesentoaster in #2676
- Clean cfgs in executors/command.rs by @tokatoka in #2735
Fixes
- Fix versions in libafl and libafl_intelpt for crates.io by @andreafioraldi in #2693
- libafl-fuzz: fix cmplog running on inputs more than once by @R9295 in #2697
- Fix tui monitor for example fuzzers by @domenukk in #2699
- bolts: fix build for tiers 3 platforms. by @devnexen in #2700
- Fix metadata removal for ExecutionCountRestartHelper by @henryhchchc in #2705
- Bump ctor dependency to make nightly compile again by @domenukk in #2713
- Fix negative stability by @tokatoka in #2731
- Fixup serdeany_autoreg by @addisoncrump in #2721
New Contributors
- @golem9247 made their first contribution in #2728
Full Changelog: 0.14.0...0.14.1
Contributors
domenukk, rmalmain, and 12 other contributors
Assets 2
0.14.0
Highlights
libafl-fuzz(afl-fuzz clone in LibAFL) almost fully-featured (GSoC of @R9295)libafl-ptNew crate to use IntelPt for coverage tracing (GSoC of @Marcondiro)LibAFL_FRIDA: Added scripting support and update to FRIDA 16.5.6LibAFL_QEMU: RISC-V support, example for kernel fuzzing and update to QEMU 9.1.1- Python grammar support for Nautilus
- Havoc mutation support for custom structured inputs (and subparts thereof)
- Binary-only utils
libafl_jumper,drcov-merge, addDrCovReaderclass - Memfd backend for
ShMem - Restructured
fuzzersexamle directory for easy browsing
What's Changed
- It's frida time for libafl-fuzz by @R9295 in #2469
- Update AsanBacktrace documentation by @maxammann in #2377
- libafl: Implement FeedbackFactory for {Const,Not}Feedback by @dergoegge in #2478
- libafl-fuzz: Introduce Support for QEMU mode by @R9295 in #2481
- Qemu native hooks refactoring by @rmalmain in #2480
- qemu: Add QemuConfig to set qemu args via a struct by @Marcondiro in #2339
- Make pcs_init compatible with multiple DSOs by @addisoncrump in #2488
- Custom QEMU emulator typed builder + ExitHandler / Commands refactoring by @rmalmain in #2486
- Check markdown links validity in CI by @rmalmain in #2495
- bolts: Support dump_registers on Windows/x86 and Windows/aarch64 and fix sig_ign on Windows/x86 by @xdqi in #2494
- Libafl-fuzz: introduce unicorn mode by @R9295 in #2499
- Multi machine follow-up by @rmalmain in #2334
- Better error when non required pass failed to build by @tokatoka in #2509
- Rename
HasCurrentStagetoHasCurrentStageIdfor Consistency by @domenukk in #2514 - Add StdState::nop() for simple state creation, make CI happy again on latest nightly. by @domenukk in #2521
- Update execs/sec display by @20urc3 in #2524
- Small improvements to the devcontainer by @Nereuxofficial in #2522
- Change Qemu hook signature by @tokatoka in #2527
- Add
avoid_crashoption to scheduler by @tokatoka in #2530 - Improving Handling of Custom Inputs by @riesentoaster in #2422
- No Uses* (again) by @tokatoka in #2537
- Reducing type parameters and bounds from Scheduler by @tokatoka in #2544
- Make LibAFL-fuzz build on MacOS by @domenukk in #2549
- No more (direct) mutable references to mutable statics by @domenukk in #2550
- Make map size mismatch return a proper error instead of abort by @domenukk in #2553
- Use
constto Inform CmpLog Replacements by @DanBlackwell in #2528 - Only track stability for runs that did not timeout by @nbars in #2561
- Linux kernel fuzzing example by @rmalmain in #2496
- Clippy more by @domenukk in #2562
- Change action for MD link checks by @rmalmain in #2563
- Move linkspector config file out of workflow dir by @rmalmain in #2565
- No Uses* for Corpus, Mutators by @tokatoka in #2547
- Update README.md by @20urc3 in #2518
- Mark unsafe functions unsafe, as Ferris intended by @domenukk in #2559
- libafl multimachine: disable ratelimiting by @rmalmain in #2558
- Addr filter update helper functions by @rmalmain in #2575
- Do not embed client exec count in testcase and objective by @rmalmain in #2582
- Discard non-new testcase events for multi-machine messages by @rmalmain in #2583
- Rand below should take a NonZero parameter by @domenukk in #2519
- Versioning unification, dependencies update, logging optimization by @rmalmain in #2560
- Change fuzzbench_qemu fuzzer by @tokatoka in #2520
- Update frida to 0.14.0 by @rmalmain in #2596
- Remove useless allocation in colorization stage by @rmalmain in #2598
- Add option for ASAN log dumping by @henryhchchc in #2600
- Don't do generalization on large inputs. by @tokatoka in #2603
- Qemu_Launcher: Move all target-specific code to harness.rs by @domenukk in #2605
- Add DrCov rerun option to QEMU_Launcher by @domenukk in #2607
- Update qemu by @rmalmain in #2609
- Remove prelude from default features by @domenukk in #2608
- Add LibAFL_Jumper util by @domenukk in #2594
- libafl_qemu: unset thumb bit for breakpoints by @rmalmain in #2619
- Support on_crash & on_timeout callbacks for libafl_qemu modules by @rmalmain in #2620
- bolts: Simplify definition of
nonzero!macro by @langston-barrett in #2624 - Add TargetBytesConverter to allow Nautilus for ForkserverExecutor by @domenukk in #2630
- Avoid using feature flags and env variable to set the same parameter pt.1 emulation_mode by @Marcondiro in #2512
- LibAFL_Frida: add scripting support by @WorksButNotTested in #2506
- libafl-fuzz: separate frida build + cmplog debug by @R9295 in #2591
- Add Python Grammar Loader for Nautilus by @R9295 in #2635
- Feature: Make executors and feedbacks easier to use outside of the fuzzing loop (extends #2511) by @domenukk in #2637
- libafl_qemu: Add RISCV support by @saibotk in #2367
- frida: bump version by @s1341 in #2640
- libafl_qemu: fix RISC-V port issues by @rmalmain in #2642
- Remove serde_json dependency from libafl_bolts by @domenukk in #2639
- libafl_qemu: update qemu to v9.1.1 by @rmalmain in #2636
- Add taplo to pre-commit by @Marcondiro in #2646
- Moving ShMem persisting to take an owned value by @riesentoaster in #2649
- Implement From LibAFL Error for Qemu Error by @rmalmain in #2641
- Add RISCV support in
libafl_qemu.hby @nine-point-eight-p in #2380 - Use a proper pre-commit hook for taplo fmt by @Marcondiro in #2650
- Compile-time edge module compilation check, native support for ConstMapObserver by @rmalmain in #2592
- better definition for PROFILE_DIR in all Makefile.toml files by @jejuisland87654 in #2658
- Update hashbrown requirement from 0.14.5 to 0.15.1 by @dependabot in #2660
- Clean up clippy warnings in fuzzers/binary_only/* by @BAGUVIX456 in #2662
- Core::errors::Error is stable now by @domenukk in #2664
- Custom Executor Example by @domenukk in #2570
- Add memfd shmem backend by @bernhl in #2647
- Set rlimit to inifinity for core dumps if AFL_DEBUG=1 by @R9295 in #2643
- Replace addr_of with &raw across the codebase by @domenukk in #2669
- Introducing Launcher::overcommit, improving CI formatting by @riesentoaster in #2670
- Lower capped RAND generators by @CowBoy4mH3LL in #2671
- How about using workspace version in packages? by @Marcondiro in #2682
- LibAFL_QEMU: Don't return a generic Address ...
Contributors
domenukk, maxammann, and 30 other contributors
Assets 2
0.13.2
Highlights
- GsoC: Added libafl-fuzz, afl-fuzz in LibAFL
- Forkserver: New AFL++ CmpLog map support with much better results (needs latest afl-cc 4.22a or later)
- Crashes can now be stored in the normal corpus for
InProcessExecutors - libafl_bolts: Added
find_new_files_recto find new files after a given timestamp andSliceReader - libafl_qemu: Renamed QemuHelpers to QemuModules, hooks refactoring
- Restructured the ./fuzzers folder
What's Changed
- Improved documentation for fuzzers/cargo_fuzz and dynamic_analysis by @Nereuxofficial in #2350
- LibAFL QEMU readme by @andreafioraldi in #2351
- Rename some functions in fuzzer.rs by @tokatoka in #2355
- Make llvm pass build feature dependent by @tokatoka in #2357
- Add Stoppable trait to State which exposes an API to stop the fuzzer by @R9295 in #2325
- Fix missing -use_value_profile flag in libafl_libfuzzer by @andreafioraldi in #2363
- Wrap metadata elements in Cow by @Nereuxofficial in #2364
- Add documentation for InProcessForkExecutor by @maxammann in #2378
- doc: Listing mutators in the module documentation by @Nereuxofficial in #2369
- Introduce TuiMonitor builder by @domenukk in #2385
- Replace uses std HashMap with hashbrown for consistency by @domenukk in #2387
- Adding Function to Make MmapShMem Persist by @riesentoaster in #2390
- Add interesting crashing input on crash by @tokatoka in #2391
- Remove release_max_level_info from log by @domenukk in #2396
- Template out libafl_libfuzzer by @addisoncrump in #2398
- Introduce libafl-fuzz by @R9295 in #2362
- Expose find_new_files_rec in libafl_bolts::fs by @domenukk in #2404
- fix incorrect interval check in sync from disk stage by @R9295 in #2408
- impl HasEventManagerId for LlmpRestartingEventManager by @m-gsch in #2406
- Corpus pruning stage by @tokatoka in #2399
- Better errors for empty registry in AnyMap by @domenukk in #2405
- Introduce Persistent Record for libafl-fuzz by @R9295 in #2411
- Renamed QemuHelpers to QemuModules by @rmalmain in #2267
- Change Corpus Pruning algorithm by @tokatoka in #2418
- Restructure the fuzzers folder by @rmalmain in #2409
- update function from _libafl_exit_call2 to _libafl_sync_exit_call2 by @scottmpowell in #2392
- frida: make hooks thread local by @s1341 in #2429
- Added a tolower implementation in libqasan by @Zofyan in #2421
- Format all
.tomls withtaplo fmtby @Mrmaxmeier in #2436 - Add Taplo check to CI by @domenukk in #2451
- Cmplog bytes without alloc by @domenukk in #2442
- Cheap reader for bytes slice by @rmalmain in #2261
- libafl_qemu: Continue build with outdated LLVM, ignore TUI race conditions by @domenukk in #2461
- misc libafl-fuzz improvements by @R9295 in #2463
- Remove libfuzzer-best recommendation by @addisoncrump in #2466
Fixes
- Make sure inmemory_ondisk corpus catches filesystem errors correctly by @domenukk in #2361
- Documentation fix in 'Design' > 'Architecture' by @0vercl0k in #2412
- Fix autotokens by @tokatoka in #2407
- fix qemu_launcher by moving stop request handling to fuzz_one by @R9295 in #2394
- LibAFL QEMU fix failing Doc-tests by @Marcondiro in #2354
- tui: make client bottom layouts visible again by @saibotk in #2368
- Don't panic even if bitmap is zero in calibrate.rs by @tokatoka in #2419
- Fix cmin by @tokatoka in #2420
- Fix baby fuzzer tui by @tokatoka in #2425
- Fix cmplog implementation by @R9295 in #2439
- doc: fixed instruction in CONTRIBUTING.md by @Nereuxofficial in #2359
- fix: Added corpus for dynamic_analysis fuzzer by @Nereuxofficial in #2360
- libqasan: Add missing return to qasan_swap by @dergoegge in #2416
- Always update testcase.file_path in InMemoryOnDiskCorpus by @tokatoka in #2432
- Fix markdown issue in fuzzers/libpng/libfuzzer_libpng_cmin/README.md by @SpiritSeal in #2437
- Fix dead link in docs by @kevin-valerio in #2452
- bolts fix build warning with missing doc comment for haiku by @devnexen in #2455
- libafl-fuzz: fix invalid short param for input_ext by @R9295 in #2456
New Contributors
- @saibotk made their first contribution in #2368
- @m-gsch made their first contribution in #2406
- @0vercl0k made their first contribution in #2412
- @scottmpowell made their first contribution in #2392
- @Zofyan made their first contribution in #2421
- @SpiritSeal made their first contribution in #2437
- @kevin-valerio made their first contribution in #2452
Full Changelog: 0.13.1...0.13.2
Contributors
domenukk, maxammann, and 19 other contributors
Assets 2
0.13.1
Highlights
- Introduced
stable_anymap, a stable (between recompilations) serialization format for the fuzzer state - Important stage restart fix where the fuzzer may have gotten stuck after a crash
- Added @rmalmain as official contributor focussing on libafl_qemu
What's Changed
- Fix publish errors by @andreafioraldi in #2313
- Format desyscall by @tokatoka in #2316
- Fix typos by @czxvan in #2320
- Update meminterval requirement from 0.3 to 0.4 by @dependabot in #2317
- Don't build desyscall on win by @tokatoka in #2321
- Tree-shaped multi-machine fuzzing by @rmalmain in #2302
- Fix sync stage by @tokatoka in #2326
- Fix typos by @czxvan in #2327
- Address comments from #2302 by @domenukk in #2322
- Delete wrong exec count increment by @tokatoka in #2330
- Call all Ids
id, notidxby @domenukk in #2319 - Don't restart in deterministic stages. Don't restart where there's no restart safety. Make stage names unique by @tokatoka in #2331
- Fix LlmpEventManager not calling hooks pre_exec by @R9295 in #2333
- bolts: haiku build fix. by @devnexen in #2335
- baby_fuzzer_wasm fix by @tokatoka in #2336
- bolts: fix warning about
error_in_corenow stable by @Marcondiro in #2337 - Fix unsafe_stable_anymap, rename to stable_anymap (it's safe) by @domenukk in #2338
- Re-Rename Retrying Restart Helper by @domenukk in #2340
- Make ddg map compilation optional by @domenukk in #2341
- Fixing receiver_left()/memory leak in llmp.rs by @tokatoka in #2344
- Fix LLVMFuzzerCustomMutator with different sizes by @domenukk in #2347
- Delete introspection feature from libafl_libfuzzer by @tokatoka in #2349
- 0.13.1 by @tokatoka in #2343
New Contributors
Full Changelog: 0.13.0...0.13.1
Contributors
domenukk, rmalmain, and 7 other contributors
Assets 2
0.13.0
Highlights
- DDFuzz integration in libafl_cc
- libafl_nyx update to latest NYX
- GenStage, a stage for generational fuzzing
- Stable
type_eq - Non-AGPL version of Nautilus grammar fuzzer
What's Changed
- Readme update by @tokatoka in #2046
- bolts: core affinity simplification for freebsd. by @devnexen in #2049
- Debugging tips by @tokatoka in #2048
- Rework of libafl_qemu configuration by @rmalmain in #2054
- DDFuzz by @tokatoka in #2056
- Fix some missing tracking hints by @addisoncrump in #2058
- Debugging upd by @tokatoka in #2062
- Missing tracking hints (oops) by @addisoncrump in #2063
- Split edges_map_size and edges_map_size_alloc by @tokatoka in #2012
- Pr/fixing forkserver libafl cc by @mkravchik in #2066
- Fix main not passing CI tests by @rmalmain in #2075
- Fixing the inconsistency btw #2012 and #2066 by @mkravchik in #2074
- Fix main not passing CI tests V2 by @rmalmain in #2076
- Use tee, not redirect by @addisoncrump in #2078
- Update libafl_nyx to newest qemu-nyx and nyx-packer by @GanbaruTobi in #2070
- Revert splitting libafl_edges_map_max and libafl_edges_map_in_use by @tokatoka in #2079
- Fix libfuzzer by simply adding the needed feature by @addisoncrump in #2080
- Implement
Hashfor MapObserver by @edwin1729 in #1989 - Revert "Revert splitting libafl_edges_map_max and libafl_edges_map_in_use" by @tokatoka in #2082
- Add a warning to say never use EDGES_MAP.len() by @tokatoka in #2083
- cargo-fuzz testing by @addisoncrump in #2081
- Faster cargo check by @tokatoka in #2084
- Fix typo in setup_libxml2.sh by @GanbaruTobi in #2088
- Run qemu_systemmode tests with self-hosted runners by @rmalmain in #2018
- Only run QEMU tests if there is a QEMU-related change. by @rmalmain in #2090
- Fix #1932 by @tokatoka in #2089
- Fix cached corpus in frida_libpng by @tokatoka in #2091
- Fix failing filter action in CI by @rmalmain in #2092
- Symcc Update by @tokatoka in #2047
- libafl_bolts: some improvements to the
randsmodule by @flyingmutant in #2086 - Add FeedbackFactory implementations for CrashFeedback, CombinedFeedback and DiffFeedback. by @djoooooe in #2060
- Introduce AFL_EXIT_ON_SEED_ISSUES by @R9295 in #2085
- Add TypeRefCreator trait by @tokatoka in #2065
- refactor(snapshot.rs): use const generics by @vringar in #2069
- libafl_bolts: more
randsimprovements by @flyingmutant in #2096 - Rename from ReReference to Reference by @tokatoka in #2099
- Small refactoring of libafl_qemu structure by @rmalmain in #2098
- Split android and ios tests by @addisoncrump in #2106
- Remove jobs dependency in CI by @tokatoka in #2108
- Add recv_blocking_with_flags by @addisoncrump in #2102
- add crash_exitcode to Forkserver to accomodate AFL_CRASH_EXITCODE by @R9295 in #2107
- Batch timeout fix? by @tokatoka in #2109
- Match by Ref fix by @addisoncrump in #2105
- Allow for AsIter(Mut)/AsSlice(Mut) to be implemented in safe Rust by @langston-barrett in #2120
- Restrict more on edges map API by @tokatoka in #2117
- libafl_bolts:
randssuper mega ultra giga house cleaning of doom by @flyingmutant in #2123 - Improve
OnDiskTOMLMonitorby @clesmian in #2125 - Fix Ctrl-C Handler by @tokatoka in #2124
- Change centralized launcher signature by @tokatoka in #2094
- Qemu update to latest version + various fixes by @rmalmain in #2119
- add mmap hooks to libqasan by @cube0x8 in #2122
- ctrl c handler fix for non-fork mode by @tokatoka in #2132
- Fix QEMU doc not building (again) by @rmalmain in #2130
- Allow setting stdout_file in non-fork launcher by @vringar in #2127
- Fix QEMU systemmode fuzzers exit code by @rmalmain in #2133
- Fix DDFuzz instrumentation by @tokatoka in #2134
- Making CommandExecutor generic on the specific Input by @riesentoaster in #2129
- Penalize testcase that has found objectives by @tokatoka in #2093
GenStage: A stage for generational (e.g., black-box) fuzzers by @langston-barrett in #2137- Fix incrementing
found_objectiveby @tokatoka in #2139 - Rename Reference to Handle by @tokatoka in #2142
- Separate map observers by @tokatoka in #2143
- Add windows test & ci & fix by @tokatoka in #2144
- Answer "How to leave TUI screen" by @tokatoka in #2146
- Qemu ctrl c exit by @tokatoka in #2147
- Add null ptr to devices vector by @cube0x8 in #2141
- QEMU generic memory iterator by @rmalmain in #2148
- Change special exitcode from 137 to 9 in simple.rs too by @tokatoka in #2153
- Stable type_eq by @addisoncrump in #2150
- Rename Handler -> Handled, various other cleanups after #2142 by @domenukk in #2152
- bolts: Fix minibsod build on apple by @devnexen in #2155
- Fix libafl_libfuzzer's compatibility with LLVM 14 by @maxammann in #2136
- cfg fixup by @addisoncrump in #2154
- Adding ExitCodeObserver and ExitSignalObserver by @riesentoaster in #2138
- Revert "Adding ExitCodeObserver and ExitSignalObserver" by @tokatoka in #2157
- bolts: Fix feature name in assert (
serde{,any}_autoreg) by @langston-barrett in #2160 - Add qemu runtime defs for aarch64 by @twizmwazin in #2151
- minibsod apple using mach's crate instead. by @devnexen in #2162
- Generate QEMU stub bindings less aggressively by @rmalmain in #2164
- Clippy for Apple after #2162 by @domenukk in #2166
- Remove observer_stdout/observer_stderr from Observer trait by @tokatoka in #2167
- Dependabot by @tokatoka in #2168
- Update zip requirement from 0.6 to 1.2 by @dependabot in #2169
- Fix regex fixing generated bindings for QEMU by @rmalmain in #2163
- Revert "Update zip requirement from 0.6 to 1.2" by @domenukk in #2174
- Fix MacOS CI race condition by @domenukk in #2176
- Update which requirement from 4.4 to 6.0 by @dependabot in #2172
- Update serial_test requirement from 2 to 3 by @dependabot in #2171
- Update capstone requirement from 0.11.0 to 0.12.0 by @dependabot in #2170
- Windows frida support by @s1341 in #1607
- Regenerate QEMU binding stubs only for newer versions of the nightly compiler by @rmalmain in #2177
- Add client_stats to OnDiskJSONMoni...
Contributors
flyingmutant, domenukk, and 24 other contributors
Assets 2
0.12.0
Highlights
- API for multithreaded initial seed corpus loading
- Initial seed corpus entries are kept for splicing
- Stages and Mutators can now be provided as a dynamic
Vec - Stages resume after crashes and timeout
- Multipart Input support
- LibAFL_Bolts: performant
get_or_insert_withAPI for AnyMap/Metadata - LibAFL_Targets: Exposing pcguard's PC-Table
- LibAFL_Libfuzzer: MacOS support
- libAFL_QEMU: Injection fuzzing and massive rework overall
- LibAFL_Frida: Binary-only Cmplog support for x64
- LibAFL_Tinyinst: Linux instrumentation support
API changes
- Replaced TimeoutExecutor with a timeout in each executor
- Removed python bindings for most parts of the lib (LibAFL_sugar and LibAFL_QEMU remain)
- LLMP Client timeout removed, clients manually unregister on exit now
- Turning on and off tracking of novelties and indexes is now enforced with the
CanTracktrait to be less error-prone - Instead of providing the current testcase and current stage id everywhere, this information is now available in the
State
What's Changed
- bolts/minibsod adding openbsd arm64 part by @devnexen in #1724
- QEMU filtering rework + paging filtering by @rmalmain in #1705
- Use latest AFLplusplus/symcc by @tokatoka in #1749
- Ignore SigPipe by default by @domenukk in #1741
- Enabling DrCov on Windows by @mkravchik in #1765
- Dedup common code in scheduler by @tokatoka in #1702
- Safe access to QEMU's
Emulatorstruct by @rmalmain in #1763 - Add mute_inprocess_target fn, SimpleFdLogger::set_logger, and more by @domenukk in #1754
- Check canonicalized_module_path before used by @bet4it in #1767
- Multipart Input support by @addisoncrump in #1617
- Resumable stages redux by @addisoncrump in #1780
- libafl_qemu injections by @vanhauser-thc in #1743
- libafl_frida: Add tests for ASan for Unix platforms by @mkravchik in #1781
- Don't use assert fail when building on libafl_libfuzzer on windows by @tokatoka in #1792
- libafl_frida: Make cmplog work on x64 by @expend20 in #1713
- Remove unnecessary PartialEq trait constraint on DiffFeedback observers by @djoooooe in #1811
- Refactor InProcessExecutor, merge timeout executors by @tokatoka in #1789
- QEMU: safe linking of extern "C" declarations by @rmalmain in #1810
- Add SimpleMgr feature to qemu_launcher by @domenukk in #1790
- Allow corpus removal during main fuzz loop by @hgarrereyn in #1717
- Expose PCs table. by @mvanotti in #1812
- QEMU: add injections mode default by @domenukk in #1818
- Remove
create_serde_registry_for_traitmacro by @skoriop in #1815 - Default
ignore_*flags to true whentui=1by @skoriop in #1820 - Delete TimeoutForkserverExecutor by @tokatoka in #1819
- libafl_libfuzzer: macOS build support by @sameer in #1711
- HookId trait and types in libafl_qemu by @rbran in #1796
- Configurable LLMP client timeout by @rmalmain in #1838
- Remove unused shmem structs, update Nix by @domenukk in #1845
- Getter for mutable reference to forkserver by @tbethe in #1849
- Make cmp_extend_encoding panic-less by @tokatoka in #1857
- Disable
af-xdpfrom QEMU default config by @rmalmain in #1846 - feature(libqasan): add asprintf and vasprintf by @rbran in #1844
- feature(libqasan): add strndup by @rbran in #1860
- Companion patch to qemu-libafl-bridge #46 by @cube0x8 in #1830
- Finalize macOS support for libafl_libfuzzer by @sameer in #1843
- Support raw byte grammar in NautilusContext by @sadeli413 in #1868
- Less useless allocs for monitor display by @domenukk in #1874
- Add several warnings when starting forkserver by @tokatoka in #1877
- Make NopState public so that it can be used as reproducer by @addisoncrump in #1888
- Implement
RetryProgressfor limiting retry attempts in stages by @addisoncrump in #1890 - Sancov based ngram & ctx implementation by @tokatoka in #1864
- update libfuzzer docs about macos by @addisoncrump in #1903
- TransferFeedback for determining if a testcase was from another node by @addisoncrump in #1906
- Implement MutatorTuple for Vecs to allow Dynamic Mutator Choices by @domenukk in #1893
- Print PID when you create a new Llmp Sender. by @tokatoka in #1898
- Make executor state available to the harness V2 by @rmalmain in #1900
- Improve readability of InProcessExecutor-related code by @rmalmain in #1912
- fuzzbench_ctx: fix duplicate package warning by @Mrmaxmeier in #1918
- token mutations: avoid a few infallible unwraps by @Mrmaxmeier in #1919
- introduce multicore load initial corpus by @R9295 in #1905
- Allow dyn in StagesTuple, add Current Testcase API, Untraitify Progress by @domenukk in #1915
- Event Manager handle_in_client hooks by @tokatoka in #1916
- Tiny optimization for into_vec by @domenukk in #1931
- Remove some arguments from pre_exec/post_exec in ExecutorHook by @tokatoka in #1933
- Remove (almost) unused stage_idx by @domenukk in #1929
- Update exec counts in objective by @tokatoka in #1945
- Better error message instead of "No entries in corpus" by @tokatoka in #1948
- Rename OSError -> OsError and merge with redundant Error::File by @domenukk in #1944
- Remove useless feedback by @tokatoka in #1953
- Upgrade automaton files by @michael-yxchen in #1956
- Update tinyinst_simple to support Linux (#1316) by @am009 in #1955
- SerdeAnyMap: add
unsafe_stable_anymapfeature that usestype_nameinstead ofTypeId::ofby @domenukk in #1952 - Remove hash for AnyMap (since it's a HashMap already) by @domenukk in #1951
- Change AnyMap API, add unsafe_ assert by @domenukk in #1958
- More usable ListFeedback by @tokatoka in #1959
- Use OwnedPtr in ListObserver by @tokatoka in #1961
- libafl_nyx: Allow custom input buffer size to be passed to
NyxHelperby @l4yton in #1960 - WIP: QEMU exit handler by @rmalmain in #1745
- libafl_nyx: Add documentation to
NyxSettingsfields by @l4yton in #1962 - libafl_nyx: Add bounds check for Nyx input buffer by @l4yton in #1963
- Increase llmp timeout & Print PID in logger by @tokatoka in #1970
- Inline cmplog internal functions code by @tokatoka in #1972
- Make fuzzer examples's argument parser tell that --input is mandatory by @tokatoka in #1973
- Add
MutatedTransformto the input type inTMinMutationalStage(#1251) by @am009 in #1971 - Clean up warnings in baby_fuzzers by @Marcondiro in #1981
- Add backdoors to portable header file of LibAFL QEMU. by @rmalmain in #1978
- Add unsafe to AsanErrorsObserver, fix UBs, fix Frida Version missmatch by @domenukk in #1987
- Update setup_libxml2.sh of nyx_libxml2_standalone fuzzer by @GanbaruTobi in #1990
- Use n...
Contributors
domenukk, mvanotti, and 39 other contributors
Assets 2
0.11.2
Highlights
- Unicode-preserving mutators
- Reworked Tui (GSoC project by @ToSeven)
- Scalability introspector
- Larger
libafl_fridarework, replaced capstone with yaxpeax in many places - Extended
libafl_qemufeatures, added CmpLog and more
What's Changed
- bolts write_minibsod solaris version. by @devnexen in #1494
- Add embed-runtime feature by @novafacing in #1489
- implement the AFL-Style Tui by @ToSeven in #1432
- reduce memory usage of the
construct_automatascript by @lenawanel in #1481 - add the metrics(pending,pend_fav, own_finds,imported) by @ToSeven in #1351
- remove
libafl/src/feedbacks/owned.rsby @lenawanel in #1508 - Add an example fuzzer with AFL-Style UI by @ToSeven in #1501
- Apparently
cargo:errordoes nothing by @elnardu in #1517 - Rework Frida instrumentation to decouple it from FuzzerOptions and add FridaInstrumentationHelperBuilder by @fabianfreyer in #1523
- Remove check and error when both fuzz_time and iters passed by @beyretb in #1531
- feat(frida): Allow setting path for DrCovRuntime by @fabianfreyer in #1536
- Change profiles for the fuzzbench fuzzers. by @tokatoka in #1546
- Some AFL UI example fuzzer cleanup by @domenukk in #1529
- Don't send unstable entries if there's nothing by @tokatoka in #1552
- libafl_ar: add extensions by @s1341 in #1568
- windows: Support
LIBAFL_DEBUG_OUTPUTby @s1341 in #1569 - Qemu features3 by @WorksButNotTested in #1538
- frida-asan: move to mmap-rs by @s1341 in #1570
- Write coverage for QEMU into separate files by @WorksButNotTested in #1571
- Added qemu_cmin by @WorksButNotTested in #1572
- Make fuzzbench debugging easier by @tokatoka in #1574
- Use /dev/urandom for probing the valid memory by @tokatoka in #1586
- libafl_libfuzzer: documentation and build script by @addisoncrump in #1596
- Make Signals compatible with nix, implement TryFrom<&str> by @domenukk in #1599
- Add OptionalStage by @domenukk in #1600
- chore(drcov_rt): remove unused a field and methods by @saruman9 in #1601
- added ninja-build and python3-venv as dependencies by @cube0x8 in #1604
- Call the original QEMU user crash handler in libafl_qemu by @andreafioraldi in #1575
- Add executions count at proper places by @tokatoka in #1608
- Fuzz_loop should not return CorpusId by @domenukk in #1606
- Refactor cmplog observers by @tokatoka in #1603
- Document how to use cpp() and optimize() by @tokatoka in #1615
- New logo in the book by @andreafioraldi in #1618
- Autodetect llvm-config for QEMU bindings generation by @andreafioraldi in #1610
- Break on timeout in QEMU system mode by @andreafioraldi in #1619
- Add iter() to owned slice by @andreafioraldi in #1620
- Rename option name by @tokatoka in #1623
- Add SplitBorrow trait to split borrow tuple_list elements by @andreafioraldi in #1624
- Rename more options by @tokatoka in #1626
- Update llvm ver in Dockerfile by @tokatoka in #1629
- CmpLog {Instruction, Switches} pass by @tokatoka in #1612
- updated rust container image + default nightly by @cube0x8 in #1631
- Update LibAFL concolic by @tokatoka in #1634
- QEMU Asan backtrace and report by @andreafioraldi in #1628
- [WithObservers] Call the wrapped observer's post run function by @anneborcherding in #1640
- Add post_run for shadow executor by @tokatoka in #1641
- bolts: beginning of haiku support. by @devnexen in #1643
- Improve the libafl_libfuzzer corpus by @addisoncrump in #1539
- bolts haiku, addressing clippy warnings by @devnexen in #1647
- Add Android Ashmem stub header to libafl_targets forkserver.c by @domenukk in #1648
- Allow MinimizerScheduler to not cleanup the metadata after use by @beyretb in #1658
- Remove debug log by @beyretb in #1659
- Allow compiling 32bit by @s1341 in #1666
- Support precompiled headers in clang/ar wrappers by @s1341 in #1668
- refactor: Remove unnecessary Debug trait bounds by @mlgiraud in #1667
- Avoid lagged receiver in TCP manager by @andreafioraldi in #1672
- Add CmpLog routines to LibAFL QEMU and various fixes by @andreafioraldi in #1664
- Update libfuzer libpng launcher to use compound configurations by @s1341 in #1676
- bolts for haiku update. by @devnexen in #1673
- Add whole-archive feature to libafl_targets by @addisoncrump in #1544
- libafl_libfuzzer: rename all symbols by @addisoncrump in #1565
- Unicode-preserving mutators by @addisoncrump in #1542
- Add arg for profile in libafl_libfuzzer build.sh by @addisoncrump in #1680
- Scalability introspector + State refactor by @tokatoka in #1674
- scalability monitor 2nd by @tokatoka in #1685
- Monitor refactor + add aggregator by @tokatoka in #1671
- QEMU Synchronous Exit + Syx Snapshot update by @rmalmain in #1681
- Refactor QEMU hooks by @andreafioraldi in #1690
- Update qemu-libafl-bridge by @rmalmain in #1697
- bolts: support dump_registers for x86 linux by @Mrmaxmeier in #1694
- JIT fast path for edge cov hooks in libafl_qemu by @andreafioraldi in #1696
- Add Features for C Targets by @novafacing in #1663
- libafl_cc custom llvm_config lookup for solaris/illumos by @devnexen in #1708
- libafl: forkserver in persistent mode bug by @tbethe in #1715
- Adding support for shutdown upon Ctrl+C on Windows for LLMP by @mkravchik in #1704
- Add Resource by Jordan Whitehead by @tokatoka in #1718
- Make inner value of llmp Flags pub by @G33KatWork in #1725
- Remove capstone from frida [x86_64] by @tokatoka in #1720
- Remove capstone from frida [aarch64] by @mineo333 in #1723
- Last cleanup after decapstone by @tokatoka in #1727
- use yaxpeax-x86 version from crates.io instead of direct git dep by @iximeow in #1733
- Add file descriptor logger by @domenukk in #1742
FIxes
- ForkserverExecutor: stop forked children on exit by @domenukk in #1493
- bolts linux arm64 clippy fix build. by @devnexen in #1496
- bolts core affinity illumos clippy fixes. by @devnexen in #1497
- Fixed libafl_atheris Makefile and reading of input flag by @eceo902 in #1499
- Fix memopidx bug in libafl_qemu r/w hooks and update QEMU by @andreafioraldi in #1500
- openbsd (snapshot) bolts clippy fix by @devnexen in #1502
- Fix missing usage of saved_tree in AsanGiovese by @andreafioraldi in #1506
- Fix linkage on arm macs when buildi...
Contributors
G33KatWork, domenukk, and 26 other contributors
Assets 2
0.11.1
What's Changed
- Fix doc for publish by @andreafioraldi in #1472
- Fix libafl_libfuzzer publish by @andreafioraldi in #1475
- Introduce document-features feature by @domenukk in #1477
- remove unneeded loop in
SpliceMutator::mutateby @lenawanel in #1471 - Add readmes by @andreafioraldi in #1476
- Fix document_features for libafl_libfuzzer by @domenukk in #1480
- bolts: Make xxh3 hashing optional with
xxh3feature flag (else useahashfor everything) by @domenukk in #1478 - Update LibAFL_CC README.md by @kiwids0220 in #1483
- bolts: Fix shmem leak when Drop-ing CommonUnixShMem by @xdqi in #1484
- Document LIBAFL_DEBUG_OUTPUT in Launcher by @domenukk in #1485
- Fixes for serdeany_autoreg by @addisoncrump in #1479
- Fix TuneableMutationalStage _std function generics by @domenukk in #1486
- fix frida build for linux arm64 by @devnexen in #1487
- Update from unmaintained tui-rs to ratatui by @novafacing in #1488
- Fix clippy lint in libafl_libfuzzer by @andreafioraldi in #1490
- Bump to 0.11.1 by @andreafioraldi in #1491
New Contributors
- @kiwids0220 made their first contribution in #1483
- @xdqi made their first contribution in #1484
Full Changelog: 0.11.0...0.11.1
Contributors
domenukk, xdqi, and 6 other contributors