Highlights
libafl-fuzz(afl-fuzz clone in LibAFL) almost fully-featured (GSoC of @R9295)libafl-ptNew crate to use IntelPt for coverage tracing (GSoC of @Marcondiro)LibAFL_FRIDA: Added scripting support and update to FRIDA 16.5.6LibAFL_QEMU: RISC-V support, example for kernel fuzzing and update to QEMU 9.1.1- Python grammar support for Nautilus
- Havoc mutation support for custom structured inputs (and subparts thereof)
- Binary-only utils
libafl_jumper,drcov-merge, addDrCovReaderclass - Memfd backend for
ShMem - Restructured
fuzzersexamle directory for easy browsing
What's Changed
- It's frida time for libafl-fuzz by @R9295 in #2469
- Update AsanBacktrace documentation by @maxammann in #2377
- libafl: Implement FeedbackFactory for {Const,Not}Feedback by @dergoegge in #2478
- libafl-fuzz: Introduce Support for QEMU mode by @R9295 in #2481
- Qemu native hooks refactoring by @rmalmain in #2480
- qemu: Add QemuConfig to set qemu args via a struct by @Marcondiro in #2339
- Make pcs_init compatible with multiple DSOs by @addisoncrump in #2488
- Custom QEMU emulator typed builder + ExitHandler / Commands refactoring by @rmalmain in #2486
- Check markdown links validity in CI by @rmalmain in #2495
- bolts: Support dump_registers on Windows/x86 and Windows/aarch64 and fix sig_ign on Windows/x86 by @xdqi in #2494
- Libafl-fuzz: introduce unicorn mode by @R9295 in #2499
- Multi machine follow-up by @rmalmain in #2334
- Better error when non required pass failed to build by @tokatoka in #2509
- Rename
HasCurrentStagetoHasCurrentStageIdfor Consistency by @domenukk in #2514 - Add StdState::nop() for simple state creation, make CI happy again on latest nightly. by @domenukk in #2521
- Update execs/sec display by @20urc3 in #2524
- Small improvements to the devcontainer by @Nereuxofficial in #2522
- Change Qemu hook signature by @tokatoka in #2527
- Add
avoid_crashoption to scheduler by @tokatoka in #2530 - Improving Handling of Custom Inputs by @riesentoaster in #2422
- No Uses* (again) by @tokatoka in #2537
- Reducing type parameters and bounds from Scheduler by @tokatoka in #2544
- Make LibAFL-fuzz build on MacOS by @domenukk in #2549
- No more (direct) mutable references to mutable statics by @domenukk in #2550
- Make map size mismatch return a proper error instead of abort by @domenukk in #2553
- Use
constto Inform CmpLog Replacements by @DanBlackwell in #2528 - Only track stability for runs that did not timeout by @nbars in #2561
- Linux kernel fuzzing example by @rmalmain in #2496
- Clippy more by @domenukk in #2562
- Change action for MD link checks by @rmalmain in #2563
- Move linkspector config file out of workflow dir by @rmalmain in #2565
- No Uses* for Corpus, Mutators by @tokatoka in #2547
- Update README.md by @20urc3 in #2518
- Mark unsafe functions unsafe, as Ferris intended by @domenukk in #2559
- libafl multimachine: disable ratelimiting by @rmalmain in #2558
- Addr filter update helper functions by @rmalmain in #2575
- Do not embed client exec count in testcase and objective by @rmalmain in #2582
- Discard non-new testcase events for multi-machine messages by @rmalmain in #2583
- Rand below should take a NonZero parameter by @domenukk in #2519
- Versioning unification, dependencies update, logging optimization by @rmalmain in #2560
- Change fuzzbench_qemu fuzzer by @tokatoka in #2520
- Update frida to 0.14.0 by @rmalmain in #2596
- Remove useless allocation in colorization stage by @rmalmain in #2598
- Add option for ASAN log dumping by @henryhchchc in #2600
- Don't do generalization on large inputs. by @tokatoka in #2603
- Qemu_Launcher: Move all target-specific code to harness.rs by @domenukk in #2605
- Add DrCov rerun option to QEMU_Launcher by @domenukk in #2607
- Update qemu by @rmalmain in #2609
- Remove prelude from default features by @domenukk in #2608
- Add LibAFL_Jumper util by @domenukk in #2594
- libafl_qemu: unset thumb bit for breakpoints by @rmalmain in #2619
- Support on_crash & on_timeout callbacks for libafl_qemu modules by @rmalmain in #2620
- bolts: Simplify definition of
nonzero!macro by @langston-barrett in #2624 - Add TargetBytesConverter to allow Nautilus for ForkserverExecutor by @domenukk in #2630
- Avoid using feature flags and env variable to set the same parameter pt.1 emulation_mode by @Marcondiro in #2512
- LibAFL_Frida: add scripting support by @WorksButNotTested in #2506
- libafl-fuzz: separate frida build + cmplog debug by @R9295 in #2591
- Add Python Grammar Loader for Nautilus by @R9295 in #2635
- Feature: Make executors and feedbacks easier to use outside of the fuzzing loop (extends #2511) by @domenukk in #2637
- libafl_qemu: Add RISCV support by @saibotk in #2367
- frida: bump version by @s1341 in #2640
- libafl_qemu: fix RISC-V port issues by @rmalmain in #2642
- Remove serde_json dependency from libafl_bolts by @domenukk in #2639
- libafl_qemu: update qemu to v9.1.1 by @rmalmain in #2636
- Add taplo to pre-commit by @Marcondiro in #2646
- Moving ShMem persisting to take an owned value by @riesentoaster in #2649
- Implement From LibAFL Error for Qemu Error by @rmalmain in #2641
- Add RISCV support in
libafl_qemu.hby @nine-point-eight-p in #2380 - Use a proper pre-commit hook for taplo fmt by @Marcondiro in #2650
- Compile-time edge module compilation check, native support for ConstMapObserver by @rmalmain in #2592
- better definition for PROFILE_DIR in all Makefile.toml files by @jejuisland87654 in #2658
- Update hashbrown requirement from 0.14.5 to 0.15.1 by @dependabot in #2660
- Clean up clippy warnings in fuzzers/binary_only/* by @BAGUVIX456 in #2662
- Core::errors::Error is stable now by @domenukk in #2664
- Custom Executor Example by @domenukk in #2570
- Add memfd shmem backend by @bernhl in #2647
- Set rlimit to inifinity for core dumps if AFL_DEBUG=1 by @R9295 in #2643
- Replace addr_of with &raw across the codebase by @domenukk in #2669
- Introducing Launcher::overcommit, improving CI formatting by @riesentoaster in #2670
- Lower capped RAND generators by @CowBoy4mH3LL in #2671
- How about using workspace version in packages? by @Marcondiro in #2682
- LibAFL_QEMU: Don't return a generic Address from Register reads by @domenukk in #2681
- Add DrCovReader to read DrCov files and DrCov dumper and merge utils by @domenukk in #2680
- Add Intel PT tracing support by @Marcondiro in #2471
- libafl-fuzz: introduce nyx_mode by @R9295 in #2503
- Remove TUI from default feature by @tokatoka in #2685
- Actually make ConstMapObserver work, introduce
nonnull_raw_mutmacro by @domenukk in #2687 - Feature: libafl-fuzzfuzzbench by @R9295 in #2689
- move to bitbybit by @Marcondiro in #2688
Fixes
- bolts fix openbsd build by @devnexen in #2467
- Fix various QEMU bugs by @rmalmain in #2475
- Fix pipe I/O in forkserver by @henryhchchc in #2602
- Add missing ngram8 cfg by @tokatoka in #2489
- Fixing Crossover Mutators for Empty Multipart Inputs by @riesentoaster in #2663
- fix clippy redundant field names in struct initialization by @Marcondiro in #2633
- minor: fix mutable reference warning in examples/dynamic_analysis by @Reverier-Xu in #2631
- Fix Generator by @tokatoka in #2627
- fix error[E0308]: mismatched types for libafl_qemu_init by @jejuisland87654 in #2593
- Fix file sync timing and prevent crash on missing SyncFromDiskMetadata by @cube0x8 in #2595
- Do not start another logger in prometheus by @cube0x8 in #2599
- Re-add drcov for both usermode and systemmode. by @rmalmain in #2573
- Keep num_covered_map_indexes in sync with history map if block listing flaky entries by @nbars in #2542
- MacOS frida ASAN fix by @mineo333 in #2510
- Fix panic in mmap shmem when full_file_name is less than MAX_MMAP_FILENAME_LEN by @andreafioraldi in #2536
- libafl-fuzz: fix libafl-fuzz scheduler by @R9295 in #2545
- libafl-fuzz: fix not loading seeds recursively from directories by @R9295 in #2532
- Fix ForkserverExecutorBuilder::shmem_provider (#2539) by @domenukk in #2540
- Set AFL_MAP_SIZE in forkserver by @tokatoka in #2531
- Move cfg to avoid unused import error on cargo test by @Marcondiro in #2526
- Fix typo in error message by @ThomasTNO in #2515
- Fix i2srandreplace by @mineo333 in #2504
- Minimizer fix by @mineo333 in #2500
- Fix rustup command in the LibAFL book by @marcograss in #2491
- Dump CFG Fix by @tokatoka in #2476
- fix NautilusContext::from_file for python files by @jejuisland87654 in #2690
- fix error '#' is not followed by a macro parameter by @jejuisland87654 in #2678
New Contributors
- @ThomasTNO made their first contribution in #2515
- @20urc3 made their first contribution in #2524
- @nbars made their first contribution in #2542
- @jejuisland87654 made their first contribution in #2593
- @henryhchchc made their first contribution in #2600
- @Reverier-Xu made their first contribution in #2631
- @nine-point-eight-p made their first contribution in #2380
- @BAGUVIX456 made their first contribution in #2662
- @bernhl made their first contribution in #2647
- @CowBoy4mH3LL made their first contribution in #2671
Full Changelog: 0.13.2...0.14.0
Contributors
domenukk, maxammann, and 30 other contributors