AFLplusplus · addisoncrump · Oct 24, 2022 · Oct 24, 2022 · Oct 24, 2022 · Oct 24, 2022
diff --git a/libafl/Cargo.toml b/libafl/Cargo.toml
@@ -13,8 +13,9 @@ categories = ["development-tools::testing", "emulators", "embedded", "os", "no-s
 
 [features]
 default = ["std", "derive", "llmp_compression", "rand_trait", "fork", "prelude"]
-std = ["serde_json", "serde_json/std", "hostname", "nix", "serde/std", "bincode", "wait-timeout", "regex", "byteorder", "once_cell", "uuid", "tui_monitor", "ctor", "backtrace", "uds"] # print, env, launcher ... support
+std = ["serde_json", "serde_json/std", "hostname", "nix", "serde/std", "bincode", "wait-timeout", "regex", "byteorder", "once_cell", "uuid", "tui_monitor", "ctor", "backtrace", "uds", "input_conversion"] # print, env, launcher ... support
 derive = ["libafl_derive"] # provide derive(SerdeAny) macro.
+input_conversion = ["inventory", "downcast-rs", "ctor"]
 fork = [] # uses the fork() syscall to spawn children, instead of launching a new command, if supported by the OS (has no effect on Windows, no_std).
 rand_trait = ["rand_core"] # If set, libafl's rand implementations will implement `rand::Rng`
 introspection = [] # Include performance statistics of the fuzzing pipeline
@@ -94,6 +95,9 @@ z3 = { version = "0.11", features = ["static-link-z3"], optional = true } # for
 pyo3 = { version = "0.17", optional = true, features = ["serde", "macros"] }
 concat-idents = { version = "1.1.3", optional = true }
 
+inventory = { version = "0.3.2", optional = true }
+downcast-rs = { version = "1.2.0", optional = true }
+
 # AGPL
 # !!! this create requires nightly
 grammartec = { version = "0.2", optional = true }

diff --git a/libafl/src/bolts/serdeany.rs b/libafl/src/bolts/serdeany.rs
@@ -605,7 +605,7 @@ create_serde_registry_for_trait!(serdeany_registry, crate::bolts::serdeany::Serd
 pub use serdeany_registry::*;
 
 /// Register a `SerdeAny` type in the [`RegistryBuilder`]
-#[cfg(feature = "std")]
+#[cfg(feature = "ctor")]
 #[macro_export]
 macro_rules! register_at_startup {
  ($struct_type:ty) => {
@@ -619,7 +619,7 @@ macro_rules! register_at_startup {
 }
 
 /// Do nothing for `no_std`, you have to register it manually in `main()` with [`RegistryBuilder::register`]
-#[cfg(not(feature = "std"))]
+#[cfg(not(feature = "ctor"))]
 #[macro_export]
 macro_rules! register_at_startup {
  ($struct_type:ty) => {};

diff --git a/libafl/src/inputs/bytes.rs b/libafl/src/inputs/bytes.rs
@@ -1,16 +1,20 @@
 //! The `BytesInput` is the "normal" input, a map of bytes, that can be sent directly to the client
 //! (As opposed to other, more abstract, inputs, like an Grammar-Based AST Input)
 
-use alloc::{borrow::ToOwned, rc::Rc, string::String, vec::Vec};
+use alloc::{borrow::ToOwned, boxed::Box, rc::Rc, string::String, vec::Vec};
 use core::{cell::RefCell, convert::From, hash::Hasher};
 #[cfg(feature = "std")]
 use std::{fs::File, io::Read, path::Path};
 
 use ahash::AHasher;
+#[cfg(feature = "input_conversion")]
+use postcard::{de_flavors::Slice, Deserializer};
 use serde::{Deserialize, Serialize};
 
+#[cfg(feature = "input_conversion")]
+use crate::inputs::ConvertibleInput;
 #[cfg(feature = "std")]
-use crate::{bolts::fs::write_file_atomic, Error};
+use crate::{bolts::fs::write_file_atomic, bolts::AsSlice, Error};
 use crate::{
  bolts::{ownedref::OwnedSlice, HasLen},
  inputs::{HasBytesVec, HasTargetBytes, Input},
@@ -24,6 +28,8 @@ pub struct BytesInput {
 }
 
 impl Input for BytesInput {
+ const NAME: &'static str = "BytesInput";
+
  #[cfg(feature = "std")]
  /// Write this input to the file
  fn to_file<P>(&self, path: P) -> Result<(), Error>
@@ -53,6 +59,24 @@ impl Input for BytesInput {
  }
 }
 
+/// Dynamic deserialisation of any input type that has target bytes
+#[cfg(feature = "input_conversion")]
+pub fn target_bytes_to_bytes<I: HasTargetBytes + for<'a> Deserialize<'a>>(
+ buf: &[u8],
+) -> Result<Box<dyn ConvertibleInput>, <&mut Deserializer<Slice> as serde::de::Deserializer>::Error>
+{
+ let orig: I = postcard::from_bytes(buf)?;
+ Ok(Box::new(BytesInput {
+ bytes: orig.target_bytes().as_slice().to_vec(),
+ }))
+}
+
+#[cfg(feature = "input_conversion")]
+inventory::submit! {
+ use crate::inputs::{GeneralizedInput, InputConversion};
+ InputConversion::new(GeneralizedInput::NAME, BytesInput::NAME, target_bytes_to_bytes::<GeneralizedInput>)
+}
+
 /// Rc Ref-cell from Input
 impl From<BytesInput> for Rc<RefCell<BytesInput>> {
  fn from(input: BytesInput) -> Self {
@@ -105,3 +129,33 @@ impl BytesInput {
  Self { bytes }
  }
 }
+
+#[cfg(test)]
+mod test {
+ use alloc::vec::Vec;
+
+ use crate::{
+ bolts::AsSlice,
+ inputs::{BytesInput, GeneralizedInput, HasTargetBytes, Input, NopInput},
+ };
+
+ #[test]
+ fn deserialize_generalised_to_bytes() {
+ let generalised = GeneralizedInput::new(b"hello".to_vec());
+ let mut buf = Vec::new();
+ generalised.serialize_dynamic(&mut buf).unwrap();
+ let bytes = BytesInput::deserialize_dynamic(&buf).unwrap().unwrap();
+ assert_eq!(bytes.target_bytes().as_slice(), b"hello");
+ }
+
+ #[test]
+ fn failed_deserialize_from_nop() {
+ // note that NopInput implements HasTargetBytes, but because we have not submitted the
+ // conversion BytesInput cannot be converted from NopInput
+
+ let nop = NopInput {};
+ let mut buf = Vec::new();
+ nop.serialize_dynamic(&mut buf).unwrap();
+ assert!(BytesInput::deserialize_dynamic(&buf).unwrap().is_none());
+ }
+}
diff --git a/libafl/src/inputs/encoded.rs b/libafl/src/inputs/encoded.rs
@@ -196,6 +196,8 @@ pub struct EncodedInput {
 }
 
 impl Input for EncodedInput {
+ const NAME: &'static str = "EncodedInput";
+
  /// Generate a name for this input
  #[must_use]
  fn generate_name(&self, _idx: usize) -> String {

diff --git a/libafl/src/inputs/generalized.rs b/libafl/src/inputs/generalized.rs
@@ -35,6 +35,8 @@ pub struct GeneralizedInput {
 }
 
 impl Input for GeneralizedInput {
+ const NAME: &'static str = "GeneralizedInput";
+
  /// Generate a name for this input
  fn generate_name(&self, _idx: usize) -> String {
  let mut hasher = AHasher::new_with_keys(0, 0);

diff --git a/libafl/src/inputs/gramatron.rs b/libafl/src/inputs/gramatron.rs
@@ -38,6 +38,8 @@ pub struct GramatronInput {
 }
 
 impl Input for GramatronInput {
+ const NAME: &'static str = "GramatronInput";
+
  /// Generate a name for this input
  #[must_use]
  fn generate_name(&self, _idx: usize) -> String {

diff --git a/libafl/src/inputs/mod.rs b/libafl/src/inputs/mod.rs
@@ -15,15 +15,22 @@ pub use generalized::*;
 #[cfg(feature = "nautilus")]
 pub mod nautilus;
 use alloc::{
+ boxed::Box,
  string::{String, ToString},
  vec::Vec,
 };
-use core::{clone::Clone, fmt::Debug};
+use core::{
+ clone::Clone,
+ fmt::{Debug, Formatter},
+};
 #[cfg(feature = "std")]
 use std::{fs::File, hash::Hash, io::Read, path::Path};
 
+#[cfg(feature = "input_conversion")]
+use downcast_rs::{impl_downcast, Downcast};
 #[cfg(feature = "nautilus")]
 pub use nautilus::*;
+use postcard::{de_flavors::Slice, Deserializer};
 use serde::{Deserialize, Serialize};
 
 #[cfg(feature = "std")]
@@ -33,6 +40,9 @@ use crate::{bolts::ownedref::OwnedSlice, Error};
 /// An input for the target
 #[cfg(not(feature = "std"))]
 pub trait Input: Clone + Serialize + serde::de::DeserializeOwned + Debug {
+ /// Name for this input type
+ const NAME: &'static str;
+
  /// Write this input to the file
  fn to_file<P>(&self, _path: P) -> Result<(), Error> {
  Err(Error::not_implemented("Not supported in no_std"))
@@ -52,7 +62,12 @@ pub trait Input: Clone + Serialize + serde::de::DeserializeOwned + Debug {
 
 /// An input for the target
 #[cfg(feature = "std")]
-pub trait Input: Clone + Serialize + serde::de::DeserializeOwned + Debug {
+pub trait Input:
+ Clone + ConvertibleInput + Serialize + serde::de::DeserializeOwned + Debug
+{
+ /// Name for this input type
+ const NAME: &'static str;
+
  /// Write this input to the file
  fn to_file<P>(&self, path: P) -> Result<(), Error>
  where
@@ -72,17 +87,106 @@ pub trait Input: Clone + Serialize + serde::de::DeserializeOwned + Debug {
  Ok(postcard::from_bytes(&bytes)?)
  }
 
+ /// Serializes this input to the dynamic serialisation format to pass between different fuzzers
+ fn serialize_dynamic(&self, buf: &mut Vec<u8>) -> Result<(), postcard::Error> {
+ buf.extend_from_slice(postcard::to_allocvec(Self::NAME)?.as_slice());
+ buf.extend_from_slice(postcard::to_allocvec(self)?.as_slice());
+ Ok(())
+ }
+
+ /// Deserializes this input type from the dynamic serialization format, if possible
+ fn deserialize_dynamic(
+ buf: &[u8],
+ ) -> Result<Option<Self>, <&mut Deserializer<Slice> as serde::de::Deserializer>::Error> {
+ convert_named(buf)
+ }
+
  /// Generate a name for this input
  fn generate_name(&self, idx: usize) -> String;
 
  /// An hook executed if the input is stored as `Testcase`
  fn wrapped_as_testcase(&mut self) {}
 }
 
+/// Utility trait for downcasting inputs for conversion
+#[cfg(feature = "input_conversion")]
+pub trait ConvertibleInput: Downcast {}
+
+#[cfg(feature = "input_conversion")]
+impl_downcast!(ConvertibleInput);
+
+#[cfg(feature = "input_conversion")]
+impl<I: Input> ConvertibleInput for I {}
+
+/// Function signature for conversion methods
+#[cfg(feature = "input_conversion")]
+pub type InputConversionFn = fn(
+ &[u8],
+) -> Result<
+ Box<dyn ConvertibleInput>,
+ <&mut Deserializer<Slice> as serde::de::Deserializer>::Error,
+>;
+
+/// Struct for converting between input types at deserialisation time
+#[cfg(feature = "input_conversion")]
+pub struct InputConversion {
+ from: &'static str,
+ to: &'static str,
+ converter: InputConversionFn,
+}
+
+#[cfg(feature = "input_conversion")]
+impl Debug for InputConversion {
+ fn fmt(&self, f: &mut Formatter<'_>) -> core::fmt::Result {
+ f.debug_struct("InputConversion")
+ .field("from", &self.from)
+ .field("to", &self.to)
+ .finish()
+ }
+}
+
+#[cfg(feature = "input_conversion")]
+impl InputConversion {
+ /// Create a new input conversion to be registered
+ pub const fn new(from: &'static str, to: &'static str, converter: InputConversionFn) -> Self {
+ Self {
+ from,
+ to,
+ converter,
+ }
+ }
+}
+
+#[cfg(feature = "input_conversion")]
+inventory::collect!(InputConversion);
+
+/// Converts from a serialisation-specified type to the intended type, if such a conversion exists
+#[cfg(feature = "input_conversion")]
+pub fn convert_named<T: Input>(
+ bytes: &[u8],
+) -> Result<Option<T>, <&mut Deserializer<Slice> as serde::de::Deserializer>::Error> {
+ let mut deser = Deserializer::from_bytes(bytes);
+ let from = String::deserialize(&mut deser)?;
+ if from == T::NAME {
+ return Ok(Some(T::deserialize(&mut deser)?));
+ }
+ for conversion in inventory::iter::<InputConversion> {
+ if conversion.from == from && conversion.to == T::NAME {
+ return Ok((conversion.converter)(deser.finalize()?)?
+ .downcast()
+ .ok()
+ .map(|boxed| *boxed));
+ }
+ }
+ Ok(None)
+}
+
 /// An input for tests, mainly. There is no real use much else.
 #[derive(Copy, Clone, Serialize, Deserialize, Debug, Hash)]
 pub struct NopInput {}
 impl Input for NopInput {
+ const NAME: &'static str = "NopInput";
+
  fn generate_name(&self, _idx: usize) -> String {
  "nop-input".to_string()
  }