Add mute_inprocess_target fn, SimpleFdLogger::set_logger, and more (A…

…FLplusplus#1754)

* Add mute_inprocess_target fn, SimpleFdLogger::set_logger, set_error_print_panic_hook

* Trying to fix AFLplusplus#1753

* typo

* More fix

* Fix test?

* more testcase fixes

fuzzers/baby_fuzzer_swap_differential/Makefile.toml

@@ -34,11 +34,11 @@ windows_alias = "unsupported"
 script_runner = "@shell"
 script='''
 timeout 30s ${CARGO_TARGET_DIR}/${PROFILE_DIR}/${FUZZER_NAME} >fuzz_stdout.log || true
-if [ -z "$(grep "objectives: 1" fuzz_stdout.log)" ]; then
+if grep -qa "objectives: 1" fuzz_stdout.log; then
+    echo "Fuzzer is working"
+else
     echo "Fuzzer does not generate any testcases or any crashes"
     exit 1
-else
-    echo "Fuzzer is working"
 fi
 '''
 dependencies = [ "fuzzer" ]

fuzzers/frida_executable_libpng/Makefile.toml

@@ -90,11 +90,11 @@ script='''
 rm -rf libafl_unix_shmem_server || true
 LD_PRELOAD=$CARGO_TARGET_DIR/${PROFILE_DIR}/libfrida_executable_fuzzer.so ./libpng-harness -i corpus -o out -H ./libpng-harness > fuzz_stdout.log &
 sleep 10s && pkill libpng-harness
-if [ -z "$(grep "corpus: 30" fuzz_stdout.log)" ]; then
+if grep -qa "corpus: 30" fuzz_stdout.log; then
+    echo "Fuzzer is working"
+else
     echo "Fuzzer does not generate any testcases or any crashes"
     exit 1
-else
-    echo "Fuzzer is working"
 fi
 '''
 dependencies = [ "fuzzer", "harness" ]

fuzzers/frida_libpng/Makefile.toml

@@ -111,11 +111,11 @@ script_runner = "@shell"
 script='''
 rm -rf libafl_unix_shmem_server || true
 timeout 30s ./${FUZZER_NAME} -F LLVMFuzzerTestOneInput -H ./libpng-harness.so -l ./libpng-harness.so >fuzz_stdout.log 2>/dev/null || true
-if [ -z "$(grep "corpus: 30" fuzz_stdout.log)" ]; then
+if grep -qa "corpus: 30" fuzz_stdout.log; then
+    echo "Fuzzer is working"
+else
     echo "Fuzzer does not generate any testcases or any crashes"
     exit 1
-else
-    echo "Fuzzer is working"
 fi
 '''
 dependencies = [ "fuzzer", "harness" ]

fuzzers/fuzzbench/Makefile.toml

@@ -83,11 +83,11 @@ mkdir in || true
 echo a > in/a
 # Allow sigterm as exit code 
 timeout 31s ./${FUZZER_NAME} -o out -i in >fuzz_stdout.log || true
-if [ -z "$(grep "objectives: 1" fuzz_stdout.log)" ]; then
+if grep -qa "objectives: 1" fuzz_stdout.log; then
+    echo "Fuzzer is working"
+else
     echo "Fuzzer does not generate any testcases or any crashes"
     exit 1
-else
-    echo "Fuzzer is working"
 fi
 rm -rf out || true
 rm -rf in || true

fuzzers/fuzzbench/src/lib.rs

@@ -381,12 +381,12 @@ fn fuzz(
         println!("We imported {} inputs from disk.", state.corpus().count());
     }
 
-    // Remove target ouput (logs still survive)
+    // Remove target output (logs still survive)
     #[cfg(unix)]
     {
         let null_fd = file_null.as_raw_fd();
         dup2(null_fd, io::stdout().as_raw_fd())?;
-        if !std::env::var("LIBAFL_FUZZBENCH_DEBUG").is_ok() {
+        if std::env::var("LIBAFL_FUZZBENCH_DEBUG").is_err() {
             dup2(null_fd, io::stderr().as_raw_fd())?;
         }
     }

fuzzers/fuzzbench_fork_qemu/src/fuzzer.rs

@@ -369,7 +369,7 @@ fn fuzz(
     // The order of the stages matter!
     let mut stages = tuple_list!(calibration, tracing, i2s, power);
 
-    // Remove target ouput (logs still survive)
+    // Remove target output (logs still survive)
     #[cfg(unix)]
     {
         let null_fd = file_null.as_raw_fd();

fuzzers/fuzzbench_qemu/src/fuzzer.rs

@@ -387,7 +387,7 @@ fn fuzz(
     // The order of the stages matter!
     let mut stages = tuple_list!(calibration, tracing, i2s, power);
 
-    // Remove target ouput (logs still survive)
+    // Remove target output (logs still survive)
     #[cfg(unix)]
     {
         let null_fd = file_null.as_raw_fd();

fuzzers/fuzzbench_text/Makefile.toml

@@ -85,11 +85,11 @@ echo a > in/a
 # Allow sigterm as exit code 
 timeout 31s ./${FUZZER_NAME} -o out -i in >fuzz_stdout.log || true
 cat fuzz_stdout.log
-if [ -z "$(grep "objectives: 1" fuzz_stdout.log)" ]; then
+if grep -qa "objectives: 1" fuzz_stdout.log; then
+    echo "Fuzzer is working"
+else
     echo "Fuzzer does not generate any testcases or any crashes"
     exit 1
-else
-    echo "Fuzzer is working"
 fi
 rm -rf out || true
 rm -rf in || true

fuzzers/fuzzbench_text/src/lib.rs

@@ -448,7 +448,7 @@ fn fuzz_binary(
         println!("We imported {} inputs from disk.", state.corpus().count());
     }
 
-    // Remove target ouput (logs still survive)
+    // Remove target output (logs still survive)
     #[cfg(unix)]
     {
         let null_fd = file_null.as_raw_fd();
@@ -675,7 +675,7 @@ fn fuzz_text(
         println!("We imported {} inputs from disk.", state.corpus().count());
     }
 
-    // Remove target ouput (logs still survive)
+    // Remove target output (logs still survive)
     #[cfg(unix)]
     {
         let null_fd = file_null.as_raw_fd();

fuzzers/libfuzzer_libmozjpeg/Makefile.toml

@@ -102,11 +102,11 @@ rm -rf libafl_unix_shmem_server || true
 (timeout 31s ./${FUZZER_NAME} >fuzz_stdout.log 2>/dev/null || true) &
 sleep 0.2
 timeout 30s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true
-if [ -z "$(grep "corpus: 30" fuzz_stdout.log)" ]; then
+if grep -qa "corpus: 30" fuzz_stdout.log; then
+    echo "Fuzzer is working"
+else
     echo "Fuzzer does not generate any testcases or any crashes"
     exit 1
-else
-    echo "Fuzzer is working"
 fi
 '''
 dependencies = [ "fuzzer" ]

fuzzers/libfuzzer_libpng/Makefile.toml

@@ -164,11 +164,11 @@ rm -rf libafl_unix_shmem_server || true
 (timeout 31s ./${FUZZER_NAME} >fuzz_stdout.log 2>/dev/null || true) &
 sleep 0.2
 timeout 30s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true
-if [ -z "$(grep "corpus: 30" fuzz_stdout.log)" ]; then
+if grep -qa "corpus: 30" fuzz_stdout.log; then
+    echo "Fuzzer is working"
+else
     echo "Fuzzer does not generate any testcases or any crashes"
     exit 1
-else
-    echo "Fuzzer is working"
 fi
 '''
 dependencies = [ "fuzzer" ]

fuzzers/libfuzzer_libpng_accounting/Makefile.toml

@@ -99,11 +99,11 @@ script_runner = "@shell"
 script='''
 rm -rf libafl_unix_shmem_server || true
 timeout 31s ./${FUZZER_NAME} --cores 0 --input ./corpus >fuzz_stdout.log 2>/dev/null || true
-if [ -z "$(grep "corpus: 30" fuzz_stdout.log)" ]; then
+if grep -qa "corpus: 30" fuzz_stdout.log; then
+    echo "Fuzzer is working"
+else
     echo "Fuzzer does not generate any testcases or any crashes"
     exit 1
-else
-    echo "Fuzzer is working"
 fi
 '''
 dependencies = [ "fuzzer" ]

fuzzers/libfuzzer_libpng_centralized/Makefile.toml

@@ -99,11 +99,11 @@ script_runner = "@shell"
 script='''
 rm -rf libafl_unix_shmem_server || true
 timeout 31s ./${FUZZER_NAME} --cores 0 --input ./corpus 2>/dev/null >fuzz_stdout.log || true
-if [ -z "$(grep "corpus: 30" fuzz_stdout.log)" ]; then
+if grep -qa "corpus: 30" fuzz_stdout.log; then
+    echo "Fuzzer is working"
+else
     echo "Fuzzer does not generate any testcases or any crashes"
     exit 1
-else
-    echo "Fuzzer is working"
 fi
 '''
 dependencies = [ "fuzzer" ]

fuzzers/libfuzzer_libpng_cmin/Makefile.toml

@@ -164,11 +164,11 @@ rm -rf libafl_unix_shmem_server || true
 timeout 31s ./${FUZZER_NAME} >fuzz_stdout.log &
 sleep 0.2
 timeout 30s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true
-if [ -z "$(grep "corpus: 30" fuzz_stdout.log)" ]; then
+if grep -qa "corpus: 30" fuzz_stdout.log; then
+    echo "Fuzzer is working"
+else
     echo "Fuzzer does not generate any testcases or any crashes"
     exit 1
-else
-    echo "Fuzzer is working"
 fi
 '''
 dependencies = [ "fuzzer" ]

fuzzers/libfuzzer_libpng_ctx/Makefile.toml

@@ -99,11 +99,11 @@ script_runner = "@shell"
 script='''
 rm -rf libafl_unix_shmem_server || true
 timeout 31s ./${FUZZER_NAME} --cores 0 --input ./corpus >fuzz_stdout.log 2>/dev/null || true
-if [ -z "$(grep "corpus: 30" fuzz_stdout.log)" ]; then
+if grep -qa "corpus: 30" fuzz_stdout.log; then
+    echo "Fuzzer is working"
+else
     echo "Fuzzer does not generate any testcases or any crashes"
     exit 1
-else
-    echo "Fuzzer is working"
 fi
 '''
 dependencies = [ "fuzzer" ]

fuzzers/libfuzzer_libpng_launcher/Makefile.toml

@@ -100,11 +100,11 @@ script_runner = "@shell"
 script='''
 rm -rf libafl_unix_shmem_server || true
 timeout 31s ./${FUZZER_NAME}.coverage --broker-port 21337 --cores 0 --input ./corpus 2>/dev/null >fuzz_stdout.log || true
-if [ -z "$(grep "corpus: 30" fuzz_stdout.log)" ]; then
+if grep -qa "corpus: 30" fuzz_stdout.log; then
+    echo "Fuzzer is working"
+else
     echo "Fuzzer does not generate any testcases or any crashes"
     exit 1
-else
-    echo "Fuzzer is working"
 fi
 '''
 dependencies = [ "fuzzer" ]

fuzzers/libfuzzer_libpng_norestart/Makefile.toml

@@ -105,11 +105,11 @@ rm -rf corpus/ || true
 mkdir corpus/ || true
 cp seeds/* corpus/ || true
 timeout 31s ./${FUZZER_NAME} --cores 0 --input ./corpus 2>/dev/null >fuzz_stdout.log || true
-if [ -z "$(grep "corpus: 30" fuzz_stdout.log)" ]; then
+if grep -qa "corpus: 30" fuzz_stdout.log; then
+    echo "Fuzzer is working"
+else
     echo "Fuzzer does not generate any testcases or any crashes"
     exit 1
-else
-    echo "Fuzzer is working"
 fi
 '''
 dependencies = [ "fuzzer" ]

fuzzers/libfuzzer_libpng_tcp_manager/Makefile.toml

@@ -164,11 +164,11 @@ rm -rf libafl_unix_shmem_server || true
 (timeout 31s ./${FUZZER_NAME} >fuzz_stdout.log 2>/dev/null || true) &
 sleep 0.2
 timeout 30s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true
-if [ -z "$(grep "corpus: 30" fuzz_stdout.log)" ]; then
+if grep -qa "corpus: 30" fuzz_stdout.log; then
+    echo "Fuzzer is working"
+else
     echo "Fuzzer does not generate any testcases or any crashes"
     exit 1
-else
-    echo "Fuzzer is working"
 fi
 '''
 dependencies = [ "fuzzer" ]

fuzzers/libfuzzer_stb_image/Makefile.toml

@@ -65,11 +65,11 @@ rm -rf libafl_unix_shmem_server || true
 (timeout 31s ./${FUZZER_NAME} >fuzz_stdout.log 2>/dev/null || true) &
 sleep 0.2
 timeout 30s ./${FUZZER_NAME} >/dev/null 2>/dev/null || true
-if [ -z "$(grep "corpus: 30" fuzz_stdout.log)" ]; then
+if grep -qa "corpus: 30" fuzz_stdout.log; then
+    echo "Fuzzer is working"
+else
     echo "Fuzzer does not generate any testcases or any crashes"
     exit 1
-else
-    echo "Fuzzer is working"
 fi
 '''
 dependencies = [ "fuzzer" ]

fuzzers/nautilus_sync/Makefile.toml

@@ -107,11 +107,11 @@ script_runner = "@shell"
 script='''
 rm -rf libafl_unix_shmem_server || true
 timeout 31s ./${FUZZER_NAME} --cores 0 >fuzz_stdout.log 2>/dev/null || true
-if [ -z "$(grep "corpus: 8" fuzz_stdout.log)" ]; then
+if grep -qa "corpus: 8" fuzz_stdout.log; then
+    echo "Fuzzer is working"
+else
     echo "Fuzzer does not generate any testcases or any crashes"
     exit 1
-else
-    echo "Fuzzer is working"
 fi
 '''
 dependencies = [ "fuzzer" ]

libafl/src/events/launcher.rs

@@ -95,10 +95,18 @@ where
     /// A file name to write all client output to
     #[builder(default = None)]
     stdout_file: Option<&'a str>,
+    /// The actual, opened, stdout_file - so that we keep it open until the end
+    #[cfg(all(unix, feature = "std", feature = "fork"))]
+    #[builder(setter(skip), default = None)]
+    opened_stdout_file: Option<File>,
     /// A file name to write all client stderr output to. If not specified, output is sent to
     /// `stdout_file`.
     #[builder(default = None)]
     stderr_file: Option<&'a str>,
+    /// The actual, opened, stdout_file - so that we keep it open until the end
+    #[cfg(all(unix, feature = "std", feature = "fork"))]
+    #[builder(setter(skip), default = None)]
+    opened_stderr_file: Option<File>,
     /// The `ip:port` address of another broker to connect our new broker to for multi-machine
     /// clusters.
     #[builder(default = None)]
@@ -166,12 +174,10 @@ where
 
         log::info!("spawning on cores: {:?}", self.cores);
 
-        #[cfg(feature = "std")]
-        let stdout_file = self
+        self.opened_stdout_file = self
             .stdout_file
             .map(|filename| File::create(filename).unwrap());
-        #[cfg(feature = "std")]
-        let stderr_file = self
+        self.opened_stderr_file = self
             .stderr_file
             .map(|filename| File::create(filename).unwrap());
 
@@ -204,9 +210,9 @@ where
 
                         #[cfg(feature = "std")]
                         if !debug_output {
-                            if let Some(file) = stdout_file {
+                            if let Some(file) = &self.opened_stdout_file {
                                 dup2(file.as_raw_fd(), libc::STDOUT_FILENO)?;
-                                if let Some(stderr) = stderr_file {
+                                if let Some(stderr) = &self.opened_stderr_file {
                                     dup2(stderr.as_raw_fd(), libc::STDERR_FILENO)?;
                                 } else {
                                     dup2(file.as_raw_fd(), libc::STDERR_FILENO)?;
@@ -423,12 +429,21 @@ where
     /// A file name to write all client output to
     #[builder(default = None)]
     stdout_file: Option<&'a str>,
+    /// The actual, opened, stdout_file - so that we keep it open until the end
+    #[cfg(all(unix, feature = "std", feature = "fork"))]
+    #[builder(setter(skip), default = None)]
+    opened_stdout_file: Option<File>,
     /// A file name to write all client stderr output to. If not specified, output is sent to
     /// `stdout_file`.
     #[builder(default = None)]
     stderr_file: Option<&'a str>,
+    /// The actual, opened, stdout_file - so that we keep it open until the end
+    #[cfg(all(unix, feature = "std", feature = "fork"))]
+    #[builder(setter(skip), default = None)]
+    opened_stderr_file: Option<File>,
     /// The `ip:port` address of another broker to connect our new broker to for multi-machine
     /// clusters.
+
     #[builder(default = None)]
     remote_broker_addr: Option<SocketAddr>,
     /// If this launcher should spawn a new `broker` on `[Self::broker_port]` (default).
@@ -503,10 +518,10 @@ where
 
         log::info!("spawning on cores: {:?}", self.cores);
 
-        let stdout_file = self
+        self.opened_stdout_file = self
             .stdout_file
             .map(|filename| File::create(filename).unwrap());
-        let stderr_file = self
+        self.opened_stderr_file = self
             .stderr_file
             .map(|filename| File::create(filename).unwrap());
 
@@ -556,9 +571,9 @@ where
                         std::thread::sleep(std::time::Duration::from_millis(index * 10));
 
                         if !debug_output {
-                            if let Some(file) = stdout_file {
+                            if let Some(file) = &self.opened_stdout_file {
                                 dup2(file.as_raw_fd(), libc::STDOUT_FILENO)?;
-                                if let Some(stderr) = stderr_file {
+                                if let Some(stderr) = &self.opened_stderr_file {
                                     dup2(stderr.as_raw_fd(), libc::STDERR_FILENO)?;
                                 } else {
                                     dup2(file.as_raw_fd(), libc::STDERR_FILENO)?;