UnicornAFL v3

[wtdcode]

It is almost there! I just added maturin support, and the API should be the same with previous versions. The only things we left are:

• CI distribution Support
• C bindings
• Documents!

[wtdcode]

what the heck manylinux only has clang-3/5 =(

[wtdcode]

Fixed up python bindings & CI!

We need a python example as well to test it really works. Maybe just copy the same harness from the rust sample. @Evian-Zhang Would you like to do this?

[Evian-Zhang]

Sure, I have created a Python sample, but found out that the Python binding have many bugs... See #48 Maybe you could fix those bugs. ❤️

[wtdcode]

Fixed and it works with: AFL_QEMU_CUSTOM_BIN=1 AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 AFL_SKIP_CPUFREQ=1 ~/opensource/AFLplusplus/afl-fuzz -Q -i ./target/input/ -o ./target/output -c 0 -- python3 ./examples/sample.py @@, i.e. no longer need unicorn mode.

[domenukk]

All unicorn mode does is set SKIP_BIN_CHECK IIRC.

[wtdcode]

All unicorn mode does is set SKIP_BIN_CHECK IIRC.

check_binary is skipped automatically by afl-fuzz.

btw, check AFLplusplus/AFLplusplus#2468

[wtdcode]

*QEMU mode was used above because AFL++ explicity prevents us from using cmplog for unicorn mode.

[domenukk]

Ah, well, we should patch afl++ then

[rliebig]

Sorry for intruding, but is it possible that is should be this:

Suggested change

	ctypes.cast(idx, ctypes.c_void_p)
	ctypes.cast(idx, ctypes.c_void_p).value

[wtdcode]

Nice catch. Thanks.

[rliebig]

Suggested change

	input_file = input_file.encode('utf-8')
	input_file = input_file.encode('utf-8') + b"\x00"

This does not seem sufficient - python_str.encode does not garantee null termination of the string buffer. I believe that that we must manually add a single zero byte to ensure that the string can be decoded by CStr::from_ptr(). Another valid path would be ctypes.create_string_buffer but that would not improve readability.

[wtdcode]

Yeah correct. Admittedly, I made this mistake twice =/.

________________________________ From: Richard Liebig ***@***.***> Sent: Friday, June 13, 2025 6:20:10 PM To: AFLplusplus/unicornafl ***@***.***> Cc: lazymio ***@***.***>; Author ***@***.***> Subject: Re: [AFLplusplus/unicornafl] UnicornAFL v3 (PR #43) @rliebig commented on this pull request.

________________________________ In python/unicornafl/__init__.py<#43 (comment)>:

@@ -191,9 +125,27 @@ def uc_afl_fuzz(uc: Uc,

cb2 = ctypes.cast(UC_AFL_VALIDATE_CRASH_CB( _validate_crash_cb), UC_AFL_VALIDATE_CRASH_CB) - err = _uc2afl.uc_afl_fuzz(uc._uch, input_file.encode("utf-8"), cb1, ctypes.cast( - exits_array, ctypes.c_void_p), exits_len, cb2, always_validate, persistent_iters, ctypes.cast(idx, ctypes.c_void_p)) - + if isinstance(input_file, str): + input_file = input_file.encode('utf-8') ⬇️ Suggested change - input_file = input_file.encode('utf-8') + input_file = input_file.encode('utf-8') + b"\x00" This does not seem sufficient - python_str.encode does not garantee null termination of the string. I believe that that we must manually add a single zero byte to ensure that the string can be decoded by CStr::from_ptr(). Another valid path would be ctypes.create_string_buffer but that would not improve readability. — Reply to this email directly, view it on GitHub<#43 (review)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AHJULO7SHIVS2TGZ3H3ZS5L3DKQVVAVCNFSM6AAAAAB5KE66JGVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDSMRUGIZDENJSHE>. You are receiving this because you authored the thread.Message ID: ***@***.***>