From e43aa95187e433f82fd9e0a27ff0eebf7c8ae048 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 12 Apr 2026 20:19:00 +0200 Subject: [PATCH 1/3] Make deexit work on macOS again --- Justfile | 9 +++++++-- utils/deexit/.gitignore | 1 + utils/deexit/Cargo.toml | 6 ++++++ utils/deexit/Justfile | 32 ++++++++++++++++++++++++++++++++ utils/deexit/README.md | 2 +- utils/deexit/src/lib.rs | 16 +++++++++++++++- 6 files changed, 62 insertions(+), 4 deletions(-) create mode 100644 utils/deexit/.gitignore diff --git a/Justfile b/Justfile index 09400452ff2..1d187841deb 100644 --- a/Justfile +++ b/Justfile @@ -68,6 +68,11 @@ clippy-thumbv6m-none-eabi: test-miri: RUST_BACKTRACE=1 MIRIFLAGS="-Zmiri-disable-isolation" cargo +nightly miri test +# Tests deexit utility +[unix] +test-deexit: + cd utils/deexit && just test + # Tests all code in docs (macos version) [macos] [private] @@ -274,11 +279,11 @@ test-repro-qemu-tmin: # Tests everything (crates, fuzzers, docs, repro) [linux] -test-all: test test-fuzzers test-docs test-repro-qemu-tmin doc +test-all: test test-deexit test-fuzzers test-docs test-repro-qemu-tmin doc # Tests everything (crates, fuzzers, docs, repro) [macos] -test-all: test test-fuzzers test-docs test-repro-qemu-tmin doc +test-all: test test-deexit test-fuzzers test-docs test-repro-qemu-tmin doc # Tests everything (crates, fuzzers, docs) [windows] diff --git a/utils/deexit/.gitignore b/utils/deexit/.gitignore new file mode 100644 index 00000000000..ba077a4031a --- /dev/null +++ b/utils/deexit/.gitignore @@ -0,0 +1 @@ +bin diff --git a/utils/deexit/Cargo.toml b/utils/deexit/Cargo.toml index 5f8a94d0b8b..9881324d4b1 100644 --- a/utils/deexit/Cargo.toml +++ b/utils/deexit/Cargo.toml @@ -24,6 +24,12 @@ categories = [ [dependencies] log = { workspace = true } +ctor = { workspace = true } + +[target.'cfg(target_os = "macos")'.dependencies] +fishhook = "0.3" + + [lib] name = "deexit" diff --git a/utils/deexit/Justfile b/utils/deexit/Justfile index 828a80ad256..763a6dc85a2 100644 --- a/utils/deexit/Justfile +++ b/utils/deexit/Justfile @@ -1,2 +1,34 @@ +build: + cargo build --lib + doc: cargo doc --no-deps --all-features + +build-test-bin: build + cargo build --bin exit_test + +[private] +test-helper env_var lib: + #!/usr/bin/env bash + echo "Running test..." + {{env_var}}="{{lib}}" ../../target/debug/exit_test + CODE=$? + + if [ $CODE -eq 134 ]; then + echo "SUCCESS: Process aborted as expected (Exit code 134)" + exit 0 + elif [ $CODE -eq 42 ]; then + echo "FAILURE: Process exited normally with code 42 (Hook failed)" + exit 1 + else + echo "FAILURE: Process exited with unexpected code $CODE" + exit 1 + fi + +[macos] +test: build-test-bin + just test-helper DYLD_INSERT_LIBRARIES ../../target/debug/libdeexit.dylib + +[linux] +test: build-test-bin + just test-helper LD_PRELOAD ../../target/debug/libdeexit.so diff --git a/utils/deexit/README.md b/utils/deexit/README.md index 47b7c653e73..eba52d84abf 100644 --- a/utils/deexit/README.md +++ b/utils/deexit/README.md @@ -2,5 +2,5 @@ This util helps you, if your target calls `exit` during a fuzz run. A simple wrapper that can be inserted into a program to turn `exit` calls to `abort`, which LibAFL will be able to catch. -If you are on MacOS, use the env variables `DYLD_FORCE_FLAT_NAMESPACE=1 DYLD_INSERT_LIBRARIES="path/to/target/release/libdeexit.dylib" tool` +If you are on MacOS, use the env variables `DYLD_INSERT_LIBRARIES="path/to/target/release/libdeexit.dylib" tool` On Linux, use `LD_PRELOAD="path/to/target/release/libdeexit.so" tool`. diff --git a/utils/deexit/src/lib.rs b/utils/deexit/src/lib.rs index ed38dffa39b..dbedf012b8e 100644 --- a/utils/deexit/src/lib.rs +++ b/utils/deexit/src/lib.rs @@ -1,5 +1,5 @@ //! A simple wrapper that can be inserted into a program to turn `exit` calls to `abort`, which `LibAFL` will be able to catch. -//! If you are on `MacOS`, use the env variables `DYLD_FORCE_FLAT_NAMESPACE=1 DYLD_INSERT_LIBRARIES="path/to/target/release/libdeexit.dylib" tool` +//! If you are on `MacOS`, use the env variables `DYLD_INSERT_LIBRARIES="path/to/target/release/libdeexit.dylib" tool` //! On Linux, use `LD_PRELOAD="path/to/target/release/libdeexit.so" tool`. unsafe extern "C" { @@ -14,3 +14,17 @@ pub extern "C" fn exit(status: i32) { abort(); } } + +#[cfg(target_os = "macos")] +use ctor::ctor; + +#[cfg(target_os = "macos")] +#[ctor] +fn init() { + unsafe { + fishhook::register(vec![fishhook::Rebinding { + name: "exit".to_string(), + function: exit as *const () as usize, + }]); + } +} From b2cb344da3509f51bf0d21349d6f4ba1eada61bd Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 12 Apr 2026 20:21:37 +0200 Subject: [PATCH 2/3] fmt --- utils/deexit/Cargo.toml | 1 - utils/deexit/Justfile | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/utils/deexit/Cargo.toml b/utils/deexit/Cargo.toml index 9881324d4b1..96b34c0da83 100644 --- a/utils/deexit/Cargo.toml +++ b/utils/deexit/Cargo.toml @@ -30,7 +30,6 @@ ctor = { workspace = true } fishhook = "0.3" - [lib] name = "deexit" crate-type = ["cdylib"] diff --git a/utils/deexit/Justfile b/utils/deexit/Justfile index 763a6dc85a2..8c0ca09a38b 100644 --- a/utils/deexit/Justfile +++ b/utils/deexit/Justfile @@ -11,7 +11,7 @@ build-test-bin: build test-helper env_var lib: #!/usr/bin/env bash echo "Running test..." - {{env_var}}="{{lib}}" ../../target/debug/exit_test + {{ env_var }}="{{ lib }}" ../../target/debug/exit_test CODE=$? if [ $CODE -eq 134 ]; then From e3dac542c7c5b018f5560a8ddf84b9909d970ad7 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 12 Apr 2026 21:07:34 +0200 Subject: [PATCH 3/3] backtrace --- .github/workflows/build_and_test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build_and_test.yml b/.github/workflows/build_and_test.yml index 4a160e0a023..f48b96bd365 100644 --- a/.github/workflows/build_and_test.yml +++ b/.github/workflows/build_and_test.yml @@ -15,6 +15,7 @@ env: CARGO_TERM_COLOR: always CARGO_NET_GIT_FETCH_WITH_CLI: true MAIN_LLVM_VERSION: 21 + RUST_BACKTRACE: full concurrency: group: ${{ github.workflow }}-${{ github.ref }}