<html>
<head>
<base href="https://bugs.llvm.org/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - clang -m32 -fsanitize=fuzzer x.c fails at linking"
href="https://bugs.llvm.org/show_bug.cgi?id=48484">48484</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>clang -m32 -fsanitize=fuzzer x.c fails at linking
</td>
</tr>
<tr>
<th>Product</th>
<td>compiler-rt
</td>
</tr>
<tr>
<th>Version</th>
<td>unspecified
</td>
</tr>
<tr>
<th>Hardware</th>
<td>PC
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>enhancement
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>fuzzer
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>oliver.moeller@verified.de
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=24268" name="attach_24268" title="Example Input file to create a fuzzer binary">attachment 24268</a> <a href="attachment.cgi?id=24268&action=edit" title="Example Input file to create a fuzzer binary">[details]</a></span>
Example Input file to create a fuzzer binary
I want to be able to create both 64bit and 32bit fuzzing executables with
clang.
On my CentOS-8 system, I have the following packages installed for this:
clang-10.0.1-1.module_el8.3.0+467+cb298d5b.x86_64
clang-10.0.1-1.module_el8.3.0+467+cb298d5b.i686
compiler-rt-10.0.1-1.module_el8.3.0+467+cb298d5b.i686
compiler-rt-10.0.1-1.module_el8.3.0+467+cb298d5b.x86_64
In the provided simple_min.c, there is a bug in function min(),
that only triggers if sizeof(long)==8.
simple_min.c also contains an (always) correct implementation robust_minimum()
and LLVMFuzzerTestOneInput() is constructed such that the two
results are compared to be equal.
Compiling a fuzzer executable with
$ clang -fsanitize=fuzzer simple_min.c
works fine, and running ./a.out soon aborts with a detected counterexample
(crash).
However, attempts to compile/link with a 32bit tool chain fails:
$ clang -m32 -fsanitize=fuzzer simple_min.c
/usr/bin/ld: cannot find
/usr/lib64/clang/10.0.1/lib/linux/libclang_rt.fuzzer-i386.a: No such file or
directory
/usr/bin/ld: cannot find
/usr/lib64/clang/10.0.1/lib/linux/libclang_rt.ubsan_standalone-i386.a: No such
file or directory
clang-10: error: linker command failed with exit code 1 (use -v to see
invocation)
As can be seen from the ld output, the wrong directory (/usr/lib64/...)
is scanned for the 32bit libclang_rt.fuzzer-i386.a
Instead, 'clang -m32' should use the following libraries here:
/usr/lib/clang/10.0.1/lib/libclang_rt.fuzzer-i386.a
/usr/lib/clang/10.0.1/lib/libclang_rt.ubsan_standalone-i386.a
In fact, if I create (as a hack) the following symlinks
/usr/lib64/clang/10.0.1/lib/linux/libclang_rt.fuzzer-i386.a ->
/usr/lib/clang/10.0.1/lib/libclang_rt.profile-i386.a
/usr/lib64/clang/10.0.1/lib/linux/libclang_rt.ubsan_standalone-i386.a ->
/usr/lib/clang/10.0.1/lib/libclang_rt.ubsan_standalone-i386.a
then the 'clang -m32' invocation creates (correctly) a 32bit fuzz executable.
Other than the 64bit executable, this one does *not* find a
problem with the min() implementation (since sizeof(long)==4,
at least on my CentOS-8 system).</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>