<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/94222>94222</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            libc++'s std::string::operator== could be more libfuzzer friendly
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            libc++,
            compiler-rt:fuzzer
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          zmodem
      </td>
    </tr>
</table>

<pre>
    libfuzzer intercepts `memcmp` (and other functions) to augment the fuzzer's corpus with data likely to hit more code paths.

That means it will very quickly hit the "Found it" branch in this example:

```
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  std::string the_string(reinterpret_cast<const char*>(data), size);
  if (the_string == "Hello, world!") {
    std::cout << "Found it!\n";
 exit(1);
  }
  return 0;
}
```

However, in this example where it compares two `std::string`'s instead, it does not find it so easily:

```
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
  std::string the_string(reinterpret_cast<const char*>(data), size);
  std::string hello = "Hello, world!";
  if (the_string == hello) {
    std::cout << "Found it!\n";
 exit(1);
  }
  return 0;
}
```

Interestingly, if we make the string too long to fit in the short-string optimization storage, it works again.

The reason seems to be that libc++ uses a hand written loop for "short" strings instead of calling `char_traits<char>::compare` which presumably ends up calling `memcmp`.

I don't know what the fix is here, but maybe libc++ could use memcmp in more cases (or when using fuzzer instrumentation), or libfuzzer could be smarter somehow?

(This was originally reported in https://crbug.com/343801371)
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzcVU1v4zgM_TXKhWjhyPlwDj6k6QQzwCz2MthrIdt0rK0seUWqbvrrF7TTtM1h97pYoLDVunwkH58eDZE9ecRSrR_U-nFhEnchlm99aLBfVKE5l85WbXp7wwjWM8YaByZQm6zHvu4HtclA6cL4BgJ3GKFNvmYbPCm9Aw5g0qlHz8Adwoyj9JagDnFIBKPlDhrDBpx9RneWiM4y9CEi1KFBGAx3dK-yR5Xt5-evzjD0aDyBZRitc_CC8Qx_JVs_u_MUL9mU1seQfAOWldZQRePrDqwH7iwBvpp-cKjy_WdstckuP9Ov-MoYvSAdBMJ6hp8___jtOPXxC4l_9_jDD4mVLurgiSFZz8UTK72f2lL6AGTf8Imnl3Citg8zOABxI_nzPXG0_iRVP81HpYuIE99DRH6qDbHKD3OKujNR6b3KvyldzEl273nkmF_xbSuz-UAFlT-q_FH6-Y7OBYkaQ3SN0kul9U11n-qrQ2JQ-UHlh6-0LtX64CX0mhRf5e_F8mslavv4fozIKXrIrl-v327In5_fw4gvIprD7ehg7DCiaKAO_WAiEvAYRJo3vAqiaM56YjTNBMXQBCTwgaG1UzNAAdCQdef_tSZu8TsRAvyTKv5dT90c9h9Uzw-hC4mtP7nzNPgWRoTePOPkEe8khwAuTAdoLc9KQ6AuRL67_E8Y2Pb2zYi5AXGI5oQXKY0hPhOYk7H-xqkQIhqSAMSeBL6SxIbB2apW-kHpB0iEBAY6MdExWmb04EIYoA1RCJvKEK3NlVyFDKGF2jg3TWKTiQaeOBrLJLoQReTf3icwXRAx67GzdQdDREq9qdwZ0DcEafiMdLX2L938gCZ4pbcMzz6MMEoXk6vbV7AEchmFjyox9OZc4ecW65BcI43CjC0Mzx5vpHmlixDlPntIJEVcNw5xTLI_Jtovog4RPpbSjFwhUG8iYwQKPXZhVPnxyyXWxS_xjtEQhGhP1hvnzhBxCJGxkXo65oGEL31U-ljHKp3u69ArfcxXeZEt863IctGUebPLd2aB5XK73K50nuli0ZVmVW-yVVuZfL1p8mqFWZFlbbHcVXmrt-vNwpY606tsk-XLfL3Nivtm07SmWmbNLjPYtkatMuyNdffOvfT3IZ4WlihhuVtprRfOVOhoWtRaf1A7-bY4kczYOox3kVW-f1-1WrZ6LAXxrkonUqvMWWL6yMGWHZafAbd06xLzOQwYDYd4ufVX5qdBfkykjRZ9486LFF35ldST5S5VF1algsvrbojhT6xZ6ePUMil9nLt-KfXfAQAA__9VXLBv">