[llvm] r272240 - [libFuzzer] add one more OOM test, which we currently don't handle very well

[Sean Silva via llvm-commits]

On Wed, Jun 8, 2016 at 6:20 PM, Kostya Serebryany via llvm-commits <
llvm-commits at lists.llvm.org> wrote:

> Author: kcc
> Date: Wed Jun  8 20:20:35 2016
> New Revision: 272240
>
> URL: http://llvm.org/viewvc/llvm-project?rev=272240&view=rev
> Log:
> [libFuzzer] add one more OOM test, which we currently don't handle very
> well
>
> Added:
>     llvm/trunk/lib/Fuzzer/test/OneHugeAllocTest.cpp
> Modified:
>     llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
>
> Modified: llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/CMakeLists.txt?rev=272240&r1=272239&r2=272240&view=diff
>
> ==============================================================================
> --- llvm/trunk/lib/Fuzzer/test/CMakeLists.txt (original)
> +++ llvm/trunk/lib/Fuzzer/test/CMakeLists.txt Wed Jun  8 20:20:35 2016
> @@ -78,6 +78,7 @@ set(Tests
>    NullDerefTest
>    NullDerefOnEmptyTest
>    NthRunCrashTest
> +  OneHugeAllocTest
>    OutOfMemoryTest
>    RepeatedMemcmp
>    SimpleCmpTest
>
> Added: llvm/trunk/lib/Fuzzer/test/OneHugeAllocTest.cpp
> URL:
> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/OneHugeAllocTest.cpp?rev=272240&view=auto
>
> ==============================================================================
> --- llvm/trunk/lib/Fuzzer/test/OneHugeAllocTest.cpp (added)
> +++ llvm/trunk/lib/Fuzzer/test/OneHugeAllocTest.cpp Wed Jun  8 20:20:35
> 2016
> @@ -0,0 +1,29 @@
> +// This file is distributed under the University of Illinois Open Source
> +// License. See LICENSE.TXT for details.
> +
> +// Tests OOM handling when there is a single large allocation.
> +#include <assert.h>
> +#include <cstdint>
> +#include <cstdlib>
> +#include <cstddef>
> +#include <cstring>
> +#include <iostream>
> +#include <unistd.h>
> +
> +static volatile char *SinkPtr;
>

Do you mean `static char *volatile SinkPtr`? Otherwise the store to SinkPtr
is not volatile so it is not really acting like a sink.

-- Sean Silva


> +
> +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
> +  if (Size > 0 && Data[0] == 'H') {
> +    if (Size > 1 && Data[1] == 'i') {
> +      if (Size > 2 && Data[2] == '!') {
> +        size_t kSize = (size_t)1 << 31;
> +        char *p = new char[kSize];
> +        memset(p, 0, kSize);
> +        SinkPtr = p;
> +        delete [] p;
> +      }
> +    }
> +  }
> +  return 0;
> +}
> +
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20160609/f6616645/attachment.html>