[compiler-rt] r323802 - [libFuzzer] Fix sizeof(ptr) bug.

David Blaikie via llvm-commits llvm-commits at lists.llvm.org
Mon Feb 5 12:53:33 PST 2018 

Ah, yeah, if it's random that's tricky - though are these characters
already so rare that the test would have to run for very long to have a
reasonably high certainty it should hit them?

(a warning would also be good - but I'd still be in favor of a test as well
if it's practical)

On Mon, Feb 5, 2018 at 12:41 PM Matt Morehouse <mascasa at google.com> wrote:

> Easiest thing (as Kostya suggested) would be if there was a compiler
> warning we could enable to catch this case, but I couldn't find one.
>
> Maybe we could write a fuzz target that requires the input to contain a
> specific sequence of special symbols, and then set a timeout that would
> (hopefully) be hit before this fix and not after.  Could result in some
> flakiness though since it is possible to generate special symbols without
> using RandCh.
>
> On Mon, Feb 5, 2018 at 11:44 AM, David Blaikie <dblaikie at gmail.com> wrote:
>
>> Is there any easy to construct test case that was missing here? (that
>> enabled this bug to go undiscovered until now)
>>
>> On Tue, Jan 30, 2018 at 10:27 AM Matt Morehouse via llvm-commits <
>> llvm-commits at lists.llvm.org> wrote:
>>
>>> Author: morehouse
>>> Date: Tue Jan 30 10:25:55 2018
>>> New Revision: 323802
>>>
>>> URL: http://llvm.org/viewvc/llvm-project?rev=323802&view=rev
>>> Log:
>>> [libFuzzer] Fix sizeof(ptr) bug.
>>>
>>> sizeof(const char *) returns 4 or 8 when what we really want is the size
>>> of the array.
>>>
>>> Modified:
>>>     compiler-rt/trunk/lib/fuzzer/FuzzerMutate.cpp
>>>
>>> Modified: compiler-rt/trunk/lib/fuzzer/FuzzerMutate.cpp
>>> URL:
>>> http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerMutate.cpp?rev=323802&r1=323801&r2=323802&view=diff
>>>
>>> ==============================================================================
>>> --- compiler-rt/trunk/lib/fuzzer/FuzzerMutate.cpp (original)
>>> +++ compiler-rt/trunk/lib/fuzzer/FuzzerMutate.cpp Tue Jan 30 10:25:55
>>> 2018
>>> @@ -62,7 +62,7 @@ MutationDispatcher::MutationDispatcher(R
>>>
>>>  static char RandCh(Random &Rand) {
>>>    if (Rand.RandBool()) return Rand(256);
>>> -  const char *Special = "!*'();:@&=+$,/?%#[]012Az-`~.\xff\x00";
>>> +  const char Special[] = "!*'();:@&=+$,/?%#[]012Az-`~.\xff\x00";
>>>    return Special[Rand(sizeof(Special) - 1)];
>>>  }
>>>
>>>
>>>
>>> _______________________________________________
>>> llvm-commits mailing list
>>> llvm-commits at lists.llvm.org
>>> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180205/96fe3a64/attachment.html>

More information about the llvm-commits mailing list