<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, May 31, 2016 at 1:25 PM, David Majnemer <span dir="ltr"><<a href="mailto:david.majnemer@gmail.com">david.majnemer@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote"><span class="gmail-">On Tue, May 31, 2016 at 1:13 PM, Kostya Serebryany <span dir="ltr"><<a href="mailto:kcc@google.com">kcc@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span>On Tue, May 31, 2016 at 1:07 PM, David Majnemer <span dir="ltr"><<a href="mailto:david.majnemer@gmail.com">david.majnemer@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span>On Tue, May 31, 2016 at 11:50 AM, Kostya Serebryany <span dir="ltr"><<a href="mailto:kcc@google.com">kcc@google.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span>On Sun, May 29, 2016 at 2:25 PM, David Blaikie via llvm-commits <span dir="ltr"><<a href="mailto:llvm-commits@lists.llvm.org">llvm-commits@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span>On Sun, May 29, 2016 at 10:09 AM, David Majnemer <span dir="ltr"><<a href="mailto:david.majnemer@gmail.com">david.majnemer@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr">Not really, I have no way to reduce the test down to something reasonable. I'd rather not see the LLVM repo become a collection of large, malformed PDB files.</div></blockquote><div><br></div></span><div>Other ideas for how we ensure we don't regress the functionality you're adding? Sounds like this sort of idea is what Kostya has in mind for libFuzzer use - a corpus of interesting inputs that grows when bugs are fixed so the corpus can be run directly for regression testing, and used as input to the fuzzer for bug finding. Perhaps we need to formalize something like that for this sort of work?</div></div></div></div></blockquote><div><br></div></span><div>If someone creates a fuzz target code (similar to e.g. tools/clang/tools/clang-fuzzer/ClangFuzzer.cpp) it will be straightforward to add such a fuzzer to the <a href="http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fuzzer/builds/9533">fuzzing bot</a>. </div><div>The only question is whether someone will care to fix the bugs -- clang and clang-format fuzzers are red for many months. </div></div></div></div></blockquote><div><br></div></span><div>I've fuzzed llvm-pdbdump with AFL to the point where no bugs showed up. I've also written a libfuzzer target, llvm-pdbdump-fuzzer, which hasn't found any crashes.</div></div></div></div></blockquote></span><div>Do you want to run it on the bot? </div><div>Just add it here: ./zorg/buildbot/builders/sanitizers/buildbot_fuzzer.sh </div></div></div></div></blockquote><div><br></div></span><div>Sure but I'm afraid I can't find any instructions on how to get the corpus from the LLVM testsuite into the fuzzer itself.</div></div></div></div></blockquote><div><br></div><div>There aren't many instructions (I did not have a reason to invest into documentation given that the bugs were not fixed). </div><div>I've just created an empty dir gs://fuzzing-with-sanitizers/llvm/pdbdump/C1. </div><div>In buildbot_fuzzer.sh you need to make sure it's synchronized the same way as clang and clang-format dirs. (syncToGs and syncFromGs)</div><div>If you want to use a directory with samples as the initial seed (good idea!) pass it as a second corpus: </div><div>(${STAGE2_ASAN_ASSERTIONS_DIR}/bin/pdbdump-fuzzer -max_len=64 -jobs=8 -workers=8 -max_total_time=600 $PDBDUMP_CORPUS <b>llvm/path/to/secondary/corpus/dir</b>)<br></div><div><br></div><div>--kcc </div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><div class="gmail-h5"><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><br></div><div>--kcc </div><div><div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, May 29, 2016 at 9:25 AM, David Blaikie <span dir="ltr"><<a href="mailto:dblaikie@gmail.com">dblaikie@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="ltr">any chance of test cases for all this error handling being added?</div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Sat, May 28, 2016 at 12:45 PM, David Majnemer via llvm-commits <span dir="ltr"><<a href="mailto:llvm-commits@lists.llvm.org">llvm-commits@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">Author: majnemer<br>
Date: Sat May 28 14:45:49 2016<br>
New Revision: 271139<br>
<br>
URL: <a href="http://llvm.org/viewvc/llvm-project?rev=271139&view=rev" rel="noreferrer">http://llvm.org/viewvc/llvm-project?rev=271139&view=rev</a><br>
Log:<br>
[llvm-readobj] Validate the string table offset before using it<br>
<br>
Modified:<br>
llvm/trunk/tools/llvm-readobj/COFFDumper.cpp<br>
<br>
Modified: llvm/trunk/tools/llvm-readobj/COFFDumper.cpp<br>
URL: <a href="http://llvm.org/viewvc/llvm-project/llvm/trunk/tools/llvm-readobj/COFFDumper.cpp?rev=271139&r1=271138&r2=271139&view=diff" rel="noreferrer">http://llvm.org/viewvc/llvm-project/llvm/trunk/tools/llvm-readobj/COFFDumper.cpp?rev=271139&r1=271138&r2=271139&view=diff</a><br>
==============================================================================<br>
--- llvm/trunk/tools/llvm-readobj/COFFDumper.cpp (original)<br>
+++ llvm/trunk/tools/llvm-readobj/COFFDumper.cpp Sat May 28 14:45:49 2016<br>
@@ -794,14 +794,20 @@ void COFFDumper::printCodeViewSymbolSect<br>
while (!Contents.empty()) {<br>
const FrameData *FD;<br>
error(consumeObject(Contents, FD));<br>
+<br>
+ if (FD->FrameFunc >= CVStringTable.size())<br>
+ error(object_error::parse_failed);<br>
+<br>
+ StringRef FrameFunc =<br>
+ CVStringTable.drop_front(FD->FrameFunc).split('\0').first;<br>
+<br>
DictScope S(W, "FrameData");<br>
W.printHex("RvaStart", FD->RvaStart);<br>
W.printHex("CodeSize", FD->CodeSize);<br>
W.printHex("LocalSize", FD->LocalSize);<br>
W.printHex("ParamsSize", FD->ParamsSize);<br>
W.printHex("MaxStackSize", FD->MaxStackSize);<br>
- W.printString("FrameFunc",<br>
- CVStringTable.drop_front(FD->FrameFunc).split('\0').first);<br>
+ W.printString("FrameFunc", FrameFunc);<br>
W.printHex("PrologSize", FD->PrologSize);<br>
W.printHex("SavedRegsSize", FD->SavedRegsSize);<br>
W.printFlags("Flags", FD->Flags, makeArrayRef(FrameDataFlags));<br>
<br>
<br>
_______________________________________________<br>
llvm-commits mailing list<br>
<a href="mailto:llvm-commits@lists.llvm.org">llvm-commits@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits" rel="noreferrer">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits</a><br>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div></div></div><br></div></div>
<br>_______________________________________________<br>
llvm-commits mailing list<br>
<a href="mailto:llvm-commits@lists.llvm.org">llvm-commits@lists.llvm.org</a><br>
<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits" rel="noreferrer">http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits</a><br>
<br></blockquote></div></div></div><br></div></div>
</blockquote></div></div></div><br></div></div>
</blockquote></div></div></div><br></div></div>
</blockquote></div></div></div><br></div></div>
</blockquote></div><br></div></div>