<div dir="ltr"><div>Hi Joe and Jonathan,</div><div><br></div><div>The commit f897e82 seems to cause a test failure on the Buildbot (<a href="http://lab.llvm.org:8011/#/builders/112/builds/1115/steps/5/logs/FAIL__libFuzzer___uncaught-exception_test">http://lab.llvm.org:8011/#/builders/112/builds/1115/steps/5/logs/FAIL__libFuzzer___uncaught-exception_test</a>), could you please either fix it or revert the commit?</div><div><br></div><div>Thanks,</div><div>Maggie<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Nov 12, 2020 at 9:12 PM Jonathan Metzman via llvm-commits <<a href="mailto:llvm-commits@lists.llvm.org">llvm-commits@lists.llvm.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br>
Author: Joe Pletcher<br>
Date: 2020-11-12T13:11:14-08:00<br>
New Revision: f897e82bfd86099a5321e3fd50c63598e11e289b<br>
<br>
URL: <a href="https://github.com/llvm/llvm-project/commit/f897e82bfd86099a5321e3fd50c63598e11e289b" rel="noreferrer" target="_blank">https://github.com/llvm/llvm-project/commit/f897e82bfd86099a5321e3fd50c63598e11e289b</a><br>
DIFF: <a href="https://github.com/llvm/llvm-project/commit/f897e82bfd86099a5321e3fd50c63598e11e289b.diff" rel="noreferrer" target="_blank">https://github.com/llvm/llvm-project/commit/f897e82bfd86099a5321e3fd50c63598e11e289b.diff</a><br>
<br>
LOG: [fuzzer] Add Windows Visual C++ exception intercept<br>
<br>
Adds a new option, `handle_winexcept` to try to intercept uncaught<br>
Visual C++ exceptions on Windows. On Linux, such exceptions are handled<br>
implicitly by `std::terminate()` raising `SIBABRT`. This option brings the<br>
Windows behavior in line with Linux.<br>
<br>
Unfortunately this exception code is intentionally undocumented, however<br>
has remained stable for the last decade. More information can be found<br>
here: <a href="https://devblogs.microsoft.com/oldnewthing/20100730-00/?p=13273" rel="noreferrer" target="_blank">https://devblogs.microsoft.com/oldnewthing/20100730-00/?p=13273</a><br>
<br>
Reviewed By: morehouse, metzman<br>
<br>
Differential Revision: <a href="https://reviews.llvm.org/D89755" rel="noreferrer" target="_blank">https://reviews.llvm.org/D89755</a><br>
<br>
Added: <br>
compiler-rt/test/fuzzer/UncaughtException.cpp<br>
compiler-rt/test/fuzzer/uncaught-exception.test<br>
<br>
Modified: <br>
compiler-rt/lib/fuzzer/FuzzerDriver.cpp<br>
compiler-rt/lib/fuzzer/FuzzerFlags.def<br>
compiler-rt/lib/fuzzer/FuzzerOptions.h<br>
compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp<br>
<br>
Removed: <br>
<br>
<br>
<br>
################################################################################<br>
diff --git a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp<br>
index 6b674c4e9d7a..447cafce7fd4 100644<br>
--- a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp<br>
+++ b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp<br>
@@ -829,6 +829,8 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {<br>
Options.HandleXfsz = Flags.handle_xfsz;<br>
Options.HandleUsr1 = Flags.handle_usr1;<br>
Options.HandleUsr2 = Flags.handle_usr2;<br>
+ Options.HandleWinExcept = Flags.handle_winexcept;<br>
+<br>
SetSignalHandler(Options);<br>
<br>
std::atexit(Fuzzer::StaticExitCallback);<br>
<br>
diff --git a/compiler-rt/lib/fuzzer/FuzzerFlags.def b/compiler-rt/lib/fuzzer/FuzzerFlags.def<br>
index ef6c3f8ba8f0..ab31da0ae5d6 100644<br>
--- a/compiler-rt/lib/fuzzer/FuzzerFlags.def<br>
+++ b/compiler-rt/lib/fuzzer/FuzzerFlags.def<br>
@@ -145,6 +145,8 @@ FUZZER_FLAG_INT(handle_term, 1, "If 1, try to intercept SIGTERM.")<br>
FUZZER_FLAG_INT(handle_xfsz, 1, "If 1, try to intercept SIGXFSZ.")<br>
FUZZER_FLAG_INT(handle_usr1, 1, "If 1, try to intercept SIGUSR1.")<br>
FUZZER_FLAG_INT(handle_usr2, 1, "If 1, try to intercept SIGUSR2.")<br>
+FUZZER_FLAG_INT(handle_winexcept, 1, "If 1, try to intercept uncaught Windows "<br>
+ "Visual C++ Exceptions.")<br>
FUZZER_FLAG_INT(close_fd_mask, 0, "If 1, close stdout at startup; "<br>
"if 2, close stderr; if 3, close both. "<br>
"Be careful, this will also close e.g. stderr of asan.")<br>
<br>
diff --git a/compiler-rt/lib/fuzzer/FuzzerOptions.h b/compiler-rt/lib/fuzzer/FuzzerOptions.h<br>
index 21155e9c5692..d0c285a6821d 100644<br>
--- a/compiler-rt/lib/fuzzer/FuzzerOptions.h<br>
+++ b/compiler-rt/lib/fuzzer/FuzzerOptions.h<br>
@@ -84,6 +84,7 @@ struct FuzzingOptions {<br>
bool HandleXfsz = false;<br>
bool HandleUsr1 = false;<br>
bool HandleUsr2 = false;<br>
+ bool HandleWinExcept = false;<br>
};<br>
<br>
} // namespace fuzzer<br>
<br>
diff --git a/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp b/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp<br>
index a360b65b5412..1a54bb569eca 100644<br>
--- a/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp<br>
+++ b/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp<br>
@@ -60,7 +60,15 @@ static LONG CALLBACK ExceptionHandler(PEXCEPTION_POINTERS ExceptionInfo) {<br>
if (HandlerOpt->HandleFpe)<br>
Fuzzer::StaticCrashSignalCallback();<br>
break;<br>
- // TODO: handle (Options.HandleXfsz)<br>
+ // This is an undocumented exception code corresponding to a Visual C++<br>
+ // Exception.<br>
+ //<br>
+ // See: <a href="https://devblogs.microsoft.com/oldnewthing/20100730-00/?p=13273" rel="noreferrer" target="_blank">https://devblogs.microsoft.com/oldnewthing/20100730-00/?p=13273</a><br>
+ case 0xE06D7363:<br>
+ if (HandlerOpt->HandleWinExcept)<br>
+ Fuzzer::StaticCrashSignalCallback();<br>
+ break;<br>
+ // TODO: Handle (Options.HandleXfsz)<br>
}<br>
return EXCEPTION_CONTINUE_SEARCH;<br>
}<br>
@@ -127,7 +135,7 @@ void SetSignalHandler(const FuzzingOptions& Options) {<br>
}<br>
<br>
if (Options.HandleSegv || Options.HandleBus || Options.HandleIll ||<br>
- Options.HandleFpe)<br>
+ Options.HandleFpe || Options.HandleWinExcept)<br>
SetUnhandledExceptionFilter(ExceptionHandler);<br>
<br>
if (Options.HandleAbrt)<br>
<br>
diff --git a/compiler-rt/test/fuzzer/UncaughtException.cpp b/compiler-rt/test/fuzzer/UncaughtException.cpp<br>
new file mode 100644<br>
index 000000000000..35df4a9ce326<br>
--- /dev/null<br>
+++ b/compiler-rt/test/fuzzer/UncaughtException.cpp<br>
@@ -0,0 +1,10 @@<br>
+#include <cstdint><br>
+#include <vector><br>
+<br>
+extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t *data, size_t size) {<br>
+ std::vector<uint8_t> v;<br>
+ // Intentionally throw std::length_error<br>
+ v.reserve(static_cast<uint64_t>(-1));<br>
+<br>
+ return 0;<br>
+}<br>
<br>
diff --git a/compiler-rt/test/fuzzer/uncaught-exception.test b/compiler-rt/test/fuzzer/uncaught-exception.test<br>
new file mode 100644<br>
index 000000000000..28c423a4e431<br>
--- /dev/null<br>
+++ b/compiler-rt/test/fuzzer/uncaught-exception.test<br>
@@ -0,0 +1,8 @@<br>
+# Test that throws a C++ exception and doesn't catch it. Should result in a<br>
+# crash<br>
+RUN: %cpp_compiler %S/UncaughtException.cpp -o %t-UncaughtException<br>
+<br>
+RUN: not %run %t-UncaughtException 2>&1 | FileCheck %s<br>
+<br>
+CHECK: ERROR: libFuzzer: deadly signal<br>
+CHECK: Test unit written to ./crash<br>
<br>
<br>
<br>
_______________________________________________<br>
llvm-commits mailing list<br>
<a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a><br>
<a href="https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits" rel="noreferrer" target="_blank">https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits</a><br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><font size="2"><span style="font-family:arial,helvetica,sans-serif"></span></font><font size="2" face="Calibri"><span style="font-size:11pt"><font size="2"><span style="font-size:10pt"><font face="Arial" color="#1F497D">Ying Yi<br>SN Systems - Sony Interactive Entertainment</font></span></font></span></font><br></div></div></div></div></div></div></div></div>