[all-commits] [llvm/llvm-project] 544cb6: [YAMLIO] Add a generic YAML fuzzer harness

Scott Linder via All-commits all-commits at lists.llvm.org
Wed Nov 18 15:06:34 PST 2020


  Branch: refs/heads/master
  Home:   https://github.com/llvm/llvm-project
  Commit: 544cb649d7789a4199e8acea6e8a9da1409702b1
      https://github.com/llvm/llvm-project/commit/544cb649d7789a4199e8acea6e8a9da1409702b1
  Author: Scott Linder <Scott.Linder at amd.com>
  Date:   2020-11-18 (Wed, 18 Nov 2020)

  Changed paths:
    A llvm/tools/llvm-yaml-parser-fuzzer/CMakeLists.txt
    A llvm/tools/llvm-yaml-parser-fuzzer/DummyYAMLParserFuzzer.cpp
    A llvm/tools/llvm-yaml-parser-fuzzer/yaml-parser-fuzzer.cpp

  Log Message:
  -----------
  [YAMLIO] Add a generic YAML fuzzer harness

This is essentially a clone of the existing fuzzer added in D50839, but
for the whole parser Streamer, and currently only testing for sanitizer
violations.

Differential Revision: https://reviews.llvm.org/D91573


  Commit: 2980933d850b7506a1a96f8d11588b71956f4089
      https://github.com/llvm/llvm-project/commit/2980933d850b7506a1a96f8d11588b71956f4089
  Author: Scott Linder <Scott.Linder at amd.com>
  Date:   2020-11-18 (Wed, 18 Nov 2020)

  Changed paths:
    M llvm/lib/Support/YAMLParser.cpp
    M llvm/tools/llvm-yaml-parser-fuzzer/yaml-parser-fuzzer.cpp
    M llvm/unittests/Support/YAMLIOTest.cpp

  Log Message:
  -----------
  [YAMLIO] Support non-null-terminated inputs

In some places the parser guards against dereferencing `End`, while in
others it relies on the presence of a trailing `'\0'` to elide checks.

Add the remaining guards needed to ensure the parser never attempts to
dereference `End`, making it safe to not require a null-terminated input
buffer.

Update the parser fuzzer harness so that it tests with buffers that are
guaranteed to be non-null-terminated, null-terminated, and 1-terminated,
additionally ensuring the result of the parse is the same in each case.

Some of the regression tests were written by inspection, and some are
cases caught by the fuzzer which required additional fixes in the
parser.

Differential Revision: https://reviews.llvm.org/D84050


Compare: https://github.com/llvm/llvm-project/compare/132d6d73ea02...2980933d850b


More information about the All-commits mailing list