[libc-commits] [PATCH] D74091: [libc] Lay out framework for fuzzing libc functions.
Fangrui Song via Phabricator via libc-commits
libc-commits at lists.llvm.org
Tue Feb 11 22:00:18 PST 2020
MaskRay added inline comments.
================
Comment at: libc/fuzzing/string/strcpy_fuzz.cpp:12
+ // strcpy can only accept null-terminated strings.
+ char *src = (char *)malloc(size + 1);
+ memcpy(src, data, size);
----------------
If `malloc` returns NULL, `return 0`, otherwise when the system is under high memory pressure, the code may incorrectly trigger a crash.
================
Comment at: libc/fuzzing/string/strcpy_fuzz.cpp:13
+ char *src = (char *)malloc(size + 1);
+ memcpy(src, data, size);
+ for (size_t i = 0; i < size; i++) {
----------------
Placing malloc in the function LLVMFuzzerTestOneInput may make tests run slowly.
================
Comment at: libc/fuzzing/string/strcpy_fuzz.cpp:25
+
+ if (strcmp(dest, src) != 0) {
+ abort();
----------------
Braces around a single statement are not common in LLVM code. I think Google code tends to have more braces because:
```
% cat a.c
int main() {
if (strcmp(dest, src) != 0)
abort();
}
% clang-format --style=Google a.c
int main() {
if (strcmp(dest, src) != 0) abort();
}
```
Many consider `if (...) ...` on the same line strange. LLVM style does not have the problem.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D74091/new/
https://reviews.llvm.org/D74091
More information about the libc-commits
mailing list