[libc-commits] [PATCH] D144208: [libc] use vars in string to num fuzz targets

Michael Jones via Phabricator via libc-commits libc-commits at lists.llvm.org
Thu Feb 16 11:27:03 PST 2023 

michaelrj created this revision.
michaelrj added reviewers: sivachandra, lntue.
Herald added subscribers: libc-commits, ecnelises, tschuett.
Herald added projects: libc-project, All.
michaelrj requested review of this revision.

The string to integer and string to float standalone fuzz targets just
ran the functions and didn't do anything with the output. This was
intentional, since they are intended to be used with sanitizers to
detect buffer overflow bugs. Not using the variables was causing compile
warnings, so this patch adds trivial checks to use the variables.


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D144208

Files:
  libc/fuzzing/stdlib/strtofloat_fuzz.cpp
  libc/fuzzing/stdlib/strtointeger_fuzz.cpp


Index: libc/fuzzing/stdlib/strtointeger_fuzz.cpp
===================================================================
--- libc/fuzzing/stdlib/strtointeger_fuzz.cpp
+++ libc/fuzzing/stdlib/strtointeger_fuzz.cpp
@@ -65,6 +65,16 @@
   if (str_ptr + container_size - 1 < out_ptr)
     __builtin_trap();
 
+  // If atoi is non-zero and the base is at least 10
+  if (atoi_output != 0 && base >= 10) {
+    // Then all of the other functions should output non-zero values as well.
+    // This is a trivial check meant to silence the "unused variable" warnings.
+    if (atol_output == 0 || atoll_output == 0 || strtol_output == 0 ||
+        strtoll_output == 0 || strtoul_output == 0 || strtoull_output == 0) {
+      __builtin_trap();
+    }
+  }
+
   delete[] container;
   return 0;
 }
Index: libc/fuzzing/stdlib/strtofloat_fuzz.cpp
===================================================================
--- libc/fuzzing/stdlib/strtofloat_fuzz.cpp
+++ libc/fuzzing/stdlib/strtofloat_fuzz.cpp
@@ -45,6 +45,17 @@
   if (str_ptr + size < out_ptr)
     __builtin_trap();
 
+  // If any of the outputs are NaN
+  if (atof_output != atof_output || strtof_output != strtof_output ||
+      strtod_output != strtod_output || strtold_output != strtold_output) {
+    // Then all the outputs should be NaN.
+    // This is a trivial check meant to silence the "unused variable" warnings.
+    if (atof_output == atof_output || strtof_output == strtof_output ||
+        strtod_output == strtod_output || strtold_output == strtold_output) {
+      __builtin_trap();
+    }
+  }
+
   delete[] container;
   return 0;
 }


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D144208.498105.patch
Type: text/x-patch
Size: 1603 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/libc-commits/attachments/20230216/b37b77cc/attachment.bin>

More information about the libc-commits mailing list