[libc-commits] [PATCH] D144208: [libc] use vars in string to num fuzz targets

Michael Jones via Phabricator via libc-commits libc-commits at lists.llvm.org
Fri Feb 17 14:07:25 PST 2023 

michaelrj updated this revision to Diff 498505.
michaelrj marked an inline comment as done.
michaelrj added a comment.

move to is_nan function, and fix some typos in the comments


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D144208/new/

https://reviews.llvm.org/D144208

Files:
  libc/fuzzing/stdlib/strtofloat_fuzz.cpp
  libc/fuzzing/stdlib/strtointeger_fuzz.cpp


Index: libc/fuzzing/stdlib/strtointeger_fuzz.cpp
===================================================================
--- libc/fuzzing/stdlib/strtointeger_fuzz.cpp
+++ libc/fuzzing/stdlib/strtointeger_fuzz.cpp
@@ -65,6 +65,16 @@
   if (str_ptr + container_size - 1 < out_ptr)
     __builtin_trap();
 
+  // If atoi is non-zero and the base is at least 10
+  if (atoi_output != 0 && base >= 10) {
+    // Then all of the other functions should output non-zero values as well.
+    // This is a trivial check meant to silence the "unused variable" warnings.
+    if (atol_output == 0 || atoll_output == 0 || strtol_output == 0 ||
+        strtoll_output == 0 || strtoul_output == 0 || strtoull_output == 0) {
+      __builtin_trap();
+    }
+  }
+
   delete[] container;
   return 0;
 }
Index: libc/fuzzing/stdlib/strtofloat_fuzz.cpp
===================================================================
--- libc/fuzzing/stdlib/strtofloat_fuzz.cpp
+++ libc/fuzzing/stdlib/strtofloat_fuzz.cpp
@@ -9,6 +9,7 @@
 /// Fuzzing test for llvm-libc atof implementation.
 ///
 //===----------------------------------------------------------------------===//
+#include "src/__support/common.h"
 #include "src/stdlib/atof.h"
 #include "src/stdlib/strtod.h"
 #include "src/stdlib/strtof.h"
@@ -16,6 +17,8 @@
 #include <stddef.h>
 #include <stdint.h>
 
+template <typename T> LIBC_INLINE bool is_nan(T x) { return x != x; }
+
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
   uint8_t *container = new uint8_t[size + 1];
   if (!container)
@@ -30,10 +33,10 @@
 
   char *out_ptr = nullptr;
 
-  // This fuzzer only checks that the alrogithms didn't read beyond the end of
+  // This fuzzer only checks that the algorithms didn't read beyond the end of
   // the string in container. Combined with sanitizers, this will check that the
-  // code is not reading memory beyond what's expected. This test does not make
-  // any attempt to check correctness of the result.
+  // code is not reading memory beyond what's expected. This test does not
+  // effectively check the correctness of the result.
   auto volatile atof_output = __llvm_libc::atof(str_ptr);
   auto volatile strtof_output = __llvm_libc::strtof(str_ptr, &out_ptr);
   if (str_ptr + size < out_ptr)
@@ -45,6 +48,17 @@
   if (str_ptr + size < out_ptr)
     __builtin_trap();
 
+  // If any of the outputs are NaN
+  if (is_nan(atof_output) || is_nan(strtof_output) || is_nan(strtod_output) ||
+      is_nan(strtold_output)) {
+    // Then all the outputs should be NaN.
+    // This is a trivial check meant to silence the "unused variable" warnings.
+    if (!is_nan(atof_output) || !is_nan(strtof_output) ||
+        !is_nan(strtod_output) || !is_nan(strtold_output)) {
+      __builtin_trap();
+    }
+  }
+
   delete[] container;
   return 0;
 }


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D144208.498505.patch
Type: text/x-patch
Size: 2823 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/libc-commits/attachments/20230217/2789a8a0/attachment.bin>

More information about the libc-commits mailing list