[libc-commits] [PATCH] D144208: [libc] use vars in string to num fuzz targets

Michael Jones via Phabricator via libc-commits libc-commits at lists.llvm.org
Mon Feb 27 13:15:01 PST 2023 

michaelrj updated this revision to Diff 500893.
michaelrj marked 2 inline comments as done.
michaelrj added a comment.

move to normal inline and isnan


Repository:
  rG LLVM Github Monorepo

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D144208/new/

https://reviews.llvm.org/D144208

Files:
  libc/fuzzing/stdlib/strtofloat_fuzz.cpp
  libc/fuzzing/stdlib/strtointeger_fuzz.cpp


Index: libc/fuzzing/stdlib/strtointeger_fuzz.cpp
===================================================================
--- libc/fuzzing/stdlib/strtointeger_fuzz.cpp
+++ libc/fuzzing/stdlib/strtointeger_fuzz.cpp
@@ -65,6 +65,16 @@
   if (str_ptr + container_size - 1 < out_ptr)
     __builtin_trap();
 
+  // If atoi is non-zero and the base is at least 10
+  if (atoi_output != 0 && base >= 10) {
+    // Then all of the other functions should output non-zero values as well.
+    // This is a trivial check meant to silence the "unused variable" warnings.
+    if (atol_output == 0 || atoll_output == 0 || strtol_output == 0 ||
+        strtoll_output == 0 || strtoul_output == 0 || strtoull_output == 0) {
+      __builtin_trap();
+    }
+  }
+
   delete[] container;
   return 0;
 }
Index: libc/fuzzing/stdlib/strtofloat_fuzz.cpp
===================================================================
--- libc/fuzzing/stdlib/strtofloat_fuzz.cpp
+++ libc/fuzzing/stdlib/strtofloat_fuzz.cpp
@@ -13,6 +13,7 @@
 #include "src/stdlib/strtod.h"
 #include "src/stdlib/strtof.h"
 #include "src/stdlib/strtold.h"
+#include <math.h>
 #include <stddef.h>
 #include <stdint.h>
 
@@ -30,10 +31,10 @@
 
   char *out_ptr = nullptr;
 
-  // This fuzzer only checks that the alrogithms didn't read beyond the end of
+  // This fuzzer only checks that the algorithms didn't read beyond the end of
   // the string in container. Combined with sanitizers, this will check that the
-  // code is not reading memory beyond what's expected. This test does not make
-  // any attempt to check correctness of the result.
+  // code is not reading memory beyond what's expected. This test does not
+  // effectively check the correctness of the result.
   auto volatile atof_output = __llvm_libc::atof(str_ptr);
   auto volatile strtof_output = __llvm_libc::strtof(str_ptr, &out_ptr);
   if (str_ptr + size < out_ptr)
@@ -45,6 +46,17 @@
   if (str_ptr + size < out_ptr)
     __builtin_trap();
 
+  // If any of the outputs are NaN
+  if (isnan(atof_output) || isnan(strtof_output) || isnan(strtod_output) ||
+      isnan(strtold_output)) {
+    // Then all the outputs should be NaN.
+    // This is a trivial check meant to silence the "unused variable" warnings.
+    if (!isnan(atof_output) || !isnan(strtof_output) || !isnan(strtod_output) ||
+        !isnan(strtold_output)) {
+      __builtin_trap();
+    }
+  }
+
   delete[] container;
   return 0;
 }


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D144208.500893.patch
Type: text/x-patch
Size: 2432 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/libc-commits/attachments/20230227/3ca7d9ae/attachment.bin>

More information about the libc-commits mailing list