[libc-commits] [libc] [libc] Add fuzzers for `memcpy` and `memset` (PR #90591)

Guillaume Chatelet via libc-commits libc-commits at lists.llvm.org
Tue Apr 30 06:45:53 PDT 2024


================
@@ -0,0 +1,45 @@
+//===-- memset_fuzz.cpp ---------------------------------------------------===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+///
+/// Fuzzing test for llvm-libc memcset implementation.
+///
+//===----------------------------------------------------------------------===//
+#include "protected_pages.h"
+#include "src/string/memset.h"
+#include <stddef.h> // size_t
+#include <stdint.h> // uint8_t
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t data_size) {
+  static constexpr size_t MAX_SIZE = 1024;
+  static ProtectedPages pages;
----------------
gchatelet wrote:

So for a reason that I don't understand it seems that passing `-fsanitize=memory` globally does not instrument the `memcpy` code. As a consequence,  I couldn't get the sanitizer to find the bug.
The compiled `memcpy` library contains a symbol for sanitizer initialization but the `memcpy` code is left un-instrumented.

Having all libc functions instrumented is one of the goals of the project so we definitely need to find the root cause.

In the meantime, I'm willing to submit this code as-is if you don't mind as it's a reproducer for a bug in `memcpy` with software prefetching when `AVX` is enabled.

https://github.com/llvm/llvm-project/pull/90591


More information about the libc-commits mailing list