[libc-commits] [libc] [libc] add hashtable fuzzing (PR #87949)

[Schrodinger ZHU Yifan via libc-commits]

SchrodingerZhu wrote:

**update**:
Seems that I run into another error when increase the change of insertion to 3/5:

```
==2288660==ERROR: UndefinedBehaviorSanitizer: SEGV on unknown address 0x000000000008 (pc 0x5a48d233fb71 bp 0x7fffdb7c6ef0 sp 0x7fffdb7c6ce0 T2288660)
==2288660==The signal is caused by a READ memory access.
==2288660==Hint: address points to the zero page.
    #0 0x5a48d233fb71 in LLVMFuzzerTestOneInput /home/schrodingerzy/Documents/llvm/llvm-project/libc/fuzzing/__support/hashtable_fuzz.cpp:168:58
    #1 0x5a48d22e8f18 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/home/schrodingerzy/Documents/llvm/llvm-project/build/projects/libc/fuzzing/__support/libc.fuzzing.__support.hashtable_opt_fuzz+0x3df18) (BuildId: 57f188612f1e6b12555f10c85afddf26fba91ab5)
    #2 0x5a48d22e9bf0 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) (/home/schrodingerzy/Documents/llvm/llvm-project/build/projects/libc/fuzzing/__support/libc.fuzzing.__support.hashtable_opt_fuzz+0x3ebf0) (BuildId: 57f188612f1e6b12555f10c85afddf26fba91ab5)
    #3 0x5a48d22eac81 in fuzzer::Fuzzer::MutateAndTestOne() (/home/schrodingerzy/Documents/llvm/llvm-project/build/projects/libc/fuzzing/__support/libc.fuzzing.__support.hashtable_opt_fuzz+0x3fc81) (BuildId: 57f188612f1e6b12555f10c85afddf26fba91ab5)
    #4 0x5a48d22ebaa7 in fuzzer::Fuzzer::Loop(std::vector<fuzzer::SizedFile, std::allocator<fuzzer::SizedFile>>&) (/home/schrodingerzy/Documents/llvm/llvm-project/build/projects/libc/fuzzing/__support/libc.fuzzing.__support.hashtable_opt_fuzz+0x40aa7) (BuildId: 57f188612f1e6b12555f10c85afddf26fba91ab5)
    #5 0x5a48d22cc316 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/home/schrodingerzy/Documents/llvm/llvm-project/build/projects/libc/fuzzing/__support/libc.fuzzing.__support.hashtable_opt_fuzz+0x21316) (BuildId: 57f188612f1e6b12555f10c85afddf26fba91ab5)
    #6 0x5a48d22b6597 in main (/home/schrodingerzy/Documents/llvm/llvm-project/build/projects/libc/fuzzing/__support/libc.fuzzing.__support.hashtable_opt_fuzz+0xb597) (BuildId: 57f188612f1e6b12555f10c85afddf26fba91ab5)
    #7 0x7ea689f4400f in __libc_start_call_main /usr/src/debug/glibc/glibc/csu/../sysdeps/nptl/libc_start_call_main.h:58:16
    #8 0x7ea689f440c9 in __libc_start_main /usr/src/debug/glibc/glibc/csu/../csu/libc-start.c:360:3
    #9 0x5a48d22b65f4 in _start (/home/schrodingerzy/Documents/llvm/llvm-project/build/projects/libc/fuzzing/__support/libc.fuzzing.__support.hashtable_opt_fuzz+0xb5f4) (BuildId: 57f188612f1e6b12555f10c85afddf26fba91ab5)

UndefinedBehaviorSanitizer can not provide additional info.
SUMMARY: UndefinedBehaviorSanitizer: SEGV /home/schrodingerzy/Documents/llvm/llvm-project/libc/fuzzing/__support/hashtable_fuzz.cpp:168:58 in LLVMFuzzerTestOneInput
==2288660==ABORTING
MS: 4 CMP-ShuffleBytes-CrossOver-Custom- DE: "\021\000\000\000\000\000\000\000"-; base unit: adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
artifact_prefix='./'; Test unit written to ./crash-515328899757caa24abf222700ab03823fe25732
```

https://github.com/llvm/llvm-project/pull/87949