[llvm-bugs] [Bug 48484] New: clang -m32 -fsanitize=fuzzer x.c fails at linking

via llvm-bugs llvm-bugs at lists.llvm.org
Fri Dec 11 06:47:55 PST 2020 

https://bugs.llvm.org/show_bug.cgi?id=48484

            Bug ID: 48484
           Summary: clang -m32 -fsanitize=fuzzer x.c fails at linking
           Product: compiler-rt
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P
         Component: fuzzer
          Assignee: unassignedbugs at nondot.org
          Reporter: oliver.moeller at verified.de
                CC: llvm-bugs at lists.llvm.org

Created attachment 24268
  --> https://bugs.llvm.org/attachment.cgi?id=24268&action=edit
Example Input file to create a fuzzer binary

I want to be able to create both 64bit and 32bit fuzzing executables with
clang.

On my CentOS-8 system, I have the following packages installed for this:
  clang-10.0.1-1.module_el8.3.0+467+cb298d5b.x86_64
  clang-10.0.1-1.module_el8.3.0+467+cb298d5b.i686
  compiler-rt-10.0.1-1.module_el8.3.0+467+cb298d5b.i686
  compiler-rt-10.0.1-1.module_el8.3.0+467+cb298d5b.x86_64

In the provided simple_min.c, there is a bug in function min(),
that only triggers if sizeof(long)==8.
simple_min.c also contains an (always) correct implementation robust_minimum()
and LLVMFuzzerTestOneInput() is constructed such that the two
results are compared to be equal.

Compiling a fuzzer executable with
    $ clang -fsanitize=fuzzer simple_min.c 
works fine, and running ./a.out soon aborts with a detected counterexample
(crash).

However, attempts to compile/link with a 32bit tool chain fails:
    $ clang -m32 -fsanitize=fuzzer simple_min.c 
    /usr/bin/ld: cannot find
/usr/lib64/clang/10.0.1/lib/linux/libclang_rt.fuzzer-i386.a: No such file or
directory
    /usr/bin/ld: cannot find
/usr/lib64/clang/10.0.1/lib/linux/libclang_rt.ubsan_standalone-i386.a: No such
file or directory
    clang-10: error: linker command failed with exit code 1 (use -v to see
invocation)

As can be seen from the ld output, the wrong directory (/usr/lib64/...)
is scanned for the 32bit libclang_rt.fuzzer-i386.a

Instead, 'clang -m32' should use the following libraries here:
  /usr/lib/clang/10.0.1/lib/libclang_rt.fuzzer-i386.a
  /usr/lib/clang/10.0.1/lib/libclang_rt.ubsan_standalone-i386.a

In fact, if I create (as a hack) the following symlinks 
  /usr/lib64/clang/10.0.1/lib/linux/libclang_rt.fuzzer-i386.a ->
/usr/lib/clang/10.0.1/lib/libclang_rt.profile-i386.a
  /usr/lib64/clang/10.0.1/lib/linux/libclang_rt.ubsan_standalone-i386.a ->
/usr/lib/clang/10.0.1/lib/libclang_rt.ubsan_standalone-i386.a
then the 'clang -m32' invocation creates (correctly) a 32bit fuzz executable.

Other than the 64bit executable, this one does *not* find a
problem with the min() implementation (since sizeof(long)==4,
at least on my CentOS-8 system).

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20201211/dcefacf5/attachment.html>

More information about the llvm-bugs mailing list