[llvm] r254558 - Libfuzzer: do not pass null into user function

David Blaikie via llvm-commits llvm-commits at lists.llvm.org
Thu Dec 3 11:11:08 PST 2015 

On Thu, Dec 3, 2015 at 10:59 AM, Mike Aizatsky <aizatsky at chromium.org>
wrote:

> We don't want to enforce this contract on user fuzzer functions. While
> some people find it reasonable, other prefer to add assert(ptr) to their
> code.
>

That seems like a flawed assertion though. Why wouldn't we just fix those
fuzzer fuctions/deem them to be incorrect?

- Dave


>
>
> On Wed, Dec 2, 2015 at 9:39 PM David Blaikie <dblaikie at gmail.com> wrote:
>
>> I think maybe this came up in the code review, but I'm still confused:
>>
>> Why is it significant to make the Data pointer non-null if the size is
>> zero? The implementation shouldn't care what value the Data pointer has if
>> it's been told that it points to zero valid bytes, no?
>>
>>
>> On Wed, Dec 2, 2015 at 2:43 PM, Mike Aizatsky via llvm-commits <
>> llvm-commits at lists.llvm.org> wrote:
>>
>>> Author: aizatsky
>>> Date: Wed Dec  2 16:43:53 2015
>>> New Revision: 254558
>>>
>>> URL: http://llvm.org/viewvc/llvm-project?rev=254558&view=rev
>>> Log:
>>> Libfuzzer: do not pass null into user function
>>>
>>> Differential Revision: http://reviews.llvm.org/D15098
>>>
>>> Modified:
>>>     llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
>>>     llvm/trunk/lib/Fuzzer/test/SimpleTest.cpp
>>>
>>> Modified: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
>>> URL:
>>> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=254558&r1=254557&r2=254558&view=diff
>>>
>>> ==============================================================================
>>> --- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp (original)
>>> +++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp Wed Dec  2 16:43:53 2015
>>> @@ -238,7 +238,11 @@ void Fuzzer::RunOneAndUpdateCorpus(Unit
>>>  }
>>>
>>>  void Fuzzer::ExecuteCallback(const Unit &U) {
>>> -  int Res = USF.TargetFunction(U.data(), U.size());
>>> +  const uint8_t *Data = U.data();
>>> +  uint8_t EmptyData;
>>> +  if (!Data)
>>> +    Data = &EmptyData;
>>> +  int Res = USF.TargetFunction(Data, U.size());
>>>    (void)Res;
>>>    assert(Res == 0);
>>>  }
>>>
>>> Modified: llvm/trunk/lib/Fuzzer/test/SimpleTest.cpp
>>> URL:
>>> http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/SimpleTest.cpp?rev=254558&r1=254557&r2=254558&view=diff
>>>
>>> ==============================================================================
>>> --- llvm/trunk/lib/Fuzzer/test/SimpleTest.cpp (original)
>>> +++ llvm/trunk/lib/Fuzzer/test/SimpleTest.cpp Wed Dec  2 16:43:53 2015
>>> @@ -1,4 +1,5 @@
>>>  // Simple test for a fuzzer. The fuzzer must find the string "Hi!".
>>> +#include <assert.h>
>>>  #include <cstdint>
>>>  #include <cstdlib>
>>>  #include <cstddef>
>>> @@ -7,6 +8,7 @@
>>>  static volatile int Sink;
>>>
>>>  extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
>>> {
>>> +  assert(Data);
>>>    if (Size > 0 && Data[0] == 'H') {
>>>      Sink = 1;
>>>      if (Size > 1 && Data[1] == 'i') {
>>>
>>>
>>> _______________________________________________
>>> llvm-commits mailing list
>>> llvm-commits at lists.llvm.org
>>> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20151203/0bcb8ad1/attachment.html>

More information about the llvm-commits mailing list