[llvm] r271186 - [libFuzzer] fix a use-after-free (!) in libFuzzer caused by r270905: that CL caused a push_back in the main corpus invalidating the vector<> iterators in rare cases.

[Kostya Serebryany via llvm-commits]

Author: kcc
Date: Sun May 29 10:58:57 2016
New Revision: 271186

URL: http://llvm.org/viewvc/llvm-project?rev=271186&view=rev
Log:
[libFuzzer] fix a use-after-free (!) in libFuzzer caused by r270905: that CL caused a push_back in the main corpus invalidating the vector<> iterators in rare cases. 

Modified:
    llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
    llvm/trunk/lib/Fuzzer/test/fuzzer-threaded.test

Modified: llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp?rev=271186&r1=271185&r2=271186&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerLoop.cpp Sun May 29 10:58:57 2016
@@ -655,7 +655,7 @@ void Fuzzer::TryDetectingAMemoryLeak(con
   // Run the target once again, but with lsan disabled so that if there is
   // a real leak we do not report it twice.
   __lsan_disable();
-  RunOneAndUpdateCorpus(Data, Size);
+  RunOne(Data, Size);
   __lsan_enable();
   if (!HasMoreMallocsThanFrees) return;  // a leak is unlikely.
   if (NumberOfLeakDetectionAttempts++ > 1000) {

Modified: llvm/trunk/lib/Fuzzer/test/fuzzer-threaded.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/fuzzer-threaded.test?rev=271186&r1=271185&r2=271186&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer-threaded.test (original)
+++ llvm/trunk/lib/Fuzzer/test/fuzzer-threaded.test Sun May 29 10:58:57 2016
@@ -1,7 +1,10 @@
 CHECK: Done 1000 runs in
 
-RUN: LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000  2>&1 | FileCheck %s
-RUN: LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000  2>&1 | FileCheck %s
-RUN: LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000  2>&1 | FileCheck %s
-RUN: LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000  2>&1 | FileCheck %s
+# TODO(kcc): re-enable leak detection here.
+# Currently laak detection makes run counts imprecise.
+
+RUN: LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 -detect_leaks=0 2>&1 | FileCheck %s
+RUN: LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 -detect_leaks=0 2>&1 | FileCheck %s
+RUN: LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 -detect_leaks=0 2>&1 | FileCheck %s
+RUN: LLVMFuzzer-ThreadedTest -use_traces=1 -runs=1000 -detect_leaks=0 2>&1 | FileCheck %s