[PATCH] D21049: [LibFuzzer] Fix some unit test crashes on OSX.
Dan Liew via llvm-commits
llvm-commits at lists.llvm.org
Mon Jun 6 20:52:57 PDT 2016
delcypher added a comment.
F2036594: disassembly.parseone.txt <http://reviews.llvm.org/F2036594>>>! In http://reviews.llvm.org/D21049#450537, @kcc wrote:
> How exactly does it crash?
When running ``lib/Fuzzer/test/LLVMFuzzer-Unittest --gtest_filter=FuzzerDictionary.ParseOneDictionaryEntry``
Note: Google Test filter = FuzzerDictionary.ParseOneDictionaryEntry
[==========] Running 1 test from 1 test case.
[----------] Global test environment set-up.
[----------] 1 test from FuzzerDictionary
[ RUN ] FuzzerDictionary.ParseOneDictionaryEntry
/Volumes/data/dev/libfuzzer/src/lib/Fuzzer/test/FuzzerUnittest.cpp:357: Failure
Value of: ParseOneDictionaryEntry("\"abc\"", &U)
Actual: false
Expected: true
/Volumes/data/dev/libfuzzer/src/lib/Fuzzer/test/FuzzerUnittest.cpp:358: Failure
Value of: Unit({'a', 'b', 'c'})
Actual: { 'a' (97, 0x61), 'b' (98, 0x62), 'c' (99, 0x63) }
Expected: U
Which is: { '\0' }
/Volumes/data/dev/libfuzzer/src/lib/Fuzzer/test/FuzzerUnittest.cpp:359: Failure
Value of: ParseOneDictionaryEntry("abc=\"abc\"", &U)
Actual: false
Expected: true
/Volumes/data/dev/libfuzzer/src/lib/Fuzzer/test/FuzzerUnittest.cpp:360: Failure
Value of: Unit({'a', 'b', 'c'})
Actual: { 'a' (97, 0x61), 'b' (98, 0x62), 'c' (99, 0x63) }
Expected: U
Which is: { '\0' }
ASAN:DEADLYSIGNAL
=================================================================
==35158==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000006 (pc 0x0001051f212d bp 0x7fff5ab31e10 sp 0x7fff5ab31db0 T0)
==35158==The signal is caused by a READ memory access.
==35158==Hint: address points to the zero page.
#0 0x1051f212c in fuzzer::ParseOneDictionaryEntry(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::vector<unsigned char, std::__1::allocator<unsigned char> >*) string:1829
#1 0x1050ffff8 in FuzzerDictionary_ParseOneDictionaryEntry_Test::TestBody() FuzzerUnittest.cpp:366
#2 0x105198a82 in testing::Test::Run() gtest.cc:2161
#3 0x10519a1ab in testing::TestInfo::Run() gtest.cc:2309
#4 0x10519b968 in testing::TestCase::Run() gtest.cc:2416
#5 0x1051a8658 in testing::internal::UnitTestImpl::RunAllTests() gtest.cc:4207
#6 0x1051a7ef0 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) gtest.cc:2142
#7 0x1051a7def in testing::UnitTest::Run() gtest.cc:3841
#8 0x1051dfc36 in main TestMain.cpp:47
#9 0x7fff8ce7a5ac in start (libdyld.dylib+0x35ac)
#10 0x1 (<unknown module>)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV string:1829 in fuzzer::ParseOneDictionaryEntry(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, std::__1::vector<unsigned char, std::__1::allocator<unsigned char> >*)
==35158==ABORTING
In lldb
Process 35225 stopped
* thread #1: tid = 0x785871, 0x000000010012812d LLVMFuzzer-Unittest`fuzzer::ParseOneDictionaryEntry(Str=<unavailable>, U=<unavailable>) + 413 at FuzzerUtil.cpp:194, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x6)
frame #0: 0x000000010012812d LLVMFuzzer-Unittest`fuzzer::ParseOneDictionaryEntry(Str=<unavailable>, U=<unavailable>) + 413 at FuzzerUtil.cpp:194
191 assert(L <= R);
192 for (size_t Pos = L; Pos <= R; Pos++) {
193 uint8_t V = (uint8_t)Str[Pos];
-> 194 if (!isprint(V) && !isspace(V)) return false;
195 if (V =='\\') {
196 // Handle '\\'
197 if (Pos + 1 <= R && (Str[Pos + 1] == '\\' || Str[Pos + 1] == '"')) {
and attached disassembly. In this case the crash occurs when executing
0x10012812d <+413>: movzbl (%rax,%r13), %edi
At the point of crashing
(lldb) register read rax
rax = 0x0000000000000001
(lldb) register read r13
r13 = 0x0000000000000005
http://reviews.llvm.org/D21049
More information about the llvm-commits
mailing list