[llvm] r276006 - [libFuzzer] properly intercept memmem
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Tue Jul 19 11:29:10 PDT 2016
Author: kcc
Date: Tue Jul 19 13:29:06 2016
New Revision: 276006
URL: http://llvm.org/viewvc/llvm-project?rev=276006&view=rev
Log:
[libFuzzer] properly intercept memmem
Modified:
llvm/trunk/lib/Fuzzer/FuzzerTraceState.cpp
llvm/trunk/lib/Fuzzer/test/StrstrTest.cpp
Modified: llvm/trunk/lib/Fuzzer/FuzzerTraceState.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerTraceState.cpp?rev=276006&r1=276005&r2=276006&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerTraceState.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerTraceState.cpp Tue Jul 19 13:29:06 2016
@@ -173,6 +173,12 @@ struct TraceBasedMutation {
static bool RecordingTraces = false;
static bool RecordingMemcmp = false;
static bool RecordingMemmem = false;
+static bool DoingMyOwnMemmem = false;
+
+struct ScopedDoingMyOwnMemmem {
+ ScopedDoingMyOwnMemmem() { DoingMyOwnMemmem = true; }
+ ~ScopedDoingMyOwnMemmem() { DoingMyOwnMemmem = false; }
+};
class TraceState {
public:
@@ -400,6 +406,7 @@ void TraceState::DFSanSwitchCallback(uin
int TraceState::TryToAddDesiredData(uint64_t PresentData, uint64_t DesiredData,
size_t DataSize) {
if (NumMutations >= kMaxMutations || !WantToHandleOneMoreMutation()) return 0;
+ ScopedDoingMyOwnMemmem scoped_doing_my_own_memmem;
const uint8_t *UnitData;
auto UnitSize = F->GetCurrentUnitInFuzzingThead(&UnitData);
int Res = 0;
@@ -423,6 +430,7 @@ int TraceState::TryToAddDesiredData(cons
const uint8_t *DesiredData,
size_t DataSize) {
if (NumMutations >= kMaxMutations || !WantToHandleOneMoreMutation()) return 0;
+ ScopedDoingMyOwnMemmem scoped_doing_my_own_memmem;
const uint8_t *UnitData;
auto UnitSize = F->GetCurrentUnitInFuzzingThead(&UnitData);
int Res = 0;
@@ -639,7 +647,8 @@ void __sanitizer_weak_hook_strcasestr(vo
}
void __sanitizer_weak_hook_memmem(void *called_pc, const void *s1, size_t len1,
const void *s2, size_t len2, void *result) {
- // TODO: can't hook memmem since memmem is used by libFuzzer.
+ if (fuzzer::DoingMyOwnMemmem) return;
+ TS->AddInterestingWord(reinterpret_cast<const uint8_t *>(s2), len2);
}
#endif // LLVM_FUZZER_DEFINES_SANITIZER_WEAK_HOOOKS
Modified: llvm/trunk/lib/Fuzzer/test/StrstrTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/StrstrTest.cpp?rev=276006&r1=276005&r2=276006&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/StrstrTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/StrstrTest.cpp Tue Jul 19 13:29:06 2016
@@ -9,8 +9,12 @@
#include <cstdlib>
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ if (Size < 4) return 0;
std::string s(reinterpret_cast<const char*>(Data), Size);
- if (strstr(s.c_str(), "FUZZ") && strcasestr(s.c_str(), "aBcD")) {
+ if (strstr(s.c_str(), "FUZZ") &&
+ strcasestr(s.c_str(), "aBcD") &&
+ memmem(s.data(), s.size(), "kuku", 4)
+ ) {
fprintf(stderr, "BINGO\n");
exit(1);
}
More information about the llvm-commits
mailing list