[llvm] r280098 - [libFuzzer] fix a bug when running a single unit of N bytes with -max_len=M, M<N, caused a buffer overflow
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Tue Aug 30 07:52:05 PDT 2016
Author: kcc
Date: Tue Aug 30 09:52:05 2016
New Revision: 280098
URL: http://llvm.org/viewvc/llvm-project?rev=280098&view=rev
Log:
[libFuzzer] fix a bug when running a single unit of N bytes with -max_len=M, M<N, caused a buffer overflow
Modified:
llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
llvm/trunk/lib/Fuzzer/test/fuzzer-singleinputs.test
Modified: llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp?rev=280098&r1=280097&r2=280098&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp Tue Aug 30 09:52:05 2016
@@ -250,11 +250,11 @@ static void StartRssThread(Fuzzer *F, si
T.detach();
}
-int RunOneTest(Fuzzer *F, const char *InputFilePath) {
+int RunOneTest(Fuzzer *F, const char *InputFilePath, size_t MaxLen) {
Unit U = FileToVector(InputFilePath);
- Unit PreciseSizedU(U);
- assert(PreciseSizedU.size() == PreciseSizedU.capacity());
- F->RunOne(PreciseSizedU.data(), PreciseSizedU.size());
+ if (MaxLen && MaxLen < U.size())
+ U.resize(MaxLen);
+ F->RunOne(U.data(), U.size());
return 0;
}
@@ -380,7 +380,7 @@ int FuzzerDriver(int *argc, char ***argv
auto StartTime = system_clock::now();
Printf("Running: %s\n", Path.c_str());
for (int Iter = 0; Iter < Runs; Iter++)
- RunOneTest(&F, Path.c_str());
+ RunOneTest(&F, Path.c_str(), Options.MaxLen);
auto StopTime = system_clock::now();
auto MS = duration_cast<milliseconds>(StopTime - StartTime).count();
Printf("Executed %s in %zd ms\n", Path.c_str(), (long)MS);
Modified: llvm/trunk/lib/Fuzzer/test/fuzzer-singleinputs.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/fuzzer-singleinputs.test?rev=280098&r1=280097&r2=280098&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer-singleinputs.test (original)
+++ llvm/trunk/lib/Fuzzer/test/fuzzer-singleinputs.test Tue Aug 30 09:52:05 2016
@@ -5,7 +5,8 @@ RUN: rm -rf %tmp/SINGLE_INPUTS
RUN: mkdir -p %tmp/SINGLE_INPUTS
RUN: echo aaa > %tmp/SINGLE_INPUTS/aaa
RUN: echo bbb > %tmp/SINGLE_INPUTS/bbb
-RUN: LLVMFuzzer-SimpleTest %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS
+RUN: LLVMFuzzer-SimpleTest %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS
+RUN: LLVMFuzzer-SimpleTest -max_len=2 %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS
RUN: rm -rf %tmp/SINGLE_INPUTS
SINGLE_INPUTS: LLVMFuzzer-SimpleTest: Running 2 inputs 1 time(s) each.
SINGLE_INPUTS: aaa in
More information about the llvm-commits
mailing list