[llvm] r284902 - [libFuzzer] add a test for asan's strict_string_checks=1
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Fri Oct 21 17:05:45 PDT 2016
Author: kcc
Date: Fri Oct 21 19:05:44 2016
New Revision: 284902
URL: http://llvm.org/viewvc/llvm-project?rev=284902&view=rev
Log:
[libFuzzer] add a test for asan's strict_string_checks=1
Added:
llvm/trunk/lib/Fuzzer/test/StrncmpOOBTest.cpp
Modified:
llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
llvm/trunk/lib/Fuzzer/test/fuzzer.test
Modified: llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/CMakeLists.txt?rev=284902&r1=284901&r2=284902&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/CMakeLists.txt (original)
+++ llvm/trunk/lib/Fuzzer/test/CMakeLists.txt Fri Oct 21 19:05:44 2016
@@ -100,6 +100,7 @@ set(Tests
ShrinkControlFlowTest
ShrinkValueProfileTest
StrcmpTest
+ StrncmpOOBTest
StrncmpTest
StrstrTest
SwapCmpTest
Added: llvm/trunk/lib/Fuzzer/test/StrncmpOOBTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/StrncmpOOBTest.cpp?rev=284902&view=auto
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/StrncmpOOBTest.cpp (added)
+++ llvm/trunk/lib/Fuzzer/test/StrncmpOOBTest.cpp Fri Oct 21 19:05:44 2016
@@ -0,0 +1,21 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+
+// Test that libFuzzer itself does not read out of bounds.
+#include <assert.h>
+#include <cstdint>
+#include <cstring>
+#include <cstdlib>
+#include <cstddef>
+#include <iostream>
+
+static volatile int Sink;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ if (Size < 5) return 0;
+ const char *Ch = reinterpret_cast<const char *>(Data);
+ if (Ch[Size - 3] == 'a')
+ Sink = strncmp(Ch + Size - 3, "abcdefg", 6);
+ return 0;
+}
+
Modified: llvm/trunk/lib/Fuzzer/test/fuzzer.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/fuzzer.test?rev=284902&r1=284901&r2=284902&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer.test (original)
+++ llvm/trunk/lib/Fuzzer/test/fuzzer.test Fri Oct 21 19:05:44 2016
@@ -57,3 +57,7 @@ RUN: LLVMFuzzer-SimpleTest-TracePC -exi
RUN: LLVMFuzzer-ShrinkControlFlowTest-TracePC -exit_on_src_pos=ShrinkControlFlowTest.cpp:23 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting.
+RUN: ASAN_OPTIONS=strict_string_checks=1 not LLVMFuzzer-StrncmpOOBTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=STRNCMP
+STRNCMP: AddressSanitizer: heap-buffer-overflow
+STRNCMP-NOT: __sanitizer_weak_hook_strncmp
+STRNCMP: in LLVMFuzzerTestOneInput
More information about the llvm-commits
mailing list