[llvm] r285135 - [libFuzzer] add StandaloneFuzzTargetMain.c and a test for it

Tue Oct 25 15:30:35 PDT 2016

Author: kcc
Date: Tue Oct 25 17:30:34 2016
New Revision: 285135

URL: http://llvm.org/viewvc/llvm-project?rev=285135&view=rev
Log:
[libFuzzer] add StandaloneFuzzTargetMain.c and a test for it

Added:
    llvm/trunk/lib/Fuzzer/standalone/
    llvm/trunk/lib/Fuzzer/standalone/StandaloneFuzzTargetMain.c
    llvm/trunk/lib/Fuzzer/test/standalone.test
Modified:
    llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
    llvm/trunk/lib/Fuzzer/test/InitializeTest.cpp
    llvm/trunk/lib/Fuzzer/test/fuzzer.test

Added: llvm/trunk/lib/Fuzzer/standalone/StandaloneFuzzTargetMain.c
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/standalone/StandaloneFuzzTargetMain.c?rev=285135&view=auto
==============================================================================

--- llvm/trunk/lib/Fuzzer/standalone/StandaloneFuzzTargetMain.c (added)
+++ llvm/trunk/lib/Fuzzer/standalone/StandaloneFuzzTargetMain.c Tue Oct 25 17:30:34 2016
@@ -0,0 +1,41 @@
+/*===- StandaloneFuzzTargetMain.c - standalone main() for fuzz targets. ---===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+// This main() function can be linked to a fuzz target (i.e. a library
+// that exports LLVMFuzzerTestOneInput() and possibly LLVMFuzzerInitialize())
+// instead of libFuzzer. This main() function will not perform any fuzzing
+// but will simply feed all input files one by one to the fuzz target.
+//
+// Use this file to provide reproducers for bugs when linking against libFuzzer
+// or other fuzzing engine is undesirable.
+//===----------------------------------------------------------------------===*/
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+extern int LLVMFuzzerTestOneInput(const unsigned char *data, size_t size);
+__attribute__((weak)) extern int LLVMFuzzerInitialize(int *argc, char ***argv);
+int main(int argc, char **argv) {
+  fprintf(stderr, "StandaloneFuzzTargetMain: running %d inputs\n", argc - 1);
+  if (LLVMFuzzerInitialize)
+    LLVMFuzzerInitialize(&argc, &argv);
+  for (int i = 1; i < argc; i++) {
+    fprintf(stderr, "Running: %s\n", argv[i]);
+    FILE *f = fopen(argv[i], "r");
+    assert(f);
+    fseek(f, 0, SEEK_END);
+    size_t len = ftell(f);
+    fseek(f, 0, SEEK_SET);
+    unsigned char *buf = (unsigned char*)malloc(len);
+    size_t n_read = fread(buf, 1, len, f);
+    assert(n_read == len);
+    LLVMFuzzerTestOneInput(buf, len);
+    free(buf);
+    fprintf(stderr, "Done:    %s: (%zd bytes)\n", argv[i], n_read);
+  }
+}

Modified: llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/CMakeLists.txt?rev=285135&r1=285134&r2=285135&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/CMakeLists.txt (original)
+++ llvm/trunk/lib/Fuzzer/test/CMakeLists.txt Tue Oct 25 17:30:34 2016
@@ -135,6 +135,11 @@ add_executable(LLVMFuzzer-Unittest
   FuzzerFnAdapterUnittest.cpp
   )
 
+add_executable(LLVMFuzzer-StandaloneInitializeTest
+  InitializeTest.cpp
+  ../standalone/StandaloneFuzzTargetMain.c
+  )
+
 target_link_libraries(LLVMFuzzer-Unittest
   gtest
   gtest_main
@@ -150,6 +155,13 @@ set_target_properties(LLVMFuzzer-Unittes
   PROPERTIES RUNTIME_OUTPUT_DIRECTORY
   "${CMAKE_CURRENT_BINARY_DIR}"
 )
+
+set(TestBinaries ${TestBinaries} LLVMFuzzer-StandaloneInitializeTest)
+set_target_properties(LLVMFuzzer-StandaloneInitializeTest
+  PROPERTIES RUNTIME_OUTPUT_DIRECTORY
+  "${CMAKE_CURRENT_BINARY_DIR}"
+)
+
 ###############################################################################
 # Additional tests
 ###############################################################################

Modified: llvm/trunk/lib/Fuzzer/test/InitializeTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/InitializeTest.cpp?rev=285135&r1=285134&r2=285135&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/InitializeTest.cpp (original)
+++ llvm/trunk/lib/Fuzzer/test/InitializeTest.cpp Tue Oct 25 17:30:34 2016
@@ -14,12 +14,14 @@ static char *argv0;
 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
   assert(*argc > 0);
   argv0 = **argv;
+  fprintf(stderr, "LLVMFuzzerInitialize: %s\n", argv0);
   return 0;
 }
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
-  if (strncmp(reinterpret_cast<const char*>(Data), argv0, Size)) {
-    fprintf(stderr, "BINGO\n");
+  if (Size == strlen(argv0) &&
+      !strncmp(reinterpret_cast<const char *>(Data), argv0, Size)) {
+    fprintf(stderr, "BINGO %s\n", argv0);
     exit(1);
   }
   return 0;

Modified: llvm/trunk/lib/Fuzzer/test/fuzzer.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/fuzzer.test?rev=285135&r1=285134&r2=285135&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer.test (original)
+++ llvm/trunk/lib/Fuzzer/test/fuzzer.test Tue Oct 25 17:30:34 2016
@@ -47,7 +47,7 @@ RUN: not LLVMFuzzer-BufferOverflowOnInpu
 OOB: AddressSanitizer: heap-buffer-overflow
 OOB: is located 0 bytes to the right of 3-byte region
 
-RUN: not LLVMFuzzer-InitializeTest 2>&1 | FileCheck %s
+RUN: not LLVMFuzzer-InitializeTest -use_value_profile=1 2>&1 | FileCheck %s
 
 RUN: not LLVMFuzzer-DSOTest 2>&1 | FileCheck %s --check-prefix=DSO
 DSO: INFO: Loaded 3 modules

Added: llvm/trunk/lib/Fuzzer/test/standalone.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/standalone.test?rev=285135&view=auto
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/standalone.test (added)
+++ llvm/trunk/lib/Fuzzer/test/standalone.test Tue Oct 25 17:30:34 2016
@@ -0,0 +1,4 @@
+RUN: LLVMFuzzer-StandaloneInitializeTest %S/hi.txt %S/dict1.txt 2>&1 | FileCheck %s
+CHECK: StandaloneFuzzTargetMain: running 2 inputs
+CHECK: Done:    {{.*}}hi.txt: (3 bytes)
+CHECK: Done:    {{.*}}dict1.txt: (61 bytes)


