[PATCH] D28718: [libFuzzer] Avoid undefined behavior. Properly discard output to stdout and stderr.

Marcos Pividori via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Fri Jan 13 18:55:31 PST 2017 

mpividori created this revision.
mpividori added reviewers: kcc, zturner.
mpividori added a subscriber: llvm-commits.
mpividori set the repository for this revision to rL LLVM.

`fuzzer-fdmask.test` was failing in Windows, when setting `-close_fd_mask` to a non-zero value.

I realized it was happening, because `libFuzzer` closes the file descriptor for stdout (1) or stderr (2) , but after that, it writes directly to stdout and stderr using the file streams `stdout` and `stderr`, which is undefined behavior. In Windows, in particular, this was making the test fail.

Instead of closing the file descriptors, I redirect the output to `/dev/null` on linux and `nul` on Windows.


Repository:
  rL LLVM

https://reviews.llvm.org/D28718

Files:
  lib/Fuzzer/FuzzerIO.cpp
  lib/Fuzzer/FuzzerIO.h
  lib/Fuzzer/FuzzerIOPosix.cpp
  lib/Fuzzer/FuzzerIOWindows.cpp


Index: lib/Fuzzer/FuzzerIOWindows.cpp
===================================================================
--- lib/Fuzzer/FuzzerIOWindows.cpp
+++ lib/Fuzzer/FuzzerIOWindows.cpp
@@ -141,6 +141,14 @@
   _unlink(Path.c_str());
 }
 
+void DiscardOutput(int Fd) {
+  FILE* Temp = fopen("nul", "w");
+  if (!Temp)
+    return;
+  _dup2(_fileno(Temp), Fd);
+  fclose(Temp);
+}
+
 static bool IsSeparator(char C) {
   return C == '\\' || C == '/';
 }
Index: lib/Fuzzer/FuzzerIOPosix.cpp
===================================================================
--- lib/Fuzzer/FuzzerIOPosix.cpp
+++ lib/Fuzzer/FuzzerIOPosix.cpp
@@ -75,6 +75,14 @@
   unlink(Path.c_str());
 }
 
+void DiscardOutput(int Fd) {
+  FILE* Temp = fopen("/dev/null", "w");
+  if (!Temp)
+    return;
+  dup2(fileno(Temp), Fd);
+  fclose(Temp);
+}
+
 std::string DirName(const std::string &FileName) {
   char *Tmp = new char[FileName.size() + 1];
   memcpy(Tmp, FileName.c_str(), FileName.size() + 1);
Index: lib/Fuzzer/FuzzerIO.h
===================================================================
--- lib/Fuzzer/FuzzerIO.h
+++ lib/Fuzzer/FuzzerIO.h
@@ -61,6 +61,8 @@
 
 void RemoveFile(const std::string &Path);
 
+void DiscardOutput(int Fd);
+
 }  // namespace fuzzer
 
 #endif  // LLVM_FUZZER_IO_H
Index: lib/Fuzzer/FuzzerIO.cpp
===================================================================
--- lib/Fuzzer/FuzzerIO.cpp
+++ lib/Fuzzer/FuzzerIO.cpp
@@ -97,13 +97,13 @@
       OutputFile = NewOutputFile;
       if (EF->__sanitizer_set_report_fd)
         EF->__sanitizer_set_report_fd(reinterpret_cast<void *>(OutputFd));
-      CloseFile(2);
+      DiscardOutput(2);
     }
   }
 }
 
 void CloseStdout() {
-  CloseFile(1);
+  DiscardOutput(1);
 }
 
 void Printf(const char *Fmt, ...) {


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D28718.84412.patch
Type: text/x-patch
Size: 1754 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20170114/bd8bf5c2/attachment.bin>

More information about the llvm-commits mailing list