[llvm] r292652 - [libFuzzer] add an assert to protect against LLVMFuzzerInitialize changing argv[0]
Kostya Serebryany via llvm-commits
llvm-commits at lists.llvm.org
Fri Jan 20 13:34:24 PST 2017
Author: kcc
Date: Fri Jan 20 15:34:24 2017
New Revision: 292652
URL: http://llvm.org/viewvc/llvm-project?rev=292652&view=rev
Log:
[libFuzzer] add an assert to protect against LLVMFuzzerInitialize changing argv[0]
Added:
llvm/trunk/lib/Fuzzer/test/BogusInitializeTest.cpp
Modified:
llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
llvm/trunk/lib/Fuzzer/test/fuzzer.test
Modified: llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp?rev=292652&r1=292651&r2=292652&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerDriver.cpp Fri Jan 20 15:34:24 2017
@@ -358,12 +358,15 @@ int MinimizeCrashInputInternalStep(Fuzze
int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
using namespace fuzzer;
assert(argc && argv && "Argument pointers cannot be nullptr");
+ std::string Argv0((*argv)[0]);
EF = new ExternalFunctions();
if (EF->LLVMFuzzerInitialize)
EF->LLVMFuzzerInitialize(argc, argv);
const std::vector<std::string> Args(*argv, *argv + *argc);
assert(!Args.empty());
ProgName = new std::string(Args[0]);
+ assert(Argv0 == *ProgName &&
+ "argv[0] has been modified in LLVMFuzzerInitialize");
ParseFlags(Args);
if (Flags.help) {
PrintHelp();
Added: llvm/trunk/lib/Fuzzer/test/BogusInitializeTest.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/BogusInitializeTest.cpp?rev=292652&view=auto
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/BogusInitializeTest.cpp (added)
+++ llvm/trunk/lib/Fuzzer/test/BogusInitializeTest.cpp Fri Jan 20 15:34:24 2017
@@ -0,0 +1,15 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+
+// Make sure LLVMFuzzerInitialize does not change argv[0].
+#include <stddef.h>
+#include <stdint.h>
+
+extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv) {
+ ***argv = 'X';
+ return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ return 0;
+}
Modified: llvm/trunk/lib/Fuzzer/test/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/CMakeLists.txt?rev=292652&r1=292651&r2=292652&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/CMakeLists.txt (original)
+++ llvm/trunk/lib/Fuzzer/test/CMakeLists.txt Fri Jan 20 15:34:24 2017
@@ -65,6 +65,7 @@ set(Tests
AbsNegAndConstantTest
AbsNegAndConstant64Test
AccumulateAllocationsTest
+ BogusInitializeTest
BufferOverflowOnInput
CallerCalleeTest
CounterTest
Modified: llvm/trunk/lib/Fuzzer/test/fuzzer.test
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/test/fuzzer.test?rev=292652&r1=292651&r2=292652&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/test/fuzzer.test (original)
+++ llvm/trunk/lib/Fuzzer/test/fuzzer.test Fri Jan 20 15:34:24 2017
@@ -55,3 +55,6 @@ RUN: ASAN_OPTIONS=strict_string_checks=1
STRNCMP: AddressSanitizer: heap-buffer-overflow
STRNCMP-NOT: __sanitizer_weak_hook_strncmp
STRNCMP: in LLVMFuzzerTestOneInput
+
+RUN: not --crash LLVMFuzzer-BogusInitializeTest 2>&1 | FileCheck %s --check-prefix=BOGUS_INITIALIZE
+BOGUS_INITIALIZE: argv[0] has been modified in LLVMFuzzerInitialize
More information about the llvm-commits
mailing list