[llvm] r307424 - FuzzerUtilDarwin.cpp: We need to pass modifiable strings to posix_spawn

Matthias Braun via llvm-commits llvm-commits at lists.llvm.org
Fri Jul 7 11:53:24 PDT 2017 

Author: matze
Date: Fri Jul  7 11:53:24 2017
New Revision: 307424

URL: http://llvm.org/viewvc/llvm-project?rev=307424&view=rev
Log:
FuzzerUtilDarwin.cpp: We need to pass modifiable strings to posix_spawn

This fixes a bug where unmodifiable strings where passed to posix_spawn.

This is an attempt to unbreak the greendragon libFuzzer bot.

Modified:
    llvm/trunk/lib/Fuzzer/FuzzerUtilDarwin.cpp

Modified: llvm/trunk/lib/Fuzzer/FuzzerUtilDarwin.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerUtilDarwin.cpp?rev=307424&r1=307423&r2=307424&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerUtilDarwin.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerUtilDarwin.cpp Fri Jul  7 11:53:24 2017
@@ -15,6 +15,8 @@
 #include <mutex>
 #include <signal.h>
 #include <spawn.h>
+#include <stdlib.h>
+#include <string.h>
 #include <sys/wait.h>
 
 // There is no header for this on macOS so declare here
@@ -97,11 +99,16 @@ int ExecuteCommand(const std::string &Co
   pid_t Pid;
   char **Environ = environ; // Read from global
   const char *CommandCStr = Command.c_str();
-  const char *Argv[] = {"sh", "-c", CommandCStr, NULL};
+  char *const Argv[] = {
+    strdup("sh"),
+    strdup("-c"),
+    strdup(CommandCStr),
+    NULL
+  };
   int ErrorCode = 0, ProcessStatus = 0;
   // FIXME: We probably shouldn't hardcode the shell path.
   ErrorCode = posix_spawn(&Pid, "/bin/sh", NULL, &SpawnAttributes,
-                          (char *const *)Argv, Environ);
+                          Argv, Environ);
   (void)posix_spawnattr_destroy(&SpawnAttributes);
   if (!ErrorCode) {
     pid_t SavedPid = Pid;
@@ -120,6 +127,8 @@ int ExecuteCommand(const std::string &Co
     // Shell execution failure.
     ProcessStatus = W_EXITCODE(127, 0);
   }
+  for (unsigned i = 0, n = sizeof(Argv) / sizeof(Argv[0]); i < n; ++i)
+    free(Argv[i]);
 
   // Restore the signal handlers of the current process when the last thread
   // using this function finishes.

More information about the llvm-commits mailing list