[PATCH] D38855: Add a fuzz target for llvm's ItaniumDemangler.

[Mitch Phillips via Phabricator via llvm-commits]

hctim updated this revision to Diff 118832.
hctim added a comment.

- Fuzzer updates with dummy main.
- Added main() for dummy target.
- Remove LIB_FUZZING_ENGINE target (morehouse@)
- Added to fuzzer doc.


https://reviews.llvm.org/D38855

Files:
  docs/FuzzingLLVM.rst
  tools/llvm-demangle-fuzzer/CMakeLists.txt
  tools/llvm-demangle-fuzzer/DummyDemanglerFuzzer.cpp
  tools/llvm-demangle-fuzzer/llvm-demangle-fuzzer.cpp


Index: tools/llvm-demangle-fuzzer/llvm-demangle-fuzzer.cpp
===================================================================
--- /dev/null
+++ tools/llvm-demangle-fuzzer/llvm-demangle-fuzzer.cpp
@@ -0,0 +1,24 @@
+//===--- llvm-demangle-fuzzer.cpp - Fuzzer for the Itanium Demangler ------===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+
+#include "llvm/Demangle/Demangle.h"
+
+#include <cstdint>
+#include <cstdlib>
+#include <string>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  std::string NullTerminatedString((const char *)Data, Size);
+  int status = 0;
+  if (char *demangle = llvm::itaniumDemangle(NullTerminatedString.c_str(), nullptr,
+                                         nullptr, &status))
+    free(demangle);
+
+  return 0;
+}
Index: tools/llvm-demangle-fuzzer/DummyDemanglerFuzzer.cpp
===================================================================
--- /dev/null
+++ tools/llvm-demangle-fuzzer/DummyDemanglerFuzzer.cpp
@@ -0,0 +1,19 @@
+//===--- DummyDemanglerMain.cpp - Entry point to sanity check the fuzzer --===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// Implementation of main so we can build and test without linking libFuzzer.
+//
+//===----------------------------------------------------------------------===//
+
+#include "llvm/FuzzMutate/FuzzerCLI.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
+int main(int argc, char *argv[]) {
+  return llvm::runFuzzerOnInputs(argc, argv, LLVMFuzzerTestOneInput);
+}
Index: tools/llvm-demangle-fuzzer/CMakeLists.txt
===================================================================
--- /dev/null
+++ tools/llvm-demangle-fuzzer/CMakeLists.txt
@@ -0,0 +1,8 @@
+set(LLVM_LINK_COMPONENTS
+  Demangle
+  FuzzMutate
+)
+
+add_llvm_fuzzer(llvm-demangle-fuzzer
+  llvm-demangle-fuzzer.cpp
+  DUMMY_MAIN DummyDemanglerFuzzer.cpp)
Index: docs/FuzzingLLVM.rst
===================================================================
--- docs/FuzzingLLVM.rst
+++ docs/FuzzingLLVM.rst
@@ -68,6 +68,13 @@
 
 __ https://bugs.chromium.org/p/oss-fuzz/issues/list?q=proj-llvm+llvm-dwarfdump-fuzzer
 
+llvm-demangle-fuzzer
+---------------------
+
+A |generic fuzzer| for the Itanium demangler used in various LLVM tools. We've
+fuzzed __cxa_demangle to death, why not fuzz LLVM's implementation of the same
+function!
+
 llvm-isel-fuzzer
 ----------------
 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D38855.118832.patch
Type: text/x-patch
Size: 2837 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20171012/32807713/attachment.bin>