[compiler-rt] r317831 - [libFuzzer] Don't add leaking inputs to corpus.

Matt Morehouse via llvm-commits llvm-commits at lists.llvm.org
Thu Nov 9 12:44:08 PST 2017 

Author: morehouse
Date: Thu Nov  9 12:44:08 2017
New Revision: 317831

URL: http://llvm.org/viewvc/llvm-project?rev=317831&view=rev
Log:
[libFuzzer] Don't add leaking inputs to corpus.

Reviewers: kcc

Reviewed By: kcc

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D39850

Modified:
    compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp
    compiler-rt/trunk/test/fuzzer/fuzzer-leak.test

Modified: compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp?rev=317831&r1=317830&r2=317831&view=diff
==============================================================================
--- compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp (original)
+++ compiler-rt/trunk/lib/fuzzer/FuzzerLoop.cpp Thu Nov  9 12:44:08 2017
@@ -641,11 +641,12 @@ void Fuzzer::MutateAndTestOne() {
     assert(NewSize <= CurrentMaxMutationLen && "Mutator return oversized unit");
     Size = NewSize;
     II.NumExecutedMutations++;
-    if (RunOne(CurrentUnitData, Size, /*MayDeleteFile=*/true, &II))
-      ReportNewCoverage(&II, {CurrentUnitData, CurrentUnitData + Size});
 
+    bool NewCov = RunOne(CurrentUnitData, Size, /*MayDeleteFile=*/true, &II);
     TryDetectingAMemoryLeak(CurrentUnitData, Size,
                             /*DuringInitialCorpusExecution*/ false);
+    if (NewCov)
+      ReportNewCoverage(&II, {CurrentUnitData, CurrentUnitData + Size});
   }
 }
 

Modified: compiler-rt/trunk/test/fuzzer/fuzzer-leak.test
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/fuzzer/fuzzer-leak.test?rev=317831&r1=317830&r2=317831&view=diff
==============================================================================
--- compiler-rt/trunk/test/fuzzer/fuzzer-leak.test (original)
+++ compiler-rt/trunk/test/fuzzer/fuzzer-leak.test Thu Nov  9 12:44:08 2017
@@ -3,7 +3,8 @@ RUN: %cpp_compiler %S/LeakTest.cpp -o %t
 RUN: %cpp_compiler %S/ThreadedLeakTest.cpp -o %t-ThreadedLeakTest
 RUN: %cpp_compiler %S/LeakTimeoutTest.cpp -o %t-LeakTimeoutTest
 
-RUN: not %t-LeakTest -runs=100000 -detect_leaks=1 2>&1 | FileCheck %s --check-prefix=LEAK_DURING
+RUN: rm -rf %t-corpus && mkdir -p %t-corpus
+RUN: not %t-LeakTest -runs=100000 -detect_leaks=1 %t-corpus 2>&1 | FileCheck %s --check-prefix=LEAK_DURING
 LEAK_DURING: ERROR: LeakSanitizer: detected memory leaks
 LEAK_DURING: Direct leak of 4 byte(s) in 1 object(s) allocated from:
 LEAK_DURING: INFO: to ignore leaks on libFuzzer side use -detect_leaks=0
@@ -11,6 +12,9 @@ LEAK_DURING: Test unit written to ./leak
 LEAK_DURING-NOT: DONE
 LEAK_DURING-NOT: Done
 
+// Verify leaking input was not added to corpus
+RUN: %t-LeakTest -runs=0 %t-corpus
+
 RUN: not %t-LeakTest -runs=0 -detect_leaks=1 %S 2>&1 | FileCheck %s --check-prefix=LEAK_IN_CORPUS
 LEAK_IN_CORPUS: ERROR: LeakSanitizer: detected memory leaks
 LEAK_IN_CORPUS: INFO: a leak has been found in the initial corpus.

More information about the llvm-commits mailing list