[compiler-rt] r323802 - [libFuzzer] Fix sizeof(ptr) bug.

Matt Morehouse via llvm-commits llvm-commits at lists.llvm.org
Mon Feb 5 12:41:32 PST 2018 

Easiest thing (as Kostya suggested) would be if there was a compiler
warning we could enable to catch this case, but I couldn't find one.

Maybe we could write a fuzz target that requires the input to contain a
specific sequence of special symbols, and then set a timeout that would
(hopefully) be hit before this fix and not after.  Could result in some
flakiness though since it is possible to generate special symbols without
using RandCh.

On Mon, Feb 5, 2018 at 11:44 AM, David Blaikie <dblaikie at gmail.com> wrote:

> Is there any easy to construct test case that was missing here? (that
> enabled this bug to go undiscovered until now)
>
> On Tue, Jan 30, 2018 at 10:27 AM Matt Morehouse via llvm-commits <
> llvm-commits at lists.llvm.org> wrote:
>
>> Author: morehouse
>> Date: Tue Jan 30 10:25:55 2018
>> New Revision: 323802
>>
>> URL: http://llvm.org/viewvc/llvm-project?rev=323802&view=rev
>> Log:
>> [libFuzzer] Fix sizeof(ptr) bug.
>>
>> sizeof(const char *) returns 4 or 8 when what we really want is the size
>> of the array.
>>
>> Modified:
>>     compiler-rt/trunk/lib/fuzzer/FuzzerMutate.cpp
>>
>> Modified: compiler-rt/trunk/lib/fuzzer/FuzzerMutate.cpp
>> URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/
>> fuzzer/FuzzerMutate.cpp?rev=323802&r1=323801&r2=323802&view=diff
>> ============================================================
>> ==================
>> --- compiler-rt/trunk/lib/fuzzer/FuzzerMutate.cpp (original)
>> +++ compiler-rt/trunk/lib/fuzzer/FuzzerMutate.cpp Tue Jan 30 10:25:55
>> 2018
>> @@ -62,7 +62,7 @@ MutationDispatcher::MutationDispatcher(R
>>
>>  static char RandCh(Random &Rand) {
>>    if (Rand.RandBool()) return Rand(256);
>> -  const char *Special = "!*'();:@&=+$,/?%#[]012Az-`~.\xff\x00";
>> +  const char Special[] = "!*'();:@&=+$,/?%#[]012Az-`~.\xff\x00";
>>    return Special[Rand(sizeof(Special) - 1)];
>>  }
>>
>>
>>
>> _______________________________________________
>> llvm-commits mailing list
>> llvm-commits at lists.llvm.org
>> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20180205/86ea3246/attachment.html>

More information about the llvm-commits mailing list