[PATCH] D60567: [libFuzzer] Fallback to default Mutate when MutateWithMask fails.

Max Moroz via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Thu Apr 11 08:21:07 PDT 2019 

Dor1s created this revision.
Dor1s added reviewers: kcc, morehouse.
Herald added subscribers: Sanitizers, delcypher.
Herald added projects: LLVM, Sanitizers.

In case the current corpus input doesn't have bytes going into the
focus function, MutateWithMask is useless and may fail gently, allowing the
default mutation routine happen, rather than crashing on an assertion.

For more context and the initial fix suggestion, see:
https://github.com/google/oss-fuzz/issues/1632#issuecomment-481862879


Repository:
  rCRT Compiler Runtime

https://reviews.llvm.org/D60567

Files:
  lib/fuzzer/FuzzerLoop.cpp
  lib/fuzzer/FuzzerMutate.cpp


Index: lib/fuzzer/FuzzerMutate.cpp
===================================================================
--- lib/fuzzer/FuzzerMutate.cpp
+++ lib/fuzzer/FuzzerMutate.cpp
@@ -542,6 +542,7 @@
     if (Mask[I])
       T[OneBits++] = Data[I];
 
+  if (!OneBits) return 0;
   assert(!T.empty());
   size_t NewSize = Mutate(T.data(), OneBits, OneBits);
   assert(NewSize <= OneBits);
Index: lib/fuzzer/FuzzerLoop.cpp
===================================================================
--- lib/fuzzer/FuzzerLoop.cpp
+++ lib/fuzzer/FuzzerLoop.cpp
@@ -658,7 +658,9 @@
         Size <= CurrentMaxMutationLen)
       NewSize = MD.MutateWithMask(CurrentUnitData, Size, Size,
                                   II.DataFlowTraceForFocusFunction);
-    else
+    
+    // If MutateWithMask either failed or wasn't called, call default Mutate.
+    if (!NewSize)
       NewSize = MD.Mutate(CurrentUnitData, Size, CurrentMaxMutationLen);
     assert(NewSize > 0 && "Mutator returned empty unit");
     assert(NewSize <= CurrentMaxMutationLen && "Mutator return oversized unit");


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D60567.194698.patch
Type: text/x-patch
Size: 1059 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20190411/56a1ad52/attachment.bin>

More information about the llvm-commits mailing list