[PATCH] D68775: [libFuzzer] Fix fd check in DupAndCloseStderr.

Marco Vanotti via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Thu Oct 10 03:28:35 PDT 2019 

charco created this revision.
charco added reviewers: mcgrathr, jakehehrlich, phosek, kcc, aarongreen.
Herald added projects: Sanitizers, LLVM.
Herald added subscribers: llvm-commits, Sanitizers.

This commit fixes the check in the return value from the `DuplicateFile`
function, which returns a new file descriptor. `DuplicateFile` can
return 0 if that file descriptor is available (for example, if stdin has
already been closed).

In particular, this could cause a bug with the `-close_fd_mask` flag in
some platforms: just call the fuzzer with stdin closed and the
`-close_fd_mask=2` flag, and stderr will not be muted.

Example fuzzer:

  extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) {
    fprintf(stderr, "STDERR\n");
    fprintf(stdout, "STDOUT\n");
    return 0;
  }

Invocation (muting both stderr and stdout):

  ./test -close_fd_mask=3 -runs=1 0<&-
  INFO: Seed: 1155116940
  INFO: Loaded 1 modules   (1 inline 8-bit counters): 1 [0x48b020, 0x48b021),
  INFO: Loaded 1 PC tables (1 PCs): 1 [0x478dc8,0x478dd8),
  INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
  STDERR
  INFO: A corpus is not provided, starting from an empty corpus
  STDERR
  Done 2 runs in 0 second(s)


Repository:
  rG LLVM Github Monorepo

https://reviews.llvm.org/D68775

Files:
  compiler-rt/lib/fuzzer/FuzzerIO.cpp


Index: compiler-rt/lib/fuzzer/FuzzerIO.cpp
===================================================================
--- compiler-rt/lib/fuzzer/FuzzerIO.cpp
+++ compiler-rt/lib/fuzzer/FuzzerIO.cpp
@@ -111,7 +111,7 @@
 
 void DupAndCloseStderr() {
   int OutputFd = DuplicateFile(2);
-  if (OutputFd > 0) {
+  if (OutputFd >= 0) {
     FILE *NewOutputFile = OpenFile(OutputFd, "w");
     if (NewOutputFile) {
       OutputFile = NewOutputFile;


-------------- next part --------------
A non-text attachment was scrubbed...
Name: D68775.224300.patch
Type: text/x-patch
Size: 437 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20191010/6f37622c/attachment.bin>

More information about the llvm-commits mailing list