[compiler-rt] f7ffb12 - [libFuzzer] Instrument bcmp

Fangrui Song via llvm-commits llvm-commits at lists.llvm.org
Fri Jul 24 00:24:54 PDT 2020 

Author: Fangrui Song
Date: 2020-07-24T00:24:46-07:00
New Revision: f7ffb122d08e7a8203557898c67eaac3a857b152

URL: https://github.com/llvm/llvm-project/commit/f7ffb122d08e7a8203557898c67eaac3a857b152
DIFF: https://github.com/llvm/llvm-project/commit/f7ffb122d08e7a8203557898c67eaac3a857b152.diff

LOG: [libFuzzer] Instrument bcmp

If we define memcmp in an archive, bcmp should be defined as well (many libc
define bcmp/memcmp in one object file).  Otherwise if the application calls bcmp
or strcmp which gets optimized to bcmp (SimplifyLibCalls), the undefined
reference may pull in an optimized bcmp/strcmp implementation (libc replacement)
later on the linker command line.  If both libFuzzer's memcmp and the optimized
memcmp are strong => there will be a multiple definition error.

Added: 
    compiler-rt/test/fuzzer/bcmp.test

Modified: 
    compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
    compiler-rt/test/fuzzer/MemcmpTest.cpp

Removed: 
    


################################################################################
diff  --git a/compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp b/compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
index 0afc96cd6fc1..a1a64780de34 100644
--- a/compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerInterceptors.cpp
@@ -119,6 +119,7 @@ static char *internal_strstr(const char *haystack, const char *needle) {
 
 extern "C" {
 
+DEFINE_REAL(int, bcmp, const void *, const void *, size_t)
 DEFINE_REAL(int, memcmp, const void *, const void *, size_t)
 DEFINE_REAL(int, strncmp, const char *, const char *, size_t)
 DEFINE_REAL(int, strcmp, const char *, const char *)
@@ -128,6 +129,14 @@ DEFINE_REAL(char *, strstr, const char *, const char *)
 DEFINE_REAL(char *, strcasestr, const char *, const char *)
 DEFINE_REAL(void *, memmem, const void *, size_t, const void *, size_t)
 
+ATTRIBUTE_INTERFACE int bcmp(const char *s1, const char *s2, size_t n) {
+  if (!FuzzerInited)
+    return internal_memcmp(s1, s2, n);
+  int result = REAL(bcmp)(s1, s2, n);
+  __sanitizer_weak_hook_memcmp(GET_CALLER_PC(), s1, s2, n, result);
+  return result;
+}
+
 ATTRIBUTE_INTERFACE int memcmp(const void *s1, const void *s2, size_t n) {
   if (!FuzzerInited)
     return internal_memcmp(s1, s2, n);
@@ -200,6 +209,8 @@ static void fuzzerInit() {
     return;
   FuzzerInitIsRunning = true;
 
+  REAL(bcmp) = reinterpret_cast<memcmp_type>(
+      getFuncAddr("bcmp", reinterpret_cast<uintptr_t>(&bcmp)));
   REAL(memcmp) = reinterpret_cast<memcmp_type>(
       getFuncAddr("memcmp", reinterpret_cast<uintptr_t>(&memcmp)));
   REAL(strncmp) = reinterpret_cast<strncmp_type>(

diff  --git a/compiler-rt/test/fuzzer/MemcmpTest.cpp b/compiler-rt/test/fuzzer/MemcmpTest.cpp
index 060c5b9b11f9..09f56ff78dad 100644
--- a/compiler-rt/test/fuzzer/MemcmpTest.cpp
+++ b/compiler-rt/test/fuzzer/MemcmpTest.cpp
@@ -8,13 +8,17 @@
 #include <cstdlib>
 #include <cstring>
 
+#ifndef MEMCMP
+# define MEMCMP memcmp
+#endif
+
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
   // TODO: check other sizes.
-  if (Size >= 8 && memcmp(Data, "01234567", 8) == 0) {
-    if (Size >= 12 && memcmp(Data + 8, "ABCD", 4) == 0) {
-      if (Size >= 14 && memcmp(Data + 12, "XY", 2) == 0) {
-        if (Size >= 17 && memcmp(Data + 14, "KLM", 3) == 0) {
-          if (Size >= 27 && memcmp(Data + 17, "ABCDE-GHIJ", 10) == 0){
+  if (Size >= 8 && MEMCMP(Data, "01234567", 8) == 0) {
+    if (Size >= 12 && MEMCMP(Data + 8, "ABCD", 4) == 0) {
+      if (Size >= 14 && MEMCMP(Data + 12, "XY", 2) == 0) {
+        if (Size >= 17 && MEMCMP(Data + 14, "KLM", 3) == 0) {
+          if (Size >= 27 && MEMCMP(Data + 17, "ABCDE-GHIJ", 10) == 0){
             fprintf(stderr, "BINGO %zd\n", Size);
             for (size_t i = 0; i < Size; i++) {
               uint8_t C = Data[i];

diff  --git a/compiler-rt/test/fuzzer/bcmp.test b/compiler-rt/test/fuzzer/bcmp.test
new file mode 100644
index 000000000000..37ee6bedd4ee
--- /dev/null
+++ b/compiler-rt/test/fuzzer/bcmp.test
@@ -0,0 +1,4 @@
+UNSUPPORTED: freebsd
+RUN: %cpp_compiler -DMEMCMP=bcmp %S/MemcmpTest.cpp -o %t
+RUN: not %run %t -seed=1 -runs=10000000 2>&1 | FileCheck %s
+CHECK: BINGO

More information about the llvm-commits mailing list