[compiler-rt] f897e82 - [fuzzer] Add Windows Visual C++ exception intercept
Ying Yi via llvm-commits
llvm-commits at lists.llvm.org
Mon Nov 16 04:53:42 PST 2020
Hi Joe and Jonathan,
The commit f897e82 seems to cause a test failure on the Buildbot (
http://lab.llvm.org:8011/#/builders/112/builds/1115/steps/5/logs/FAIL__libFuzzer___uncaught-exception_test),
could you please either fix it or revert the commit?
Thanks,
Maggie
On Thu, Nov 12, 2020 at 9:12 PM Jonathan Metzman via llvm-commits <
llvm-commits at lists.llvm.org> wrote:
>
> Author: Joe Pletcher
> Date: 2020-11-12T13:11:14-08:00
> New Revision: f897e82bfd86099a5321e3fd50c63598e11e289b
>
> URL:
> https://github.com/llvm/llvm-project/commit/f897e82bfd86099a5321e3fd50c63598e11e289b
> DIFF:
> https://github.com/llvm/llvm-project/commit/f897e82bfd86099a5321e3fd50c63598e11e289b.diff
>
> LOG: [fuzzer] Add Windows Visual C++ exception intercept
>
> Adds a new option, `handle_winexcept` to try to intercept uncaught
> Visual C++ exceptions on Windows. On Linux, such exceptions are handled
> implicitly by `std::terminate()` raising `SIBABRT`. This option brings the
> Windows behavior in line with Linux.
>
> Unfortunately this exception code is intentionally undocumented, however
> has remained stable for the last decade. More information can be found
> here: https://devblogs.microsoft.com/oldnewthing/20100730-00/?p=13273
>
> Reviewed By: morehouse, metzman
>
> Differential Revision: https://reviews.llvm.org/D89755
>
> Added:
> compiler-rt/test/fuzzer/UncaughtException.cpp
> compiler-rt/test/fuzzer/uncaught-exception.test
>
> Modified:
> compiler-rt/lib/fuzzer/FuzzerDriver.cpp
> compiler-rt/lib/fuzzer/FuzzerFlags.def
> compiler-rt/lib/fuzzer/FuzzerOptions.h
> compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
>
> Removed:
>
>
>
>
> ################################################################################
> diff --git a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
> b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
> index 6b674c4e9d7a..447cafce7fd4 100644
> --- a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
> +++ b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
> @@ -829,6 +829,8 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback
> Callback) {
> Options.HandleXfsz = Flags.handle_xfsz;
> Options.HandleUsr1 = Flags.handle_usr1;
> Options.HandleUsr2 = Flags.handle_usr2;
> + Options.HandleWinExcept = Flags.handle_winexcept;
> +
> SetSignalHandler(Options);
>
> std::atexit(Fuzzer::StaticExitCallback);
>
> diff --git a/compiler-rt/lib/fuzzer/FuzzerFlags.def
> b/compiler-rt/lib/fuzzer/FuzzerFlags.def
> index ef6c3f8ba8f0..ab31da0ae5d6 100644
> --- a/compiler-rt/lib/fuzzer/FuzzerFlags.def
> +++ b/compiler-rt/lib/fuzzer/FuzzerFlags.def
> @@ -145,6 +145,8 @@ FUZZER_FLAG_INT(handle_term, 1, "If 1, try to
> intercept SIGTERM.")
> FUZZER_FLAG_INT(handle_xfsz, 1, "If 1, try to intercept SIGXFSZ.")
> FUZZER_FLAG_INT(handle_usr1, 1, "If 1, try to intercept SIGUSR1.")
> FUZZER_FLAG_INT(handle_usr2, 1, "If 1, try to intercept SIGUSR2.")
> +FUZZER_FLAG_INT(handle_winexcept, 1, "If 1, try to intercept uncaught
> Windows "
> + "Visual C++ Exceptions.")
> FUZZER_FLAG_INT(close_fd_mask, 0, "If 1, close stdout at startup; "
> "if 2, close stderr; if 3, close both. "
> "Be careful, this will also close e.g. stderr of asan.")
>
> diff --git a/compiler-rt/lib/fuzzer/FuzzerOptions.h
> b/compiler-rt/lib/fuzzer/FuzzerOptions.h
> index 21155e9c5692..d0c285a6821d 100644
> --- a/compiler-rt/lib/fuzzer/FuzzerOptions.h
> +++ b/compiler-rt/lib/fuzzer/FuzzerOptions.h
> @@ -84,6 +84,7 @@ struct FuzzingOptions {
> bool HandleXfsz = false;
> bool HandleUsr1 = false;
> bool HandleUsr2 = false;
> + bool HandleWinExcept = false;
> };
>
> } // namespace fuzzer
>
> diff --git a/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
> b/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
> index a360b65b5412..1a54bb569eca 100644
> --- a/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
> +++ b/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
> @@ -60,7 +60,15 @@ static LONG CALLBACK
> ExceptionHandler(PEXCEPTION_POINTERS ExceptionInfo) {
> if (HandlerOpt->HandleFpe)
> Fuzzer::StaticCrashSignalCallback();
> break;
> - // TODO: handle (Options.HandleXfsz)
> + // This is an undocumented exception code corresponding to a Visual
> C++
> + // Exception.
> + //
> + // See:
> https://devblogs.microsoft.com/oldnewthing/20100730-00/?p=13273
> + case 0xE06D7363:
> + if (HandlerOpt->HandleWinExcept)
> + Fuzzer::StaticCrashSignalCallback();
> + break;
> + // TODO: Handle (Options.HandleXfsz)
> }
> return EXCEPTION_CONTINUE_SEARCH;
> }
> @@ -127,7 +135,7 @@ void SetSignalHandler(const FuzzingOptions& Options) {
> }
>
> if (Options.HandleSegv || Options.HandleBus || Options.HandleIll ||
> - Options.HandleFpe)
> + Options.HandleFpe || Options.HandleWinExcept)
> SetUnhandledExceptionFilter(ExceptionHandler);
>
> if (Options.HandleAbrt)
>
> diff --git a/compiler-rt/test/fuzzer/UncaughtException.cpp
> b/compiler-rt/test/fuzzer/UncaughtException.cpp
> new file mode 100644
> index 000000000000..35df4a9ce326
> --- /dev/null
> +++ b/compiler-rt/test/fuzzer/UncaughtException.cpp
> @@ -0,0 +1,10 @@
> +#include <cstdint>
> +#include <vector>
> +
> +extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t *data, size_t
> size) {
> + std::vector<uint8_t> v;
> + // Intentionally throw std::length_error
> + v.reserve(static_cast<uint64_t>(-1));
> +
> + return 0;
> +}
>
> diff --git a/compiler-rt/test/fuzzer/uncaught-exception.test
> b/compiler-rt/test/fuzzer/uncaught-exception.test
> new file mode 100644
> index 000000000000..28c423a4e431
> --- /dev/null
> +++ b/compiler-rt/test/fuzzer/uncaught-exception.test
> @@ -0,0 +1,8 @@
> +# Test that throws a C++ exception and doesn't catch it. Should result in
> a
> +# crash
> +RUN: %cpp_compiler %S/UncaughtException.cpp -o %t-UncaughtException
> +
> +RUN: not %run %t-UncaughtException 2>&1 | FileCheck %s
> +
> +CHECK: ERROR: libFuzzer: deadly signal
> +CHECK: Test unit written to ./crash
>
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>
--
Ying Yi
SN Systems - Sony Interactive Entertainment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20201116/f3e2c854/attachment.html>
More information about the llvm-commits
mailing list