[compiler-rt] f897e82 - [fuzzer] Add Windows Visual C++ exception intercept

Ying Yi via llvm-commits llvm-commits at lists.llvm.org
Mon Nov 16 04:53:42 PST 2020 

Hi Joe and Jonathan,

The commit f897e82 seems to cause a test failure on the Buildbot (
http://lab.llvm.org:8011/#/builders/112/builds/1115/steps/5/logs/FAIL__libFuzzer___uncaught-exception_test),
could you please either fix it or revert the commit?

Thanks,
Maggie

On Thu, Nov 12, 2020 at 9:12 PM Jonathan Metzman via llvm-commits <
llvm-commits at lists.llvm.org> wrote:

>
> Author: Joe Pletcher
> Date: 2020-11-12T13:11:14-08:00
> New Revision: f897e82bfd86099a5321e3fd50c63598e11e289b
>
> URL:
> https://github.com/llvm/llvm-project/commit/f897e82bfd86099a5321e3fd50c63598e11e289b
> DIFF:
> https://github.com/llvm/llvm-project/commit/f897e82bfd86099a5321e3fd50c63598e11e289b.diff
>
> LOG: [fuzzer] Add Windows Visual C++ exception intercept
>
> Adds a new option, `handle_winexcept` to try to intercept uncaught
> Visual C++ exceptions on Windows. On Linux, such exceptions are handled
> implicitly by `std::terminate()` raising `SIBABRT`. This option brings the
> Windows behavior in line with Linux.
>
> Unfortunately this exception code is intentionally undocumented, however
> has remained stable for the last decade. More information can be found
> here: https://devblogs.microsoft.com/oldnewthing/20100730-00/?p=13273
>
> Reviewed By: morehouse, metzman
>
> Differential Revision: https://reviews.llvm.org/D89755
>
> Added:
>     compiler-rt/test/fuzzer/UncaughtException.cpp
>     compiler-rt/test/fuzzer/uncaught-exception.test
>
> Modified:
>     compiler-rt/lib/fuzzer/FuzzerDriver.cpp
>     compiler-rt/lib/fuzzer/FuzzerFlags.def
>     compiler-rt/lib/fuzzer/FuzzerOptions.h
>     compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
>
> Removed:
>
>
>
>
> ################################################################################
> diff  --git a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
> b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
> index 6b674c4e9d7a..447cafce7fd4 100644
> --- a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
> +++ b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
> @@ -829,6 +829,8 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback
> Callback) {
>    Options.HandleXfsz = Flags.handle_xfsz;
>    Options.HandleUsr1 = Flags.handle_usr1;
>    Options.HandleUsr2 = Flags.handle_usr2;
> +  Options.HandleWinExcept = Flags.handle_winexcept;
> +
>    SetSignalHandler(Options);
>
>    std::atexit(Fuzzer::StaticExitCallback);
>
> diff  --git a/compiler-rt/lib/fuzzer/FuzzerFlags.def
> b/compiler-rt/lib/fuzzer/FuzzerFlags.def
> index ef6c3f8ba8f0..ab31da0ae5d6 100644
> --- a/compiler-rt/lib/fuzzer/FuzzerFlags.def
> +++ b/compiler-rt/lib/fuzzer/FuzzerFlags.def
> @@ -145,6 +145,8 @@ FUZZER_FLAG_INT(handle_term, 1, "If 1, try to
> intercept SIGTERM.")
>  FUZZER_FLAG_INT(handle_xfsz, 1, "If 1, try to intercept SIGXFSZ.")
>  FUZZER_FLAG_INT(handle_usr1, 1, "If 1, try to intercept SIGUSR1.")
>  FUZZER_FLAG_INT(handle_usr2, 1, "If 1, try to intercept SIGUSR2.")
> +FUZZER_FLAG_INT(handle_winexcept, 1, "If 1, try to intercept uncaught
> Windows "
> +    "Visual C++ Exceptions.")
>  FUZZER_FLAG_INT(close_fd_mask, 0, "If 1, close stdout at startup; "
>      "if 2, close stderr; if 3, close both. "
>      "Be careful, this will also close e.g. stderr of asan.")
>
> diff  --git a/compiler-rt/lib/fuzzer/FuzzerOptions.h
> b/compiler-rt/lib/fuzzer/FuzzerOptions.h
> index 21155e9c5692..d0c285a6821d 100644
> --- a/compiler-rt/lib/fuzzer/FuzzerOptions.h
> +++ b/compiler-rt/lib/fuzzer/FuzzerOptions.h
> @@ -84,6 +84,7 @@ struct FuzzingOptions {
>    bool HandleXfsz = false;
>    bool HandleUsr1 = false;
>    bool HandleUsr2 = false;
> +  bool HandleWinExcept = false;
>  };
>
>  }  // namespace fuzzer
>
> diff  --git a/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
> b/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
> index a360b65b5412..1a54bb569eca 100644
> --- a/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
> +++ b/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
> @@ -60,7 +60,15 @@ static LONG CALLBACK
> ExceptionHandler(PEXCEPTION_POINTERS ExceptionInfo) {
>        if (HandlerOpt->HandleFpe)
>          Fuzzer::StaticCrashSignalCallback();
>        break;
> -    // TODO: handle (Options.HandleXfsz)
> +    // This is an undocumented exception code corresponding to a Visual
> C++
> +    // Exception.
> +    //
> +    // See:
> https://devblogs.microsoft.com/oldnewthing/20100730-00/?p=13273
> +    case 0xE06D7363:
> +      if (HandlerOpt->HandleWinExcept)
> +        Fuzzer::StaticCrashSignalCallback();
> +      break;
> +      // TODO: Handle (Options.HandleXfsz)
>    }
>    return EXCEPTION_CONTINUE_SEARCH;
>  }
> @@ -127,7 +135,7 @@ void SetSignalHandler(const FuzzingOptions& Options) {
>      }
>
>    if (Options.HandleSegv || Options.HandleBus || Options.HandleIll ||
> -      Options.HandleFpe)
> +      Options.HandleFpe || Options.HandleWinExcept)
>      SetUnhandledExceptionFilter(ExceptionHandler);
>
>    if (Options.HandleAbrt)
>
> diff  --git a/compiler-rt/test/fuzzer/UncaughtException.cpp
> b/compiler-rt/test/fuzzer/UncaughtException.cpp
> new file mode 100644
> index 000000000000..35df4a9ce326
> --- /dev/null
> +++ b/compiler-rt/test/fuzzer/UncaughtException.cpp
> @@ -0,0 +1,10 @@
> +#include <cstdint>
> +#include <vector>
> +
> +extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t *data, size_t
> size) {
> +  std::vector<uint8_t> v;
> +  // Intentionally throw std::length_error
> +  v.reserve(static_cast<uint64_t>(-1));
> +
> +  return 0;
> +}
>
> diff  --git a/compiler-rt/test/fuzzer/uncaught-exception.test
> b/compiler-rt/test/fuzzer/uncaught-exception.test
> new file mode 100644
> index 000000000000..28c423a4e431
> --- /dev/null
> +++ b/compiler-rt/test/fuzzer/uncaught-exception.test
> @@ -0,0 +1,8 @@
> +# Test that throws a C++ exception and doesn't catch it. Should result in
> a
> +# crash
> +RUN: %cpp_compiler %S/UncaughtException.cpp -o %t-UncaughtException
> +
> +RUN: not %run %t-UncaughtException 2>&1 | FileCheck %s
> +
> +CHECK: ERROR: libFuzzer: deadly signal
> +CHECK: Test unit written to ./crash
>
>
>
> _______________________________________________
> llvm-commits mailing list
> llvm-commits at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>


-- 
Ying Yi
SN Systems - Sony Interactive Entertainment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20201116/f3e2c854/attachment.html>

More information about the llvm-commits mailing list