[compiler-rt] f897e82 - [fuzzer] Add Windows Visual C++ exception intercept

Jonathan Metzman via llvm-commits llvm-commits at lists.llvm.org
Mon Nov 16 08:27:50 PST 2020 

Hi Ying,
Sorry for the delay,
If I can't fix this in about an hour or two, I'll revert.

Apologies for the trouble,
Jonathan

On Mon, Nov 16, 2020 at 4:53 AM Ying Yi <maggieyi666 at gmail.com> wrote:

> Hi Joe and Jonathan,
>
> The commit f897e82 seems to cause a test failure on the Buildbot (
> http://lab.llvm.org:8011/#/builders/112/builds/1115/steps/5/logs/FAIL__libFuzzer___uncaught-exception_test),
> could you please either fix it or revert the commit?
>
> Thanks,
> Maggie
>
> On Thu, Nov 12, 2020 at 9:12 PM Jonathan Metzman via llvm-commits <
> llvm-commits at lists.llvm.org> wrote:
>
>>
>> Author: Joe Pletcher
>> Date: 2020-11-12T13:11:14-08:00
>> New Revision: f897e82bfd86099a5321e3fd50c63598e11e289b
>>
>> URL:
>> https://github.com/llvm/llvm-project/commit/f897e82bfd86099a5321e3fd50c63598e11e289b
>> DIFF:
>> https://github.com/llvm/llvm-project/commit/f897e82bfd86099a5321e3fd50c63598e11e289b.diff
>>
>> LOG: [fuzzer] Add Windows Visual C++ exception intercept
>>
>> Adds a new option, `handle_winexcept` to try to intercept uncaught
>> Visual C++ exceptions on Windows. On Linux, such exceptions are handled
>> implicitly by `std::terminate()` raising `SIBABRT`. This option brings the
>> Windows behavior in line with Linux.
>>
>> Unfortunately this exception code is intentionally undocumented, however
>> has remained stable for the last decade. More information can be found
>> here: https://devblogs.microsoft.com/oldnewthing/20100730-00/?p=13273
>>
>> Reviewed By: morehouse, metzman
>>
>> Differential Revision: https://reviews.llvm.org/D89755
>>
>> Added:
>>     compiler-rt/test/fuzzer/UncaughtException.cpp
>>     compiler-rt/test/fuzzer/uncaught-exception.test
>>
>> Modified:
>>     compiler-rt/lib/fuzzer/FuzzerDriver.cpp
>>     compiler-rt/lib/fuzzer/FuzzerFlags.def
>>     compiler-rt/lib/fuzzer/FuzzerOptions.h
>>     compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
>>
>> Removed:
>>
>>
>>
>>
>> ################################################################################
>> diff  --git a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
>> b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
>> index 6b674c4e9d7a..447cafce7fd4 100644
>> --- a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
>> +++ b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
>> @@ -829,6 +829,8 @@ int FuzzerDriver(int *argc, char ***argv,
>> UserCallback Callback) {
>>    Options.HandleXfsz = Flags.handle_xfsz;
>>    Options.HandleUsr1 = Flags.handle_usr1;
>>    Options.HandleUsr2 = Flags.handle_usr2;
>> +  Options.HandleWinExcept = Flags.handle_winexcept;
>> +
>>    SetSignalHandler(Options);
>>
>>    std::atexit(Fuzzer::StaticExitCallback);
>>
>> diff  --git a/compiler-rt/lib/fuzzer/FuzzerFlags.def
>> b/compiler-rt/lib/fuzzer/FuzzerFlags.def
>> index ef6c3f8ba8f0..ab31da0ae5d6 100644
>> --- a/compiler-rt/lib/fuzzer/FuzzerFlags.def
>> +++ b/compiler-rt/lib/fuzzer/FuzzerFlags.def
>> @@ -145,6 +145,8 @@ FUZZER_FLAG_INT(handle_term, 1, "If 1, try to
>> intercept SIGTERM.")
>>  FUZZER_FLAG_INT(handle_xfsz, 1, "If 1, try to intercept SIGXFSZ.")
>>  FUZZER_FLAG_INT(handle_usr1, 1, "If 1, try to intercept SIGUSR1.")
>>  FUZZER_FLAG_INT(handle_usr2, 1, "If 1, try to intercept SIGUSR2.")
>> +FUZZER_FLAG_INT(handle_winexcept, 1, "If 1, try to intercept uncaught
>> Windows "
>> +    "Visual C++ Exceptions.")
>>  FUZZER_FLAG_INT(close_fd_mask, 0, "If 1, close stdout at startup; "
>>      "if 2, close stderr; if 3, close both. "
>>      "Be careful, this will also close e.g. stderr of asan.")
>>
>> diff  --git a/compiler-rt/lib/fuzzer/FuzzerOptions.h
>> b/compiler-rt/lib/fuzzer/FuzzerOptions.h
>> index 21155e9c5692..d0c285a6821d 100644
>> --- a/compiler-rt/lib/fuzzer/FuzzerOptions.h
>> +++ b/compiler-rt/lib/fuzzer/FuzzerOptions.h
>> @@ -84,6 +84,7 @@ struct FuzzingOptions {
>>    bool HandleXfsz = false;
>>    bool HandleUsr1 = false;
>>    bool HandleUsr2 = false;
>> +  bool HandleWinExcept = false;
>>  };
>>
>>  }  // namespace fuzzer
>>
>> diff  --git a/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
>> b/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
>> index a360b65b5412..1a54bb569eca 100644
>> --- a/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
>> +++ b/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
>> @@ -60,7 +60,15 @@ static LONG CALLBACK
>> ExceptionHandler(PEXCEPTION_POINTERS ExceptionInfo) {
>>        if (HandlerOpt->HandleFpe)
>>          Fuzzer::StaticCrashSignalCallback();
>>        break;
>> -    // TODO: handle (Options.HandleXfsz)
>> +    // This is an undocumented exception code corresponding to a Visual
>> C++
>> +    // Exception.
>> +    //
>> +    // See:
>> https://devblogs.microsoft.com/oldnewthing/20100730-00/?p=13273
>> +    case 0xE06D7363:
>> +      if (HandlerOpt->HandleWinExcept)
>> +        Fuzzer::StaticCrashSignalCallback();
>> +      break;
>> +      // TODO: Handle (Options.HandleXfsz)
>>    }
>>    return EXCEPTION_CONTINUE_SEARCH;
>>  }
>> @@ -127,7 +135,7 @@ void SetSignalHandler(const FuzzingOptions& Options) {
>>      }
>>
>>    if (Options.HandleSegv || Options.HandleBus || Options.HandleIll ||
>> -      Options.HandleFpe)
>> +      Options.HandleFpe || Options.HandleWinExcept)
>>      SetUnhandledExceptionFilter(ExceptionHandler);
>>
>>    if (Options.HandleAbrt)
>>
>> diff  --git a/compiler-rt/test/fuzzer/UncaughtException.cpp
>> b/compiler-rt/test/fuzzer/UncaughtException.cpp
>> new file mode 100644
>> index 000000000000..35df4a9ce326
>> --- /dev/null
>> +++ b/compiler-rt/test/fuzzer/UncaughtException.cpp
>> @@ -0,0 +1,10 @@
>> +#include <cstdint>
>> +#include <vector>
>> +
>> +extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t *data, size_t
>> size) {
>> +  std::vector<uint8_t> v;
>> +  // Intentionally throw std::length_error
>> +  v.reserve(static_cast<uint64_t>(-1));
>> +
>> +  return 0;
>> +}
>>
>> diff  --git a/compiler-rt/test/fuzzer/uncaught-exception.test
>> b/compiler-rt/test/fuzzer/uncaught-exception.test
>> new file mode 100644
>> index 000000000000..28c423a4e431
>> --- /dev/null
>> +++ b/compiler-rt/test/fuzzer/uncaught-exception.test
>> @@ -0,0 +1,8 @@
>> +# Test that throws a C++ exception and doesn't catch it. Should result
>> in a
>> +# crash
>> +RUN: %cpp_compiler %S/UncaughtException.cpp -o %t-UncaughtException
>> +
>> +RUN: not %run %t-UncaughtException 2>&1 | FileCheck %s
>> +
>> +CHECK: ERROR: libFuzzer: deadly signal
>> +CHECK: Test unit written to ./crash
>>
>>
>>
>> _______________________________________________
>> llvm-commits mailing list
>> llvm-commits at lists.llvm.org
>> https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>>
>
>
> --
> Ying Yi
> SN Systems - Sony Interactive Entertainment
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20201116/b0e8586f/attachment.html>

More information about the llvm-commits mailing list