[compiler-rt] f897e82 - [fuzzer] Add Windows Visual C++ exception intercept

Jonathan Metzman via llvm-commits llvm-commits at lists.llvm.org
Mon Nov 16 09:16:19 PST 2020 

I wasn't able to reproduce this issue locally, so I'm trying a speculative
fix that I think works here:
https://github.com/llvm/llvm-project/commit/a3be1287091463f4099cdb1710883645329cda7e

If that doesn't work, I'm going to disable this test on platforms other
than windows.

On Mon, Nov 16, 2020 at 8:27 AM Jonathan Metzman <metzman at chromium.org>
wrote:

> Hi Ying,
> Sorry for the delay,
> If I can't fix this in about an hour or two, I'll revert.
>
> Apologies for the trouble,
> Jonathan
>
> On Mon, Nov 16, 2020 at 4:53 AM Ying Yi <maggieyi666 at gmail.com> wrote:
>
>> Hi Joe and Jonathan,
>>
>> The commit f897e82 seems to cause a test failure on the Buildbot (
>> http://lab.llvm.org:8011/#/builders/112/builds/1115/steps/5/logs/FAIL__libFuzzer___uncaught-exception_test),
>> could you please either fix it or revert the commit?
>>
>> Thanks,
>> Maggie
>>
>> On Thu, Nov 12, 2020 at 9:12 PM Jonathan Metzman via llvm-commits <
>> llvm-commits at lists.llvm.org> wrote:
>>
>>>
>>> Author: Joe Pletcher
>>> Date: 2020-11-12T13:11:14-08:00
>>> New Revision: f897e82bfd86099a5321e3fd50c63598e11e289b
>>>
>>> URL:
>>> https://github.com/llvm/llvm-project/commit/f897e82bfd86099a5321e3fd50c63598e11e289b
>>> DIFF:
>>> https://github.com/llvm/llvm-project/commit/f897e82bfd86099a5321e3fd50c63598e11e289b.diff
>>>
>>> LOG: [fuzzer] Add Windows Visual C++ exception intercept
>>>
>>> Adds a new option, `handle_winexcept` to try to intercept uncaught
>>> Visual C++ exceptions on Windows. On Linux, such exceptions are handled
>>> implicitly by `std::terminate()` raising `SIBABRT`. This option brings
>>> the
>>> Windows behavior in line with Linux.
>>>
>>> Unfortunately this exception code is intentionally undocumented, however
>>> has remained stable for the last decade. More information can be found
>>> here: https://devblogs.microsoft.com/oldnewthing/20100730-00/?p=13273
>>>
>>> Reviewed By: morehouse, metzman
>>>
>>> Differential Revision: https://reviews.llvm.org/D89755
>>>
>>> Added:
>>>     compiler-rt/test/fuzzer/UncaughtException.cpp
>>>     compiler-rt/test/fuzzer/uncaught-exception.test
>>>
>>> Modified:
>>>     compiler-rt/lib/fuzzer/FuzzerDriver.cpp
>>>     compiler-rt/lib/fuzzer/FuzzerFlags.def
>>>     compiler-rt/lib/fuzzer/FuzzerOptions.h
>>>     compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
>>>
>>> Removed:
>>>
>>>
>>>
>>>
>>> ################################################################################
>>> diff  --git a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
>>> b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
>>> index 6b674c4e9d7a..447cafce7fd4 100644
>>> --- a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
>>> +++ b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
>>> @@ -829,6 +829,8 @@ int FuzzerDriver(int *argc, char ***argv,
>>> UserCallback Callback) {
>>>    Options.HandleXfsz = Flags.handle_xfsz;
>>>    Options.HandleUsr1 = Flags.handle_usr1;
>>>    Options.HandleUsr2 = Flags.handle_usr2;
>>> +  Options.HandleWinExcept = Flags.handle_winexcept;
>>> +
>>>    SetSignalHandler(Options);
>>>
>>>    std::atexit(Fuzzer::StaticExitCallback);
>>>
>>> diff  --git a/compiler-rt/lib/fuzzer/FuzzerFlags.def
>>> b/compiler-rt/lib/fuzzer/FuzzerFlags.def
>>> index ef6c3f8ba8f0..ab31da0ae5d6 100644
>>> --- a/compiler-rt/lib/fuzzer/FuzzerFlags.def
>>> +++ b/compiler-rt/lib/fuzzer/FuzzerFlags.def
>>> @@ -145,6 +145,8 @@ FUZZER_FLAG_INT(handle_term, 1, "If 1, try to
>>> intercept SIGTERM.")
>>>  FUZZER_FLAG_INT(handle_xfsz, 1, "If 1, try to intercept SIGXFSZ.")
>>>  FUZZER_FLAG_INT(handle_usr1, 1, "If 1, try to intercept SIGUSR1.")
>>>  FUZZER_FLAG_INT(handle_usr2, 1, "If 1, try to intercept SIGUSR2.")
>>> +FUZZER_FLAG_INT(handle_winexcept, 1, "If 1, try to intercept uncaught
>>> Windows "
>>> +    "Visual C++ Exceptions.")
>>>  FUZZER_FLAG_INT(close_fd_mask, 0, "If 1, close stdout at startup; "
>>>      "if 2, close stderr; if 3, close both. "
>>>      "Be careful, this will also close e.g. stderr of asan.")
>>>
>>> diff  --git a/compiler-rt/lib/fuzzer/FuzzerOptions.h
>>> b/compiler-rt/lib/fuzzer/FuzzerOptions.h
>>> index 21155e9c5692..d0c285a6821d 100644
>>> --- a/compiler-rt/lib/fuzzer/FuzzerOptions.h
>>> +++ b/compiler-rt/lib/fuzzer/FuzzerOptions.h
>>> @@ -84,6 +84,7 @@ struct FuzzingOptions {
>>>    bool HandleXfsz = false;
>>>    bool HandleUsr1 = false;
>>>    bool HandleUsr2 = false;
>>> +  bool HandleWinExcept = false;
>>>  };
>>>
>>>  }  // namespace fuzzer
>>>
>>> diff  --git a/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
>>> b/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
>>> index a360b65b5412..1a54bb569eca 100644
>>> --- a/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
>>> +++ b/compiler-rt/lib/fuzzer/FuzzerUtilWindows.cpp
>>> @@ -60,7 +60,15 @@ static LONG CALLBACK
>>> ExceptionHandler(PEXCEPTION_POINTERS ExceptionInfo) {
>>>        if (HandlerOpt->HandleFpe)
>>>          Fuzzer::StaticCrashSignalCallback();
>>>        break;
>>> -    // TODO: handle (Options.HandleXfsz)
>>> +    // This is an undocumented exception code corresponding to a Visual
>>> C++
>>> +    // Exception.
>>> +    //
>>> +    // See:
>>> https://devblogs.microsoft.com/oldnewthing/20100730-00/?p=13273
>>> +    case 0xE06D7363:
>>> +      if (HandlerOpt->HandleWinExcept)
>>> +        Fuzzer::StaticCrashSignalCallback();
>>> +      break;
>>> +      // TODO: Handle (Options.HandleXfsz)
>>>    }
>>>    return EXCEPTION_CONTINUE_SEARCH;
>>>  }
>>> @@ -127,7 +135,7 @@ void SetSignalHandler(const FuzzingOptions& Options)
>>> {
>>>      }
>>>
>>>    if (Options.HandleSegv || Options.HandleBus || Options.HandleIll ||
>>> -      Options.HandleFpe)
>>> +      Options.HandleFpe || Options.HandleWinExcept)
>>>      SetUnhandledExceptionFilter(ExceptionHandler);
>>>
>>>    if (Options.HandleAbrt)
>>>
>>> diff  --git a/compiler-rt/test/fuzzer/UncaughtException.cpp
>>> b/compiler-rt/test/fuzzer/UncaughtException.cpp
>>> new file mode 100644
>>> index 000000000000..35df4a9ce326
>>> --- /dev/null
>>> +++ b/compiler-rt/test/fuzzer/UncaughtException.cpp
>>> @@ -0,0 +1,10 @@
>>> +#include <cstdint>
>>> +#include <vector>
>>> +
>>> +extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t *data, size_t
>>> size) {
>>> +  std::vector<uint8_t> v;
>>> +  // Intentionally throw std::length_error
>>> +  v.reserve(static_cast<uint64_t>(-1));
>>> +
>>> +  return 0;
>>> +}
>>>
>>> diff  --git a/compiler-rt/test/fuzzer/uncaught-exception.test
>>> b/compiler-rt/test/fuzzer/uncaught-exception.test
>>> new file mode 100644
>>> index 000000000000..28c423a4e431
>>> --- /dev/null
>>> +++ b/compiler-rt/test/fuzzer/uncaught-exception.test
>>> @@ -0,0 +1,8 @@
>>> +# Test that throws a C++ exception and doesn't catch it. Should result
>>> in a
>>> +# crash
>>> +RUN: %cpp_compiler %S/UncaughtException.cpp -o %t-UncaughtException
>>> +
>>> +RUN: not %run %t-UncaughtException 2>&1 | FileCheck %s
>>> +
>>> +CHECK: ERROR: libFuzzer: deadly signal
>>> +CHECK: Test unit written to ./crash
>>>
>>>
>>>
>>> _______________________________________________
>>> llvm-commits mailing list
>>> llvm-commits at lists.llvm.org
>>> https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits
>>>
>>
>>
>> --
>> Ying Yi
>> SN Systems - Sony Interactive Entertainment
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20201116/f6eba405/attachment.html>

More information about the llvm-commits mailing list