[llvm] [llvm-dwarfdump-fuzzer] fix out of bounds potential (PR #76408)
via llvm-commits
llvm-commits at lists.llvm.org
Tue Dec 26 12:24:31 PST 2023
llvmbot wrote:
<!--LLVM PR SUMMARY COMMENT-->
@llvm/pr-subscribers-debuginfo
Author: None (DavidKorczynski)
<details>
<summary>Changes</summary>
The fuzzer relies on MemoryBuffer to hold fuzz data, and MemoryBuffer guarantees that "In addition to basic access to the characters in the file, this interface guarantees you can read one character past the end of the file, and that this character will read as '\0'." The current fuzzing set up does not support this, which causes potential false positives. This PR fixes it.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65114
---
Full diff: https://github.com/llvm/llvm-project/pull/76408.diff
1 Files Affected:
- (modified) llvm/tools/llvm-dwarfdump/fuzzer/llvm-dwarfdump-fuzzer.cpp (+2-2)
``````````diff
diff --git a/llvm/tools/llvm-dwarfdump/fuzzer/llvm-dwarfdump-fuzzer.cpp b/llvm/tools/llvm-dwarfdump/fuzzer/llvm-dwarfdump-fuzzer.cpp
index 1d74856c0fb8a6..0e74d0be76f11c 100644
--- a/llvm/tools/llvm-dwarfdump/fuzzer/llvm-dwarfdump-fuzzer.cpp
+++ b/llvm/tools/llvm-dwarfdump/fuzzer/llvm-dwarfdump-fuzzer.cpp
@@ -20,8 +20,8 @@ using namespace llvm;
using namespace object;
extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
- std::unique_ptr<MemoryBuffer> Buff = MemoryBuffer::getMemBuffer(
- StringRef((const char *)data, size), "", false);
+ std::string Payload(reinterpret_cast<const char *>(data), size);
+ std::unique_ptr<MemoryBuffer> Buff = MemoryBuffer::getMemBuffer(Payload);
Expected<std::unique_ptr<ObjectFile>> ObjOrErr =
ObjectFile::createObjectFile(Buff->getMemBufferRef());
``````````
</details>
https://github.com/llvm/llvm-project/pull/76408
More information about the llvm-commits
mailing list