[llvm] 1287f5a - [llvm-dwarfdump-fuzzer] fix out of bounds potential (#76408)

via llvm-commits llvm-commits at lists.llvm.org
Thu Dec 28 12:16:08 PST 2023 

Author: DavidKorczynski
Date: 2023-12-28T21:16:03+01:00
New Revision: 1287f5aaf7b0f7630ff7910850e3154179654e71

URL: https://github.com/llvm/llvm-project/commit/1287f5aaf7b0f7630ff7910850e3154179654e71
DIFF: https://github.com/llvm/llvm-project/commit/1287f5aaf7b0f7630ff7910850e3154179654e71.diff

LOG: [llvm-dwarfdump-fuzzer] fix out of bounds potential (#76408)

The fuzzer relies on MemoryBuffer to hold fuzz data, and MemoryBuffer
guarantees that "In addition to basic access to the characters in the
file, this interface guarantees you can read one character past the end
of the file, and that this character will read as '\0'."
[Ref](https://llvm.org/doxygen/classllvm_1_1MemoryBuffer.html#details).
The current fuzzing set up does not support this, which causes potential
false positives. This PR fixes it.

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65114

Signed-off-by: David Korczynski <david at adalogics.com>

Added: 
    

Modified: 
    llvm/tools/llvm-dwarfdump/fuzzer/llvm-dwarfdump-fuzzer.cpp

Removed: 
    


################################################################################
diff  --git a/llvm/tools/llvm-dwarfdump/fuzzer/llvm-dwarfdump-fuzzer.cpp b/llvm/tools/llvm-dwarfdump/fuzzer/llvm-dwarfdump-fuzzer.cpp
index 1d74856c0fb8a6..0e74d0be76f11c 100644
--- a/llvm/tools/llvm-dwarfdump/fuzzer/llvm-dwarfdump-fuzzer.cpp
+++ b/llvm/tools/llvm-dwarfdump/fuzzer/llvm-dwarfdump-fuzzer.cpp
@@ -20,8 +20,8 @@ using namespace llvm;
 using namespace object;
 
 extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
-  std::unique_ptr<MemoryBuffer> Buff = MemoryBuffer::getMemBuffer(
-      StringRef((const char *)data, size), "", false);
+  std::string Payload(reinterpret_cast<const char *>(data), size);
+  std::unique_ptr<MemoryBuffer> Buff = MemoryBuffer::getMemBuffer(Payload);
 
   Expected<std::unique_ptr<ObjectFile>> ObjOrErr =
       ObjectFile::createObjectFile(Buff->getMemBufferRef());

More information about the llvm-commits mailing list