diff options
| author | Max Moroz <mmoroz@chromium.org> | 2019-12-04 13:24:59 -0800 |
|---|---|---|
| committer | Max Moroz <mmoroz@chromium.org> | 2019-12-04 14:18:52 -0800 |
| commit | a44ef027ebca1598892ea9b104d6189aeb3bc2f0 (patch) | |
| tree | 134e1f8a1cb07b68a3327a174695cf2934938b1f /compiler-rt/include | |
| parent | b89ba5f9399aaa969a5dff79a427402a9498846b (diff) | |
| download | bcm5719-llvm-a44ef027ebca1598892ea9b104d6189aeb3bc2f0.tar.gz bcm5719-llvm-a44ef027ebca1598892ea9b104d6189aeb3bc2f0.zip | |
[compiler-rt] FuzzedDataProvider: do not call memcpy on empty vector.
Summary:
Some versions of memcpy mark pointer arguments as __nonnull, that triggers UBSan
errors even when the length passed is 0.
Reviewers: manojgupta, metzman
Subscribers: dberris, #sanitizers, llvm-commits
Tags: #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D71031
[compiler-rt] FDP: assert that num_bytes_to_consume == 0 when size == 0.
Diffstat (limited to 'compiler-rt/include')
| -rw-r--r-- | compiler-rt/include/fuzzer/FuzzedDataProvider.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/compiler-rt/include/fuzzer/FuzzedDataProvider.h b/compiler-rt/include/fuzzer/FuzzedDataProvider.h index fd895b767d9..3e069eba69b 100644 --- a/compiler-rt/include/fuzzer/FuzzedDataProvider.h +++ b/compiler-rt/include/fuzzer/FuzzedDataProvider.h @@ -263,6 +263,12 @@ class FuzzedDataProvider { // which seems to be a natural choice for other implementations as well. // To increase the odds even more, we also call |shrink_to_fit| below. std::vector<T> result(size); + if (size == 0) { + if (num_bytes_to_consume != 0) + abort(); + return result; + } + std::memcpy(result.data(), data_ptr_, num_bytes_to_consume); Advance(num_bytes_to_consume); |
