[libFuzzer] Disable len_control by default if LLVMFuzzerCustomMutator is used.

Summary: Some custom mutators may not peform well when size restriction is enforced by len_control. Because of that, it's safer to disable len_control by default in such cases, but still allow users to enable it manually. Bug example: https://bugs.chromium.org/p/chromium/issues/detail?id=919530. Tested manually with LPM-based and regular fuzz targets. Reviewers: kcc, vitalybuka, metzman Reviewed By: kcc, metzman Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D63334 llvm-svn: 363443
author: Max Moroz <mmoroz@chromium.org> 2019-06-14 19:34:11 +0000
committer: Max Moroz <mmoroz@chromium.org> 2019-06-14 19:34:11 +0000
commit: 0784e01a98a01d30474655702051e9f4542ccc31 (patch)
tree: 5a228690bfe5665423b1b4db404c9674360263a6 /compiler-rt/lib/fuzzer/FuzzerDriver.cpp
parent: 2ade4f6f72e09f3c0c293d239243cd00cd69752c (diff)
download: bcm5719-llvm-0784e01a98a01d30474655702051e9f4542ccc31.tar.gz
bcm5719-llvm-0784e01a98a01d30474655702051e9f4542ccc31.zip
1 files changed, 8 insertions, 2 deletions
diff --git a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
index d55caf4c6ec..5458d6c065b 100644
--- a/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerDriver.cpp
@@ -182,7 +182,8 @@ static bool ParseOneFlag(const char *Param) {
 }
 
 // We don't use any library to minimize dependencies.
-static void ParseFlags(const Vector<std::string> &Args) {
+static void ParseFlags(const Vector<std::string> &Args,
+                       const ExternalFunctions *EF) {
   for (size_t F = 0; F < kNumFlags; F++) {
     if (FlagDescriptions[F].IntFlag)
       *FlagDescriptions[F].IntFlag = FlagDescriptions[F].Default;
@@ -192,6 +193,11 @@ static void ParseFlags(const Vector<std::string> &Args) {
     if (FlagDescriptions[F].StrFlag)
       *FlagDescriptions[F].StrFlag = nullptr;
   }
+
+  // Disable len_control by default, if LLVMFuzzerCustomMutator is used.
+  if (EF->LLVMFuzzerCustomMutator)
+    Flags.len_control = 0;
+
   Inputs = new Vector<std::string>;
   for (size_t A = 1; A < Args.size(); A++) {
     if (ParseOneFlag(Args[A].c_str())) {
@@ -616,7 +622,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
     Printf("ERROR: argv[0] has been modified in LLVMFuzzerInitialize\n");
     exit(1);
   }
-  ParseFlags(Args);
+  ParseFlags(Args, EF);
   if (Flags.help) {
     PrintHelp();
     return 0;
author	Max Moroz <mmoroz@chromium.org>	2019-06-14 19:34:11 +0000
committer	Max Moroz <mmoroz@chromium.org>	2019-06-14 19:34:11 +0000
commit	0784e01a98a01d30474655702051e9f4542ccc31 (patch)
tree	5a228690bfe5665423b1b4db404c9674360263a6 /compiler-rt/lib/fuzzer/FuzzerDriver.cpp
parent	2ade4f6f72e09f3c0c293d239243cd00cd69752c (diff)
download	bcm5719-llvm-0784e01a98a01d30474655702051e9f4542ccc31.tar.gz bcm5719-llvm-0784e01a98a01d30474655702051e9f4542ccc31.zip