[libFuzzer] properly intercept memmem

llvm-svn: 276006
author: Kostya Serebryany <kcc@google.com> 2016-07-19 18:29:06 +0000
committer: Kostya Serebryany <kcc@google.com> 2016-07-19 18:29:06 +0000
commit: 6b08be92791be8cf97026e472e38bbef59b5bdff (patch)
tree: bbecfa6ee8984414fd72a7db3240032655eb8f01 /llvm/lib/Fuzzer/FuzzerTraceState.cpp
parent: 8b5fa7a2f20a94aae76433addffc7c3d271f6f77 (diff)
download: bcm5719-llvm-6b08be92791be8cf97026e472e38bbef59b5bdff.tar.gz
bcm5719-llvm-6b08be92791be8cf97026e472e38bbef59b5bdff.zip
1 files changed, 10 insertions, 1 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerTraceState.cpp b/llvm/lib/Fuzzer/FuzzerTraceState.cpp
index d6e1f79791f..6f87fcae5fc 100644
--- a/llvm/lib/Fuzzer/FuzzerTraceState.cpp
+++ b/llvm/lib/Fuzzer/FuzzerTraceState.cpp
@@ -173,6 +173,12 @@ struct TraceBasedMutation {
 static bool RecordingTraces = false;
 static bool RecordingMemcmp = false;
 static bool RecordingMemmem = false;
+static bool DoingMyOwnMemmem = false;
+
+struct ScopedDoingMyOwnMemmem {
+  ScopedDoingMyOwnMemmem() { DoingMyOwnMemmem = true; }
+  ~ScopedDoingMyOwnMemmem() { DoingMyOwnMemmem = false; }
+};
 
 class TraceState {
 public:
@@ -400,6 +406,7 @@ void TraceState::DFSanSwitchCallback(uint64_t PC, size_t ValSizeInBits,
 int TraceState::TryToAddDesiredData(uint64_t PresentData, uint64_t DesiredData,
                                     size_t DataSize) {
   if (NumMutations >= kMaxMutations || !WantToHandleOneMoreMutation()) return 0;
+  ScopedDoingMyOwnMemmem scoped_doing_my_own_memmem;
   const uint8_t *UnitData;
   auto UnitSize = F->GetCurrentUnitInFuzzingThead(&UnitData);
   int Res = 0;
@@ -423,6 +430,7 @@ int TraceState::TryToAddDesiredData(const uint8_t *PresentData,
                                     const uint8_t *DesiredData,
                                     size_t DataSize) {
   if (NumMutations >= kMaxMutations || !WantToHandleOneMoreMutation()) return 0;
+  ScopedDoingMyOwnMemmem scoped_doing_my_own_memmem;
   const uint8_t *UnitData;
   auto UnitSize = F->GetCurrentUnitInFuzzingThead(&UnitData);
   int Res = 0;
@@ -639,7 +647,8 @@ void __sanitizer_weak_hook_strcasestr(void *called_pc, const char *s1,
 }
 void __sanitizer_weak_hook_memmem(void *called_pc, const void *s1, size_t len1,
                                   const void *s2, size_t len2, void *result) {
-  // TODO: can't hook memmem since memmem is used by libFuzzer.
+  if (fuzzer::DoingMyOwnMemmem) return;
+  TS->AddInterestingWord(reinterpret_cast<const uint8_t *>(s2), len2);
 }
 
 #endif  // LLVM_FUZZER_DEFINES_SANITIZER_WEAK_HOOOKS
author	Kostya Serebryany <kcc@google.com>	2016-07-19 18:29:06 +0000
committer	Kostya Serebryany <kcc@google.com>	2016-07-19 18:29:06 +0000
commit	6b08be92791be8cf97026e472e38bbef59b5bdff (patch)
tree	bbecfa6ee8984414fd72a7db3240032655eb8f01 /llvm/lib/Fuzzer/FuzzerTraceState.cpp
parent	8b5fa7a2f20a94aae76433addffc7c3d271f6f77 (diff)
download	bcm5719-llvm-6b08be92791be8cf97026e472e38bbef59b5bdff.tar.gz bcm5719-llvm-6b08be92791be8cf97026e472e38bbef59b5bdff.zip