diff options
| author | Kostya Serebryany <kcc@google.com> | 2015-07-30 02:33:45 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2015-07-30 02:33:45 +0000 |
| commit | b74ba421fc9f8d8e1d5e52bb1566ecb705a3029b (patch) | |
| tree | 950d6c210a356cb0b5203439cc92e4c070a700ab /llvm/lib/Fuzzer/FuzzerTraceState.cpp | |
| parent | 66a75c54bee1d5aae6e31ae747114144ef56b58a (diff) | |
| download | bcm5719-llvm-b74ba421fc9f8d8e1d5e52bb1566ecb705a3029b.tar.gz bcm5719-llvm-b74ba421fc9f8d8e1d5e52bb1566ecb705a3029b.zip | |
[libFuzzer] implement strncmp hook for data-flow-guided fuzzing (w/ and w/o dfsan), add a test
llvm-svn: 243611
Diffstat (limited to 'llvm/lib/Fuzzer/FuzzerTraceState.cpp')
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerTraceState.cpp | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerTraceState.cpp b/llvm/lib/Fuzzer/FuzzerTraceState.cpp index 9c7f9966708..d4ccd81d21b 100644 --- a/llvm/lib/Fuzzer/FuzzerTraceState.cpp +++ b/llvm/lib/Fuzzer/FuzzerTraceState.cpp @@ -138,7 +138,9 @@ static bool ComputeCmp(size_t CmpSize, size_t CmpType, uint64_t Arg1, if (CmpSize == 4) return ComputeCmp<uint32_t, int32_t>(CmpType, Arg1, Arg2); if (CmpSize == 2) return ComputeCmp<uint16_t, int16_t>(CmpType, Arg1, Arg2); if (CmpSize == 1) return ComputeCmp<uint8_t, int8_t>(CmpType, Arg1, Arg2); - assert(0 && "unsupported type size"); + // Other size, == + if (CmpType == ICMP_EQ) return Arg1 == Arg2; + assert(0 && "unsupported cmp and type size combination"); return true; } @@ -394,6 +396,12 @@ void dfsan_weak_hook_memcmp(void *caller_pc, const void *s1, const void *s2, TS->DFSanCmpCallback(PC, n, fuzzer::ICMP_EQ, S1, S2, L1, L2); } +void dfsan_weak_hook_strncmp(void *caller_pc, const char *s1, const char *s2, + size_t n, dfsan_label s1_label, + dfsan_label s2_label, dfsan_label n_label) { + dfsan_weak_hook_memcmp(caller_pc, s1, s2, n, s1_label, s2_label, n_label); +} + void __sanitizer_weak_hook_memcmp(void *caller_pc, const void *s1, const void *s2, size_t n) { if (!TS) return; @@ -403,7 +411,11 @@ void __sanitizer_weak_hook_memcmp(void *caller_pc, const void *s1, memcpy(&S1, s1, std::min(n, sizeof(S1))); memcpy(&S2, s2, std::min(n, sizeof(S2))); TS->TraceCmpCallback(PC, n, fuzzer::ICMP_EQ, S1, S2); - // fuzzer::Printf("ZZZ %p %p %zd\n", s1, s2, n); +} + +void __sanitizer_weak_hook_strncmp(void *caller_pc, const char *s1, + const char *s2, size_t n) { + __sanitizer_weak_hook_memcmp(caller_pc, s1, s2, n); } void __sanitizer_cov_trace_cmp(uint64_t SizeAndType, uint64_t Arg1, |
