diff options
| author | Kostya Serebryany <kcc@google.com> | 2016-07-15 23:27:19 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2016-07-15 23:27:19 +0000 |
| commit | c135b55ae07816fa77106284231660518f867c2a (patch) | |
| tree | d2c7927596c08676d710a790e221e0cd182484db /llvm/lib/Fuzzer/FuzzerTraceState.cpp | |
| parent | 38202c02f0a9011e055b2dd240e0a1afed2f9c32 (diff) | |
| download | bcm5719-llvm-c135b55ae07816fa77106284231660518f867c2a.tar.gz bcm5719-llvm-c135b55ae07816fa77106284231660518f867c2a.zip | |
[libFuzzer] add hooks for strstr, strcasestr, strcasecmp, strncasecmp
llvm-svn: 275648
Diffstat (limited to 'llvm/lib/Fuzzer/FuzzerTraceState.cpp')
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerTraceState.cpp | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerTraceState.cpp b/llvm/lib/Fuzzer/FuzzerTraceState.cpp index cbfa87d2108..d6e1f79791f 100644 --- a/llvm/lib/Fuzzer/FuzzerTraceState.cpp +++ b/llvm/lib/Fuzzer/FuzzerTraceState.cpp @@ -77,6 +77,7 @@ #include <cstring> #include <thread> #include <map> +#include <set> #if !LLVM_FUZZER_SUPPORTS_DFSAN // Stubs for dfsan for platforms where dfsan does not exist and weak @@ -171,6 +172,7 @@ struct TraceBasedMutation { // Declared as static globals for faster checks inside the hooks. static bool RecordingTraces = false; static bool RecordingMemcmp = false; +static bool RecordingMemmem = false; class TraceState { public: @@ -204,7 +206,9 @@ public: return; RecordingTraces = Options.UseTraces; RecordingMemcmp = Options.UseMemcmp; + RecordingMemmem = Options.UseMemmem; NumMutations = 0; + InterestingWords.clear(); MD.ClearAutoDictionary(); } @@ -233,8 +237,10 @@ public: } } } - MD.AddWordToAutoDictionary(M.W, M.Pos); + MD.AddWordToAutoDictionary({M.W, M.Pos}); } + for (auto &W : InterestingWords) + MD.AddWordToAutoDictionary({W}); } void AddMutation(uint32_t Pos, uint32_t Size, const uint8_t *Data) { @@ -249,6 +255,14 @@ public: AddMutation(Pos, Size, reinterpret_cast<uint8_t*>(&Data)); } + void AddInterestingWord(const uint8_t *Data, size_t Size) { + if (!RecordingMemmem || !F->InFuzzingThread()) return; + if (Size <= 1) return; + Size = std::min(Size, Word::GetMaxSize()); + Word W(Data, Size); + InterestingWords.insert(W); + } + void EnsureDfsanLabels(size_t Size) { for (; LastDfsanLabel < Size; LastDfsanLabel++) { dfsan_label L = dfsan_create_label("input", (void *)(LastDfsanLabel + 1)); @@ -285,6 +299,8 @@ public: static const size_t kMaxMutations = 1 << 16; size_t NumMutations; TraceBasedMutation Mutations[kMaxMutations]; + // TODO: std::set is too inefficient, need to have a custom DS here. + std::set<Word> InterestingWords; LabelRange LabelRanges[1 << (sizeof(dfsan_label) * 8)]; size_t LastDfsanLabel = 0; MutationDispatcher &MD; @@ -605,6 +621,27 @@ void __sanitizer_weak_hook_strcmp(void *caller_pc, const char *s1, reinterpret_cast<const uint8_t *>(s2)); } +void __sanitizer_weak_hook_strncasecmp(void *called_pc, const char *s1, + const char *s2, size_t n, int result) { + return __sanitizer_weak_hook_strncmp(called_pc, s1, s2, n, result); +} +void __sanitizer_weak_hook_strcasecmp(void *called_pc, const char *s1, + const char *s2, int result) { + return __sanitizer_weak_hook_strcmp(called_pc, s1, s2, result); +} +void __sanitizer_weak_hook_strstr(void *called_pc, const char *s1, + const char *s2, char *result) { + TS->AddInterestingWord(reinterpret_cast<const uint8_t *>(s2), strlen(s2)); +} +void __sanitizer_weak_hook_strcasestr(void *called_pc, const char *s1, + const char *s2, char *result) { + TS->AddInterestingWord(reinterpret_cast<const uint8_t *>(s2), strlen(s2)); +} +void __sanitizer_weak_hook_memmem(void *called_pc, const void *s1, size_t len1, + const void *s2, size_t len2, void *result) { + // TODO: can't hook memmem since memmem is used by libFuzzer. +} + #endif // LLVM_FUZZER_DEFINES_SANITIZER_WEAK_HOOOKS __attribute__((visibility("default"))) |
