[libFuzzer] be more careful when calling strlen of strcmp parameters, PR32357

llvm-svn: 298746
author: Kostya Serebryany <kcc@google.com> 2017-03-24 22:19:52 +0000
committer: Kostya Serebryany <kcc@google.com> 2017-03-24 22:19:52 +0000
commit: c58982d6fa279f041b37b5cc0432af9e1a9f9a83 (patch)
tree: 868665cca2b48deff90933a6af4358c4e897681f /llvm/lib/Fuzzer/test/BadStrcmpTest.cpp
parent: 8fbb74b5b24183d7b2afbc36c690921d9690307e (diff)
download: bcm5719-llvm-c58982d6fa279f041b37b5cc0432af9e1a9f9a83.tar.gz
bcm5719-llvm-c58982d6fa279f041b37b5cc0432af9e1a9f9a83.zip
1 files changed, 19 insertions, 0 deletions
diff --git a/llvm/lib/Fuzzer/test/BadStrcmpTest.cpp b/llvm/lib/Fuzzer/test/BadStrcmpTest.cpp
new file mode 100644
index 00000000000..159cd7ea5f7
--- /dev/null
+++ b/llvm/lib/Fuzzer/test/BadStrcmpTest.cpp
@@ -0,0 +1,19 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+
+// Test that we don't creash in case of bad strcmp params.
+#include <cstdint>
+#include <cstring>
+#include <cstddef>
+
+static volatile int Sink;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size != 10) return 0;
+  // Data is not zero-terminated, so this call is bad.
+  // Still, there are cases when such calles appear, see e.g.
+  // https://bugs.llvm.org/show_bug.cgi?id=32357
+  Sink = strcmp(reinterpret_cast<const char*>(Data), "123456789");
+  return 0;
+}
+
author	Kostya Serebryany <kcc@google.com>	2017-03-24 22:19:52 +0000
committer	Kostya Serebryany <kcc@google.com>	2017-03-24 22:19:52 +0000
commit	c58982d6fa279f041b37b5cc0432af9e1a9f9a83 (patch)
tree	868665cca2b48deff90933a6af4358c4e897681f /llvm/lib/Fuzzer/test/BadStrcmpTest.cpp
parent	8fbb74b5b24183d7b2afbc36c690921d9690307e (diff)
download	bcm5719-llvm-c58982d6fa279f041b37b5cc0432af9e1a9f9a83.tar.gz bcm5719-llvm-c58982d6fa279f041b37b5cc0432af9e1a9f9a83.zip