diff options
| author | Kostya Serebryany <kcc@google.com> | 2016-10-22 00:05:44 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2016-10-22 00:05:44 +0000 |
| commit | 2bfff021adbac5889ad54bac5fc997e13e09d3a0 (patch) | |
| tree | a9b28a748a51c4cf246b2c1b5aafcfdc1f30e2e5 /llvm/lib/Fuzzer | |
| parent | 110e2e52b788bd7df11224c0cb173b325bc84edb (diff) | |
| download | bcm5719-llvm-2bfff021adbac5889ad54bac5fc997e13e09d3a0.tar.gz bcm5719-llvm-2bfff021adbac5889ad54bac5fc997e13e09d3a0.zip | |
[libFuzzer] add a test for asan's strict_string_checks=1
llvm-svn: 284902
Diffstat (limited to 'llvm/lib/Fuzzer')
| -rw-r--r-- | llvm/lib/Fuzzer/test/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/StrncmpOOBTest.cpp | 21 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/fuzzer.test | 4 |
3 files changed, 26 insertions, 0 deletions
diff --git a/llvm/lib/Fuzzer/test/CMakeLists.txt b/llvm/lib/Fuzzer/test/CMakeLists.txt index 1475c663f22..d869bfaaffa 100644 --- a/llvm/lib/Fuzzer/test/CMakeLists.txt +++ b/llvm/lib/Fuzzer/test/CMakeLists.txt @@ -100,6 +100,7 @@ set(Tests ShrinkControlFlowTest ShrinkValueProfileTest StrcmpTest + StrncmpOOBTest StrncmpTest StrstrTest SwapCmpTest diff --git a/llvm/lib/Fuzzer/test/StrncmpOOBTest.cpp b/llvm/lib/Fuzzer/test/StrncmpOOBTest.cpp new file mode 100644 index 00000000000..f70b003afad --- /dev/null +++ b/llvm/lib/Fuzzer/test/StrncmpOOBTest.cpp @@ -0,0 +1,21 @@ +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. + +// Test that libFuzzer itself does not read out of bounds. +#include <assert.h> +#include <cstdint> +#include <cstring> +#include <cstdlib> +#include <cstddef> +#include <iostream> + +static volatile int Sink; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + if (Size < 5) return 0; + const char *Ch = reinterpret_cast<const char *>(Data); + if (Ch[Size - 3] == 'a') + Sink = strncmp(Ch + Size - 3, "abcdefg", 6); + return 0; +} + diff --git a/llvm/lib/Fuzzer/test/fuzzer.test b/llvm/lib/Fuzzer/test/fuzzer.test index fe408596f5f..df694987f09 100644 --- a/llvm/lib/Fuzzer/test/fuzzer.test +++ b/llvm/lib/Fuzzer/test/fuzzer.test @@ -57,3 +57,7 @@ RUN: LLVMFuzzer-SimpleTest-TracePC -exit_on_src_pos=SimpleTest.cpp:17 RUN: LLVMFuzzer-ShrinkControlFlowTest-TracePC -exit_on_src_pos=ShrinkControlFlowTest.cpp:23 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting. +RUN: ASAN_OPTIONS=strict_string_checks=1 not LLVMFuzzer-StrncmpOOBTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=STRNCMP +STRNCMP: AddressSanitizer: heap-buffer-overflow +STRNCMP-NOT: __sanitizer_weak_hook_strncmp +STRNCMP: in LLVMFuzzerTestOneInput |
