diff options
| author | Kostya Serebryany <kcc@google.com> | 2016-08-30 14:52:05 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2016-08-30 14:52:05 +0000 |
| commit | a016a45d60ae5940b360b24880f8c271f03ae359 (patch) | |
| tree | d97c7b8ac2f99db89dadf65b73244a4e479f33bf /llvm/lib/Fuzzer | |
| parent | b5d90e57dcbb23e09de15ed5e1d7b3b437d13cbb (diff) | |
| download | bcm5719-llvm-a016a45d60ae5940b360b24880f8c271f03ae359.tar.gz bcm5719-llvm-a016a45d60ae5940b360b24880f8c271f03ae359.zip | |
[libFuzzer] fix a bug when running a single unit of N bytes with -max_len=M, M<N, caused a buffer overflow
llvm-svn: 280098
Diffstat (limited to 'llvm/lib/Fuzzer')
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerDriver.cpp | 10 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/fuzzer-singleinputs.test | 3 |
2 files changed, 7 insertions, 6 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerDriver.cpp b/llvm/lib/Fuzzer/FuzzerDriver.cpp index 592c88a319e..10db673eda8 100644 --- a/llvm/lib/Fuzzer/FuzzerDriver.cpp +++ b/llvm/lib/Fuzzer/FuzzerDriver.cpp @@ -250,11 +250,11 @@ static void StartRssThread(Fuzzer *F, size_t RssLimitMb) { T.detach(); } -int RunOneTest(Fuzzer *F, const char *InputFilePath) { +int RunOneTest(Fuzzer *F, const char *InputFilePath, size_t MaxLen) { Unit U = FileToVector(InputFilePath); - Unit PreciseSizedU(U); - assert(PreciseSizedU.size() == PreciseSizedU.capacity()); - F->RunOne(PreciseSizedU.data(), PreciseSizedU.size()); + if (MaxLen && MaxLen < U.size()) + U.resize(MaxLen); + F->RunOne(U.data(), U.size()); return 0; } @@ -380,7 +380,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) { auto StartTime = system_clock::now(); Printf("Running: %s\n", Path.c_str()); for (int Iter = 0; Iter < Runs; Iter++) - RunOneTest(&F, Path.c_str()); + RunOneTest(&F, Path.c_str(), Options.MaxLen); auto StopTime = system_clock::now(); auto MS = duration_cast<milliseconds>(StopTime - StartTime).count(); Printf("Executed %s in %zd ms\n", Path.c_str(), (long)MS); diff --git a/llvm/lib/Fuzzer/test/fuzzer-singleinputs.test b/llvm/lib/Fuzzer/test/fuzzer-singleinputs.test index 3e34273b064..ca8403bff81 100644 --- a/llvm/lib/Fuzzer/test/fuzzer-singleinputs.test +++ b/llvm/lib/Fuzzer/test/fuzzer-singleinputs.test @@ -5,7 +5,8 @@ RUN: rm -rf %tmp/SINGLE_INPUTS RUN: mkdir -p %tmp/SINGLE_INPUTS RUN: echo aaa > %tmp/SINGLE_INPUTS/aaa RUN: echo bbb > %tmp/SINGLE_INPUTS/bbb -RUN: LLVMFuzzer-SimpleTest %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS +RUN: LLVMFuzzer-SimpleTest %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS +RUN: LLVMFuzzer-SimpleTest -max_len=2 %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS RUN: rm -rf %tmp/SINGLE_INPUTS SINGLE_INPUTS: LLVMFuzzer-SimpleTest: Running 2 inputs 1 time(s) each. SINGLE_INPUTS: aaa in |
