diff options
| author | Kostya Serebryany <kcc@google.com> | 2017-07-20 18:53:25 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2017-07-20 18:53:25 +0000 |
| commit | a763be3d5f6663a9cc2b0809b493c595d18aca61 (patch) | |
| tree | b4c5652581afe95a4d593131cf6587840e9e1bea /llvm/lib/Fuzzer | |
| parent | a19a2762e3ae682b38f5222a6ccb20d7a705be5d (diff) | |
| download | bcm5719-llvm-a763be3d5f6663a9cc2b0809b493c595d18aca61.tar.gz bcm5719-llvm-a763be3d5f6663a9cc2b0809b493c595d18aca61.zip | |
[libFuzzer] make sure CheckExitOnSrcPosOrItem is called after the new input is saved to the corpus
llvm-svn: 308653
Diffstat (limited to 'llvm/lib/Fuzzer')
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerLoop.cpp | 8 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/reduce_inputs.test | 2 |
2 files changed, 6 insertions, 4 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp index 37adb1e0a5a..ba4ba80db00 100644 --- a/llvm/lib/Fuzzer/FuzzerLoop.cpp +++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp @@ -344,8 +344,10 @@ void Fuzzer::RereadOutputCorpus(size_t MaxSize) { if (U.size() > MaxSize) U.resize(MaxSize); if (!Corpus.HasUnit(U)) { - if (RunOne(U.data(), U.size())) + if (RunOne(U.data(), U.size())) { + CheckExitOnSrcPosOrItem(); Reloaded = true; + } } } if (Reloaded) @@ -371,6 +373,7 @@ void Fuzzer::ShuffleAndMinimize(UnitVector *InitialCorpus) { for (const auto &U : *InitialCorpus) { RunOne(U.data(), U.size()); + CheckExitOnSrcPosOrItem(); TryDetectingAMemoryLeak(U.data(), U.size(), /*DuringInitialCorpusExecution*/ true); } @@ -418,14 +421,12 @@ bool Fuzzer::RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile, if (NumNewFeatures) { Corpus.AddToCorpus({Data, Data + Size}, NumNewFeatures, MayDeleteFile, UniqFeatureSetTmp); - CheckExitOnSrcPosOrItem(); return true; } if (II && FoundUniqFeaturesOfII && FoundUniqFeaturesOfII == II->UniqFeatureSet.size() && II->U.size() > Size) { Corpus.Replace(II, {Data, Data + Size}); - CheckExitOnSrcPosOrItem(); return true; } return false; @@ -527,6 +528,7 @@ void Fuzzer::ReportNewCoverage(InputInfo *II, const Unit &U) { WriteToOutputCorpus(U); NumberOfNewUnitsAdded++; TPC.PrintNewPCs(); + CheckExitOnSrcPosOrItem(); // Check only after the unit is saved to corpus. } // Tries detecting a memory leak on the particular input that we have just diff --git a/llvm/lib/Fuzzer/test/reduce_inputs.test b/llvm/lib/Fuzzer/test/reduce_inputs.test index 833b1cce79b..77a5f5fbc23 100644 --- a/llvm/lib/Fuzzer/test/reduce_inputs.test +++ b/llvm/lib/Fuzzer/test/reduce_inputs.test @@ -7,7 +7,7 @@ CHECK: INFO: found item with checksum '0eb8e4ed029b774d80f2b66408203801cb982a60' # Test that reduce_inputs deletes redundant files in the corpus. RUN: LLVMFuzzer-ShrinkControlFlowSimpleTest -runs=0 %t/C 2>&1 | FileCheck %s --check-prefix=COUNT -COUNT: READ units: 3 +COUNT: READ units: 4 # a bit longer test RUN: LLVMFuzzer-ShrinkControlFlowTest -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -seed=1 -runs=1000000 2>&1 | FileCheck %s |
