diff options
| author | Kostya Serebryany <kcc@google.com> | 2017-01-23 22:11:04 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2017-01-23 22:11:04 +0000 |
| commit | 6bdd8fc5b605371052184c5d4c69a4c189a913bc (patch) | |
| tree | 1b3fe077910a803c1567888dc10a158e21df0a44 /llvm/lib | |
| parent | 014d9491ffd349d5488710564333deb99639dc16 (diff) | |
| download | bcm5719-llvm-6bdd8fc5b605371052184c5d4c69a4c189a913bc.tar.gz bcm5719-llvm-6bdd8fc5b605371052184c5d4c69a4c189a913bc.zip | |
[libFuzzer] make sure we use the feedback from std::string operator ==
llvm-svn: 292835
Diffstat (limited to 'llvm/lib')
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerTracePC.cpp | 5 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/CxxStringEqTest.cpp | 24 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/cxxstring.test | 2 |
4 files changed, 31 insertions, 1 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerTracePC.cpp b/llvm/lib/Fuzzer/FuzzerTracePC.cpp index 53454371f3e..91a9746e729 100644 --- a/llvm/lib/Fuzzer/FuzzerTracePC.cpp +++ b/llvm/lib/Fuzzer/FuzzerTracePC.cpp @@ -214,9 +214,12 @@ void TracePC::AddValueForMemcmp(void *caller_pc, const void *s1, const void *s2, uint8_t B2[Word::kMaxSize]; // Copy the data into locals in this non-msan-instrumented function // to avoid msan complaining further. + size_t Hash = 0; // Compute some simple hash of both strings. for (size_t i = 0; i < Len; i++) { B1[i] = A1[i]; B2[i] = A2[i]; + size_t T = B1[i]; + Hash ^= (T << 8) | B2[i]; } size_t I = 0; for (; I < Len; I++) @@ -225,7 +228,7 @@ void TracePC::AddValueForMemcmp(void *caller_pc, const void *s1, const void *s2, size_t PC = reinterpret_cast<size_t>(caller_pc); size_t Idx = (PC & 4095) | (I << 12); TPC.HandleValueProfile(Idx); - TORCW.Insert(Idx, Word(B1, Len), Word(B2, Len)); + TORCW.Insert(Idx ^ Hash, Word(B1, Len), Word(B2, Len)); } template <class T> diff --git a/llvm/lib/Fuzzer/test/CMakeLists.txt b/llvm/lib/Fuzzer/test/CMakeLists.txt index a55bdf7644d..1f9999f4401 100644 --- a/llvm/lib/Fuzzer/test/CMakeLists.txt +++ b/llvm/lib/Fuzzer/test/CMakeLists.txt @@ -83,6 +83,7 @@ set(Tests CounterTest CustomCrossOverTest CustomMutatorTest + CxxStringEqTest DivTest EmptyTest EquivalenceATest diff --git a/llvm/lib/Fuzzer/test/CxxStringEqTest.cpp b/llvm/lib/Fuzzer/test/CxxStringEqTest.cpp new file mode 100644 index 00000000000..9005ab8467b --- /dev/null +++ b/llvm/lib/Fuzzer/test/CxxStringEqTest.cpp @@ -0,0 +1,24 @@ +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. + +// Simple test for a fuzzer. Must find a specific string +// used in std::string operator ==. +#include <cstdint> +#include <cstdlib> +#include <cstddef> +#include <string> +#include <iostream> + +static volatile int Sink; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + std::string Str((const char*)Data, Size); + bool Eq = Str == "FooBar"; + Sink = Str == "123456"; // Try to confuse the fuzzer + if (Eq) { + std::cout << "BINGO; Found the target, exiting\n"; + abort(); + } + return 0; +} + diff --git a/llvm/lib/Fuzzer/test/cxxstring.test b/llvm/lib/Fuzzer/test/cxxstring.test new file mode 100644 index 00000000000..c60d7aee968 --- /dev/null +++ b/llvm/lib/Fuzzer/test/cxxstring.test @@ -0,0 +1,2 @@ +RUN: not LLVMFuzzer-CxxStringEqTest -seed=1 -runs=1000000 2>&1 | FileCheck %s +CHECK: BINGO |
