diff options
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerInternal.h | 1 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/FuzzerLoop.cpp | 9 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/AccumulateAllocationsTest.cpp | 17 | ||||
| -rw-r--r-- | llvm/lib/Fuzzer/test/CMakeLists.txt | 1 |
4 files changed, 28 insertions, 0 deletions
diff --git a/llvm/lib/Fuzzer/FuzzerInternal.h b/llvm/lib/Fuzzer/FuzzerInternal.h index 0d540d8da35..a6c86780cd0 100644 --- a/llvm/lib/Fuzzer/FuzzerInternal.h +++ b/llvm/lib/Fuzzer/FuzzerInternal.h @@ -401,6 +401,7 @@ private: size_t NumberOfNewUnitsAdded = 0; bool HasMoreMallocsThanFrees = false; + size_t NumberOfLeakDetectionAttempts = 0; std::vector<Unit> Corpus; std::unordered_set<std::string> UnitHashesAddedToCorpus; diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp index cb3a789634e..3b0b339bf9c 100644 --- a/llvm/lib/Fuzzer/FuzzerLoop.cpp +++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp @@ -557,6 +557,15 @@ void Fuzzer::TryDetectingAMemoryLeak(uint8_t *Data, size_t Size) { RunOneAndUpdateCorpus(Data, Size); __lsan_enable(); if (!HasMoreMallocsThanFrees) return; // a leak is unlikely. + if (NumberOfLeakDetectionAttempts++ > 1000) { + Options.DetectLeaks = false; + Printf("INFO: libFuzzer disabled leak detection after every mutation.\n" + " Most likely the target function accumulates allocated\n" + " memory in a global state w/o actually leaking it.\n" + " If LeakSanitizer is enabled in this process it will still\n" + " run on the process shutdown.\n"); + return; + } // Now perform the actual lsan pass. This is expensive and we must ensure // we don't call it too often. if (__lsan_do_recoverable_leak_check()) { // Leak is found, report it. diff --git a/llvm/lib/Fuzzer/test/AccumulateAllocationsTest.cpp b/llvm/lib/Fuzzer/test/AccumulateAllocationsTest.cpp new file mode 100644 index 00000000000..604d8fa299a --- /dev/null +++ b/llvm/lib/Fuzzer/test/AccumulateAllocationsTest.cpp @@ -0,0 +1,17 @@ +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. + +// Test with a more mallocs than frees, but no leak. +#include <cstdint> +#include <cstddef> + +const int kAllocatedPointersSize = 10000; +int NumAllocatedPointers = 0; +int *AllocatedPointers[kAllocatedPointersSize]; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + if (NumAllocatedPointers < kAllocatedPointersSize) + AllocatedPointers[NumAllocatedPointers++] = new int; + return 0; +} + diff --git a/llvm/lib/Fuzzer/test/CMakeLists.txt b/llvm/lib/Fuzzer/test/CMakeLists.txt index 3bda0a99baf..ff1a7349f1a 100644 --- a/llvm/lib/Fuzzer/test/CMakeLists.txt +++ b/llvm/lib/Fuzzer/test/CMakeLists.txt @@ -13,6 +13,7 @@ set(DFSanTests ) set(Tests + AccumulateAllocationsTest BufferOverflowOnInput CallerCalleeTest CounterTest |
