From 16d9f44fd154b409b1c7f0876ba7c767b60cb3da Mon Sep 17 00:00:00 2001 From: Marco Vanotti Date: Wed, 9 Oct 2019 22:47:30 -0700 Subject: [libFuzzer] Fix fd check in DupAndCloseStderr. Summary: This commit fixes the check in the return value from the `DuplicateFile` function, which returns a new file descriptor. `DuplicateFile` can return 0 if that file descriptor is available (for example, if stdin has already been closed). In particular, this could cause a bug with the `-close_fd_mask` flag in some platforms: just call the fuzzer with stdin closed and the `-close_fd_mask=2` flag, and stderr will not be muted. Example fuzzer: ``` extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) { fprintf(stderr, "STDERR\n"); fprintf(stdout, "STDOUT\n"); return 0; } ``` Invocation (muting both stderr and stdout): ``` ./test -close_fd_mask=3 -runs=1 0<&- INFO: Seed: 1155116940 INFO: Loaded 1 modules (1 inline 8-bit counters): 1 [0x48b020, 0x48b021), INFO: Loaded 1 PC tables (1 PCs): 1 [0x478dc8,0x478dd8), INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes STDERR INFO: A corpus is not provided, starting from an empty corpus STDERR Done 2 runs in 0 second(s) ``` Reviewers: mcgrathr, jakehehrlich, phosek, kcc, aarongreen Subscribers: #sanitizers, llvm-commits Tags: #sanitizers, #llvm Differential Revision: https://reviews.llvm.org/D68775 --- compiler-rt/lib/fuzzer/FuzzerIO.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'compiler-rt/lib/fuzzer') diff --git a/compiler-rt/lib/fuzzer/FuzzerIO.cpp b/compiler-rt/lib/fuzzer/FuzzerIO.cpp index 7e5ba30a2e7..f0708164be8 100644 --- a/compiler-rt/lib/fuzzer/FuzzerIO.cpp +++ b/compiler-rt/lib/fuzzer/FuzzerIO.cpp @@ -111,7 +111,7 @@ std::string DirPlusFile(const std::string &DirPath, void DupAndCloseStderr() { int OutputFd = DuplicateFile(2); - if (OutputFd > 0) { + if (OutputFd >= 0) { FILE *NewOutputFile = OpenFile(OutputFd, "w"); if (NewOutputFile) { OutputFile = NewOutputFile; -- cgit v1.2.3