From 05f7791fbf59e5a19ff79ed1175e7042100da8e8 Mon Sep 17 00:00:00 2001 From: Kostya Serebryany Date: Wed, 30 Nov 2016 22:39:35 +0000 Subject: [libFuzzer] extend -rss_limit_mb to crash instantly on a single malloc that exceeds the limit llvm-svn: 288281 --- llvm/lib/Fuzzer/test/CMakeLists.txt | 1 + .../test/OutOfMemorySingleLargeMallocTest.cpp | 28 ++++++++++++++++++++++ llvm/lib/Fuzzer/test/fuzzer-oom-with-profile.test | 4 ++-- llvm/lib/Fuzzer/test/fuzzer-oom.test | 8 +++++-- 4 files changed, 37 insertions(+), 4 deletions(-) create mode 100644 llvm/lib/Fuzzer/test/OutOfMemorySingleLargeMallocTest.cpp (limited to 'llvm/lib/Fuzzer/test') diff --git a/llvm/lib/Fuzzer/test/CMakeLists.txt b/llvm/lib/Fuzzer/test/CMakeLists.txt index 091b38825f6..a664e944585 100644 --- a/llvm/lib/Fuzzer/test/CMakeLists.txt +++ b/llvm/lib/Fuzzer/test/CMakeLists.txt @@ -85,6 +85,7 @@ set(Tests NthRunCrashTest OneHugeAllocTest OutOfMemoryTest + OutOfMemorySingleLargeMallocTest RepeatedMemcmp RepeatedBytesTest SimpleCmpTest diff --git a/llvm/lib/Fuzzer/test/OutOfMemorySingleLargeMallocTest.cpp b/llvm/lib/Fuzzer/test/OutOfMemorySingleLargeMallocTest.cpp new file mode 100644 index 00000000000..5d95c428e68 --- /dev/null +++ b/llvm/lib/Fuzzer/test/OutOfMemorySingleLargeMallocTest.cpp @@ -0,0 +1,28 @@ +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. + +// Tests OOM handling. +#include +#include +#include +#include +#include +#include +#include + +static volatile char *SinkPtr; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + if (Size > 0 && Data[0] == 'H') { + if (Size > 1 && Data[1] == 'i') { + if (Size > 2 && Data[2] == '!') { + size_t kSize = 0xff000000U; + char *p = new char[kSize]; + SinkPtr = p; + delete [] p; + } + } + } + return 0; +} + diff --git a/llvm/lib/Fuzzer/test/fuzzer-oom-with-profile.test b/llvm/lib/Fuzzer/test/fuzzer-oom-with-profile.test index 391fd4bb0ff..2b2b0b9d5da 100644 --- a/llvm/lib/Fuzzer/test/fuzzer-oom-with-profile.test +++ b/llvm/lib/Fuzzer/test/fuzzer-oom-with-profile.test @@ -1,6 +1,6 @@ REQUIRES: linux -RUN: not LLVMFuzzer-OutOfMemoryTest -rss_limit_mb=10 2>&1 | FileCheck %s -CHECK: ERROR: libFuzzer: out-of-memory (used: {{.*}}; limit: 10Mb) +RUN: not LLVMFuzzer-OutOfMemoryTest -rss_limit_mb=300 2>&1 | FileCheck %s +CHECK: ERROR: libFuzzer: out-of-memory (used: {{.*}}; limit: 300Mb) CHECK: Live Heap Allocations CHECK: Test unit written to ./oom- SUMMARY: libFuzzer: out-of-memory diff --git a/llvm/lib/Fuzzer/test/fuzzer-oom.test b/llvm/lib/Fuzzer/test/fuzzer-oom.test index 4cdff2142fd..7bfd37632d8 100644 --- a/llvm/lib/Fuzzer/test/fuzzer-oom.test +++ b/llvm/lib/Fuzzer/test/fuzzer-oom.test @@ -1,4 +1,8 @@ -RUN: not LLVMFuzzer-OutOfMemoryTest -rss_limit_mb=10 2>&1 | FileCheck %s -CHECK: ERROR: libFuzzer: out-of-memory (used: {{.*}}; limit: 10Mb) +RUN: not LLVMFuzzer-OutOfMemoryTest -rss_limit_mb=300 2>&1 | FileCheck %s +CHECK: ERROR: libFuzzer: out-of-memory (used: {{.*}}; limit: 300Mb) CHECK: Test unit written to ./oom- SUMMARY: libFuzzer: out-of-memory + +RUN: not LLVMFuzzer-OutOfMemorySingleLargeMallocTest 2>&1 | FileCheck %s --check-prefix=SINGLE_LARGE_MALLOC +SINGLE_LARGE_MALLOC: libFuzzer: out-of-memory (malloc(42{{.*}})) +SINGLE_LARGE_MALLOC: in LLVMFuzzerTestOneInput -- cgit v1.2.3