From 3db6ad2bcfc5fb38343cfd7ce6eb56d9415e2b1e Mon Sep 17 00:00:00 2001 From: Vitaly Buka Date: Fri, 5 Apr 2019 20:17:03 +0000 Subject: [PATCH] Use binary write mode in WriteToFile function to avoid appended \r characters on Windows Summary: When using libfuzzer on Windows, in the contents of a crash sample, bytes that can be mistaken for a \n are replaced by a \r\n sequence. As a consequence, crashes are not reproducible. This patch will open files in binary mode to fix this issue. The patch does not affect POSIX systems. Patch by tuktuk Reviewers: kcc, vitalybuka Reviewed By: vitalybuka Subscribers: dexonsmith, jdoerfert, llvm-commits, #sanitizers Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D60008 llvm-svn: 357807 --- compiler-rt/lib/fuzzer/FuzzerIO.cpp | 2 +- compiler-rt/test/fuzzer/ReloadTest.cpp | 24 ++++++++++++++++++++++++ compiler-rt/test/fuzzer/reload.test | 13 +++++++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 compiler-rt/test/fuzzer/ReloadTest.cpp create mode 100644 compiler-rt/test/fuzzer/reload.test diff --git a/compiler-rt/lib/fuzzer/FuzzerIO.cpp b/compiler-rt/lib/fuzzer/FuzzerIO.cpp index 290112aa4b17..423ab4befba8 100644 --- a/compiler-rt/lib/fuzzer/FuzzerIO.cpp +++ b/compiler-rt/lib/fuzzer/FuzzerIO.cpp @@ -62,7 +62,7 @@ void CopyFileToErr(const std::string &Path) { void WriteToFile(const Unit &U, const std::string &Path) { // Use raw C interface because this function may be called from a sig handler. - FILE *Out = fopen(Path.c_str(), "w"); + FILE *Out = fopen(Path.c_str(), "wb"); if (!Out) return; fwrite(U.data(), sizeof(U[0]), U.size(), Out); fclose(Out); diff --git a/compiler-rt/test/fuzzer/ReloadTest.cpp b/compiler-rt/test/fuzzer/ReloadTest.cpp new file mode 100644 index 000000000000..fb1fef97a30a --- /dev/null +++ b/compiler-rt/test/fuzzer/ReloadTest.cpp @@ -0,0 +1,24 @@ +// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. +// See https://llvm.org/LICENSE.txt for license information. +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception + +// Test that fuzzer we can reload artifacts with any bytes inside. +#include +#include +#include +#include +#include + +extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *Data, size_t Size, + size_t MaxSize, unsigned int Seed) { + std::srand(Seed); + std::generate(Data, Data + MaxSize, std::rand); + return MaxSize; +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + if (Size > 5000 && std::set(Data, Data + Size).size() > 255 && + (uint8_t)std::accumulate(Data, Data + Size, uint8_t(Size)) == 0) + __builtin_trap(); + return 0; +} diff --git a/compiler-rt/test/fuzzer/reload.test b/compiler-rt/test/fuzzer/reload.test new file mode 100644 index 000000000000..62321cec3b04 --- /dev/null +++ b/compiler-rt/test/fuzzer/reload.test @@ -0,0 +1,13 @@ +RUN: %cpp_compiler %S/ReloadTest.cpp -o %t-ReloadTest +RUN: not %run %t-ReloadTest -max_len=10000 -seed=1 -timeout=15 -len_control=0 -exact_artifact_path=%t.crash 2>&1 | FileCheck %s + +CHECK: Test unit written to {{.*}}reload.test.tmp.crash + +RUN: not %run %t-ReloadTest %t.crash 2>&1 | FileCheck %s --check-prefix=ARTIFACT + +ARTIFACT: Running: {{.*}}reload.test.tmp.crash +ARTIFACT: ERROR: libFuzzer: deadly signal + +# Sanity check that altered artifact is not going to crash +RUN: echo z >> %t.crash +RUN: %run %t-ReloadTest %t.crash