[libFuzzer] make sure CheckExitOnSrcPosOrItem is called after the new input is saved to the corpus

llvm-svn: 308653
2017-07-20 18:53:25 +00:00 · 2017-07-20 18:53:25 +00:00 · a763be3d5f
parent a19a2762e3
commit a763be3d5f
2 changed files with 6 additions and 4 deletions
--- a/llvm/lib/Fuzzer/FuzzerLoop.cpp
+++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp
@ -344,8 +344,10 @@ void Fuzzer::RereadOutputCorpus(size_t MaxSize) {
    if (U.size() > MaxSize)
      U.resize(MaxSize);
    if (!Corpus.HasUnit(U)) {
-      if (RunOne(U.data(), U.size()))
+      if (RunOne(U.data(), U.size())) {
+        CheckExitOnSrcPosOrItem();
        Reloaded = true;
+      }
    }
  }
  if (Reloaded)
@ -371,6 +373,7 @@ void Fuzzer::ShuffleAndMinimize(UnitVector *InitialCorpus) {

  for (const auto &U : *InitialCorpus) {
    RunOne(U.data(), U.size());
+    CheckExitOnSrcPosOrItem();
    TryDetectingAMemoryLeak(U.data(), U.size(),
                            /*DuringInitialCorpusExecution*/ true);
  }
@ -418,14 +421,12 @@ bool Fuzzer::RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile,
  if (NumNewFeatures) {
    Corpus.AddToCorpus({Data, Data + Size}, NumNewFeatures, MayDeleteFile,
                       UniqFeatureSetTmp);
-    CheckExitOnSrcPosOrItem();
    return true;
  }
  if (II && FoundUniqFeaturesOfII &&
      FoundUniqFeaturesOfII == II->UniqFeatureSet.size() &&
      II->U.size() > Size) {
    Corpus.Replace(II, {Data, Data + Size});
-    CheckExitOnSrcPosOrItem();
    return true;
  }
  return false;
@ -527,6 +528,7 @@ void Fuzzer::ReportNewCoverage(InputInfo *II, const Unit &U) {
  WriteToOutputCorpus(U);
  NumberOfNewUnitsAdded++;
  TPC.PrintNewPCs();
+  CheckExitOnSrcPosOrItem();  // Check only after the unit is saved to corpus.
 }

 // Tries detecting a memory leak on the particular input that we have just
--- a/llvm/lib/Fuzzer/test/reduce_inputs.test
+++ b/llvm/lib/Fuzzer/test/reduce_inputs.test
@ -7,7 +7,7 @@ CHECK: INFO: found item with checksum '0eb8e4ed029b774d80f2b66408203801cb982a60'

 # Test that reduce_inputs deletes redundant files in the corpus.
 RUN: LLVMFuzzer-ShrinkControlFlowSimpleTest -runs=0 %t/C 2>&1 | FileCheck %s --check-prefix=COUNT
-COUNT: READ units: 3
+COUNT: READ units: 4

 # a bit longer test
 RUN: LLVMFuzzer-ShrinkControlFlowTest  -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60  -seed=1 -runs=1000000  2>&1 | FileCheck %s