maxjhandsome
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

[libFuzzer] be more careful when calling strlen of strcmp parameters, PR32357 

llvm-svn: 298746
This commit is contained in:
Kostya Serebryany 2017-03-24 22:19:52 +00:00
parent 8fbb74b5b2
commit c58982d6fa
4 changed files with 30 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
llvm/lib/Fuzzer/FuzzerTraceState.cpp
View File

@ -90,6 +90,14 @@ static size_t InternalStrnlen(const char *S, size_t MaxLen) {
return Len;
}
// Finds min of (strlen(S1), strlen(S2)).
// Needed bacause one of these strings may actually be non-zero terminated.
static size_t InternalStrnlen2(const char *S1, const char *S2) {
size_t Len = 0;
for (; S1[Len] && S2[Len]; Len++) {}
return Len;
}
} // namespace fuzzer
using fuzzer::TS;
@ -128,9 +136,7 @@ ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY
void __sanitizer_weak_hook_strcmp(void *caller_pc, const char *s1,
const char *s2, int result) {
if (result == 0) return; // No reason to mutate.
size_t Len1 = strlen(s1);
size_t Len2 = strlen(s2);
size_t N = std::min(Len1, Len2);
size_t N = fuzzer::InternalStrnlen2(s1, s2);
if (N <= 1) return; // Not interesting.
fuzzer::TPC.AddValueForMemcmp(caller_pc, s1, s2, N, /*StopAtZero*/true);
}

19
llvm/lib/Fuzzer/test/BadStrcmpTest.cpp Normal file
View File

@ -0,0 +1,19 @@
// This file is distributed under the University of Illinois Open Source
// License. See LICENSE.TXT for details.
// Test that we don't creash in case of bad strcmp params.
#include <cstdint>
#include <cstring>
#include <cstddef>
static volatile int Sink;
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (Size != 10) return 0;
// Data is not zero-terminated, so this call is bad.
// Still, there are cases when such calles appear, see e.g.
// https://bugs.llvm.org/show_bug.cgi?id=32357
Sink = strcmp(reinterpret_cast<const char*>(Data), "123456789");
return 0;
}

1
llvm/lib/Fuzzer/test/CMakeLists.txt
View File

@ -76,6 +76,7 @@ set(Tests
AbsNegAndConstantTest
AbsNegAndConstant64Test
AccumulateAllocationsTest
BadStrcmpTest
BogusInitializeTest
BufferOverflowOnInput
CallerCalleeTest

1
llvm/lib/Fuzzer/test/bad-strcmp.test Normal file
View File

@ -0,0 +1 @@
RUN: LLVMFuzzer-BadStrcmpTest -runs=100000