wangtao
/
llvm-project
forked from OSchip/llvm-project
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
llvm-project/compiler-rt/lib/fuzzer
History
Max Moroz a40ce7bc36 [libfuzzer] Fix UB when calculating Log(0) in StackDepthStepFunction(). 
Summary:
__builtin_clz used for Log calculation returns an undefined result
when argument is 0. I noticed that issue when was testing some fuzzers:

```
/src/libfuzzer/FuzzerTracePC.h:282:33: runtime error: shift exponent 450349 is too large for 32-bit type 'uint32_t' (aka 'unsigned int')
  #0 0x43d83f in operator() /src/libfuzzer/FuzzerTracePC.h:283:33
  #1 0x43d83f in void fuzzer::TracePC::CollectFeatures<fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*)::$_1>(fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*)::$_1) const /src/libfuzzer/FuzzerTracePC.h:290
  #2 0x43cbd4 in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool*) /src/libfuzzer/FuzzerLoop.cpp:445:7
  #3 0x43e5f1 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:706:5
  #4 0x43e9e1 in fuzzer::Fuzzer::Loop(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> >, fuzzer::fuzzer_allocator<std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > > > const&) /src/libfuzzer/FuzzerLoop.cpp:739:3
  #5 0x432f8c in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/libfuzzer/FuzzerDriver.cpp:754:6
  #6 0x42ee18 in main /src/libfuzzer/FuzzerMain.cpp:20:10
  #7 0x7f17ffeb182f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
  #8 0x407838 in _start (/out/rotate_fuzzer+0x407838)

Reviewers: kcc

Reviewed By: kcc

Subscribers: llvm-commits, #sanitizers

Differential Revision: https://reviews.llvm.org/D41457

llvm-svn: 321211
 		2017-12-20 19:31:51 +00:00
..
afl [libFuzzer] Add dummy call of LLVMFuzzerTestOneInput to afl_driver. 2017-12-13 22:02:44 +00:00
scripts [fuzzer] Script to detect unbalanced allocation in -trace_malloc output 2017-11-01 20:27:06 +00:00
standalone
tests [libFuzzer] Decrease stack usage in unit tests 2017-12-06 23:35:02 +00:00
CMakeLists.txt [libFuzzer] Add support for Fuchsia OS. 2017-12-08 22:54:44 +00:00
FuzzerClangCounters.cpp [libFuzzer] apply changes lost during the migration to compiler-rt 2017-08-22 01:28:32 +00:00
FuzzerCommand.h [libFuzzer] Make redirects happen in proper sequence. 2017-12-05 17:13:17 +00:00
FuzzerCorpus.h [libFuzzer] tweam use_feature_frequency to be less aggressive; run a dummy input before the seed corpus 2017-10-13 01:12:23 +00:00
FuzzerCrossOver.cpp
FuzzerDefs.h [libFuzzer] Add support for Fuchsia OS. 2017-12-08 22:54:44 +00:00
FuzzerDictionary.h [libFuzzer] Use custom allocators for STL containers in libFuzzer. 2017-08-27 23:20:09 +00:00
FuzzerDriver.cpp [libFuzzer] fix a minor regression in printing 2017-12-06 22:12:24 +00:00
FuzzerExtFunctions.def [libFuzzer] Periodically purge allocator's quarantine to prolong fuzzing sessions. 2017-10-23 22:04:30 +00:00
FuzzerExtFunctions.h
FuzzerExtFunctionsDlsym.cpp
FuzzerExtFunctionsDlsymWin.cpp
FuzzerExtFunctionsWeak.cpp [libFuzzer] Add support for Fuchsia OS. 2017-12-08 22:54:44 +00:00
FuzzerExtFunctionsWeakAlias.cpp
FuzzerExtraCounters.cpp Add preliminary NetBSD support in libfuzzer 2017-08-30 22:44:11 +00:00
FuzzerFlags.def [libFuzzer] add a flag -malloc_limit_mb 2017-12-01 22:12:04 +00:00
FuzzerIO.cpp [libFuzzer] factor out some code into GetSizedFilesFromDir; NFC 2017-09-12 21:58:07 +00:00
FuzzerIO.h [libFuzzer] factor out some code into GetSizedFilesFromDir; NFC 2017-09-12 21:58:07 +00:00
FuzzerIOPosix.cpp [libFuzzer] Add support for Fuchsia OS. 2017-12-08 22:54:44 +00:00
FuzzerIOWindows.cpp [libFuzzer] Use custom allocators for STL containers in libFuzzer. 2017-08-27 23:20:09 +00:00
FuzzerInterface.h
FuzzerInternal.h [libFuzzer] change the strategy for -experimental_len_control to grow max_len slower 2017-12-12 23:11:28 +00:00
FuzzerLoop.cpp [libFuzzer] change the strategy for -experimental_len_control to grow max_len slower 2017-12-12 23:11:28 +00:00
FuzzerMain.cpp
FuzzerMerge.cpp [libFuzzer] Encapsulate commands in a class. 2017-12-04 19:25:59 +00:00
FuzzerMerge.h [libFuzzer] Use custom allocators for STL containers in libFuzzer. 2017-08-27 23:20:09 +00:00
FuzzerMutate.cpp [libFuzzer] Use custom allocators for STL containers in libFuzzer. 2017-08-27 23:20:09 +00:00
FuzzerMutate.h [libFuzzer] Use custom allocators for STL containers in libFuzzer. 2017-08-27 23:20:09 +00:00
FuzzerOptions.h [libFuzzer] honor -use_counters, sligntly change the meaning of -experimental_len_control, call UpdateFeatureFrequency only if instructed by the flag 2017-12-08 22:21:42 +00:00
FuzzerRandom.h
FuzzerSHA1.cpp
FuzzerSHA1.h
FuzzerShmem.h
FuzzerShmemFuchsia.cpp [libFuzzer] Add support for Fuchsia OS. 2017-12-08 22:54:44 +00:00
FuzzerShmemPosix.cpp
FuzzerShmemWindows.cpp
FuzzerTracePC.cpp [libFuzzer] print a better warning if we hit the ld bug 2017-10-14 00:07:11 +00:00
FuzzerTracePC.h [libfuzzer] Fix UB when calculating Log(0) in StackDepthStepFunction(). 2017-12-20 19:31:51 +00:00
FuzzerUtil.cpp [fuzzer] Initialize PcDescr buffer before calling __sanitizer_symbolize_pc 2017-11-17 00:46:59 +00:00
FuzzerUtil.h [libFuzzer] change the strategy for -experimental_len_control to grow max_len slower 2017-12-12 23:11:28 +00:00
FuzzerUtilDarwin.cpp [libFuzzer] Encapsulate commands in a class. 2017-12-04 19:25:59 +00:00
FuzzerUtilFuchsia.cpp [libFuzzer] Add support for Fuchsia OS. 2017-12-08 22:54:44 +00:00
FuzzerUtilLinux.cpp [libFuzzer] Encapsulate commands in a class. 2017-12-04 19:25:59 +00:00
FuzzerUtilPosix.cpp [libFuzzer] handle SIGUSR1/SIGUSR2 and try to exit grafully on these signals 2017-11-09 20:30:19 +00:00
FuzzerUtilWindows.cpp [libFuzzer] Encapsulate commands in a class. 2017-12-04 19:25:59 +00:00
FuzzerValueBitMap.h
README.txt [libFuzzer] better README.txt 2017-08-22 01:15:40 +00:00
build.sh

README.txt 

See http://llvm.org/docs/LibFuzzer.html