mirror of
https://github.com/RPCS3/llvm-mirror.git
synced 2024-10-19 02:52:53 +02:00
[libFuzzer] improve -minimize_crash: honor -artifact_prefix= and don't special case 2-byte inputs
llvm-svn: 292511
This commit is contained in:
parent
8cb15cfc13
commit
51f50e3dd0
@ -277,7 +277,8 @@ static bool AllInputsAreFiles() {
|
||||
return true;
|
||||
}
|
||||
|
||||
int MinimizeCrashInput(const std::vector<std::string> &Args) {
|
||||
int MinimizeCrashInput(const std::vector<std::string> &Args,
|
||||
const FuzzingOptions &Options) {
|
||||
if (Inputs->size() != 1) {
|
||||
Printf("ERROR: -minimize_crash should be given one input file\n");
|
||||
exit(1);
|
||||
@ -299,10 +300,6 @@ int MinimizeCrashInput(const std::vector<std::string> &Args) {
|
||||
std::string CurrentFilePath = InputFilePath;
|
||||
while (true) {
|
||||
Unit U = FileToVector(CurrentFilePath);
|
||||
if (U.size() < 2) {
|
||||
Printf("CRASH_MIN: '%s' is small enough\n", CurrentFilePath.c_str());
|
||||
return 0;
|
||||
}
|
||||
Printf("CRASH_MIN: minimizing crash input: '%s' (%zd bytes)\n",
|
||||
CurrentFilePath.c_str(), U.size());
|
||||
|
||||
@ -318,7 +315,8 @@ int MinimizeCrashInput(const std::vector<std::string> &Args) {
|
||||
"it further\n",
|
||||
CurrentFilePath.c_str(), U.size());
|
||||
|
||||
std::string ArtifactPath = "minimized-from-" + Hash(U);
|
||||
std::string ArtifactPath =
|
||||
Options.ArtifactPrefix + "minimized-from-" + Hash(U);
|
||||
Cmd += " -minimize_crash_internal_step=1 -exact_artifact_path=" +
|
||||
ArtifactPath;
|
||||
Printf("CRASH_MIN: executing: %s\n", Cmd.c_str());
|
||||
@ -342,8 +340,11 @@ int MinimizeCrashInputInternalStep(Fuzzer *F, InputCorpus *Corpus) {
|
||||
assert(Inputs->size() == 1);
|
||||
std::string InputFilePath = Inputs->at(0);
|
||||
Unit U = FileToVector(InputFilePath);
|
||||
assert(U.size() > 2);
|
||||
Printf("INFO: Starting MinimizeCrashInputInternalStep: %zd\n", U.size());
|
||||
if (U.size() < 2) {
|
||||
Printf("INFO: The input is small enough, exiting\n");
|
||||
exit(0);
|
||||
}
|
||||
Corpus->AddToCorpus(U, 0);
|
||||
F->SetMaxInputLen(U.size());
|
||||
F->SetMaxMutationLen(U.size() - 1);
|
||||
@ -368,9 +369,6 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (Flags.minimize_crash)
|
||||
return MinimizeCrashInput(Args);
|
||||
|
||||
if (Flags.close_fd_mask & 2)
|
||||
DupAndCloseStderr();
|
||||
if (Flags.close_fd_mask & 1)
|
||||
@ -470,6 +468,9 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
|
||||
Options.HandleXfsz = Flags.handle_xfsz;
|
||||
SetSignalHandler(Options);
|
||||
|
||||
if (Flags.minimize_crash)
|
||||
return MinimizeCrashInput(Args, Options);
|
||||
|
||||
if (Flags.minimize_crash_internal_step)
|
||||
return MinimizeCrashInputInternalStep(F, Corpus);
|
||||
|
||||
|
@ -792,7 +792,7 @@ void Fuzzer::Loop() {
|
||||
}
|
||||
|
||||
void Fuzzer::MinimizeCrashLoop(const Unit &U) {
|
||||
if (U.size() <= 2) return;
|
||||
if (U.size() <= 1) return;
|
||||
while (!TimedOut() && TotalNumberOfRuns < Options.MaxNumberOfRuns) {
|
||||
MD.StartMutationSequence();
|
||||
memcpy(CurrentUnitData, U.data(), U.size());
|
||||
|
@ -94,6 +94,7 @@ set(Tests
|
||||
SimpleHashTest
|
||||
SimpleTest
|
||||
SimpleThreadedTest
|
||||
SingleByteInputTest
|
||||
SingleMemcmpTest
|
||||
SingleStrcmpTest
|
||||
SingleStrncmpTest
|
||||
|
17
lib/Fuzzer/test/SingleByteInputTest.cpp
Normal file
17
lib/Fuzzer/test/SingleByteInputTest.cpp
Normal file
@ -0,0 +1,17 @@
|
||||
// This file is distributed under the University of Illinois Open Source
|
||||
// License. See LICENSE.TXT for details.
|
||||
|
||||
// Simple test for a fuzzer, need just one byte to crash.
|
||||
#include <cstdint>
|
||||
#include <cstdlib>
|
||||
#include <cstddef>
|
||||
#include <cstdio>
|
||||
|
||||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
|
||||
if (Size > 0 && Data[Size/2] == 42) {
|
||||
fprintf(stderr, "BINGO\n");
|
||||
abort();
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
@ -1,6 +1,12 @@
|
||||
RUN: echo 'Hi!rv349f34t3gg' > not_minimal_crash
|
||||
RUN: LLVMFuzzer-NullDerefTest -minimize_crash=1 not_minimal_crash -max_total_time=2 2>&1 | FileCheck %s
|
||||
CHECK: CRASH_MIN: failed to minimize beyond minimized-from-{{.*}} (3 bytes), exiting
|
||||
CHECK: CRASH_MIN: failed to minimize beyond ./minimized-from-{{.*}} (3 bytes), exiting
|
||||
RUN: LLVMFuzzer-NullDerefTest -minimize_crash=1 not_minimal_crash -max_total_time=2 -exact_artifact_path=exact_minimized_path 2>&1 | FileCheck %s --check-prefix=CHECK_EXACT
|
||||
CHECK_EXACT: CRASH_MIN: failed to minimize beyond exact_minimized_path (3 bytes), exiting
|
||||
RUN: rm not_minimal_crash minimized-from-* exact_minimized_path
|
||||
|
||||
RUN: echo 'abcd*xyz' > not_minimal_crash
|
||||
RUN: LLVMFuzzer-SingleByteInputTest -minimize_crash=1 not_minimal_crash -artifact_prefix=./ZZZ- -exact_artifact_path=exact_minimized_path 2>&1 | FileCheck %s --check-prefix=MIN1
|
||||
MIN1: Test unit written to ./ZZZ-minimized-from-
|
||||
MIN1: INFO: The input is small enough, exiting
|
||||
MIN1: CRASH_MIN: failed to minimize beyond exact_minimized_path (1 bytes), exiting
|
||||
|
Loading…
Reference in New Issue
Block a user