[libFuzzer] add a test for asan's strict_string_checks=1

author Kostya Serebryany <kcc@google.com>

Sat, 22 Oct 2016 00:05:44 +0000 (00:05 +0000)

committer Kostya Serebryany <kcc@google.com>

Sat, 22 Oct 2016 00:05:44 +0000 (00:05 +0000)
author Kostya Serebryany <kcc@google.com>
Sat, 22 Oct 2016 00:05:44 +0000 (00:05 +0000)
committer Kostya Serebryany <kcc@google.com>
Sat, 22 Oct 2016 00:05:44 +0000 (00:05 +0000)
diff --git a/llvm/lib/Fuzzer/test/CMakeLists.txt b/llvm/lib/Fuzzer/test/CMakeLists.txt

index 1475c66..d869bfa 100644 (file)
--- a/llvm/lib/Fuzzer/test/CMakeLists.txt
+++ b/llvm/lib/Fuzzer/test/CMakeLists.txt
@@ -100,6 +100,7 @@ set(Tests
    ShrinkControlFlowTest
    ShrinkValueProfileTest
    StrcmpTest
+  StrncmpOOBTest
    StrncmpTest
    StrstrTest
    SwapCmpTest
diff --git a/llvm/lib/Fuzzer/test/StrncmpOOBTest.cpp b/llvm/lib/Fuzzer/test/StrncmpOOBTest.cpp

new file mode 100644 (file)

index 0000000..f70b003
--- /dev/null
+++ b/llvm/lib/Fuzzer/test/StrncmpOOBTest.cpp
@@ -0,0 +1,21 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+
+// Test that libFuzzer itself does not read out of bounds.
+#include <assert.h>
+#include <cstdint>
+#include <cstring>
+#include <cstdlib>
+#include <cstddef>
+#include <iostream>
+
+static volatile int Sink;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size < 5) return 0;
+  const char *Ch = reinterpret_cast<const char *>(Data);
+  if (Ch[Size - 3] == 'a')
+    Sink = strncmp(Ch + Size - 3, "abcdefg", 6);
+  return 0;
+}
+
diff --git a/llvm/lib/Fuzzer/test/fuzzer.test b/llvm/lib/Fuzzer/test/fuzzer.test

index fe40859..df69498 100644 (file)
--- a/llvm/lib/Fuzzer/test/fuzzer.test
+++ b/llvm/lib/Fuzzer/test/fuzzer.test
@@ -57,3 +57,7 @@ RUN: LLVMFuzzer-SimpleTest-TracePC  -exit_on_src_pos=SimpleTest.cpp:17
  RUN: LLVMFuzzer-ShrinkControlFlowTest-TracePC  -exit_on_src_pos=ShrinkControlFlowTest.cpp:23 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
  EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting.
  
+RUN: ASAN_OPTIONS=strict_string_checks=1 not LLVMFuzzer-StrncmpOOBTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=STRNCMP
+STRNCMP: AddressSanitizer: heap-buffer-overflow
+STRNCMP-NOT: __sanitizer_weak_hook_strncmp
+STRNCMP: in LLVMFuzzerTestOneInput
author	Kostya Serebryany <kcc@google.com>
	Sat, 22 Oct 2016 00:05:44 +0000 (00:05 +0000)
committer	Kostya Serebryany <kcc@google.com>
	Sat, 22 Oct 2016 00:05:44 +0000 (00:05 +0000)
llvm/lib/Fuzzer/test/CMakeLists.txt		patch \| blob \| history
llvm/lib/Fuzzer/test/StrncmpOOBTest.cpp	[new file with mode: 0644]	patch \| blob
llvm/lib/Fuzzer/test/fuzzer.test		patch \| blob \| history