From 947838c9c5a9dcbff46c9f380ce947db86238d89 Mon Sep 17 00:00:00 2001
From: Matt Morehouse <mascasa@google.com>
Date: Thu, 9 Nov 2017 20:44:08 +0000
Subject: [PATCH] [libFuzzer] Don't add leaking inputs to corpus.

Reviewers: kcc

Reviewed By: kcc

Subscribers: llvm-commits

Differential Revision: https://reviews.llvm.org/D39850

llvm-svn: 317831
---
 compiler-rt/lib/fuzzer/FuzzerLoop.cpp    | 5 +++--
 compiler-rt/test/fuzzer/fuzzer-leak.test | 6 +++++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
index 97bc1c6..81e609e 100644
--- a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
@@ -641,11 +641,12 @@ void Fuzzer::MutateAndTestOne() {
     assert(NewSize <= CurrentMaxMutationLen && "Mutator return oversized unit");
     Size = NewSize;
     II.NumExecutedMutations++;
-    if (RunOne(CurrentUnitData, Size, /*MayDeleteFile=*/true, &II))
-      ReportNewCoverage(&II, {CurrentUnitData, CurrentUnitData + Size});
 
+    bool NewCov = RunOne(CurrentUnitData, Size, /*MayDeleteFile=*/true, &II);
     TryDetectingAMemoryLeak(CurrentUnitData, Size,
                             /*DuringInitialCorpusExecution*/ false);
+    if (NewCov)
+      ReportNewCoverage(&II, {CurrentUnitData, CurrentUnitData + Size});
   }
 }
 
diff --git a/compiler-rt/test/fuzzer/fuzzer-leak.test b/compiler-rt/test/fuzzer/fuzzer-leak.test
index f8e99ce..0652a88 100644
--- a/compiler-rt/test/fuzzer/fuzzer-leak.test
+++ b/compiler-rt/test/fuzzer/fuzzer-leak.test
@@ -3,7 +3,8 @@ RUN: %cpp_compiler %S/LeakTest.cpp -o %t-LeakTest
 RUN: %cpp_compiler %S/ThreadedLeakTest.cpp -o %t-ThreadedLeakTest
 RUN: %cpp_compiler %S/LeakTimeoutTest.cpp -o %t-LeakTimeoutTest
 
-RUN: not %t-LeakTest -runs=100000 -detect_leaks=1 2>&1 | FileCheck %s --check-prefix=LEAK_DURING
+RUN: rm -rf %t-corpus && mkdir -p %t-corpus
+RUN: not %t-LeakTest -runs=100000 -detect_leaks=1 %t-corpus 2>&1 | FileCheck %s --check-prefix=LEAK_DURING
 LEAK_DURING: ERROR: LeakSanitizer: detected memory leaks
 LEAK_DURING: Direct leak of 4 byte(s) in 1 object(s) allocated from:
 LEAK_DURING: INFO: to ignore leaks on libFuzzer side use -detect_leaks=0
@@ -11,6 +12,9 @@ LEAK_DURING: Test unit written to ./leak-
 LEAK_DURING-NOT: DONE
 LEAK_DURING-NOT: Done
 
+// Verify leaking input was not added to corpus
+RUN: %t-LeakTest -runs=0 %t-corpus
+
 RUN: not %t-LeakTest -runs=0 -detect_leaks=1 %S 2>&1 | FileCheck %s --check-prefix=LEAK_IN_CORPUS
 LEAK_IN_CORPUS: ERROR: LeakSanitizer: detected memory leaks
 LEAK_IN_CORPUS: INFO: a leak has been found in the initial corpus.
-- 
2.7.4