diff options
| author | Kostya Serebryany <kcc@google.com> | 2017-07-20 18:53:25 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2017-07-20 18:53:25 +0000 |
| commit | 9dbc448fd96d2bb0c845102acbd4edf9a6ff86c8 (patch) | |
| tree | cdd370e7182333cfb3fcd15cf52b2e4dd1528592 | |
| parent | 5de91efd2a80b4ea34f3284e77df61c97f7fccce (diff) | |
[libFuzzer] make sure CheckExitOnSrcPosOrItem is called after the new input is saved to the corpus
git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@308653 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/Fuzzer/FuzzerLoop.cpp | 8 | ||||
| -rw-r--r-- | lib/Fuzzer/test/reduce_inputs.test | 2 |
2 files changed, 6 insertions, 4 deletions
diff --git a/lib/Fuzzer/FuzzerLoop.cpp b/lib/Fuzzer/FuzzerLoop.cpp index 37adb1e0a5a..ba4ba80db00 100644 --- a/lib/Fuzzer/FuzzerLoop.cpp +++ b/lib/Fuzzer/FuzzerLoop.cpp @@ -344,8 +344,10 @@ void Fuzzer::RereadOutputCorpus(size_t MaxSize) { if (U.size() > MaxSize) U.resize(MaxSize); if (!Corpus.HasUnit(U)) { - if (RunOne(U.data(), U.size())) + if (RunOne(U.data(), U.size())) { + CheckExitOnSrcPosOrItem(); Reloaded = true; + } } } if (Reloaded) @@ -371,6 +373,7 @@ void Fuzzer::ShuffleAndMinimize(UnitVector *InitialCorpus) { for (const auto &U : *InitialCorpus) { RunOne(U.data(), U.size()); + CheckExitOnSrcPosOrItem(); TryDetectingAMemoryLeak(U.data(), U.size(), /*DuringInitialCorpusExecution*/ true); } @@ -418,14 +421,12 @@ bool Fuzzer::RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile, if (NumNewFeatures) { Corpus.AddToCorpus({Data, Data + Size}, NumNewFeatures, MayDeleteFile, UniqFeatureSetTmp); - CheckExitOnSrcPosOrItem(); return true; } if (II && FoundUniqFeaturesOfII && FoundUniqFeaturesOfII == II->UniqFeatureSet.size() && II->U.size() > Size) { Corpus.Replace(II, {Data, Data + Size}); - CheckExitOnSrcPosOrItem(); return true; } return false; @@ -527,6 +528,7 @@ void Fuzzer::ReportNewCoverage(InputInfo *II, const Unit &U) { WriteToOutputCorpus(U); NumberOfNewUnitsAdded++; TPC.PrintNewPCs(); + CheckExitOnSrcPosOrItem(); // Check only after the unit is saved to corpus. } // Tries detecting a memory leak on the particular input that we have just diff --git a/lib/Fuzzer/test/reduce_inputs.test b/lib/Fuzzer/test/reduce_inputs.test index 833b1cce79b..77a5f5fbc23 100644 --- a/lib/Fuzzer/test/reduce_inputs.test +++ b/lib/Fuzzer/test/reduce_inputs.test @@ -7,7 +7,7 @@ CHECK: INFO: found item with checksum '0eb8e4ed029b774d80f2b66408203801cb982a60' # Test that reduce_inputs deletes redundant files in the corpus. RUN: LLVMFuzzer-ShrinkControlFlowSimpleTest -runs=0 %t/C 2>&1 | FileCheck %s --check-prefix=COUNT -COUNT: READ units: 3 +COUNT: READ units: 4 # a bit longer test RUN: LLVMFuzzer-ShrinkControlFlowTest -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60 -seed=1 -runs=1000000 2>&1 | FileCheck %s |