[libFuzzer] make sure CheckExitOnSrcPosOrItem is called after the new input is saved...

author Kostya Serebryany <kcc@google.com>

Thu, 20 Jul 2017 18:53:25 +0000 (18:53 +0000)

committer Kostya Serebryany <kcc@google.com>

Thu, 20 Jul 2017 18:53:25 +0000 (18:53 +0000)
author Kostya Serebryany <kcc@google.com>
Thu, 20 Jul 2017 18:53:25 +0000 (18:53 +0000)
committer Kostya Serebryany <kcc@google.com>
Thu, 20 Jul 2017 18:53:25 +0000 (18:53 +0000)
diff --git a/lib/Fuzzer/FuzzerLoop.cpp b/lib/Fuzzer/FuzzerLoop.cpp

index 37adb1e0a5adee1cca3d9f0fe6b2e55855093624..ba4ba80db00726c92b2e328df2505e61d707760d 100644 (file)
--- a/lib/Fuzzer/FuzzerLoop.cpp
+++ b/lib/Fuzzer/FuzzerLoop.cpp
@@ -344,8 +344,10 @@ void Fuzzer::RereadOutputCorpus(size_t MaxSize) {
      if (U.size() > MaxSize)
        U.resize(MaxSize);
      if (!Corpus.HasUnit(U)) {
-      if (RunOne(U.data(), U.size()))
+      if (RunOne(U.data(), U.size())) {
+        CheckExitOnSrcPosOrItem();
          Reloaded = true;
+      }
      }
    }
    if (Reloaded)
@@ -371,6 +373,7 @@ void Fuzzer::ShuffleAndMinimize(UnitVector *InitialCorpus) {
  
    for (const auto &U : *InitialCorpus) {
      RunOne(U.data(), U.size());
+    CheckExitOnSrcPosOrItem();
      TryDetectingAMemoryLeak(U.data(), U.size(),
                              /*DuringInitialCorpusExecution*/ true);
    }
@@ -418,14 +421,12 @@ bool Fuzzer::RunOne(const uint8_t *Data, size_t Size, bool MayDeleteFile,
    if (NumNewFeatures) {
      Corpus.AddToCorpus({Data, Data + Size}, NumNewFeatures, MayDeleteFile,
                         UniqFeatureSetTmp);
-    CheckExitOnSrcPosOrItem();
      return true;
    }
    if (II && FoundUniqFeaturesOfII &&
        FoundUniqFeaturesOfII == II->UniqFeatureSet.size() &&
        II->U.size() > Size) {
      Corpus.Replace(II, {Data, Data + Size});
-    CheckExitOnSrcPosOrItem();
      return true;
    }
    return false;
@@ -527,6 +528,7 @@ void Fuzzer::ReportNewCoverage(InputInfo *II, const Unit &U) {
    WriteToOutputCorpus(U);
    NumberOfNewUnitsAdded++;
    TPC.PrintNewPCs();
+  CheckExitOnSrcPosOrItem();  // Check only after the unit is saved to corpus.
  }
  
  // Tries detecting a memory leak on the particular input that we have just
diff --git a/lib/Fuzzer/test/reduce_inputs.test b/lib/Fuzzer/test/reduce_inputs.test

index 833b1cce79b010bd2527f57a72bf401ea55413b3..77a5f5fbc234a3ac9d0f102a561d42afb13af0b3 100644 (file)
--- a/lib/Fuzzer/test/reduce_inputs.test
+++ b/lib/Fuzzer/test/reduce_inputs.test
@@ -7,7 +7,7 @@ CHECK: INFO: found item with checksum '0eb8e4ed029b774d80f2b66408203801cb982a60'
  
  # Test that reduce_inputs deletes redundant files in the corpus.
  RUN: LLVMFuzzer-ShrinkControlFlowSimpleTest -runs=0 %t/C 2>&1 | FileCheck %s --check-prefix=COUNT
-COUNT: READ units: 3
+COUNT: READ units: 4
  
  # a bit longer test
  RUN: LLVMFuzzer-ShrinkControlFlowTest  -exit_on_item=0eb8e4ed029b774d80f2b66408203801cb982a60  -seed=1 -runs=1000000  2>&1 | FileCheck %s
author	Kostya Serebryany <kcc@google.com>
	Thu, 20 Jul 2017 18:53:25 +0000 (18:53 +0000)
committer	Kostya Serebryany <kcc@google.com>
	Thu, 20 Jul 2017 18:53:25 +0000 (18:53 +0000)
lib/Fuzzer/FuzzerLoop.cpp		patch \| blob \| history
lib/Fuzzer/test/reduce_inputs.test		patch \| blob \| history