From: Kostya Serebryany Date: Fri, 31 Mar 2017 02:21:28 +0000 (+0000) Subject: [libFuzzer] make sure we don't execute libFuzzer's mem* and str* hooks while calling... X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f43d588ee8d56876772bcca9fc4dfe22e9ba50d3;p=llvm [libFuzzer] make sure we don't execute libFuzzer's mem* and str* hooks while calling mem*/str* inside libFuzzer itself git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@299167 91177308-0d34-0410-b5e6-96231b3b80d8 --- diff --git a/lib/Fuzzer/FuzzerDefs.h b/lib/Fuzzer/FuzzerDefs.h index 6b94c688584..bd182750800 100644 --- a/lib/Fuzzer/FuzzerDefs.h +++ b/lib/Fuzzer/FuzzerDefs.h @@ -96,9 +96,10 @@ typedef int (*UserCallback)(const uint8_t *Data, size_t Size); int FuzzerDriver(int *argc, char ***argv, UserCallback Callback); -struct ScopedDoingMyOwnMemmem { - ScopedDoingMyOwnMemmem(); - ~ScopedDoingMyOwnMemmem(); +struct ScopedDoingMyOwnMemOrStr { + ScopedDoingMyOwnMemOrStr() { DoingMyOwnMemOrStr++; } + ~ScopedDoingMyOwnMemOrStr() { DoingMyOwnMemOrStr--; } + static int DoingMyOwnMemOrStr; }; inline uint8_t Bswap(uint8_t x) { return x; } diff --git a/lib/Fuzzer/FuzzerDictionary.h b/lib/Fuzzer/FuzzerDictionary.h index f5024b1aeec..84cee87b897 100644 --- a/lib/Fuzzer/FuzzerDictionary.h +++ b/lib/Fuzzer/FuzzerDictionary.h @@ -33,10 +33,12 @@ public: } bool operator==(const FixedWord &w) const { + ScopedDoingMyOwnMemOrStr scoped_doing_my_own_mem_os_str; return Size == w.Size && 0 == memcmp(Data, w.Data, Size); } bool operator<(const FixedWord &w) const { + ScopedDoingMyOwnMemOrStr scoped_doing_my_own_mem_os_str; if (Size != w.Size) return Size < w.Size; return memcmp(Data, w.Data, Size) < 0; diff --git a/lib/Fuzzer/FuzzerMutate.cpp b/lib/Fuzzer/FuzzerMutate.cpp index c9768e4a5f2..cd846c7deec 100644 --- a/lib/Fuzzer/FuzzerMutate.cpp +++ b/lib/Fuzzer/FuzzerMutate.cpp @@ -202,7 +202,7 @@ DictionaryEntry MutationDispatcher::MakeDictionaryEntryFromCMP( const void *Arg1Mutation, const void *Arg2Mutation, size_t ArgSize, const uint8_t *Data, size_t Size) { - ScopedDoingMyOwnMemmem scoped_doing_my_own_memmem; + ScopedDoingMyOwnMemOrStr scoped_doing_my_own_mem_os_str; bool HandleFirst = Rand.RandBool(); const void *ExistingBytes, *DesiredBytes; Word W; diff --git a/lib/Fuzzer/FuzzerTracePC.h b/lib/Fuzzer/FuzzerTracePC.h index 4c8a18f830f..85c8e3cb2b6 100644 --- a/lib/Fuzzer/FuzzerTracePC.h +++ b/lib/Fuzzer/FuzzerTracePC.h @@ -34,7 +34,7 @@ struct TableOfRecentCompares { T A, B; }; ATTRIBUTE_NO_SANITIZE_ALL - void Insert(size_t Idx, T Arg1, T Arg2) { + void Insert(size_t Idx, const T &Arg1, const T &Arg2) { Idx = Idx % kSize; Table[Idx].A = Arg1; Table[Idx].B = Arg2; diff --git a/lib/Fuzzer/FuzzerTraceState.cpp b/lib/Fuzzer/FuzzerTraceState.cpp index 1b77f172bf0..a486223d650 100644 --- a/lib/Fuzzer/FuzzerTraceState.cpp +++ b/lib/Fuzzer/FuzzerTraceState.cpp @@ -24,10 +24,8 @@ namespace fuzzer { // Declared as static globals for faster checks inside the hooks. static bool RecordingMemmem = false; -static bool DoingMyOwnMemmem = false; -ScopedDoingMyOwnMemmem::ScopedDoingMyOwnMemmem() { DoingMyOwnMemmem = true; } -ScopedDoingMyOwnMemmem::~ScopedDoingMyOwnMemmem() { DoingMyOwnMemmem = false; } +int ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr; class TraceState { public: @@ -114,6 +112,7 @@ extern "C" { ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY void __sanitizer_weak_hook_memcmp(void *caller_pc, const void *s1, const void *s2, size_t n, int result) { + if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return; if (result == 0) return; // No reason to mutate. if (n <= 1) return; // Not interesting. fuzzer::TPC.AddValueForMemcmp(caller_pc, s1, s2, n, /*StopAtZero*/false); @@ -122,6 +121,7 @@ void __sanitizer_weak_hook_memcmp(void *caller_pc, const void *s1, ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY void __sanitizer_weak_hook_strncmp(void *caller_pc, const char *s1, const char *s2, size_t n, int result) { + if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return; if (result == 0) return; // No reason to mutate. size_t Len1 = fuzzer::InternalStrnlen(s1, n); size_t Len2 = fuzzer::InternalStrnlen(s2, n); @@ -135,6 +135,7 @@ void __sanitizer_weak_hook_strncmp(void *caller_pc, const char *s1, ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY void __sanitizer_weak_hook_strcmp(void *caller_pc, const char *s1, const char *s2, int result) { + if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return; if (result == 0) return; // No reason to mutate. size_t N = fuzzer::InternalStrnlen2(s1, s2); if (N <= 1) return; // Not interesting. @@ -144,31 +145,35 @@ void __sanitizer_weak_hook_strcmp(void *caller_pc, const char *s1, ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY void __sanitizer_weak_hook_strncasecmp(void *called_pc, const char *s1, const char *s2, size_t n, int result) { + if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return; return __sanitizer_weak_hook_strncmp(called_pc, s1, s2, n, result); } ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY void __sanitizer_weak_hook_strcasecmp(void *called_pc, const char *s1, const char *s2, int result) { + if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return; return __sanitizer_weak_hook_strcmp(called_pc, s1, s2, result); } ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY void __sanitizer_weak_hook_strstr(void *called_pc, const char *s1, const char *s2, char *result) { + if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return; TS->AddInterestingWord(reinterpret_cast(s2), strlen(s2)); } ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY void __sanitizer_weak_hook_strcasestr(void *called_pc, const char *s1, const char *s2, char *result) { + if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return; TS->AddInterestingWord(reinterpret_cast(s2), strlen(s2)); } ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY void __sanitizer_weak_hook_memmem(void *called_pc, const void *s1, size_t len1, const void *s2, size_t len2, void *result) { - if (fuzzer::DoingMyOwnMemmem) return; + if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return; TS->AddInterestingWord(reinterpret_cast(s2), len2); }