Skip to content

Commit 31764e3

Browse files
authored
Merge pull request #139 from rchildre3/update-libfuzzer-22.x
Update vendored LibFuzzer to LLVM 22.x release
2 parents 72a4b1b + f6e313e commit 31764e3

18 files changed

Lines changed: 121 additions & 29 deletions

CHANGELOG.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ Released YYYY-MM-DD.
88

99
### Changed
1010

11-
* TODO (or remove section if none)
11+
* Updated to `libFuzzer` commit `a47b42eb9f9b` (`release/22.x`).
1212

1313
### Deprecated
1414

libfuzzer/CMakeLists.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -162,6 +162,7 @@ if(OS_NAME MATCHES "Android|Linux|Fuchsia" AND
162162
CFLAGS ${TARGET_CFLAGS}
163163
CMAKE_ARGS -DCMAKE_CXX_COMPILER_WORKS=ON
164164
-DCMAKE_POSITION_INDEPENDENT_CODE=ON
165+
-DRUNTIMES_EXECUTE_ONLY_CODE=${RUNTIMES_EXECUTE_ONLY_CODE}
165166
-DLIBCXXABI_ENABLE_EXCEPTIONS=OFF
166167
-DLIBCXX_ABI_NAMESPACE=__Fuzzer
167168
-DLIBCXX_ENABLE_EXCEPTIONS=OFF)

libfuzzer/FuzzerCorpus.h

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ struct InputInfo {
3535
size_t Tmp = 0; // Used by ValidateFeatureSet.
3636
// Stats.
3737
size_t NumExecutedMutations = 0;
38-
size_t NumSuccessfullMutations = 0;
38+
size_t NumSuccessfulMutations = 0;
3939
bool NeverReduce = false;
4040
bool MayDeleteFile = false;
4141
bool Reduced = false;
@@ -328,15 +328,16 @@ class InputCorpus {
328328
const auto &II = *Inputs[i];
329329
Printf(" [% 3zd %s] sz: % 5zd runs: % 5zd succ: % 5zd focus: %d\n", i,
330330
Sha1ToString(II.Sha1).c_str(), II.U.size(),
331-
II.NumExecutedMutations, II.NumSuccessfullMutations,
331+
II.NumExecutedMutations, II.NumSuccessfulMutations,
332332
II.HasFocusFunction);
333333
}
334334
}
335335

336336
void PrintFeatureSet() {
337337
for (size_t i = 0; i < kFeatureSetSize; i++) {
338338
if(size_t Sz = GetFeature(i))
339-
Printf("[%zd: id %zd sz%zd] ", i, SmallestElementPerFeature[i], Sz);
339+
Printf("[%zd: id %zd sz%zd] ", i, (size_t)SmallestElementPerFeature[i],
340+
Sz);
340341
}
341342
Printf("\n\t");
342343
for (size_t i = 0; i < Inputs.size(); i++)

libfuzzer/FuzzerDataFlowTrace.cpp

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -265,8 +265,6 @@ int CollectDataFlow(const std::string &DFTBinary, const std::string &DirPath,
265265
// we then request tags in [0,Size/2) and [Size/2, Size), and so on.
266266
// Function number => DFT.
267267
auto OutPath = DirPlusFile(DirPath, Hash(FileToVector(F.File)));
268-
std::unordered_map<size_t, std::vector<uint8_t>> DFTMap;
269-
std::unordered_set<std::string> Cov;
270268
Command Cmd;
271269
Cmd.addArgument(DFTBinary);
272270
Cmd.addArgument(F.File);

libfuzzer/FuzzerDriver.cpp

Lines changed: 14 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -24,10 +24,11 @@
2424
#include <chrono>
2525
#include <cstdlib>
2626
#include <cstring>
27+
#include <fstream>
28+
#include <functional>
2729
#include <mutex>
2830
#include <string>
2931
#include <thread>
30-
#include <fstream>
3132

3233
// This function should be present in the libFuzzer so that the client
3334
// binary can test for its existence.
@@ -162,13 +163,13 @@ static bool ParseOneFlag(const char *Param) {
162163
auto Val = MyStol(Str);
163164
*FlagDescriptions[F].IntFlag = static_cast<int>(Val);
164165
if (Flags.verbosity >= 2)
165-
Printf("Flag: %s %d\n", Name, Val);
166+
Printf("Flag: %s %d\n", Name, (int)Val);
166167
return true;
167168
} else if (FlagDescriptions[F].UIntFlag) {
168169
auto Val = std::stoul(Str);
169170
*FlagDescriptions[F].UIntFlag = static_cast<unsigned int>(Val);
170171
if (Flags.verbosity >= 2)
171-
Printf("Flag: %s %u\n", Name, Val);
172+
Printf("Flag: %s %u\n", Name, (uint32_t)Val);
172173
return true;
173174
} else if (FlagDescriptions[F].StrFlag) {
174175
*FlagDescriptions[F].StrFlag = Str;
@@ -305,6 +306,11 @@ static int RunInMultipleProcesses(const std::vector<std::string> &Args,
305306
return HasErrors ? 1 : 0;
306307
}
307308

309+
void StartRssThread(Fuzzer *F, size_t RssLimitMb);
310+
311+
// Fuchsia needs to do some book checking before starting the RssThread,
312+
// so it has its own implementation.
313+
#if !LIBFUZZER_FUCHSIA
308314
static void RssThread(Fuzzer *F, size_t RssLimitMb) {
309315
while (true) {
310316
SleepSeconds(1);
@@ -314,12 +320,13 @@ static void RssThread(Fuzzer *F, size_t RssLimitMb) {
314320
}
315321
}
316322

317-
static void StartRssThread(Fuzzer *F, size_t RssLimitMb) {
323+
void StartRssThread(Fuzzer *F, size_t RssLimitMb) {
318324
if (!RssLimitMb)
319325
return;
320326
std::thread T(RssThread, F, RssLimitMb);
321327
T.detach();
322328
}
329+
#endif
323330

324331
int RunOneTest(Fuzzer *F, const char *InputFilePath, size_t MaxLen) {
325332
Unit U = FileToVector(InputFilePath);
@@ -602,7 +609,7 @@ int AnalyzeDictionary(Fuzzer *F, const std::vector<Unit> &Dict,
602609
return 0;
603610
}
604611

605-
std::vector<std::string> ParseSeedInuts(const char *seed_inputs) {
612+
std::vector<std::string> ParseSeedInputs(const char *seed_inputs) {
606613
// Parse -seed_inputs=file1,file2,... or -seed_inputs=@seed_inputs_file
607614
std::vector<std::string> Files;
608615
if (!seed_inputs) return Files;
@@ -833,6 +840,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
833840
Options.HandleInt = Flags.handle_int;
834841
Options.HandleSegv = Flags.handle_segv;
835842
Options.HandleTerm = Flags.handle_term;
843+
Options.HandleTrap = Flags.handle_trap;
836844
Options.HandleXfsz = Flags.handle_xfsz;
837845
Options.HandleUsr1 = Flags.handle_usr1;
838846
Options.HandleUsr2 = Flags.handle_usr2;
@@ -911,7 +919,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
911919
exit(0);
912920
}
913921

914-
auto CorporaFiles = ReadCorpora(*Inputs, ParseSeedInuts(Flags.seed_inputs));
922+
auto CorporaFiles = ReadCorpora(*Inputs, ParseSeedInputs(Flags.seed_inputs));
915923
F->Loop(CorporaFiles);
916924

917925
if (Flags.verbosity)

libfuzzer/FuzzerExtFunctionsWindows.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ using namespace fuzzer;
3535
#define WIN_SYM_PREFIX
3636
#endif
3737

38-
// Declare external functions as having alternativenames, so that we can
38+
// Declare external functions as having alternative names, so that we can
3939
// determine if they are not defined.
4040
#define EXTERNAL_FUNC(Name, Default) \
4141
__pragma(comment(linker, "/alternatename:" WIN_SYM_PREFIX STRINGIFY( \

libfuzzer/FuzzerFlags.def

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -152,6 +152,7 @@ FUZZER_FLAG_INT(handle_ill, 1, "If 1, try to intercept SIGILL.")
152152
FUZZER_FLAG_INT(handle_fpe, 1, "If 1, try to intercept SIGFPE.")
153153
FUZZER_FLAG_INT(handle_int, 1, "If 1, try to intercept SIGINT.")
154154
FUZZER_FLAG_INT(handle_term, 1, "If 1, try to intercept SIGTERM.")
155+
FUZZER_FLAG_INT(handle_trap, 1, "If 1, try to intercept SIGTRAP.")
155156
FUZZER_FLAG_INT(handle_xfsz, 1, "If 1, try to intercept SIGXFSZ.")
156157
FUZZER_FLAG_INT(handle_usr1, 1, "If 1, try to intercept SIGUSR1.")
157158
FUZZER_FLAG_INT(handle_usr2, 1, "If 1, try to intercept SIGUSR2.")

libfuzzer/FuzzerIOPosix.cpp

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212

1313
#include "FuzzerExtFunctions.h"
1414
#include "FuzzerIO.h"
15+
#include <cerrno>
1516
#include <cstdarg>
1617
#include <cstdio>
1718
#include <dirent.h>

libfuzzer/FuzzerLoop.cpp

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -125,8 +125,8 @@ void FreeHook(const volatile void *ptr) {
125125
void Fuzzer::HandleMalloc(size_t Size) {
126126
if (!Options.MallocLimitMb || (Size >> 20) < (size_t)Options.MallocLimitMb)
127127
return;
128-
Printf("==%d== ERROR: libFuzzer: out-of-memory (malloc(%zd))\n", GetPid(),
129-
Size);
128+
Printf("==%d== ERROR: libFuzzer: out-of-memory (malloc(%zd))\n",
129+
(int)GetPid(), Size);
130130
Printf(" To change the out-of-memory limit use -rss_limit_mb=<N>\n\n");
131131
PrintStackTrace();
132132
DumpCurrentUnit("oom-");
@@ -448,9 +448,9 @@ void Fuzzer::PrintPulseAndReportSlowInput(const uint8_t *Data, size_t Size) {
448448
if (!(TotalNumberOfRuns & (TotalNumberOfRuns - 1)) &&
449449
secondsSinceProcessStartUp() >= 2)
450450
PrintStats("pulse ");
451-
auto Threshhold =
451+
auto Threshold =
452452
static_cast<long>(static_cast<double>(TimeOfLongestUnitInSeconds) * 1.1);
453-
if (TimeOfUnit > Threshhold && TimeOfUnit >= Options.ReportSlowUnits) {
453+
if (TimeOfUnit > Threshold && TimeOfUnit >= Options.ReportSlowUnits) {
454454
TimeOfLongestUnitInSeconds = TimeOfUnit;
455455
Printf("Slowest unit: %ld s:\n", TimeOfLongestUnitInSeconds);
456456
WriteUnitToFileWithPrefix({Data, Data + Size}, "slow-unit-");
@@ -568,7 +568,7 @@ size_t Fuzzer::GetCurrentUnitInFuzzingThead(const uint8_t **Data) const {
568568

569569
void Fuzzer::CrashOnOverwrittenData() {
570570
Printf("==%d== ERROR: libFuzzer: fuzz target overwrites its const input\n",
571-
GetPid());
571+
(int)GetPid());
572572
PrintStackTrace();
573573
Printf("SUMMARY: libFuzzer: overwrites-const-input\n");
574574
DumpCurrentUnit("crash-");
@@ -666,7 +666,7 @@ void Fuzzer::PrintStatusForNewUnit(const Unit &U, const char *Text) {
666666
}
667667

668668
void Fuzzer::ReportNewCoverage(InputInfo *II, const Unit &U) {
669-
II->NumSuccessfullMutations++;
669+
II->NumSuccessfulMutations++;
670670
MD.RecordSuccessfulMutationSequence();
671671
PrintStatusForNewUnit(U, II->Reduced ? "REDUCE" : "NEW ");
672672
WriteToOutputCorpus(U);

libfuzzer/FuzzerMutate.cpp

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -101,7 +101,7 @@ size_t MutationDispatcher::Mutate_CustomCrossOver(uint8_t *Data, size_t Size,
101101

102102
if (!NewSize)
103103
return 0;
104-
assert(NewSize <= MaxSize && "CustomCrossOver returned overisized unit");
104+
assert(NewSize <= MaxSize && "CustomCrossOver returned oversized unit");
105105
memcpy(Data, U.data(), NewSize);
106106
return NewSize;
107107
}
@@ -413,9 +413,9 @@ size_t ChangeBinaryInteger(uint8_t *Data, size_t Size, Random &Rand) {
413413
T Add = static_cast<T>(Rand(21));
414414
Add -= 10;
415415
if (Rand.RandBool())
416-
Val = Bswap(T(Bswap(Val) + Add)); // Add assuming different endiannes.
416+
Val = Bswap(T(Bswap(Val) + Add)); // Add assuming different endianness.
417417
else
418-
Val = Val + Add; // Add assuming current endiannes.
418+
Val = Val + Add; // Add assuming current endianness.
419419
if (Add == 0 || Rand.RandBool()) // Maybe negate.
420420
Val = -Val;
421421
}
@@ -463,7 +463,7 @@ size_t MutationDispatcher::Mutate_CrossOver(uint8_t *Data, size_t Size,
463463
default: assert(0);
464464
}
465465
assert(NewSize > 0 && "CrossOver returned empty unit");
466-
assert(NewSize <= MaxSize && "CrossOver returned overisized unit");
466+
assert(NewSize <= MaxSize && "CrossOver returned oversized unit");
467467
return NewSize;
468468
}
469469

0 commit comments

Comments
 (0)