[PATCH] D28133: add cxa_demangle_fuzzer

Tue, 27 Dec 2016 17:54:07 -0800 

kcc created this revision.
kcc added reviewers: compnerd, mehdi_amini, mclow.lists.
kcc added a subscriber: cfe-commits.
Herald added a subscriber: mgorny.

All easy-to-find bugs in cxa_demangle where fixed now
(https://bugs.chromium.org/p/chromium/issues/detail?id=606626)
except for one (https://llvm.org/bugs/show_bug.cgi?id=31031).
Now I'd like to properly integrate this fuzzer with the source tree
and then run the fuzzer continuously on https://github.com/google/oss-fuzz


https://reviews.llvm.org/D28133

Files:
  CMakeLists.txt
  fuzz/
  fuzz/CMakeLists.txt
  fuzz/cxa_demangle_fuzzer.cpp


Index: fuzz/cxa_demangle_fuzzer.cpp
===================================================================
--- /dev/null
+++ fuzz/cxa_demangle_fuzzer.cpp
@@ -0,0 +1,15 @@
+#include <stdint.h>
+#include <stddef.h>
+#include <string.h>
+#include <stdlib.h>
+extern "C" char *
+__cxa_demangle(const char *mangled_name, char *buf, size_t *n, int *status);
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  char *str = new char[size+1];
+  memcpy(str, data, size);
+  str[size] = 0;
+  free(__cxa_demangle(str, 0, 0, 0));
+  delete [] str;
+  return 0;
+}
Index: fuzz/CMakeLists.txt
===================================================================
--- /dev/null
+++ fuzz/CMakeLists.txt
@@ -0,0 +1,13 @@
+# See http://llvm.org/docs/LibFuzzer.html
+if( LLVM_USE_SANITIZE_COVERAGE )
+  set(LLVM_LINK_COMPONENTS support)
+
+  add_executable(cxa_demangle_fuzzer
+    cxa_demangle_fuzzer.cpp
+    ../src/cxa_demangle.cpp
+    )
+
+  target_link_libraries(cxa_demangle_fuzzer
+    LLVMFuzzer
+    )
+endif()
Index: CMakeLists.txt
===================================================================
--- CMakeLists.txt
+++ CMakeLists.txt
@@ -432,4 +432,5 @@
                   "available!")
 else()
   add_subdirectory(test)
+  add_subdirectory(fuzz)
 endif()



Index: fuzz/cxa_demangle_fuzzer.cpp
===================================================================
--- /dev/null
+++ fuzz/cxa_demangle_fuzzer.cpp
@@ -0,0 +1,15 @@
+#include <stdint.h>
+#include <stddef.h>
+#include <string.h>
+#include <stdlib.h>
+extern "C" char *
+__cxa_demangle(const char *mangled_name, char *buf, size_t *n, int *status);
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  char *str = new char[size+1];
+  memcpy(str, data, size);
+  str[size] = 0;
+  free(__cxa_demangle(str, 0, 0, 0));
+  delete [] str;
+  return 0;
+}
Index: fuzz/CMakeLists.txt
===================================================================
--- /dev/null
+++ fuzz/CMakeLists.txt
@@ -0,0 +1,13 @@
+# See http://llvm.org/docs/LibFuzzer.html
+if( LLVM_USE_SANITIZE_COVERAGE )
+  set(LLVM_LINK_COMPONENTS support)
+
+  add_executable(cxa_demangle_fuzzer
+    cxa_demangle_fuzzer.cpp
+    ../src/cxa_demangle.cpp
+    )
+
+  target_link_libraries(cxa_demangle_fuzzer
+    LLVMFuzzer
+    )
+endif()
Index: CMakeLists.txt
===================================================================
--- CMakeLists.txt
+++ CMakeLists.txt
@@ -432,4 +432,5 @@
                   "available!")
 else()
   add_subdirectory(test)
+  add_subdirectory(fuzz)
 endif()

_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to