libFuzzer: prevent irrelevant strings from leaking into auto-dictionary

This is a fix for bug 37047. https://bugs.llvm.org/show_bug.cgi?id=37047 Implemented by basically reversing the logic. Previously all strings were considered, with some operations excluded. Now strings are excluded by default, and only strings during the CB considered. Patch By: pdknsk Differential Revision: https://reviews.llvm.org/D48800 llvm-svn: 337296
author: Matt Morehouse <mascasa@google.com> 2018-07-17 16:12:00 +0000
committer: Matt Morehouse <mascasa@google.com> 2018-07-17 16:12:00 +0000
commit: 43a229697622b5933da1fdeb61d4eac2a2b7742c (patch)
tree: fa55d447d062835c5be38fc82c485dfa7f3622fa /compiler-rt/lib/fuzzer/FuzzerTracePC.cpp
parent: a448670b5b5c896ccaf4fa016783f684ddab7939 (diff)
download: llvm-43a229697622b5933da1fdeb61d4eac2a2b7742c.zip
llvm-43a229697622b5933da1fdeb61d4eac2a2b7742c.tar.gz
llvm-43a229697622b5933da1fdeb61d4eac2a2b7742c.tar.bz2
1 files changed, 8 insertions, 10 deletions
diff --git a/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp b/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp
index ed920b8..e61e911 100644
--- a/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerTracePC.cpp
@@ -39,8 +39,6 @@ namespace fuzzer {
 
 TracePC TPC;
 
-int ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr;
-
 uint8_t *TracePC::Counters() const {
   return __sancov_trace_pc_guard_8bit_counters;
 }
@@ -608,7 +606,7 @@ void __sanitizer_cov_trace_gep(uintptr_t Idx) {
 ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY
 void __sanitizer_weak_hook_memcmp(void *caller_pc, const void *s1,
                                   const void *s2, size_t n, int result) {
-  if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return;
+  if (!fuzzer::RunningUserCallback) return;
   if (result == 0) return;  // No reason to mutate.
   if (n <= 1) return;  // Not interesting.
   fuzzer::TPC.AddValueForMemcmp(caller_pc, s1, s2, n, /*StopAtZero*/false);
@@ -617,7 +615,7 @@ void __sanitizer_weak_hook_memcmp(void *caller_pc, const void *s1,
 ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY
 void __sanitizer_weak_hook_strncmp(void *caller_pc, const char *s1,
                                    const char *s2, size_t n, int result) {
-  if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return;
+  if (!fuzzer::RunningUserCallback) return;
   if (result == 0) return;  // No reason to mutate.
   size_t Len1 = fuzzer::InternalStrnlen(s1, n);
   size_t Len2 = fuzzer::InternalStrnlen(s2, n);
@@ -630,7 +628,7 @@ void __sanitizer_weak_hook_strncmp(void *caller_pc, const char *s1,
 ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY
 void __sanitizer_weak_hook_strcmp(void *caller_pc, const char *s1,
                                    const char *s2, int result) {
-  if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return;
+  if (!fuzzer::RunningUserCallback) return;
   if (result == 0) return;  // No reason to mutate.
   size_t N = fuzzer::InternalStrnlen2(s1, s2);
   if (N <= 1) return;  // Not interesting.
@@ -640,35 +638,35 @@ void __sanitizer_weak_hook_strcmp(void *caller_pc, const char *s1,
 ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY
 void __sanitizer_weak_hook_strncasecmp(void *called_pc, const char *s1,
                                        const char *s2, size_t n, int result) {
-  if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return;
+  if (!fuzzer::RunningUserCallback) return;
   return __sanitizer_weak_hook_strncmp(called_pc, s1, s2, n, result);
 }
 
 ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY
 void __sanitizer_weak_hook_strcasecmp(void *called_pc, const char *s1,
                                       const char *s2, int result) {
-  if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return;
+  if (!fuzzer::RunningUserCallback) return;
   return __sanitizer_weak_hook_strcmp(called_pc, s1, s2, result);
 }
 
 ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY
 void __sanitizer_weak_hook_strstr(void *called_pc, const char *s1,
                                   const char *s2, char *result) {
-  if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return;
+  if (!fuzzer::RunningUserCallback) return;
   fuzzer::TPC.MMT.Add(reinterpret_cast<const uint8_t *>(s2), strlen(s2));
 }
 
 ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY
 void __sanitizer_weak_hook_strcasestr(void *called_pc, const char *s1,
                                       const char *s2, char *result) {
-  if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return;
+  if (!fuzzer::RunningUserCallback) return;
   fuzzer::TPC.MMT.Add(reinterpret_cast<const uint8_t *>(s2), strlen(s2));
 }
 
 ATTRIBUTE_INTERFACE ATTRIBUTE_NO_SANITIZE_MEMORY
 void __sanitizer_weak_hook_memmem(void *called_pc, const void *s1, size_t len1,
                                   const void *s2, size_t len2, void *result) {
-  if (fuzzer::ScopedDoingMyOwnMemOrStr::DoingMyOwnMemOrStr) return;
+  if (!fuzzer::RunningUserCallback) return;
   fuzzer::TPC.MMT.Add(reinterpret_cast<const uint8_t *>(s2), len2);
 }
 }  // extern "C"
author	Matt Morehouse <mascasa@google.com>	2018-07-17 16:12:00 +0000
committer	Matt Morehouse <mascasa@google.com>	2018-07-17 16:12:00 +0000
commit	43a229697622b5933da1fdeb61d4eac2a2b7742c (patch)
tree	fa55d447d062835c5be38fc82c485dfa7f3622fa /compiler-rt/lib/fuzzer/FuzzerTracePC.cpp
parent	a448670b5b5c896ccaf4fa016783f684ddab7939 (diff)
download	llvm-43a229697622b5933da1fdeb61d4eac2a2b7742c.zip llvm-43a229697622b5933da1fdeb61d4eac2a2b7742c.tar.gz llvm-43a229697622b5933da1fdeb61d4eac2a2b7742c.tar.bz2