diff options
| author | Kostya Serebryany <kcc@google.com> | 2016-01-13 23:02:30 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2016-01-13 23:02:30 +0000 |
| commit | d50a3eedb4df2298de19e94189559b85af0f5094 (patch) | |
| tree | ff45de1ce4a0dfce6dd9a211888d0413b86fb472 /llvm/lib/Fuzzer/test/BufferOverflowOnInput.cpp | |
| parent | 9913322327833d25ad52528167208e282155e439 (diff) | |
| download | llvm-d50a3eedb4df2298de19e94189559b85af0f5094.zip llvm-d50a3eedb4df2298de19e94189559b85af0f5094.tar.gz llvm-d50a3eedb4df2298de19e94189559b85af0f5094.tar.bz2 | |
[libFuzzer] make sure we find buffer overflow in the input buffer. Previously, re-using the same vector object was hiding buffer overflows (unless we used annotated vector)
llvm-svn: 257701
Diffstat (limited to 'llvm/lib/Fuzzer/test/BufferOverflowOnInput.cpp')
| -rw-r--r-- | llvm/lib/Fuzzer/test/BufferOverflowOnInput.cpp | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/llvm/lib/Fuzzer/test/BufferOverflowOnInput.cpp b/llvm/lib/Fuzzer/test/BufferOverflowOnInput.cpp new file mode 100644 index 0000000..9bebd84 --- /dev/null +++ b/llvm/lib/Fuzzer/test/BufferOverflowOnInput.cpp @@ -0,0 +1,20 @@ +// Simple test for a fuzzer. The fuzzer must find the string "Hi!". +#include <assert.h> +#include <cstdint> +#include <cstdlib> +#include <cstddef> +#include <iostream> + +static volatile bool SeedLargeBuffer; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + assert(Data); + if (Size >= 4) + SeedLargeBuffer = true; + if (Size == 3 && SeedLargeBuffer && Data[3]) { + std::cout << "Woops, reading Data[3] w/o crashing\n"; + exit(1); + } + return 0; +} + |