diff options
| author | Kostya Serebryany <kcc@google.com> | 2018-05-23 23:55:54 +0000 |
|---|---|---|
| committer | Kostya Serebryany <kcc@google.com> | 2018-05-23 23:55:54 +0000 |
| commit | 4dc259e4a25db9e14ac405bfa22614f62d37a839 (patch) | |
| tree | e855e8f04fa9a6a41d642e7719866b30fa637fee | |
| parent | 12c36256dc7cf460d7e99ddadf341b10a483338c (diff) | |
[libFuzzer] fix two off-by-ones (!!) in the data flow tracer
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@333142 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/fuzzer/dataflow/DataFlow.cpp | 5 | ||||
| -rw-r--r-- | test/fuzzer/dataflow.test | 20 |
2 files changed, 12 insertions, 13 deletions
diff --git a/lib/fuzzer/dataflow/DataFlow.cpp b/lib/fuzzer/dataflow/DataFlow.cpp index fb7f67283..c55c68ea9 100644 --- a/lib/fuzzer/dataflow/DataFlow.cpp +++ b/lib/fuzzer/dataflow/DataFlow.cpp @@ -90,8 +90,9 @@ static int PrintFunctions() { } static void SetBytesForLabel(dfsan_label L, char *Bytes) { - if (L <= InputLen) { - Bytes[L] = '1'; + assert(L); + if (L <= InputLen + 1) { + Bytes[L - 1] = '1'; } else { auto *DLI = dfsan_get_label_info(L); SetBytesForLabel(DLI->l1, Bytes); diff --git a/test/fuzzer/dataflow.test b/test/fuzzer/dataflow.test index 7adf30d88..edb655f7a 100644 --- a/test/fuzzer/dataflow.test +++ b/test/fuzzer/dataflow.test @@ -24,34 +24,32 @@ RUN: echo -n 1234567890123456 > %t/IN/1234567890123456 # ABC: No data is used, the only used label is 4 (corresponds to the size) RUN:%t-ThreeFunctionsTestDF %t/IN/ABC | FileCheck %s --check-prefix=IN_ABC -IN_ABC: F{{[012]}} 1000 +IN_ABC: F{{[012]}} 0001 IN_ABC-NOT: F # FUABC: First 3 bytes are checked, Func1/Func2 are not called. RUN:%t-ThreeFunctionsTestDF %t/IN/FUABC | FileCheck %s --check-prefix=IN_FUABC -IN_FUABC: F{{[012]}} 111100 +IN_FUABC: F{{[012]}} 111001 IN_FUABC-NOT: F # FUZZR: 5 bytes are used (4 in one function, 5-th in the other), Func2 is not called. RUN:%t-ThreeFunctionsTestDF %t/IN/FUZZR | FileCheck %s --check-prefix=IN_FUZZR -IN_FUZZR-DAG: F{{[012]}} 111110 -IN_FUZZR-DAG: F{{[012]}} 000001 +IN_FUZZR-DAG: F{{[012]}} 111101 +IN_FUZZR-DAG: F{{[012]}} 000010 IN_FUZZR-NOT: F # FUZZM: 5 bytes are used, both Func1 and Func2 are called, Func2 depends only on size (label 6). RUN:%t-ThreeFunctionsTestDF %t/IN/FUZZM | FileCheck %s --check-prefix=IN_FUZZM -IN_FUZZM-DAG: F{{[012]}} 100000 -IN_FUZZM-DAG: F{{[012]}} 111110 +IN_FUZZM-DAG: F{{[012]}} 000010 +IN_FUZZM-DAG: F{{[012]}} 111101 IN_FUZZM-DAG: F{{[012]}} 000001 # FUZZMU: 6 bytes are used, both Func1 and Func2 are called, Func2 depends on byte 6 and size (label 7) RUN:%t-ThreeFunctionsTestDF %t/IN/FUZZMU | FileCheck %s --check-prefix=IN_FUZZMU -IN_FUZZMU-DAG: F{{[012]}} 1000001 -IN_FUZZMU-DAG: F{{[012]}} 1111100 -IN_FUZZMU-DAG: F{{[012]}} 0000010 +IN_FUZZMU-DAG: F{{[012]}} 0000100 +IN_FUZZMU-DAG: F{{[012]}} 1111001 +IN_FUZZMU-DAG: F{{[012]}} 0000011 # Today a very simple test will cause DFSan to die with "out of labels" RUN: not %t-ExplodeDFSanLabelsTestDF %t/IN/1234567890123456 2>&1 | FileCheck %s --check-prefix=OUT_OF_LABELS OUT_OF_LABELS: ==FATAL: DataFlowSanitizer: out of labels - - |