This is an archive of the discontinued LLVM Phabricator instance.

Paths

Table of Contentst

-
compiler-rt/lib/fuzzer/
-
lib/
-
fuzzer/
-
FuzzerIO.cpp

Differential D68775

[libFuzzer] Fix fd check in DupAndCloseStderr.
ClosedPublic

Authored by charco on Oct 10 2019, 3:25 AM.

Download Raw Diff

Details

Reviewers

mcgrathr
jakehehrlich
phosek
kcc
aarongreen

Commits

rG16d9f44fd154: [libFuzzer] Fix fd check in DupAndCloseStderr.

Summary

This commit fixes the check in the return value from the DuplicateFile
function, which returns a new file descriptor. DuplicateFile can
return 0 if that file descriptor is available (for example, if stdin has
already been closed).

In particular, this could cause a bug with the -close_fd_mask flag in
some platforms: just call the fuzzer with stdin closed and the
-close_fd_mask=2 flag, and stderr will not be muted.

Example fuzzer:

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) {
  fprintf(stderr, "STDERR\n");
  fprintf(stdout, "STDOUT\n");
  return 0;
}

Invocation (muting both stderr and stdout):

./test -close_fd_mask=3 -runs=1 0<&-
INFO: Seed: 1155116940
INFO: Loaded 1 modules   (1 inline 8-bit counters): 1 [0x48b020, 0x48b021),
INFO: Loaded 1 PC tables (1 PCs): 1 [0x478dc8,0x478dd8),
INFO: -max_len is not provided; libFuzzer will not generate inputs larger than 4096 bytes
STDERR
INFO: A corpus is not provided, starting from an empty corpus
STDERR
Done 2 runs in 0 second(s)

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

charco created this revision.Oct 10 2019, 3:25 AM

Herald added projects: Restricted Project, Restricted Project. · View Herald TranscriptOct 10 2019, 3:25 AM

Herald added subscribers: llvm-commits, Restricted Project. · View Herald Transcript

Harbormaster completed remote builds in B39311: Diff 224300.Oct 10 2019, 3:28 AM

LGTM

This revision is now accepted and ready to land.Oct 14 2019, 5:33 PM

Closed by commit rG16d9f44fd154: [libFuzzer] Fix fd check in DupAndCloseStderr. (authored by charco). · Explain WhyNov 21 2019, 3:33 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents

Path

Size

compiler-rt/

lib/

fuzzer/

FuzzerIO.cpp

2 lines

Diff 230550

compiler-rt/lib/fuzzer/FuzzerIO.cpp

	Show First 20 Lines • Show All 105 Lines • ▼ Show 20 Lines

	std::string DirPlusFile(const std::string &DirPath,			std::string DirPlusFile(const std::string &DirPath,
	const std::string &FileName) {			const std::string &FileName) {
	return DirPath + GetSeparator() + FileName;			return DirPath + GetSeparator() + FileName;
	}			}

	void DupAndCloseStderr() {			void DupAndCloseStderr() {
	int OutputFd = DuplicateFile(2);			int OutputFd = DuplicateFile(2);
	if (OutputFd > 0) {			if (OutputFd >= 0) {
	FILE *NewOutputFile = OpenFile(OutputFd, "w");			FILE *NewOutputFile = OpenFile(OutputFd, "w");
	if (NewOutputFile) {			if (NewOutputFile) {
	OutputFile = NewOutputFile;			OutputFile = NewOutputFile;
	if (EF->__sanitizer_set_report_fd)			if (EF->__sanitizer_set_report_fd)
	EF->__sanitizer_set_report_fd(			EF->__sanitizer_set_report_fd(
	reinterpret_cast<void *>(GetHandleFromFd(OutputFd)));			reinterpret_cast<void *>(GetHandleFromFd(OutputFd)));
	DiscardOutput(2);			DiscardOutput(2);
	}			}
	Show All 37 Lines