This is an archive of the discontinued LLVM Phabricator instance.

[libFuzzer] Use octal instead of hex escape sequences in PrintASCII
ClosedPublic

Authored by hans on Oct 1 2021, 4:53 AM.

Download Raw Diff

Details

Reviewers

kcc
morehouse

Commits

rGc7bd6435993f: [libFuzzer] Use octal instead of hex escape sequences in PrintASCII

Summary

Previously, PrintASCII would print the string "\ta" as "\x09a". However, in C/C++ those strings are not the same: the trailing 'a' is part of the escape sequence, which means it's equivalent to "\x9a". This is an annoying quirk of the standard. (See https://eel.is/c++draft/lex.ccon#nt:hexadecimal-escape-sequence)

To fix this, output three-digit octal escape sequences instead. Since octal escapes are limited to max three digits, this avoids the problem of subsequent characters unintentionally becoming part of the escape sequence.

Dictionary files still use the non-C-compatible hex escapes, but I believe we can't change the format since it comes from AFL, and libfuzzer never writes such files, it only has to read them, so they're not affected by this change.

(One alternative, which might be nice since hex sequences are more readable, would be to use hex sequences when the following character is not a valid hex digit. It would add some complexity though, and we'd still need the octals as a fallback, so not sure if it would be worth it.)

Diff Detail

Repository: rG LLVM Github Monorepo

Event Timeline

hans requested review of this revision.Oct 1 2021, 4:53 AM

hans created this revision.

Herald added a project: Restricted Project. · View Herald TranscriptOct 1 2021, 4:53 AM

Herald added a subscriber: Restricted Project. · View Herald Transcript

LGTM

This revision is now accepted and ready to land.Oct 1 2021, 7:31 AM

Closed by commit rGc7bd6435993f: [libFuzzer] Use octal instead of hex escape sequences in PrintASCII (authored by hans). · Explain WhyOct 4 2021, 2:34 AM

This revision was automatically updated to reflect the committed changes.

hans added a commit: rGc7bd6435993f: [libFuzzer] Use octal instead of hex escape sequences in PrintASCII.

Revision Contents

Path

Size

compiler-rt/

lib/

fuzzer/

FuzzerIO.h

4 lines

FuzzerIO.cpp

8 lines

FuzzerUtil.cpp

2 lines

tests/

FuzzerUnittest.cpp

36 lines

Diff 376830

compiler-rt/lib/fuzzer/FuzzerIO.h

	Show First 20 Lines • Show All 48 Lines • ▼ Show 20 Lines
	std::string TempPath(const char Prefix, const char Extension);			std::string TempPath(const char Prefix, const char Extension);

	bool IsInterestingCoverageFile(const std::string &FileName);			bool IsInterestingCoverageFile(const std::string &FileName);

	void DupAndCloseStderr();			void DupAndCloseStderr();

	void CloseStdout();			void CloseStdout();

				// For testing.
				FILE *GetOutputFile();
				void SetOutputFile(FILE *NewOutputFile);

	void Printf(const char *Fmt, ...);			void Printf(const char *Fmt, ...);
	void VPrintf(bool Verbose, const char *Fmt, ...);			void VPrintf(bool Verbose, const char *Fmt, ...);

	// Print using raw syscalls, useful when printing at early init stages.			// Print using raw syscalls, useful when printing at early init stages.
	void RawPrint(const char *Str);			void RawPrint(const char *Str);

	// Platform specific functions:			// Platform specific functions:
	bool IsFile(const std::string &Path);			bool IsFile(const std::string &Path);
	▲ Show 20 Lines • Show All 49 Lines • Show Last 20 Lines

compiler-rt/lib/fuzzer/FuzzerIO.cpp

	Show All 17 Lines
	#include <iterator>			#include <iterator>
	#include <sys/stat.h>			#include <sys/stat.h>
	#include <sys/types.h>			#include <sys/types.h>

	namespace fuzzer {			namespace fuzzer {

	static FILE *OutputFile = stderr;			static FILE *OutputFile = stderr;

				FILE *GetOutputFile() {
				return OutputFile;
				}

				void SetOutputFile(FILE *NewOutputFile) {
				OutputFile = NewOutputFile;
				}

	long GetEpoch(const std::string &Path) {			long GetEpoch(const std::string &Path) {
	struct stat St;			struct stat St;
	if (stat(Path.c_str(), &St))			if (stat(Path.c_str(), &St))
	return 0; // Can't stat, be conservative.			return 0; // Can't stat, be conservative.
	return St.st_mtime;			return St.st_mtime;
	}			}

	Unit FileToVector(const std::string &Path, size_t MaxSize, bool ExitOnError) {			Unit FileToVector(const std::string &Path, size_t MaxSize, bool ExitOnError) {
	▲ Show 20 Lines • Show All 174 Lines • Show Last 20 Lines

compiler-rt/lib/fuzzer/FuzzerUtil.cpp

	Show All 37 Lines
	void PrintASCIIByte(uint8_t Byte) {			void PrintASCIIByte(uint8_t Byte) {
	if (Byte == '\\')			if (Byte == '\\')
	Printf("\\\\");			Printf("\\\\");
	else if (Byte == '"')			else if (Byte == '"')
	Printf("\\\"");			Printf("\\\"");
	else if (Byte >= 32 && Byte < 127)			else if (Byte >= 32 && Byte < 127)
	Printf("%c", Byte);			Printf("%c", Byte);
	else			else
	Printf("\\x%02x", Byte);			Printf("\\%03o", Byte);
	}			}

	void PrintASCII(const uint8_t Data, size_t Size, const char PrintAfter) {			void PrintASCII(const uint8_t Data, size_t Size, const char PrintAfter) {
	for (size_t i = 0; i < Size; i++)			for (size_t i = 0; i < Size; i++)
	PrintASCIIByte(Data[i]);			PrintASCIIByte(Data[i]);
	Printf("%s", PrintAfter);			Printf("%s", PrintAfter);
	}			}

	▲ Show 20 Lines • Show All 183 Lines • Show Last 20 Lines

compiler-rt/lib/fuzzer/tests/FuzzerUnittest.cpp

Show First 20 Lines • Show All 585 Lines • ▼ Show 20 Lines	TEST(FuzzerUtil, Base64) {
EXPECT_EQ("eHk=", Base64({'x', 'y'}));		EXPECT_EQ("eHk=", Base64({'x', 'y'}));
EXPECT_EQ("YWJj", Base64({'a', 'b', 'c'}));		EXPECT_EQ("YWJj", Base64({'a', 'b', 'c'}));
EXPECT_EQ("eHl6", Base64({'x', 'y', 'z'}));		EXPECT_EQ("eHl6", Base64({'x', 'y', 'z'}));
EXPECT_EQ("YWJjeA==", Base64({'a', 'b', 'c', 'x'}));		EXPECT_EQ("YWJjeA==", Base64({'a', 'b', 'c', 'x'}));
EXPECT_EQ("YWJjeHk=", Base64({'a', 'b', 'c', 'x', 'y'}));		EXPECT_EQ("YWJjeHk=", Base64({'a', 'b', 'c', 'x', 'y'}));
EXPECT_EQ("YWJjeHl6", Base64({'a', 'b', 'c', 'x', 'y', 'z'}));		EXPECT_EQ("YWJjeHl6", Base64({'a', 'b', 'c', 'x', 'y', 'z'}));
}		}

		#ifdef __GLIBC__
		class PrintfCapture {
		public:
		PrintfCapture() {
		OldOutputFile = GetOutputFile();
		SetOutputFile(open_memstream(&Buffer, &Size));
		}
		~PrintfCapture() {
		fclose(GetOutputFile());
		SetOutputFile(OldOutputFile);
		free(Buffer);
		}
		std::string str() { return std::string(Buffer, Size); }

		private:
		char *Buffer;
		size_t Size;
		FILE *OldOutputFile;
		};

		TEST(FuzzerUtil, PrintASCII) {
		auto f = [](const char Str, const char PrintAfter = "") {
		PrintfCapture Capture;
		PrintASCII(reinterpret_cast<const uint8_t*>(Str), strlen(Str), PrintAfter);
		return Capture.str();
		};
		EXPECT_EQ("hello", f("hello"));
		EXPECT_EQ("c:\\\\", f("c:\\"));
		EXPECT_EQ("\\\"hi\\\"", f("\"hi\""));
		EXPECT_EQ("\\011a", f("\ta"));
		EXPECT_EQ("\\0111", f("\t1"));
		EXPECT_EQ("hello\\012", f("hello\n"));
		EXPECT_EQ("hello\n", f("hello", "\n"));
		}
		#endif

TEST(Corpus, Distribution) {		TEST(Corpus, Distribution) {
DataFlowTrace DFT;		DataFlowTrace DFT;
Random Rand(0);		Random Rand(0);
struct EntropicOptions Entropic = {false, 0xFF, 100, false};		struct EntropicOptions Entropic = {false, 0xFF, 100, false};
std::unique_ptr<InputCorpus> C(new InputCorpus("", Entropic));		std::unique_ptr<InputCorpus> C(new InputCorpus("", Entropic));
size_t N = 10;		size_t N = 10;
size_t TriesPerUnit = 1<<16;		size_t TriesPerUnit = 1<<16;
for (size_t i = 0; i < N; i++)		for (size_t i = 0; i < N; i++)
▲ Show 20 Lines • Show All 754 Lines • Show Last 20 Lines