This is an archive of the discontinued LLVM Phabricator instance.

[fuzzer] Use puts() rather than printf() in CopyFileToErr()
ClosedPublic

Authored by rsundahl on Mar 15 2023, 8:09 PM.

Details

Summary

CopyFileToErr() uses Printf("%s", ...) which fails with a negative size on
files >2Gb (Its path is through var-args wrappers to an unnecessary "%s"
expansion and subject to int overflows) Using puts() in place of printf()
bypasses this path and writes the string directly to stderr. This avoids the
present loss of data when a crashed worker has generated >2Gb of output.

rdar://99384640

Diff Detail

Event Timeline

rsundahl created this revision.Mar 15 2023, 8:09 PM
Herald added a project: Restricted Project. · View Herald TranscriptMar 15 2023, 8:09 PM
Herald added a subscriber: Enna1. · View Herald Transcript
rsundahl requested review of this revision.Mar 15 2023, 8:09 PM
Herald added a project: Restricted Project. · View Herald TranscriptMar 15 2023, 8:09 PM
Herald added a subscriber: Restricted Project. · View Herald Transcript
rsundahl updated this revision to Diff 505688.Mar 15 2023, 8:15 PM

Clean up some wording and the title.

rsundahl retitled this revision from [fuzzer] Use puts rather than printf in CopyFileToErr() to [fuzzer] Use puts() rather than printf() in CopyFileToErr().Mar 15 2023, 8:20 PM
rsundahl edited the summary of this revision. (Show Details)
rsundahl updated this revision to Diff 505692.EditedMar 15 2023, 8:24 PM

Removed extraneous blank line.

yln added a comment.Mar 16 2023, 11:13 AM

LGTM, looks harmless enough!

when a crashed worker has generated >2Gb of output.

Are we fine with printing >2GB of output? That sounds like it could lead to trouble elsewhere. Since the output is coming from a file I would hope that there is a way to get to it (even for remote CI?)
Do you think it would be worth investigating (as a separate follow-up) to truncate the output?

compiler-rt/test/fuzzer/BigFileCopy.cpp
19

Bonus points for the creative test! ;)

yln accepted this revision.Mar 16 2023, 11:13 AM
This revision is now accepted and ready to land.Mar 16 2023, 11:13 AM

Thanks @yln!

when a crashed worker has generated >2Gb of output.

Are we fine with printing >2GB of output? That sounds like it could lead to trouble elsewhere. Since the output is coming from a file I would hope that there is a way to get to it (even for remote CI?)

The use case here is that a worker that has accumulated >2Gb of output (over what may be days or weeks) crashes before it can append its log to stderr and in crashing, doesn't do a clean exit so more data is potentially lost. I agree though, we should convey that log file to the parent some other way and I think you're right in suspecting that this large amount of output may bite us further downstream simply because we now succeed at generating it.

Do you think it would be worth investigating (as a separate follow-up) to truncate the output?

That's a good idea. Truncate the output or just don't use stderr as a pipe for large files. (Although it's Unix, right? K&R would be probably approve of a fix that removes a limit to the amount of data going through a pipe. lol)

dyung added a subscriber: dyung.Mar 17 2023, 11:23 AM

@rsundahl the test you added big-file-copy.test is failing on a buildbot, can you take a look?

https://lab.llvm.org/buildbot/#/builders/247/builds/2653

/usr/bin/ld: /usr/bin/ld: DWARF error: invalid or unhandled FORM value: 0x25
/tmp/lit-tmp-w57ukdpc/BigFileCopy-ab4731.o: in function `main':
BigFileCopy.cpp:(.text.main[main]+0x0): multiple definition of `main'; /home/buildbot/buildbot-root/llvm-clang-x86_64-gcc-ubuntu/build/lib/clang/17/lib/x86_64-unknown-linux-gnu/libclang_rt.fuzzer.a(FuzzerMain.cpp.o):/home/buildbot/buildbot-root/llvm-clang-x86_64-gcc-ubuntu/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:19: first defined here
/usr/bin/ld: /home/buildbot/buildbot-root/llvm-clang-x86_64-gcc-ubuntu/build/lib/clang/17/lib/x86_64-unknown-linux-gnu/libclang_rt.fuzzer.a(FuzzerMain.cpp.o): in function `main':
/home/buildbot/buildbot-root/llvm-clang-x86_64-gcc-ubuntu/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20: undefined reference to `LLVMFuzzerTestOneInput'
clang: error: linker command failed with exit code 1 (use -v to see invocation)

@rsundahl the test you added big-file-copy.test is failing on a buildbot, can you take a look?

https://lab.llvm.org/buildbot/#/builders/247/builds/2653

Oh, interesting... Second copy of main() on a different platform. Thanks for the heads up.

rsundahl reopened this revision.Mar 20 2023, 6:54 PM

Reopening to push changes for Debian test error (multiple main()'s).

This revision is now accepted and ready to land.Mar 20 2023, 6:54 PM
rsundahl updated this revision to Diff 506815.Mar 20 2023, 6:58 PM

Don't use main() for testing body (error on Debian).

rsundahl added a subscriber: ormris.EditedMar 20 2023, 7:08 PM

cc: @dyung and @ormris - I have modified the test to use the canonical fuzzer entry point

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)

rather than

int main(int argc, char *argv[])

which was causing the duplicated symbol on Debian. It's interesting that it worked for us but not for Debian but this is the correct form in any case. Thanks for your input and for the revert. (I'm going to look into how I can get a build on the failed bot before I land this time.)

I've tested this on linux and it now links (and passes). I am going to land it again and watch it closely.

rsundahl accepted this revision.Mar 28 2023, 2:09 PM
This revision was landed with ongoing or failed builds.Mar 28 2023, 2:19 PM
This revision was automatically updated to reflect the committed changes.
rsundahl reopened this revision.Mar 28 2023, 3:19 PM

Looks like I'll have to enable this test only on Darwin.

This revision is now accepted and ready to land.Mar 28 2023, 3:19 PM
rsundahl closed this revision.Mar 28 2023, 4:13 PM

Opening a new revision to limit the scope of the test to Darwin only. (https://reviews.llvm.org/D147094)