[libFuzzer] fix a bug when running a single unit of N bytes with -max_len=M, M<N, caused a buffer overflow
llvm-svn: 280098
diff --git a/llvm/lib/Fuzzer/FuzzerDriver.cpp b/llvm/lib/Fuzzer/FuzzerDriver.cpp
index 592c88a..10db673 100644
--- a/llvm/lib/Fuzzer/FuzzerDriver.cpp
+++ b/llvm/lib/Fuzzer/FuzzerDriver.cpp
@@ -250,11 +250,11 @@
T.detach();
}
-int RunOneTest(Fuzzer *F, const char *InputFilePath) {
+int RunOneTest(Fuzzer *F, const char *InputFilePath, size_t MaxLen) {
Unit U = FileToVector(InputFilePath);
- Unit PreciseSizedU(U);
- assert(PreciseSizedU.size() == PreciseSizedU.capacity());
- F->RunOne(PreciseSizedU.data(), PreciseSizedU.size());
+ if (MaxLen && MaxLen < U.size())
+ U.resize(MaxLen);
+ F->RunOne(U.data(), U.size());
return 0;
}
@@ -380,7 +380,7 @@
auto StartTime = system_clock::now();
Printf("Running: %s\n", Path.c_str());
for (int Iter = 0; Iter < Runs; Iter++)
- RunOneTest(&F, Path.c_str());
+ RunOneTest(&F, Path.c_str(), Options.MaxLen);
auto StopTime = system_clock::now();
auto MS = duration_cast<milliseconds>(StopTime - StartTime).count();
Printf("Executed %s in %zd ms\n", Path.c_str(), (long)MS);
diff --git a/llvm/lib/Fuzzer/test/fuzzer-singleinputs.test b/llvm/lib/Fuzzer/test/fuzzer-singleinputs.test
index 3e34273..ca8403b 100644
--- a/llvm/lib/Fuzzer/test/fuzzer-singleinputs.test
+++ b/llvm/lib/Fuzzer/test/fuzzer-singleinputs.test
@@ -5,7 +5,8 @@
RUN: mkdir -p %tmp/SINGLE_INPUTS
RUN: echo aaa > %tmp/SINGLE_INPUTS/aaa
RUN: echo bbb > %tmp/SINGLE_INPUTS/bbb
-RUN: LLVMFuzzer-SimpleTest %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS
+RUN: LLVMFuzzer-SimpleTest %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS
+RUN: LLVMFuzzer-SimpleTest -max_len=2 %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS
RUN: rm -rf %tmp/SINGLE_INPUTS
SINGLE_INPUTS: LLVMFuzzer-SimpleTest: Running 2 inputs 1 time(s) each.
SINGLE_INPUTS: aaa in