Gitiles
Code Review Sign In
gerrit-public.fairphone.software / toolchain / llvm-project / ff2e6badbd89cbc065c84f40504ee51138d43198^! / . / llvm / lib / Fuzzer
commitff2e6badbd89cbc065c84f40504ee51138d43198[log] [tgz]
authorKostya Serebryany <kcc@google.com>Wed May 25 00:15:36 2016 +0000
committerKostya Serebryany <kcc@google.com>Wed May 25 00:15:36 2016 +0000
tree8a25615df5cb7544859e812c5c727b031b56a05e
parentb910e566049ffd9b1f285b29cd4dfe124aad3a12 [diff]
[libFuzzer] print stats if we crash on empty input

llvm-svn: 270639

diff --git a/llvm/lib/Fuzzer/FuzzerLoop.cpp b/llvm/lib/Fuzzer/FuzzerLoop.cpp
index ed8a1fb..ccd1c4e 100644
--- a/llvm/lib/Fuzzer/FuzzerLoop.cpp
+++ b/llvm/lib/Fuzzer/FuzzerLoop.cpp

@@ -177,9 +177,10 @@
 
 NO_SANITIZE_MEMORY
 void Fuzzer::DeathCallback() {
-  if (!CurrentUnitSize) return;
-  Printf("DEATH:\n");
-  DumpCurrentUnit("crash-");
+  if (CurrentUnitSize) {
+    Printf("DEATH:\n");
+    DumpCurrentUnit("crash-");
+  }
   PrintFinalStats();
 }
 

diff --git a/llvm/lib/Fuzzer/test/CMakeLists.txt b/llvm/lib/Fuzzer/test/CMakeLists.txt
index 52ed2f5..a33f84b 100644
--- a/llvm/lib/Fuzzer/test/CMakeLists.txt
+++ b/llvm/lib/Fuzzer/test/CMakeLists.txt

@@ -25,6 +25,7 @@
   LeakTest
   LeakTimeoutTest
   NullDerefTest
+  NullDerefOnEmptyTest
   NthRunCrashTest
   OutOfMemoryTest
   RepeatedMemcmp

diff --git a/llvm/lib/Fuzzer/test/NullDerefOnEmptyTest.cpp b/llvm/lib/Fuzzer/test/NullDerefOnEmptyTest.cpp
new file mode 100644
index 0000000..1537109
--- /dev/null
+++ b/llvm/lib/Fuzzer/test/NullDerefOnEmptyTest.cpp

@@ -0,0 +1,19 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+
+// Simple test for a fuzzer. The fuzzer must find the empty string.
+#include <cstdint>
+#include <cstdlib>
+#include <cstddef>
+#include <iostream>
+
+static volatile int *Null = 0;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size == 0) {
+    std::cout << "Found the target, dereferencing NULL\n";
+    *Null = 1;
+  }
+  return 0;
+}
+

diff --git a/llvm/lib/Fuzzer/test/fuzzer.test b/llvm/lib/Fuzzer/test/fuzzer.test
index bbdcc73..8c5d148 100644
--- a/llvm/lib/Fuzzer/test/fuzzer.test
+++ b/llvm/lib/Fuzzer/test/fuzzer.test

@@ -20,6 +20,9 @@
 LIBFUZZER_OWN_SEGV_HANDLER: SUMMARY: libFuzzer: deadly signal
 LIBFUZZER_OWN_SEGV_HANDLER: Test unit written to ./crash-
 
+RUN: not LLVMFuzzer-NullDerefOnEmptyTest -print_final_stats=1 2>&1 | FileCheck %s --check-prefix=NULL_DEREF_ON_EMPTY
+NULL_DEREF_ON_EMPTY: stat::number_of_executed_units:
+
 #not LLVMFuzzer-FullCoverageSetTest -timeout=15 -seed=1 -mutate_depth=2 -use_full_coverage_set=1 2>&1 | FileCheck %s
 
 RUN: not LLVMFuzzer-CounterTest -use_counters=1 -max_len=6 -seed=1 -timeout=15 2>&1 | FileCheck %s