Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-27 20:25:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4d5f8afdc0
gecko-dev/security/nss/fuzz/clone_libfuzzer.sh
Franziskus Kiefer 9fcb9743ee Bug 1334127 - land NSS 93b99b0936d3, r=me 
--HG--
extra : rebase_source : 5793f0f4595bb1bbff9338dca3e4f5068db5a47f
2017-02-21 13:55:41 +01:00

47 lines
1.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
d=$(dirname $0)
$d/git-copy.sh https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer b96a41ac6bbc3824fc7c7977662bebacac8f0983 $d/libFuzzer
# [https://llvm.org/bugs/show_bug.cgi?id=31318]
# This prevents a known buffer overrun that won't be fixed as the affected code
# will go away in the near future. Until that is we have to patch it as we seem
# to constantly run into it.
cat <<EOF | patch -p0 -d $d
diff --git libFuzzer/FuzzerLoop.cpp libFuzzer/FuzzerLoop.cpp
--- libFuzzer/FuzzerLoop.cpp
+++ libFuzzer/FuzzerLoop.cpp
@@ -476,6 +476,9 @@
uint8_t dummy;
ExecuteCallback(&dummy, 0);
+ // Number of counters might have changed.
+ PrepareCounters(&MaxCoverage);
+
for (const auto &U : *InitialCorpus) {
if (size_t NumFeatures = RunOne(U)) {
CheckExitOnSrcPosOrItem();
EOF
# Latest Libfuzzer uses __sanitizer_dump_coverage(), a symbol to be introduced
# with LLVM 4.0. To keep our code working with LLVM 3.x to simplify development
# of fuzzers we'll just provide it ourselves.
cat <<EOF | patch -p0 -d $d
diff --git libFuzzer/FuzzerTracePC.cpp libFuzzer/FuzzerTracePC.cpp
--- libFuzzer/FuzzerTracePC.cpp
+++ libFuzzer/FuzzerTracePC.cpp
@@ -33,6 +33,12 @@
ATTRIBUTE_INTERFACE
uintptr_t __sancov_trace_pc_pcs[fuzzer::TracePC::kNumPCs];
+#if defined(__clang_major__) && (__clang_major__ == 3)
+void __sanitizer_dump_coverage(const uintptr_t *pcs, uintptr_t len) {
+ // SanCov in LLVM 4.x will provide this symbol. Make 3.x work.
+}
+#endif
+
namespace fuzzer {
TracePC TPC;
EOF
Reference in New Issue View Git Blame Copy Permalink