From e29452b4b7a81269cb02bcfc995e7f1fc99b3845 Mon Sep 17 00:00:00 2001 From: Matt Morehouse Date: Fri, 13 Oct 2017 17:35:37 +0000 Subject: [PATCH] [llvm-demangle-fuzzer] Add a fuzz target for ItaniumDemangler. Patch By: hctim Reviewers: morehouse, bogner Reviewed By: bogner Subscribers: bogner, kcc, llvm-commits, mgorny Differential Revision: https://reviews.llvm.org/D38855 llvm-svn: 315716 --- llvm/docs/FuzzingLLVM.rst | 7 ++++++ .../tools/llvm-demangle-fuzzer/CMakeLists.txt | 8 +++++++ .../DummyDemanglerFuzzer.cpp | 19 +++++++++++++++ .../llvm-demangle-fuzzer.cpp | 24 +++++++++++++++++++ 4 files changed, 58 insertions(+) create mode 100644 llvm/tools/llvm-demangle-fuzzer/CMakeLists.txt create mode 100644 llvm/tools/llvm-demangle-fuzzer/DummyDemanglerFuzzer.cpp create mode 100644 llvm/tools/llvm-demangle-fuzzer/llvm-demangle-fuzzer.cpp diff --git a/llvm/docs/FuzzingLLVM.rst b/llvm/docs/FuzzingLLVM.rst index 5ac0ff8d5198..e6ebeaf80cb4 100644 --- a/llvm/docs/FuzzingLLVM.rst +++ b/llvm/docs/FuzzingLLVM.rst @@ -68,6 +68,13 @@ this fuzzer has reported are `on OSS Fuzz's tracker`__ __ https://bugs.chromium.org/p/oss-fuzz/issues/list?q=proj-llvm+llvm-dwarfdump-fuzzer +llvm-demangle-fuzzer +--------------------- + +A |generic fuzzer| for the Itanium demangler used in various LLVM tools. We've +fuzzed __cxa_demangle to death, why not fuzz LLVM's implementation of the same +function! + llvm-isel-fuzzer ---------------- diff --git a/llvm/tools/llvm-demangle-fuzzer/CMakeLists.txt b/llvm/tools/llvm-demangle-fuzzer/CMakeLists.txt new file mode 100644 index 000000000000..28132cf4c5f1 --- /dev/null +++ b/llvm/tools/llvm-demangle-fuzzer/CMakeLists.txt @@ -0,0 +1,8 @@ +set(LLVM_LINK_COMPONENTS + Demangle + FuzzMutate +) + +add_llvm_fuzzer(llvm-demangle-fuzzer + llvm-demangle-fuzzer.cpp + DUMMY_MAIN DummyDemanglerFuzzer.cpp) diff --git a/llvm/tools/llvm-demangle-fuzzer/DummyDemanglerFuzzer.cpp b/llvm/tools/llvm-demangle-fuzzer/DummyDemanglerFuzzer.cpp new file mode 100644 index 000000000000..a2bf9f1b807e --- /dev/null +++ b/llvm/tools/llvm-demangle-fuzzer/DummyDemanglerFuzzer.cpp @@ -0,0 +1,19 @@ +//===--- DummyDemanglerMain.cpp - Entry point to sanity check the fuzzer --===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// +// +// Implementation of main so we can build and test without linking libFuzzer. +// +//===----------------------------------------------------------------------===// + +#include "llvm/FuzzMutate/FuzzerCLI.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); +int main(int argc, char *argv[]) { + return llvm::runFuzzerOnInputs(argc, argv, LLVMFuzzerTestOneInput); +} diff --git a/llvm/tools/llvm-demangle-fuzzer/llvm-demangle-fuzzer.cpp b/llvm/tools/llvm-demangle-fuzzer/llvm-demangle-fuzzer.cpp new file mode 100644 index 000000000000..07c290a0be5c --- /dev/null +++ b/llvm/tools/llvm-demangle-fuzzer/llvm-demangle-fuzzer.cpp @@ -0,0 +1,24 @@ +//===--- llvm-demangle-fuzzer.cpp - Fuzzer for the Itanium Demangler ------===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// + +#include "llvm/Demangle/Demangle.h" + +#include +#include +#include + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + std::string NullTerminatedString((const char *)Data, Size); + int status = 0; + if (char *demangle = llvm::itaniumDemangle(NullTerminatedString.c_str(), nullptr, + nullptr, &status)) + free(demangle); + + return 0; +}