Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cmd/compile: libFuzzer instrumentation fakePC overflow on 386 arch #56141

Closed
cuonglm opened this issue Oct 11, 2022 · 6 comments
Closed

cmd/compile: libFuzzer instrumentation fakePC overflow on 386 arch #56141

cuonglm opened this issue Oct 11, 2022 · 6 comments
Assignees
Labels
compiler/runtime Issues related to the Go compiler and/or runtime. FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Milestone

Comments

@cuonglm
Copy link
Member

cuonglm commented Oct 11, 2022

What version of Go are you using (go version)?

$ go version
go version devel go1.20-4274ffd4b8 Tue Oct 11 04:04:13 2022 +0000 darwin/arm64

Does this issue reproduce with the latest release?

Yes.

What operating system and processor architecture are you using (go env)?

go env Output
$ go env

What did you do?

Compile following program with -d=libfuzzer:

package p

func f(x, y int) {
	_ = x > y
	_ = y > x
}

What did you expect to see?

Compile ok.

What did you see instead?

$ GOOS=linux GOARCH=386 go tool compile -d=libfuzzer p.go
p.go:5:8: constant 3550266861 overflows int
@gopherbot gopherbot added the compiler/runtime Issues related to the Go compiler and/or runtime. label Oct 11, 2022
@cuonglm cuonglm self-assigned this Oct 11, 2022
@cuonglm cuonglm added the NeedsFix The path to resolution is known, but the work has not been done. label Oct 11, 2022
@cuonglm cuonglm added this to the Go1.20 milestone Oct 11, 2022
@cuonglm
Copy link
Member Author

cuonglm commented Oct 11, 2022

@randall77 @mdempsky seems we need to backport this, it affect go test -fuzz on 386 arch.

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/441996 mentions this issue: all: prevent fakePC overflow on 386 in libfuzzer mode

@cuonglm
Copy link
Member Author

cuonglm commented Oct 12, 2022

Re-open for backport consideration.

cc @randall77 @mdempsky

@cuonglm cuonglm reopened this Oct 12, 2022
@randall77
Copy link
Contributor

@gopherbot please open a backport to 1.19. This bug causes libfuzzer mode to fail to compile. There is no easy workaround.
(I don't think this applies to 1.18.)

@gopherbot
Copy link
Contributor

Backport issue(s) opened: #56167 (for 1.18), #56168 (for 1.19).

Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.

@cuonglm
Copy link
Member Author

cuonglm commented Oct 12, 2022

@gopherbot please open a backport to 1.19. This bug causes libfuzzer mode to fail to compile. There is no easy workaround.

(I don't think this applies to 1.18.)

Yes, this does not happen in go1.18 release. The libfuzzerTrace* and friends are added in 1.19

romaindoumenc pushed a commit to TroutSoftware/go that referenced this issue Nov 3, 2022
fakePC uses hash.Sum32, which returns an uint32. However, libfuzzer
trace/hook functions declare fakePC argument as int, causing overflow on
386 archs.

Fixing this by changing fakePC argument to uint to prevent the overflow.

Fixes golang#56141

Change-Id: I3994c461319983ab70065f90bf61539a363e0a2a
Reviewed-on: https://go-review.googlesource.com/c/go/+/441996
Auto-Submit: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Reviewed-by: Keith Randall <khr@google.com>
Run-TryBot: Cuong Manh Le <cuong.manhle.vn@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
@golang golang locked and limited conversation to collaborators Oct 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
compiler/runtime Issues related to the Go compiler and/or runtime. FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done.
Projects
None yet
Development

No branches or pull requests

3 participants