From 0d383d4e5f43ea1b2f9c682cf40d0aab56847349 Mon Sep 17 00:00:00 2001
From: Max Moroz <mmoroz@chromium.org>
Date: Tue, 12 Sep 2017 02:01:54 +0000
Subject: [PATCH] [libfuzzer] Compare TotalNumberOfRuns with MaxNumberOfRuns
 when testing a memory leak.

Summary:
Fuzzer::TryDetectingAMemoryLeak may call ExecuteCallback which would
increment TotalNumberOfRuns, but it doesn't respect Options.MaxNumberOfRuns
value specified by a user.

Context: https://github.com/google/oss-fuzz/issues/822#issuecomment-328153970

Reviewers: kcc

Reviewed By: kcc

Differential Revision: https://reviews.llvm.org/D37632

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@312993 91177308-0d34-0410-b5e6-96231b3b80d8
---
 FuzzerLoop.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/FuzzerLoop.cpp b/FuzzerLoop.cpp
index 0354fc8..d6185fd 100644
--- a/FuzzerLoop.cpp
+++ b/FuzzerLoop.cpp
@@ -525,6 +525,8 @@ void Fuzzer::TryDetectingAMemoryLeak(const uint8_t *Data, size_t Size,
                                      bool DuringInitialCorpusExecution) {
   if (!HasMoreMallocsThanFrees) return;  // mallocs==frees, a leak is unlikely.
   if (!Options.DetectLeaks) return;
+  if (!DuringInitialCorpusExecution &&
+      TotalNumberOfRuns >= Options.MaxNumberOfRuns) return;
   if (!&(EF->__lsan_enable) || !&(EF->__lsan_disable) ||
       !(EF->__lsan_do_recoverable_leak_check))
     return;  // No lsan.