Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[libc] Lay out framework for fuzzing libc functions.
Summary: Added fuzzing test for strcpy and some documentation related to fuzzing. This will be the first step in integrating this with oss-fuzz. Reviewers: sivachandra, abrachet Reviewed By: sivachandra, abrachet Subscribers: gchatelet, abrachet, mgorny, MaskRay, tschuett, libc-commits Tags: #libc-project Differential Revision: https://reviews.llvm.org/D74091
- Loading branch information
1 parent
e29065a
commit a4f45ee
Showing
7 changed files
with
141 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
Fuzzing for LLVM-libc | ||
--------------------- | ||
|
||
Fuzzing tests are used to ensure quality and security of LLVM-libc | ||
implementations. | ||
|
||
Each fuzzing test lives under the fuzzing directory in a subdirectory | ||
corresponding with the src layout. | ||
|
||
Currently we use system libc for functions that have yet to be implemented, | ||
however as they are implemented the fuzzers will be changed to use our | ||
implementation to increase coverage for testing. | ||
|
||
Fuzzers will be run on `oss-fuzz <https://github.com/google/oss-fuzz>`_ and the | ||
check-libc target will ensure that they build correctly. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=fuzzer") | ||
add_custom_target(libc-fuzzer) | ||
add_dependencies(check-libc libc-fuzzer) | ||
|
||
add_subdirectory(string) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
add_libc_fuzzer( | ||
strcpy_fuzz | ||
SRCS | ||
strcpy_fuzz.cpp | ||
DEPENDS | ||
strcpy | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
//===--------------------- strcpy_fuzz.cpp --------------------------------===// | ||
// | ||
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. | ||
// See https://llvm.org/LICENSE.txt for license information. | ||
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception | ||
// | ||
//===----------------------------------------------------------------------===// | ||
/// | ||
/// Fuzzing test for llvm-libc strcpy implementation. | ||
/// | ||
//===----------------------------------------------------------------------===// | ||
#include "src/string/strcpy.h" | ||
#include <stdint.h> | ||
|
||
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { | ||
// Validate input | ||
if (!size) return 0; | ||
if (data[size - 1] != '\0') return 0; | ||
const char *src = (const char *)data; | ||
|
||
char *dest = new char[size]; | ||
if (!dest) __builtin_trap(); | ||
|
||
__llvm_libc::strcpy(dest, src); | ||
|
||
size_t i; | ||
for (i = 0; src[i] != '\0'; i++) { | ||
// Ensure correctness of strcpy | ||
if (dest[i] != src[i]) __builtin_trap(); | ||
} | ||
// Ensure strcpy null terminates dest | ||
if (dest[i] != src[i]) __builtin_trap(); | ||
|
||
delete[] dest; | ||
|
||
return 0; | ||
} | ||
|