[llvm-demangle-fuzzer] Add a fuzz target for ItaniumDemangler.

Patch By: hctim Reviewers: morehouse, bogner Reviewed By: bogner Subscribers: bogner, kcc, llvm-commits, mgorny Differential Revision: https://reviews.llvm.org/D38855 llvm-svn: 315716
llvm · Oct 13, 2017 · e29452b · e29452b
1 parent cbee219
commit e29452b
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 0 deletions.
diff --git a/llvm/docs/FuzzingLLVM.rst b/llvm/docs/FuzzingLLVM.rst
@@ -68,6 +68,13 @@ this fuzzer has reported are `on OSS Fuzz's tracker`__
 
 __ https://bugs.chromium.org/p/oss-fuzz/issues/list?q=proj-llvm+llvm-dwarfdump-fuzzer
 
+llvm-demangle-fuzzer
+---------------------
+
+A |generic fuzzer| for the Itanium demangler used in various LLVM tools. We've
+fuzzed __cxa_demangle to death, why not fuzz LLVM's implementation of the same
+function!
+
 llvm-isel-fuzzer
 ----------------
 

diff --git a/llvm/tools/llvm-demangle-fuzzer/CMakeLists.txt b/llvm/tools/llvm-demangle-fuzzer/CMakeLists.txt
@@ -0,0 +1,8 @@
+set(LLVM_LINK_COMPONENTS
+  Demangle
+  FuzzMutate
+)
+
+add_llvm_fuzzer(llvm-demangle-fuzzer
+  llvm-demangle-fuzzer.cpp
+  DUMMY_MAIN DummyDemanglerFuzzer.cpp)
diff --git a/llvm/tools/llvm-demangle-fuzzer/DummyDemanglerFuzzer.cpp b/llvm/tools/llvm-demangle-fuzzer/DummyDemanglerFuzzer.cpp
@@ -0,0 +1,19 @@
+//===--- DummyDemanglerMain.cpp - Entry point to sanity check the fuzzer --===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+//
+// Implementation of main so we can build and test without linking libFuzzer.
+//
+//===----------------------------------------------------------------------===//
+
+#include "llvm/FuzzMutate/FuzzerCLI.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
+int main(int argc, char *argv[]) {
+  return llvm::runFuzzerOnInputs(argc, argv, LLVMFuzzerTestOneInput);
+}
diff --git a/llvm/tools/llvm-demangle-fuzzer/llvm-demangle-fuzzer.cpp b/llvm/tools/llvm-demangle-fuzzer/llvm-demangle-fuzzer.cpp
@@ -0,0 +1,24 @@
+//===--- llvm-demangle-fuzzer.cpp - Fuzzer for the Itanium Demangler ------===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+
+#include "llvm/Demangle/Demangle.h"
+
+#include <cstdint>
+#include <cstdlib>
+#include <string>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  std::string NullTerminatedString((const char *)Data, Size);
+  int status = 0;
+  if (char *demangle = llvm::itaniumDemangle(NullTerminatedString.c_str(), nullptr,
+                                         nullptr, &status))
+    free(demangle);
+
+  return 0;
+}