[llvm-special-case-list-fuzzer] fix off-by-one read #73888
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The current fuzzer relies on MemoryBuffer to hold the fuzz data. However, the fuzzer currently runs into an OOB instantly because the MemoryBuffer interface guarantees that "In addition to basic access to the characters in the file, this interface guarantees you can read one character past the end of the file, and that this character will read as '\0'." The fuzzer as written atm is currently not supporting this, and, consequently the current OSS-Fuzz set up is not running since the builds is declared failing as the fuzzer fails on the first run. See here for links to build logs https://introspector.oss-fuzz.com/project-profile?project=llvm This change fixes the fuzzer and should solve the OSS-Fuzz build as well. Signed-off-by: David Korczynski <david@adalogics.com>
|
@nikic could you help review this one? |
nikic
approved these changes
Dec 28, 2023
|
Thanks @nikic ! |
DavidKorczynski
added a commit
to google/oss-fuzz
that referenced
this pull request
Dec 28, 2023
AdamKorcz
pushed a commit
to google/oss-fuzz
that referenced
this pull request
Dec 28, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The current fuzzer relies on MemoryBuffer to hold the fuzz data. However, the fuzzer runs into an OOB instantly because the MemoryBuffer interface guarantees that "In addition to basic access to the characters in the file, this interface guarantees you can read one character past the end of the file, and that this character will read as '\0'." ref, which the fuzzer fails to satisfy. As such, it runs into an OOB on this line.
Consequently, the OSS-Fuzz set up is not running since the build is declared failing as the fuzzer fails on the first run. See here for links to build logs https://introspector.oss-fuzz.com/project-profile?project=llvm and specifically at the bottom of this build log.
This change fixes the fuzzer and should solve the OSS-Fuzz build as well.
CC @mmdriley