diff options
| author | Matt Morehouse <mascasa@google.com> | 2017-11-09 20:44:08 +0000 |
|---|---|---|
| committer | Matt Morehouse <mascasa@google.com> | 2017-11-09 20:44:08 +0000 |
| commit | 8630529c291d7974dca280343e1f73321b6c6ad8 (patch) | |
| tree | 73f3ef02f45ac9e048652f51473c2ca331c24950 | |
| parent | 5646b9ef2068f1577569226326f62d90e2de5f09 (diff) | |
[libFuzzer] Don't add leaking inputs to corpus.
Reviewers: kcc
Reviewed By: kcc
Subscribers: llvm-commits
Differential Revision: https://reviews.llvm.org/D39850
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@317831 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | lib/fuzzer/FuzzerLoop.cpp | 5 | ||||
| -rw-r--r-- | test/fuzzer/fuzzer-leak.test | 6 |
2 files changed, 8 insertions, 3 deletions
diff --git a/lib/fuzzer/FuzzerLoop.cpp b/lib/fuzzer/FuzzerLoop.cpp index 97bc1c62b..81e609e33 100644 --- a/lib/fuzzer/FuzzerLoop.cpp +++ b/lib/fuzzer/FuzzerLoop.cpp @@ -641,11 +641,12 @@ void Fuzzer::MutateAndTestOne() { assert(NewSize <= CurrentMaxMutationLen && "Mutator return oversized unit"); Size = NewSize; II.NumExecutedMutations++; - if (RunOne(CurrentUnitData, Size, /*MayDeleteFile=*/true, &II)) - ReportNewCoverage(&II, {CurrentUnitData, CurrentUnitData + Size}); + bool NewCov = RunOne(CurrentUnitData, Size, /*MayDeleteFile=*/true, &II); TryDetectingAMemoryLeak(CurrentUnitData, Size, /*DuringInitialCorpusExecution*/ false); + if (NewCov) + ReportNewCoverage(&II, {CurrentUnitData, CurrentUnitData + Size}); } } diff --git a/test/fuzzer/fuzzer-leak.test b/test/fuzzer/fuzzer-leak.test index f8e99ce3f..0652a88f9 100644 --- a/test/fuzzer/fuzzer-leak.test +++ b/test/fuzzer/fuzzer-leak.test @@ -3,7 +3,8 @@ RUN: %cpp_compiler %S/LeakTest.cpp -o %t-LeakTest RUN: %cpp_compiler %S/ThreadedLeakTest.cpp -o %t-ThreadedLeakTest RUN: %cpp_compiler %S/LeakTimeoutTest.cpp -o %t-LeakTimeoutTest -RUN: not %t-LeakTest -runs=100000 -detect_leaks=1 2>&1 | FileCheck %s --check-prefix=LEAK_DURING +RUN: rm -rf %t-corpus && mkdir -p %t-corpus +RUN: not %t-LeakTest -runs=100000 -detect_leaks=1 %t-corpus 2>&1 | FileCheck %s --check-prefix=LEAK_DURING LEAK_DURING: ERROR: LeakSanitizer: detected memory leaks LEAK_DURING: Direct leak of 4 byte(s) in 1 object(s) allocated from: LEAK_DURING: INFO: to ignore leaks on libFuzzer side use -detect_leaks=0 @@ -11,6 +12,9 @@ LEAK_DURING: Test unit written to ./leak- LEAK_DURING-NOT: DONE LEAK_DURING-NOT: Done +// Verify leaking input was not added to corpus +RUN: %t-LeakTest -runs=0 %t-corpus + RUN: not %t-LeakTest -runs=0 -detect_leaks=1 %S 2>&1 | FileCheck %s --check-prefix=LEAK_IN_CORPUS LEAK_IN_CORPUS: ERROR: LeakSanitizer: detected memory leaks LEAK_IN_CORPUS: INFO: a leak has been found in the initial corpus. |