Closed kolbma closed 2 years ago
This PR doesn't seem to have everything from 60e32a1. When I run the update script locally, I get this larger diff:
diff --git a/libfuzzer/FuzzerInterceptors.cpp b/libfuzzer/FuzzerInterceptors.cpp
index b877986..d5b0a42 100644
--- a/libfuzzer/FuzzerInterceptors.cpp
+++ b/libfuzzer/FuzzerInterceptors.cpp
@@ -20,16 +20,17 @@
#define FUNC_TYPE(x) x##_type
#define DEFINE_REAL(ret_type, func, ...) \
typedef ret_type (*FUNC_TYPE(func))(__VA_ARGS__); \
namespace __interception { \
FUNC_TYPE(func) PTR_TO_REAL(func); \
}
#include <cassert>
+#include <cstddef> // for size_t
#include <cstdint>
#include <dlfcn.h> // for dlsym()
static void *getFuncAddr(const char *name, uintptr_t wrapper_addr) {
void *addr = dlsym(RTLD_NEXT, name);
if (!addr) {
// If the lookup using RTLD_NEXT failed, the sanitizer runtime library is
// later in the library search order than the DSO that we are trying to
diff --git a/libfuzzer/dataflow/DataFlow.cpp b/libfuzzer/dataflow/DataFlow.cpp
index 78b3f9a..3af48e2 100644
--- a/libfuzzer/dataflow/DataFlow.cpp
+++ b/libfuzzer/dataflow/DataFlow.cpp
@@ -12,21 +12,19 @@
//
// It executes the fuzz target on the given input while monitoring the
// data flow for every instrumented comparison instruction.
//
// The output shows which functions depend on which bytes of the input,
// and also provides basic-block coverage for every input.
//
// Build:
-// 1. Compile this file (DataFlow.cpp) with -fsanitize=dataflow -mllvm
-// -dfsan-fast-16-labels and -O2.
+// 1. Compile this file (DataFlow.cpp) with -fsanitize=dataflow and -O2.
// 2. Compile DataFlowCallbacks.cpp with -O2 -fPIC.
// 3. Build the fuzz target with -g -fsanitize=dataflow
-// -mllvm -dfsan-fast-16-labels
// -fsanitize-coverage=trace-pc-guard,pc-table,bb,trace-cmp
// 4. Link those together with -fsanitize=dataflow
//
// -fsanitize-coverage=trace-cmp inserts callbacks around every comparison
// instruction, DFSan modifies the calls to pass the data flow labels.
// The callbacks update the data flow label for the current function.
// See e.g. __dfsw___sanitizer_cov_trace_cmp1 below.
//
@@ -77,17 +75,17 @@ CallbackData __dft;
static size_t InputLen;
static size_t NumIterations;
static dfsan_label **FuncLabelsPerIter; // NumIterations x NumFuncs;
static inline bool BlockIsEntry(size_t BlockIdx) {
return __dft.PCsBeg[BlockIdx * 2 + 1] & PCFLAG_FUNC_ENTRY;
}
-const int kNumLabels = 16;
+const int kNumLabels = 8;
// Prints all instrumented functions.
static int PrintFunctions() {
// We don't have the symbolizer integrated with dfsan yet.
// So use backtrace_symbols_fd and pipe it through llvm-symbolizer.
// TODO(kcc): this is pretty ugly and may break in lots of ways.
// We'll need to make a proper in-process symbolizer work with DFSan.
FILE *Pipe = popen("sed 's/(+/ /g; s/).*//g' "
Not sure what you have compared. The linked commit is only this one added line.
I've compared branch release/13.x.
Maybe there is more in main branch. Not sure if I'd want to have main branch.
I'm comparing updating all of libfuzzer to that commit. We don't generally cherry pick commits, we just update our whole vendored copy of libfuzzer.
Anyways, closing this in favor of #89.
Add missing
cstddef
header forsize_t
.Fixes https://github.com/rust-fuzz/libfuzzer/issues/87
libfuzzer code is then up-to-date with llvm branch release/13.x up to 2022/01/20.
Upstream fix is with https://github.com/llvm/llvm-project/commit/60e32a1f34e9ea60155a98bbe6ee5ec2a383efa3