[libFuzzer] fix a bug when running a single unit of N bytes with -max_len=M, M<N, caused a buffer overflow

git-svn-id: https://llvm.org/svn/llvm-project/llvm/trunk@280098 91177308-0d34-0410-b5e6-96231b3b80d8

Author: kcc

lib/Fuzzer/FuzzerDriver.cpp

@@ -250,11 +250,11 @@ static void StartRssThread(Fuzzer *F, size_t RssLimitMb) {
   T.detach();
 }
 
-int RunOneTest(Fuzzer *F, const char *InputFilePath) {
+int RunOneTest(Fuzzer *F, const char *InputFilePath, size_t MaxLen) {
   Unit U = FileToVector(InputFilePath);
-  Unit PreciseSizedU(U);
-  assert(PreciseSizedU.size() == PreciseSizedU.capacity());
-  F->RunOne(PreciseSizedU.data(), PreciseSizedU.size());
+  if (MaxLen && MaxLen < U.size())
+    U.resize(MaxLen);
+  F->RunOne(U.data(), U.size());
   return 0;
 }
 
@@ -380,7 +380,7 @@ int FuzzerDriver(int *argc, char ***argv, UserCallback Callback) {
       auto StartTime = system_clock::now();
       Printf("Running: %s\n", Path.c_str());
       for (int Iter = 0; Iter < Runs; Iter++)
-        RunOneTest(&F, Path.c_str());
+        RunOneTest(&F, Path.c_str(), Options.MaxLen);
       auto StopTime = system_clock::now();
       auto MS = duration_cast<milliseconds>(StopTime - StartTime).count();
       Printf("Executed %s in %zd ms\n", Path.c_str(), (long)MS);

lib/Fuzzer/test/fuzzer-singleinputs.test

@@ -5,7 +5,8 @@ RUN: rm -rf  %tmp/SINGLE_INPUTS
 RUN: mkdir -p  %tmp/SINGLE_INPUTS
 RUN: echo aaa > %tmp/SINGLE_INPUTS/aaa
 RUN: echo bbb > %tmp/SINGLE_INPUTS/bbb
-RUN: LLVMFuzzer-SimpleTest %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS
+RUN: LLVMFuzzer-SimpleTest            %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS
+RUN: LLVMFuzzer-SimpleTest -max_len=2 %tmp/SINGLE_INPUTS/aaa %tmp/SINGLE_INPUTS/bbb 2>&1 | FileCheck %s --check-prefix=SINGLE_INPUTS
 RUN: rm -rf  %tmp/SINGLE_INPUTS
 SINGLE_INPUTS: LLVMFuzzer-SimpleTest: Running 2 inputs 1 time(s) each.
 SINGLE_INPUTS: aaa in