[llvm-dwarfdump-fuzzer] fix out of bounds potential #76408
Conversation
|
Thank you for submitting a Pull Request (PR) to the LLVM Project! This PR will be automatically labeled and the relevant teams will be If you wish to, you can add reviewers by using the "Reviewers" section on this page. If this is not working for you, it is probably because you do not have write If you have received no comments on your PR for a week, you can request a review If you have further questions, they may be answered by the LLVM GitHub User Guide. You can also ask questions in a comment on this PR, on the LLVM Discord or on the forums. |
|
@llvm/pr-subscribers-debuginfo Author: None (DavidKorczynski) ChangesThe fuzzer relies on MemoryBuffer to hold fuzz data, and MemoryBuffer guarantees that "In addition to basic access to the characters in the file, this interface guarantees you can read one character past the end of the file, and that this character will read as '\0'." The current fuzzing set up does not support this, which causes potential false positives. This PR fixes it. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65114 Full diff: https://github.com/llvm/llvm-project/pull/76408.diff 1 Files Affected:
diff --git a/llvm/tools/llvm-dwarfdump/fuzzer/llvm-dwarfdump-fuzzer.cpp b/llvm/tools/llvm-dwarfdump/fuzzer/llvm-dwarfdump-fuzzer.cpp
index 1d74856c0fb8a6..0e74d0be76f11c 100644
--- a/llvm/tools/llvm-dwarfdump/fuzzer/llvm-dwarfdump-fuzzer.cpp
+++ b/llvm/tools/llvm-dwarfdump/fuzzer/llvm-dwarfdump-fuzzer.cpp
@@ -20,8 +20,8 @@ using namespace llvm;
using namespace object;
extern "C" int LLVMFuzzerTestOneInput(uint8_t *data, size_t size) {
- std::unique_ptr<MemoryBuffer> Buff = MemoryBuffer::getMemBuffer(
- StringRef((const char *)data, size), "", false);
+ std::string Payload(reinterpret_cast<const char *>(data), size);
+ std::unique_ptr<MemoryBuffer> Buff = MemoryBuffer::getMemBuffer(Payload);
Expected<std::unique_ptr<ObjectFile>> ObjOrErr =
ObjectFile::createObjectFile(Buff->getMemBufferRef());
|
The fuzzer relies on MemoryBuffer to hold fuzz data, and MemoryBuffer guarantees that "In addition to basic access to the characters in the file, this interface guarantees you can read one character past the end of the file, and that this character will read as '\0'." The current fuzzing set up does not support this, which causes potential false positives. This PR fixes it. Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65114 Signed-off-by: David Korczynski <[email protected]>
The fuzzer relies on MemoryBuffer to hold fuzz data, and MemoryBuffer guarantees that "In addition to basic access to the characters in the file, this interface guarantees you can read one character past the end of the file, and that this character will read as '\0'." Ref. The current fuzzing set up does not support this, which causes potential false positives. This PR fixes it.
Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65114