Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromium / llvm-project / compiler-rt / lib / fuzzer / 1467b79c0e1e6415039ee619958bd6ac77e1e8c3^! / . / FuzzerLoop.cpp
commit1467b79c0e1e6415039ee619958bd6ac77e1e8c3[log] [tgz]
authormorehouse <morehouse>Mon Jul 09 23:51:08 2018 +0000
committermorehouse <morehouse>Mon Jul 09 23:51:08 2018 +0000
tree90c2b262831c3c1101db9893beddc43eab702eef
parentc46c27fcbeec5493c9bb7c2f696a73558eca3c8c [diff] [blame]
[libFuzzer] Make -fsanitize=memory,fuzzer work.

This patch allows libFuzzer to fuzz applications instrumented with MSan
without recompiling libFuzzer with MSan instrumentation.

Fixes https://github.com/google/sanitizers/issues/958.

Differential Revision: https://reviews.llvm.org/D48891

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer@336619 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/FuzzerLoop.cpp b/FuzzerLoop.cpp
index d412b58..08b5455 100644
--- a/FuzzerLoop.cpp
+++ b/FuzzerLoop.cpp

@@ -179,6 +179,7 @@
 void Fuzzer::DumpCurrentUnit(const char *Prefix) {
   if (!CurrentUnitData)
     return; // Happens when running individual inputs.
+  ScopedDisableMsanInterceptorChecks S;
   MD.PrintMutationSequence();
   Printf("; base unit: %s\n", Sha1ToString(BaseSha1).c_str());
   size_t UnitSize = CurrentUnitSize;
@@ -516,19 +517,24 @@
   // so that we reliably find buffer overflows in it.
   uint8_t *DataCopy = new uint8_t[Size];
   memcpy(DataCopy, Data, Size);
+  if (EF->__msan_unpoison)
+    EF->__msan_unpoison(DataCopy, Size);
   if (CurrentUnitData && CurrentUnitData != Data)
     memcpy(CurrentUnitData, Data, Size);
   CurrentUnitSize = Size;
-  AllocTracer.Start(Options.TraceMalloc);
-  UnitStartTime = system_clock::now();
-  TPC.ResetMaps();
-  RunningCB = true;
-  int Res = CB(DataCopy, Size);
-  RunningCB = false;
-  UnitStopTime = system_clock::now();
-  (void)Res;
-  assert(Res == 0);
-  HasMoreMallocsThanFrees = AllocTracer.Stop();
+  {
+    ScopedEnableMsanInterceptorChecks S;
+    AllocTracer.Start(Options.TraceMalloc);
+    UnitStartTime = system_clock::now();
+    TPC.ResetMaps();
+    RunningCB = true;
+    int Res = CB(DataCopy, Size);
+    RunningCB = false;
+    UnitStopTime = system_clock::now();
+    (void)Res;
+    assert(Res == 0);
+    HasMoreMallocsThanFrees = AllocTracer.Stop();
+  }
   if (!LooseMemeq(DataCopy, Data, Size))
     CrashOnOverwrittenData();
   CurrentUnitSize = 0;