[libc] use vars in string to num fuzz targets
The string to integer and string to float standalone fuzz targets just ran the functions and didn't do anything with the output. This was intentional, since they are intended to be used with sanitizers to detect buffer overflow bugs. Not using the variables was causing compile warnings, so this patch adds trivial checks to use the variables. Reviewed By: sivachandra, lntue Differential Revision: https://reviews.llvm.org/D144208
This commit is contained in:
parent
387452ec59
commit
62e7bdd22a
|
@ -13,6 +13,7 @@
|
||||||
#include "src/stdlib/strtod.h"
|
#include "src/stdlib/strtod.h"
|
||||||
#include "src/stdlib/strtof.h"
|
#include "src/stdlib/strtof.h"
|
||||||
#include "src/stdlib/strtold.h"
|
#include "src/stdlib/strtold.h"
|
||||||
|
#include <math.h>
|
||||||
#include <stddef.h>
|
#include <stddef.h>
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
|
|
||||||
|
@ -30,10 +31,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
||||||
|
|
||||||
char *out_ptr = nullptr;
|
char *out_ptr = nullptr;
|
||||||
|
|
||||||
// This fuzzer only checks that the alrogithms didn't read beyond the end of
|
// This fuzzer only checks that the algorithms didn't read beyond the end of
|
||||||
// the string in container. Combined with sanitizers, this will check that the
|
// the string in container. Combined with sanitizers, this will check that the
|
||||||
// code is not reading memory beyond what's expected. This test does not make
|
// code is not reading memory beyond what's expected. This test does not
|
||||||
// any attempt to check correctness of the result.
|
// effectively check the correctness of the result.
|
||||||
auto volatile atof_output = __llvm_libc::atof(str_ptr);
|
auto volatile atof_output = __llvm_libc::atof(str_ptr);
|
||||||
auto volatile strtof_output = __llvm_libc::strtof(str_ptr, &out_ptr);
|
auto volatile strtof_output = __llvm_libc::strtof(str_ptr, &out_ptr);
|
||||||
if (str_ptr + size < out_ptr)
|
if (str_ptr + size < out_ptr)
|
||||||
|
@ -45,6 +46,17 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
||||||
if (str_ptr + size < out_ptr)
|
if (str_ptr + size < out_ptr)
|
||||||
__builtin_trap();
|
__builtin_trap();
|
||||||
|
|
||||||
|
// If any of the outputs are NaN
|
||||||
|
if (isnan(atof_output) || isnan(strtof_output) || isnan(strtod_output) ||
|
||||||
|
isnan(strtold_output)) {
|
||||||
|
// Then all the outputs should be NaN.
|
||||||
|
// This is a trivial check meant to silence the "unused variable" warnings.
|
||||||
|
if (!isnan(atof_output) || !isnan(strtof_output) || !isnan(strtod_output) ||
|
||||||
|
!isnan(strtold_output)) {
|
||||||
|
__builtin_trap();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
delete[] container;
|
delete[] container;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -65,6 +65,16 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
||||||
if (str_ptr + container_size - 1 < out_ptr)
|
if (str_ptr + container_size - 1 < out_ptr)
|
||||||
__builtin_trap();
|
__builtin_trap();
|
||||||
|
|
||||||
|
// If atoi is non-zero and the base is at least 10
|
||||||
|
if (atoi_output != 0 && base >= 10) {
|
||||||
|
// Then all of the other functions should output non-zero values as well.
|
||||||
|
// This is a trivial check meant to silence the "unused variable" warnings.
|
||||||
|
if (atol_output == 0 || atoll_output == 0 || strtol_output == 0 ||
|
||||||
|
strtoll_output == 0 || strtoul_output == 0 || strtoull_output == 0) {
|
||||||
|
__builtin_trap();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
delete[] container;
|
delete[] container;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user