Commit c7bd6435 authored by Hans Wennborg's avatar Hans Wennborg
Browse files

[libFuzzer] Use octal instead of hex escape sequences in PrintASCII 

Previously, PrintASCII would print the string "\ta" as "\x09a". However,
in C/C++ those strings are not the same: the trailing 'a' is part of the
escape sequence, which means it's equivalent to "\x9a". This is an
annoying quirk of the standard. (See
https://eel.is/c++draft/lex.ccon#nt:hexadecimal-escape-sequence)

To fix this, output three-digit octal escape sequences instead. Since
octal escapes are limited to max three digits, this avoids the problem
of subsequent characters unintentionally becoming part of the escape
sequence.

Dictionary files still use the non-C-compatible hex escapes, but I
believe we can't change the format since it comes from AFL, and
libfuzzer never writes such files, it only has to read them, so they're
not affected by this change.

Differential revision: https://reviews.llvm.org/D110920
parent 4288b652

compiler-rt/lib/fuzzer/FuzzerIO.cpp

+8 −0
Original line number Diff line number Diff line
@@ -23,6 +23,14 @@ namespace fuzzer { 


static FILE *OutputFile = stderr;



FILE *GetOutputFile() {

  return OutputFile;

}



void SetOutputFile(FILE *NewOutputFile) {

  OutputFile = NewOutputFile;

}



long GetEpoch(const std::string &Path) {

  struct stat St;

  if (stat(Path.c_str(), &St))

compiler-rt/lib/fuzzer/FuzzerIO.h

+4 −0
Original line number Diff line number Diff line
@@ -54,6 +54,10 @@ void DupAndCloseStderr(); 


void CloseStdout();



// For testing.

FILE *GetOutputFile();

void SetOutputFile(FILE *NewOutputFile);



void Printf(const char *Fmt, ...);

void VPrintf(bool Verbose, const char *Fmt, ...);

compiler-rt/lib/fuzzer/FuzzerUtil.cpp

+1 −1
Original line number Diff line number Diff line
@@ -43,7 +43,7 @@ void PrintASCIIByte(uint8_t Byte) { 
  else if (Byte >= 32 && Byte < 127)

    Printf("%c", Byte);

  else

    Printf("\\x%02x", Byte);

    Printf("\\%03o", Byte);

}



void PrintASCII(const uint8_t *Data, size_t Size, const char *PrintAfter) {

compiler-rt/lib/fuzzer/tests/FuzzerUnittest.cpp

+36 −0
Original line number Diff line number Diff line
@@ -591,6 +591,42 @@ TEST(FuzzerUtil, Base64) { 
  EXPECT_EQ("YWJjeHl6", Base64({'a', 'b', 'c', 'x', 'y', 'z'}));

}



#ifdef __GLIBC__

class PrintfCapture {

 public:

  PrintfCapture() {

    OldOutputFile = GetOutputFile();

    SetOutputFile(open_memstream(&Buffer, &Size));

  }

  ~PrintfCapture() {

    fclose(GetOutputFile());

    SetOutputFile(OldOutputFile);

    free(Buffer);

  }

  std::string str() { return std::string(Buffer, Size); }



 private:

  char *Buffer;

  size_t Size;

  FILE *OldOutputFile;

};



TEST(FuzzerUtil, PrintASCII) {

  auto f = [](const char *Str, const char *PrintAfter = "") {

    PrintfCapture Capture;

    PrintASCII(reinterpret_cast<const uint8_t*>(Str), strlen(Str), PrintAfter);

    return Capture.str();

  };

  EXPECT_EQ("hello", f("hello"));

  EXPECT_EQ("c:\\\\", f("c:\\"));

  EXPECT_EQ("\\\"hi\\\"", f("\"hi\""));

  EXPECT_EQ("\\011a", f("\ta"));

  EXPECT_EQ("\\0111", f("\t1"));

  EXPECT_EQ("hello\\012", f("hello\n"));

  EXPECT_EQ("hello\n", f("hello", "\n"));

}

#endif



TEST(Corpus, Distribution) {

  DataFlowTrace DFT;

  Random Rand(0);