New issue
Advanced search Search tips

Issue 902460 link

Starred by 1 user
Status: Verified
Owner:
metzman@chromium.org
Closed: Nov 8
Cc:
kcc@chromium.org
mascasa@google.com
metzman@chromium.org
dsinclair@chromium.org
mmoroz@chromium.org
mbarbe...@chromium.org
infe...@chromium.org
och...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug

Blocking:
issue 883538



Sign in to add a comment

libFuzzer on Windows may read files incorrectly

Project Member Reported by mmoroz@chromium.org, Nov 6 
This was reported by dsinclair@ in  issue 894945 . See comment #11:

"
1- The reason this fails on windows fuzzer and not other platforms is that we are not reading the data into libfuzzer in binary, so when it sees 0d0a in the input stream it's converting it to 0a, we just lose the 0d byte. Which gives a very different 7 value then the 1792 in the other cases. (The opt code reads in binary so it doesn't have this problem, changing libfuzzer to read in binary fixes this problem as well).
"

As per chat with dsinclair@, adding `std::ios::binary` flag to `std::ifstream` constructor (https://cs.chromium.org/chromium/src/third_party/libFuzzer/src/FuzzerIO.cpp?l=34&rcl=a305a5eb85ed42edc5c965c14f308f576cb245ca) seems to be solving the issue.

Comment 1 by metzman@chromium.org, Nov 6

Owner: metzman@chromium.org
Status: Started (was: Untriaged)

Comment 2 by metzman@chromium.org, Nov 6

Blocking: 883538
Labels: OS-Windows
I wonder if this problem also affects Mac (ie: when libFuzzer sees a lone \0d if it gets converted to \n).

Comment 3 by metzman@chromium.org, Nov 6 

Nevermind, only classic Mac uses CR in that way not OS X

Comment 4 by metzman@chromium.org, Nov 7 

Landed https://reviews.llvm.org/D54180 upstream to address this.
Project Member

Comment 5 by bugdroid1@chromium.org, Nov 7 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/380eb2e000be40d1ac94411862be16e6f74e9d7d

commit 380eb2e000be40d1ac94411862be16e6f74e9d7d
Author: Jonathan Metzman <metzman@chromium.org>
Date: Wed Nov 07 02:52:17 2018

Roll src/third_party/libFuzzer/src/ a305a5eb8..2a5309858 (7 commits)

https://chromium.googlesource.com/chromium/llvm-project/compiler-rt/lib/fuzzer.git/+log/a305a5eb85ed..2a53098584c4

$ git log a305a5eb8..2a5309858 --date=short --no-merges --format='%ad %ae %s'
2018-11-06 metzman [fuzzer] Read files as binary
2018-11-06 kamil Follow Windows' approach for NetBSD in AlarmCallback()
2018-11-02 phosek [compiler-rt][Fuzzer] Fix the fuzzer test build
2018-10-31 phosek [compiler-rt][Fuzzer] Use the new C++ ABI namespace CMake support
2018-10-14 metzman [libfuzzer][Windows] Silence linker warning in unittest
2018-10-10 george.karpenkov [libFuzzer] Generalize the code for getting the previous offset for different architectures
2018-10-02 phosek [lib/fuzzer] Fix logging for Fuchsia

Created with:
  roll-dep src/third_party/libFuzzer/src

Bug:  902460 
Change-Id: I82ef4e6e9b35371bb82d7b5d7ae3ae7080553965
Reviewed-on: https://chromium-review.googlesource.com/c/1321583
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Commit-Queue: Jonathan Metzman <metzman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#605939}
[modify] https://crrev.com/380eb2e000be40d1ac94411862be16e6f74e9d7d/DEPS

Comment 6 by metzman@chromium.org, Nov 8

Status: Fixed (was: Started)
Because  issue 894945  was autoclosed by CF, this issue is fixed.

Comment 7 by metzman@chromium.org, Nov 8

Status: Verified (was: Fixed)

Sign in to add a comment