From patchwork Mon Sep 25 14:26:38 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: George Dunlap X-Patchwork-Id: 9970059 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 02BBB60225 for ; Mon, 25 Sep 2017 14:29:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E94332880F for ; Mon, 25 Sep 2017 14:29:26 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DE20E28A2C; Mon, 25 Sep 2017 14:29:26 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 927722880F for ; Mon, 25 Sep 2017 14:29:26 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dwULy-0003qS-V5; Mon, 25 Sep 2017 14:27:22 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dwULx-0003pm-99 for xen-devel@lists.xenproject.org; Mon, 25 Sep 2017 14:27:21 +0000 Received: from [85.158.143.35] by server-4.bemta-6.messagelabs.com id CF/EB-03283-84219C95; Mon, 25 Sep 2017 14:27:20 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprIIsWRWlGSWpSXmKPExsXitHSDva6H0Ml Ig60rGS2+b5nM5MDocfjDFZYAxijWzLyk/IoE1ozty94zFTRwV3xon8vUwNjC2cXIySEh4C/x ZXcvO4jNJqAnMe/4V5YuRg4OEQEVidt7DboYuTiYBfYzSvR+/cEGUiMs4Cuxq38vC4jNIqAq8 aD/CTOIzStgK7FkShs7xEx5iXMPboPFOQXsJF7fngIWFwKqmb37HyuErSqx+MFRdoheQYmTM5 +AzWQWkJA4+OIF8wRG3llIUrOQpBYwMq1i1ChOLSpLLdI1NNNLKspMzyjJTczM0TU0MNPLTS0 uTkxPzUlMKtZLzs/dxAgMHgYg2MF4f2PAIUZJDiYlUd67fCcihfiS8lMqMxKLM+KLSnNSiw8x ynBwKEnw8gqejBQSLEpNT61Iy8wBhjFMWoKDR0mEdxZImre4IDG3ODMdInWKUZej4+bdP0xCL Hn5ealS4rxrQIoEQIoySvPgRsBi6hKjrJQwLyPQUUI8BalFuZklqPKvGMU5GJWEeZ8KAE3hyc wrgdv0CugIJqAjeqeeADmiJBEhJdXA2HxC+NjO5VpWr1PXT+zZn6XhLfWxa9f7Rbfrf800+Sf GsSsmS6iRx+fxlT01zB5tK9aVLPT1XzDD6Fhv3Dp2h54ijoeiB+9Fbvqtofzh3zPhbXP+hLF+ al++8co2Ne11sf1ui0r6FU0NpYMtd29zLev2vFRjInHljtN7750Xt01+FhOkv39LpRJLcUaio RZzUXEiAPpHliGkAgAA X-Env-Sender: prvs=43409e5e2=George.Dunlap@citrix.com X-Msg-Ref: server-2.tower-21.messagelabs.com!1506349637!70578903!1 X-Originating-IP: [66.165.176.63] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni42MyA9PiAzMDYwNDg=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 3169 invoked from network); 25 Sep 2017 14:27:19 -0000 Received: from smtp02.citrix.com (HELO SMTP02.CITRIX.COM) (66.165.176.63) by server-2.tower-21.messagelabs.com with RC4-SHA encrypted SMTP; 25 Sep 2017 14:27:19 -0000 X-IronPort-AV: E=Sophos;i="5.42,436,1500940800"; d="scan'208";a="449105774" From: George Dunlap To: Date: Mon, 25 Sep 2017 15:26:38 +0100 Message-ID: <20170925142648.25959-3-george.dunlap@citrix.com> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20170925142648.25959-1-george.dunlap@citrix.com> References: <20170925142648.25959-1-george.dunlap@citrix.com> MIME-Version: 1.0 Cc: Ian Jackson , Wei Liu , George Dunlap , Jan Beulich , Andrew Cooper Subject: [Xen-devel] [PATCH v2 03/13] fuzz/x86_emulate: Clear errors after each iteration X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Once feof() returns true for a stream, it will continue to return true for that stream until clearerr() is called (or the stream is closed and re-opened). In llvm-clang-fast-mode, the same file descriptor is used for each iteration of the loop, meaning that the "Input too large" check was broken -- feof() would return true even if the fread() hadn't hit the end of the file. The result is that AFL generates testcases of arbitrary size. Fix this by clearing the error after each iteration. Signed-off-by: George Dunlap Reviewed-by: Jan Beulich --- Changes in v2: - Actually fix the root issue rather than working around it This is a candidate for backport to 4.9. CC: Ian Jackson CC: Wei Liu CC: Andrew Cooper CC: Jan Beulich --- tools/fuzz/x86_instruction_emulator/afl-harness.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tools/fuzz/x86_instruction_emulator/afl-harness.c b/tools/fuzz/x86_instruction_emulator/afl-harness.c index 154869336a..b4d15451b5 100644 --- a/tools/fuzz/x86_instruction_emulator/afl-harness.c +++ b/tools/fuzz/x86_instruction_emulator/afl-harness.c @@ -97,6 +97,8 @@ int main(int argc, char **argv) fclose(fp); fp = NULL; } + else + clearerr(fp); LLVMFuzzerTestOneInput(input, size); }