From patchwork Tue Oct 10 16:20:00 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: George Dunlap X-Patchwork-Id: 9998047 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C0EB9603B5 for ; Tue, 10 Oct 2017 22:02:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B444E287D4 for ; Tue, 10 Oct 2017 22:02:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A9097287DB; Tue, 10 Oct 2017 22:02:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.6 required=2.0 tests=BAYES_00, DATE_IN_PAST_03_06, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id A7250287D4 for ; Tue, 10 Oct 2017 22:02:49 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e22ZN-00038Z-3w; Tue, 10 Oct 2017 22:00:09 +0000 Received: from mail6.bemta6.messagelabs.com ([193.109.254.103]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1e22ZL-00036j-5r for xen-devel@lists.xenproject.org; Tue, 10 Oct 2017 22:00:07 +0000 Received: from [193.109.254.147] by server-1.bemta-6.messagelabs.com id 9A/AD-31121-6E24DD95; Tue, 10 Oct 2017 22:00:06 +0000 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrOLMWRWlGSWpSXmKPExsXitHRDpO4Dp7u RBjv7TSy+b5nM5MDocfjDFZYAxijWzLyk/IoE1ozjx+sLjvFWzDkW28B4lquLkZNDQsBf4uvF n0wgNpuAnsS8419Zuhg5OEQEVCRu7zXoYuTiYBbYzyjR+/UHG0iNsICvxOzuJrB6FgFViS3X5 7KA2LwCNhLbDy9nh5gpL/F+wX1GEFsIqGbxg6PsEDWCEidnPgGrZxaQkDj44gXzBEbuWUhSs5 CkFjAyrWLUKE4tKkst0jUy0ksqykzPKMlNzMzRNTQw08tNLS5OTE/NSUwq1kvOz93ECAwEBiD YwbhmfuAhRkkOJiVR3tfqdyOF+JLyUyozEosz4otKc1KLDzHKcHAoSfBOcgTKCRalpqdWpGXm AEMSJi3BwaMkwqsFDEsh3uKCxNzizHSI1ClGXY6Om3f/MAmx5OXnpUqJ864GmSEAUpRRmgc3A hYflxhlpYR5GYGOEuIpSC3KzSxBlX/FKM7BqCTMuwtkCk9mXgncpldARzABHSGadgfkiJJEhJ RUA2PKeaeVNY8b/93uXiK6sXe+vPF9d2X/sB9Gytvd/fZOlT5xjvOibs/zT2LeJ6amH/wRs/v x1TrRBc9EVjfsqTY4d+O8yjbjANYn3dXsBZq3e1zyBDdVVx959MPQ1nG7nd3V9eaF0TVHj0gu emZcqMmVM104p/iycuQXlxvXHS9cy3T8YhA+w0aJpTgj0VCLuag4EQDJrWkNigIAAA== X-Env-Sender: prvs=4495d6a26=George.Dunlap@citrix.com X-Msg-Ref: server-12.tower-27.messagelabs.com!1507672798!109594437!1 X-Originating-IP: [66.165.176.89] X-SpamReason: No, hits=0.0 required=7.0 tests=sa_preprocessor: VHJ1c3RlZCBJUDogNjYuMTY1LjE3Ni44OSA9PiAyMDMwMDc=\n, received_headers: No Received headers X-StarScan-Received: X-StarScan-Version: 9.4.45; banners=-,-,- X-VirusChecked: Checked Received: (qmail 26074 invoked from network); 10 Oct 2017 22:00:00 -0000 Received: from smtp.citrix.com (HELO SMTP.CITRIX.COM) (66.165.176.89) by server-12.tower-27.messagelabs.com with RC4-SHA encrypted SMTP; 10 Oct 2017 22:00:00 -0000 X-IronPort-AV: E=Sophos;i="5.43,359,1503360000"; d="scan'208";a="444876747" From: George Dunlap To: Date: Tue, 10 Oct 2017 17:20:00 +0100 Message-ID: <20171010162011.9629-1-george.dunlap@citrix.com> X-Mailer: git-send-email 2.14.2 MIME-Version: 1.0 Cc: Ian Jackson , Wei Liu , George Dunlap , Jan Beulich , Andrew Cooper Subject: [Xen-devel] [PATCH v3 01/12] fuzz/x86_emulate: Clear errors after each iteration X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" X-Virus-Scanned: ClamAV using ClamSMTP Once feof() returns true for a stream, it will continue to return true for that stream until clearerr() is called (or the stream is closed and re-opened). In llvm-clang-fast-mode, the same file descriptor is used for each iteration of the loop, meaning that the "Input too large" check was broken -- feof() would return true even if the fread() hadn't hit the end of the file. The result is that AFL generates testcases of arbitrary size. Fix this by fseek'ing to the beginning of the file on every iteration; this resets the EOF marker and other state. Signed-off-by: George Dunlap Acked-by: Ian Jackson --- Changes in v3: - Fix the issue in the official sanctioned way This is a candidate for backport to 4.9. CC: Ian Jackson CC: Wei Liu CC: Andrew Cooper CC: Jan Beulich --- tools/fuzz/x86_instruction_emulator/afl-harness.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tools/fuzz/x86_instruction_emulator/afl-harness.c b/tools/fuzz/x86_instruction_emulator/afl-harness.c index b4d15451b5..57b4542556 100644 --- a/tools/fuzz/x86_instruction_emulator/afl-harness.c +++ b/tools/fuzz/x86_instruction_emulator/afl-harness.c @@ -77,6 +77,17 @@ int main(int argc, char **argv) exit(-1); } } +#ifdef __AFL_HAVE_MANUAL_CONTROL + else + { + /* + * This will ensure we're dealing with a clean stream + * state after the afl-fuzz process messes with the open + * file handle. + */ + fseek(fp, 0, SEEK_SET); + } +#endif size = fread(input, 1, INPUT_SIZE, fp);