diff options
| author | Tim Taubert <ttaubert@mozilla.com> | 2017-04-25 10:34:01 +0200 |
|---|---|---|
| committer | Tim Taubert <ttaubert@mozilla.com> | 2017-04-25 10:34:01 +0200 |
| commit | 2862293c96fdcf2ffe1204b140e7c88a96e801f3 (patch) | |
| tree | 55d17be2cf1e115419b8b2ae42772904aff4d1b2 /fuzz | |
| parent | 07fe22ef3b00a1d8d97594d55f7e3c916e70a46b (diff) | |
| download | nss-hg-2862293c96fdcf2ffe1204b140e7c88a96e801f3.tar.gz | |
Bug 1359052 - Update libFuzzer revision r=franziskus
Differential Revision: https://nss-review.dev.mozaws.net/D296
Diffstat (limited to 'fuzz')
| -rwxr-xr-x | fuzz/config/clone_libfuzzer.sh | 46 |
1 files changed, 3 insertions, 43 deletions
diff --git a/fuzz/config/clone_libfuzzer.sh b/fuzz/config/clone_libfuzzer.sh index bb50efebb..2edd8c212 100755 --- a/fuzz/config/clone_libfuzzer.sh +++ b/fuzz/config/clone_libfuzzer.sh @@ -1,46 +1,6 @@ #!/bin/sh -d=$(dirname $0) -$d/git-copy.sh https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer b96a41ac6bbc3824fc7c7977662bebacac8f0983 $d/../libFuzzer - -# [https://llvm.org/bugs/show_bug.cgi?id=31318] -# This prevents a known buffer overrun that won't be fixed as the affected code -# will go away in the near future. Until that is we have to patch it as we seem -# to constantly run into it. -cat <<EOF | patch -p0 -d $d/.. -diff --git libFuzzer/FuzzerLoop.cpp libFuzzer/FuzzerLoop.cpp ---- libFuzzer/FuzzerLoop.cpp -+++ libFuzzer/FuzzerLoop.cpp -@@ -476,6 +476,9 @@ - uint8_t dummy; - ExecuteCallback(&dummy, 0); - -+ // Number of counters might have changed. -+ PrepareCounters(&MaxCoverage); -+ - for (const auto &U : *InitialCorpus) { - if (size_t NumFeatures = RunOne(U)) { - CheckExitOnSrcPosOrItem(); -EOF +LIBFUZZER_REVISION=8837e6cbbc842ab7524b06a2f7360c36add316b3 -# Latest Libfuzzer uses __sanitizer_dump_coverage(), a symbol to be introduced -# with LLVM 4.0. To keep our code working with LLVM 3.x to simplify development -# of fuzzers we'll just provide it ourselves. -cat <<EOF | patch -p0 -d $d/.. -diff --git libFuzzer/FuzzerTracePC.cpp libFuzzer/FuzzerTracePC.cpp ---- libFuzzer/FuzzerTracePC.cpp -+++ libFuzzer/FuzzerTracePC.cpp -@@ -33,6 +33,12 @@ - ATTRIBUTE_INTERFACE - uintptr_t __sancov_trace_pc_pcs[fuzzer::TracePC::kNumPCs]; - -+#if defined(__clang_major__) && (__clang_major__ == 3) -+void __sanitizer_dump_coverage(const uintptr_t *pcs, uintptr_t len) { -+ // SanCov in LLVM 4.x will provide this symbol. Make 3.x work. -+} -+#endif -+ - namespace fuzzer { - - TracePC TPC; -EOF +d=$(dirname $0) +$d/git-copy.sh https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer $LIBFUZZER_REVISION $d/../libFuzzer |