[xen master] fuzz/x86_emulate: clear errors after each iteration

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[xen master] fuzz/x86_emulate: clear errors after each iteration

patchbot
commit 849a1f10c937ce0782db95b85da391a49317c49e
Author:     George Dunlap <[hidden email]>
AuthorDate: Mon Oct 9 16:04:11 2017 +0200
Commit:     Jan Beulich <[hidden email]>
CommitDate: Mon Oct 9 16:04:11 2017 +0200

    fuzz/x86_emulate: clear errors after each iteration
   
    Once feof() returns true for a stream, it will continue to return true
    for that stream until clearerr() is called (or the stream is closed
    and re-opened).
   
    In llvm-clang-fast-mode, the same file descriptor is used for each
    iteration of the loop, meaning that the "Input too large" check was
    broken -- feof() would return true even if the fread() hadn't hit the
    end of the file.  The result is that AFL generates testcases of
    arbitrary size.
   
    Fix this by clearing the error after each iteration.
   
    Signed-off-by: George Dunlap <[hidden email]>
    Reviewed-by: Jan Beulich <[hidden email]>
---
 tools/fuzz/x86_instruction_emulator/afl-harness.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tools/fuzz/x86_instruction_emulator/afl-harness.c b/tools/fuzz/x86_instruction_emulator/afl-harness.c
index 1548693..b4d1545 100644
--- a/tools/fuzz/x86_instruction_emulator/afl-harness.c
+++ b/tools/fuzz/x86_instruction_emulator/afl-harness.c
@@ -97,6 +97,8 @@ int main(int argc, char **argv)
             fclose(fp);
             fp = NULL;
         }
+        else
+            clearerr(fp);
 
         LLVMFuzzerTestOneInput(input, size);
     }
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
[hidden email]
https://lists.xenproject.org/xen-changelog