[sanitizer-coverage] fix a bug in trace-gep

author Kostya Serebryany <kcc@google.com>

Tue, 27 Sep 2016 01:55:08 +0000 (01:55 +0000)

committer Kostya Serebryany <kcc@google.com>

Tue, 27 Sep 2016 01:55:08 +0000 (01:55 +0000)
author Kostya Serebryany <kcc@google.com>
Tue, 27 Sep 2016 01:55:08 +0000 (01:55 +0000)
committer Kostya Serebryany <kcc@google.com>
Tue, 27 Sep 2016 01:55:08 +0000 (01:55 +0000)
diff --git a/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh b/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh

index 33e77a0..69fa724 100755 (executable)
--- a/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh
+++ b/lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh
@@ -7,7 +7,7 @@ LIBFUZZER_SRC=$(dirname $(dirname $SCRIPT_DIR))
  JOBS=20
  
  # FUZZ_CXXFLAGS=" -g -fsanitize=address -fsanitize-coverage=edge"
-FUZZ_CXXFLAGS=" -g -fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div"
+FUZZ_CXXFLAGS=" -g -fsanitize=address -fsanitize-coverage=trace-pc-guard,trace-cmp,trace-div,trace-gep"
  
  get() {
    [ ! -e SRC ] && git clone https://github.com/openssl/openssl.git SRC && (cd SRC && git checkout OpenSSL_1_0_1f)
diff --git a/lib/Transforms/Instrumentation/SanitizerCoverage.cpp b/lib/Transforms/Instrumentation/SanitizerCoverage.cpp

index 4a1a755..e26fdb4 100644 (file)
--- a/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
+++ b/lib/Transforms/Instrumentation/SanitizerCoverage.cpp
@@ -599,7 +599,7 @@ void SanitizerCoverageModule::InjectTraceForGep(
    for (auto GEP : GepTraceTargets) {
      IRBuilder<> IRB(GEP);
      for (auto I = GEP->idx_begin(); I != GEP->idx_end(); ++I)
-      if (!isa<ConstantInt>(*I))
+      if (!isa<ConstantInt>(*I) && (*I)->getType()->isIntegerTy())
          IRB.CreateCall(SanCovTraceGepFunction,
                         {IRB.CreateIntCast(*I, IntptrTy, true)});
    }
diff --git a/test/Instrumentation/SanitizerCoverage/gep-tracing.ll b/test/Instrumentation/SanitizerCoverage/gep-tracing.ll

index ed6cf2d..f305f49 100644 (file)
--- a/test/Instrumentation/SanitizerCoverage/gep-tracing.ll
+++ b/test/Instrumentation/SanitizerCoverage/gep-tracing.ll
@@ -30,3 +30,11 @@ entry:
  ; CHECK: call void @__sanitizer_cov_trace_gep(i64 %idxprom1)
  ; CHECK: call void @__sanitizer_cov_trace_gep(i64 %idxprom)
  ; CHECK: ret void
+
+; Just make sure we don't insturment this one and don't crash
+define void @gep_3(<2 x i8*> %a, i32 %i, i32 %j) {
+entry:
+  %0 = getelementptr i8, <2 x i8*> %a, <2 x i64> <i64 8, i64 8>
+  ret void
+}
+
author	Kostya Serebryany <kcc@google.com>
	Tue, 27 Sep 2016 01:55:08 +0000 (01:55 +0000)
committer	Kostya Serebryany <kcc@google.com>
	Tue, 27 Sep 2016 01:55:08 +0000 (01:55 +0000)
lib/Fuzzer/fuzzer-test-suite/openssl-1.0.1f/build.sh		patch \| blob \| history
lib/Transforms/Instrumentation/SanitizerCoverage.cpp		patch \| blob \| history
test/Instrumentation/SanitizerCoverage/gep-tracing.ll		patch \| blob \| history