Google Git
Sign in
llvm / libfuzzer / c56b6033bd62a9ebaf4c3a59e505d2e14465ff61^! / .
commitc56b6033bd62a9ebaf4c3a59e505d2e14465ff61[log] [tgz]
authorKamil Rytarowski <n54@gmx.com>Thu May 10 17:31:06 2018 +0000
committerCopybara-Service <copybara-worker@google.com>Thu Mar 25 23:16:54 2021 -0700
treecf5461c3f4f11ba9937cd8f9d07b2423c39bc9d4
parent3711b109edaa96a9139a2caadc8f28554c541ef7 [diff]
wrong usages of sem_open in the libFuzzer

Summary:
Fixed two non-standard usages of sem_open in the libFuzzer library and
one NetBSD-related modification with test script.

  - The return value to indicate error should be SEM_FAILED instead of
    (void *)-1 (please refer to "RETURN VALUE" section in this [[
    http://pubs.opengroup.org/onlinepubs/9699919799/functions/sem_open.html
    | page ]]). Actually, SEM_FAILED != (void *)-1 holds in NetBSD.

  - The SharedMemoryRegion::SemName function should return name
    starting with slash. Because the behaviour of name which does not
    start with slash is unspecified as the [[
    http://pubs.opengroup.org/onlinepubs/9699919799/functions/sem_open.html
    | "DESCRIPTION" section ]] specified:

> If name does not begin with the <slash> character, the effect is implementation-defined.

  - The length of name is limited to 14 in NetBSD, it is suggested to
    reduce the length of equivalence server name in the test script.

Patch by: Yang Zheng

Reviewers: vitalybuka, krytarowski, kcc

Reviewed By: kcc

Subscribers: kcc, #sanitizers, llvm-commits, joerg

Differential Revision: https://reviews.llvm.org/D46622

llvm-svn: 332003
GitOrigin-RevId: aee7b0f20921d12916f6a46ad182f83d727dc9fd

diff --git a/FuzzerShmemPosix.cpp b/FuzzerShmemPosix.cpp
index 50cdcfb..41a93f6 100644
--- a/FuzzerShmemPosix.cpp
+++ b/FuzzerShmemPosix.cpp

@@ -32,6 +32,11 @@
 
 std::string SharedMemoryRegion::SemName(const char *Name, int Idx) {
   std::string Res(Name);
+  // When passing a name without a leading <slash> character to
+  // sem_open, the behaviour is unspecified in POSIX. Add a leading
+  // <slash> character for the name if there is no such one.
+  if (!Res.empty() && Res[0] != '/')
+    Res.insert(Res.begin(), '/');
   return Res + (char)('0' + Idx);
 }
 
@@ -52,7 +57,7 @@
   for (int i = 0; i < 2; i++) {
     sem_unlink(SemName(Name, i).c_str());
     Semaphore[i] = sem_open(SemName(Name, i).c_str(), O_CREAT, 0644, 0);
-    if (Semaphore[i] == (void *)-1)
+    if (Semaphore[i] == SEM_FAILED)
       return false;
   }
   IAmServer = true;
@@ -70,7 +75,7 @@
     return false;
   for (int i = 0; i < 2; i++) {
     Semaphore[i] = sem_open(SemName(Name, i).c_str(), 0);
-    if (Semaphore[i] == (void *)-1)
+    if (Semaphore[i] == SEM_FAILED)
       return false;
   }
   IAmServer = false;