[libFuzzer] Fix minimizing timeouts
When one tries to minimize timeouts using -minimize_crash=1,
minimization immediately fails. The following sequence of events is
responsible for this:
[parent] SIGALRM occurs
[parent] read() returns -EINTR (or -ERESTARTSYS according to strace)
[parent] fgets() returns NULL
[parent] ExecuteCommand() closes child's stdout and returns
[child ] SIGALRM occurs
[child ] AlarmCallback() attempts to write "ALARM: ..." to stdout
[child ] Dies with SIGPIPE without calling DumpCurrentUnit()
[parent] Does not see -exact_artifact_path and exits
When minimizing, the timer in parent is not necessary, so fix by not
setting it in this case.
Reviewed By: morehouse
Differential Revision: https://reviews.llvm.org/D85359
GitOrigin-RevId: 9df7ee34e1b557908c125e9036ad8c54da71a4ef
diff --git a/FuzzerDriver.cpp b/FuzzerDriver.cpp
index 8339697..bed9e84 100644
--- a/FuzzerDriver.cpp
+++ b/FuzzerDriver.cpp
@@ -767,6 +767,7 @@
#endif // LIBFUZZER_EMSCRIPTEN
Options.HandleAbrt = Flags.handle_abrt;
+ Options.HandleAlrm = !Flags.minimize_crash;
Options.HandleBus = Flags.handle_bus;
Options.HandleFpe = Flags.handle_fpe;
Options.HandleIll = Flags.handle_ill;
diff --git a/FuzzerOptions.h b/FuzzerOptions.h
index 9d975bd..b75e7c7 100644
--- a/FuzzerOptions.h
+++ b/FuzzerOptions.h
@@ -69,6 +69,7 @@
int PurgeAllocatorIntervalSec = 1;
int TraceMalloc = 0;
bool HandleAbrt = false;
+ bool HandleAlrm = false;
bool HandleBus = false;
bool HandleFpe = false;
bool HandleIll = false;
diff --git a/FuzzerUtilFuchsia.cpp b/FuzzerUtilFuchsia.cpp
index 190fb78..93fa2f5 100644
--- a/FuzzerUtilFuchsia.cpp
+++ b/FuzzerUtilFuchsia.cpp
@@ -354,7 +354,7 @@
Printf("%s", Buf);
// Set up alarm handler if needed.
- if (Options.UnitTimeoutSec > 0) {
+ if (Options.HandleAlrm && Options.UnitTimeoutSec > 0) {
std::thread T(AlarmHandler, Options.UnitTimeoutSec / 2 + 1);
T.detach();
}
diff --git a/FuzzerUtilPosix.cpp b/FuzzerUtilPosix.cpp
index fc57b72..27ce69a 100644
--- a/FuzzerUtilPosix.cpp
+++ b/FuzzerUtilPosix.cpp
@@ -113,7 +113,7 @@
void SetSignalHandler(const FuzzingOptions& Options) {
// setitimer is not implemented in emscripten.
- if (Options.UnitTimeoutSec > 0 && !LIBFUZZER_EMSCRIPTEN)
+ if (Options.HandleAlrm && Options.UnitTimeoutSec > 0 && !LIBFUZZER_EMSCRIPTEN)
SetTimer(Options.UnitTimeoutSec / 2 + 1);
if (Options.HandleInt)
SetSigaction(SIGINT, InterruptHandler);
diff --git a/FuzzerUtilWindows.cpp b/FuzzerUtilWindows.cpp
index 6c693e3..a360b65 100644
--- a/FuzzerUtilWindows.cpp
+++ b/FuzzerUtilWindows.cpp
@@ -115,7 +115,7 @@
void SetSignalHandler(const FuzzingOptions& Options) {
HandlerOpt = &Options;
- if (Options.UnitTimeoutSec > 0)
+ if (Options.HandleAlrm && Options.UnitTimeoutSec > 0)
Timer.SetTimer(Options.UnitTimeoutSec / 2 + 1);
if (Options.HandleInt || Options.HandleTerm)
