diff options
author | Zach Riggle <riggle@google.com> | 2017-12-13 12:42:35 -0600 |
---|---|---|
committer | Zach Riggle <riggle@google.com> | 2017-12-13 14:07:06 -0600 |
commit | 6edecd2f91549d6aaf25ad113cfeb16f39d86660 (patch) | |
tree | d61fb5774726af8cca0db2fcd710a6fe13c633d3 | |
parent | 911974f31d9b3c0f7b47b2965b9a5e7d6b10dda2 (diff) | |
download | honggfuzz-6edecd2f91549d6aaf25ad113cfeb16f39d86660.tar.gz |
Fix issues on Android system builds
Bionic's implementation of strcmp() is hijacked by Honggfuzz, and invoked before
either Address Sanitizer or the trace-pc-guard coverage initialization routines
have been invoked.
This leads to segfaults on Android builds with ASAN+coverage.
Use trace_pc_guard as a convenient place to check for ASAN's initialization.
Defer trace_pc_guard activity until coverage is initialized.
Change-Id: I1dfa1946b8baad1ac58f39917d59b74ffd25bdd4
-rw-r--r-- | libhfuzz/instrument.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/libhfuzz/instrument.c b/libhfuzz/instrument.c index bd9fdae7..f48bdece 100644 --- a/libhfuzz/instrument.c +++ b/libhfuzz/instrument.c @@ -21,6 +21,7 @@ #include "libcommon/util.h" int hfuzz_module_instrument = 0; +static bool inited = false; /* * We require SSE4.2 with x86-(32|64) for the 'popcnt', as it's much faster than the software @@ -36,6 +37,8 @@ static feedback_t bbMapFb; feedback_t* feedback = &bbMapFb; uint32_t my_thread_no = 0; +void __asan_init(void); + __attribute__((constructor)) static void mapBB(void) { char* my_thread_no_str = getenv(_HF_THREAD_NO_ENV); if (my_thread_no_str == NULL) { @@ -212,7 +215,6 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_indir_call16( */ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_guard_init( uint32_t* start, uint32_t* stop) { - static bool inited = false; if (inited == true) { return; } @@ -230,6 +232,17 @@ ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_guard_init( } ATTRIBUTE_X86_REQUIRE_SSE42 void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { + // ANDROID: Bionic invokes routines that Honggfuzz wraps, before either + // ASAN or Honggfuzz have initialized. Check to see if Honggfuzz + // has initialized -- if not, force ASAN to initialize (otherwise + // _strcmp() will crash, as it is ASAN-instrumented). + // + // Defer all trace_pc_guard activity until trace_pc_guard_init is + // invoked via sancov.module_ctor in the normal process of things. + if (!inited) { + __asan_init(); + return; + } if (*guard == 0U) { return; } |