зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1632830 - Properly shutdown ScopedXPCOM instance with libFuzzer. r=truber
Differential Revision: https://phabricator.services.mozilla.com/D72386
This commit is contained in:
Christian Holler
Родитель
aa83e350d0
Коммит
870ae59237
|
|
@ -20,10 +20,31 @@ namespace mozilla {
|
|||
class _InitFuzzer {
|
||||
public:
|
||||
_InitFuzzer() { fuzzerRunner = new FuzzerRunner(); }
|
||||
void InitXPCOM() { mScopedXPCOM = new ScopedXPCOM("Fuzzer"); }
|
||||
void DeinitXPCOM() {
|
||||
if (mScopedXPCOM) delete mScopedXPCOM;
|
||||
mScopedXPCOM = nullptr;
|
||||
}
|
||||
|
||||
private:
|
||||
ScopedXPCOM* mScopedXPCOM;
|
||||
} InitLibFuzzer;
|
||||
|
||||
static void DeinitXPCOM() { InitLibFuzzer.DeinitXPCOM(); }
|
||||
|
||||
int FuzzerRunner::Run(int* argc, char*** argv) {
|
||||
ScopedXPCOM xpcom("Fuzzer");
|
||||
/*
|
||||
* libFuzzer uses exit() calls in several places instead of returning,
|
||||
* so the destructor of ScopedXPCOM is not called in some cases.
|
||||
* For fuzzing, this does not make a difference, but in debug builds
|
||||
* when running a single testcase, this causes an assertion when destroying
|
||||
* global linked lists. For this reason, we allocate ScopedXPCOM on the heap
|
||||
* using the global InitLibFuzzer class, combined with an atexit call to
|
||||
* destroy the ScopedXPCOM instance again.
|
||||
*/
|
||||
InitLibFuzzer.InitXPCOM();
|
||||
std::atexit(DeinitXPCOM);
|
||||
|
||||
const char* fuzzerEnv = getenv("FUZZER");
|
||||
|
||||
if (!fuzzerEnv) {
|
||||
|
|
@ -51,11 +72,14 @@ int FuzzerRunner::Run(int* argc, char*** argv) {
|
|||
}
|
||||
|
||||
#ifdef LIBFUZZER
|
||||
return mFuzzerDriver(argc, argv, testingFunc);
|
||||
int ret = mFuzzerDriver(argc, argv, testingFunc);
|
||||
#else
|
||||
// For AFL, testingFunc points to the entry function we need.
|
||||
return testingFunc(NULL, 0);
|
||||
int ret = testingFunc(NULL, 0);
|
||||
#endif
|
||||
|
||||
InitLibFuzzer.DeinitXPCOM();
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef LIBFUZZER
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ MOZ_FORMAT_PRINTF(1, 2) void fail(const char* msg, ...) {
|
|||
|
||||
//-----------------------------------------------------------------------------
|
||||
|
||||
class ScopedXPCOM : public nsIDirectoryServiceProvider2 {
|
||||
class ScopedXPCOM final : public nsIDirectoryServiceProvider2 {
|
||||
public:
|
||||
NS_DECL_ISUPPORTS
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче