Source code
Revision control
Copy as Markdown
Other Tools
commit 32a07682ac69aa3ef2a2e119335b9a7d4d9e2cd0
Author: Christian Holler <choller@mozilla.com>
Date: Thu Jul 30 18:27:28 2020 +0200
[libFuzzer] Change libFuzzer callback contract to allow positive return values
diff --git a/FuzzerLoop.cpp b/FuzzerLoop.cpp
index a93cd16b8793..4339cf2e0dbb 100644
--- a/FuzzerLoop.cpp
+++ b/FuzzerLoop.cpp
@@ -619,7 +619,6 @@ ATTRIBUTE_NOINLINE bool Fuzzer::ExecuteCallback(const uint8_t *Data,
CBRes = CB(DataCopy, Size);
RunningUserCallback = false;
UnitStopTime = system_clock::now();
- assert(CBRes == 0 || CBRes == -1);
HasMoreMallocsThanFrees = AllocTracer.Stop();
}
if (!LooseMemeq(DataCopy, Data, Size))
diff --git a/FuzzerMerge.cpp b/FuzzerMerge.cpp
index 8c8806e8aafd..69e71135a3e4 100644
--- a/FuzzerMerge.cpp
+++ b/FuzzerMerge.cpp
@@ -236,7 +236,9 @@ void Fuzzer::CrashResistantMergeInternalStep(const std::string &CFPath,
OF.flush(); // Flush is important since Command::Execute may crash.
// Run.
TPC.ResetMaps();
- ExecuteCallback(U.data(), U.size());
+ if (!ExecuteCallback(U.data(), U.size())) {
+ continue;
+ }
// Collect coverage. We are iterating over the files in this order:
// * First, files in the initial corpus ordered by size, smallest first.
// * Then, all other files, smallest first.