diff options
| author | Cuong Manh Le <cuong.manhle.vn@gmail.com> | 2022-10-11 11:56:51 +0700 |
|---|---|---|
| committer | Gopher Robot <gobot@golang.org> | 2022-10-12 00:12:53 +0000 |
| commit | 4bcf94b0232db65ed5df47e0127cdbc8866aec64 (patch) | |
| tree | 38fd232bf504d2891fe89fb3f9ffe05ed2c23dc0 /src/runtime/libfuzzer.go | |
| parent | e9fd40a866e9e47ba65976d4cfeaeef7eaf76266 (diff) | |
| download | go-4bcf94b0232db65ed5df47e0127cdbc8866aec64.tar.xz | |
all: prevent fakePC overflow on 386 in libfuzzer mode
fakePC uses hash.Sum32, which returns an uint32. However, libfuzzer
trace/hook functions declare fakePC argument as int, causing overflow on
386 archs.
Fixing this by changing fakePC argument to uint to prevent the overflow.
Fixes #56141
Change-Id: I3994c461319983ab70065f90bf61539a363e0a2a
Reviewed-on: https://go-review.googlesource.com/c/go/+/441996
Auto-Submit: Cuong Manh Le <cuong.manhle.vn@gmail.com>
Reviewed-by: Keith Randall <khr@google.com>
Run-TryBot: Cuong Manh Le <cuong.manhle.vn@gmail.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Diffstat (limited to 'src/runtime/libfuzzer.go')
| -rw-r--r-- | src/runtime/libfuzzer.go | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/src/runtime/libfuzzer.go b/src/runtime/libfuzzer.go index 6bfaef823b..013e7165b2 100644 --- a/src/runtime/libfuzzer.go +++ b/src/runtime/libfuzzer.go @@ -20,49 +20,49 @@ const retSledSize = 512 // This may result in these functions having callers that are nosplit. That is why they must be nosplit. // //go:nosplit -func libfuzzerTraceCmp1(arg0, arg1 uint8, fakePC int) { +func libfuzzerTraceCmp1(arg0, arg1 uint8, fakePC uint) { fakePC = fakePC % retSledSize libfuzzerCallTraceIntCmp(&__sanitizer_cov_trace_cmp1, uintptr(arg0), uintptr(arg1), uintptr(fakePC)) } //go:nosplit -func libfuzzerTraceCmp2(arg0, arg1 uint16, fakePC int) { +func libfuzzerTraceCmp2(arg0, arg1 uint16, fakePC uint) { fakePC = fakePC % retSledSize libfuzzerCallTraceIntCmp(&__sanitizer_cov_trace_cmp2, uintptr(arg0), uintptr(arg1), uintptr(fakePC)) } //go:nosplit -func libfuzzerTraceCmp4(arg0, arg1 uint32, fakePC int) { +func libfuzzerTraceCmp4(arg0, arg1 uint32, fakePC uint) { fakePC = fakePC % retSledSize libfuzzerCallTraceIntCmp(&__sanitizer_cov_trace_cmp4, uintptr(arg0), uintptr(arg1), uintptr(fakePC)) } //go:nosplit -func libfuzzerTraceCmp8(arg0, arg1 uint64, fakePC int) { +func libfuzzerTraceCmp8(arg0, arg1 uint64, fakePC uint) { fakePC = fakePC % retSledSize libfuzzerCallTraceIntCmp(&__sanitizer_cov_trace_cmp8, uintptr(arg0), uintptr(arg1), uintptr(fakePC)) } //go:nosplit -func libfuzzerTraceConstCmp1(arg0, arg1 uint8, fakePC int) { +func libfuzzerTraceConstCmp1(arg0, arg1 uint8, fakePC uint) { fakePC = fakePC % retSledSize libfuzzerCallTraceIntCmp(&__sanitizer_cov_trace_const_cmp1, uintptr(arg0), uintptr(arg1), uintptr(fakePC)) } //go:nosplit -func libfuzzerTraceConstCmp2(arg0, arg1 uint16, fakePC int) { +func libfuzzerTraceConstCmp2(arg0, arg1 uint16, fakePC uint) { fakePC = fakePC % retSledSize libfuzzerCallTraceIntCmp(&__sanitizer_cov_trace_const_cmp2, uintptr(arg0), uintptr(arg1), uintptr(fakePC)) } //go:nosplit -func libfuzzerTraceConstCmp4(arg0, arg1 uint32, fakePC int) { +func libfuzzerTraceConstCmp4(arg0, arg1 uint32, fakePC uint) { fakePC = fakePC % retSledSize libfuzzerCallTraceIntCmp(&__sanitizer_cov_trace_const_cmp4, uintptr(arg0), uintptr(arg1), uintptr(fakePC)) } //go:nosplit -func libfuzzerTraceConstCmp8(arg0, arg1 uint64, fakePC int) { +func libfuzzerTraceConstCmp8(arg0, arg1 uint64, fakePC uint) { fakePC = fakePC % retSledSize libfuzzerCallTraceIntCmp(&__sanitizer_cov_trace_const_cmp8, uintptr(arg0), uintptr(arg1), uintptr(fakePC)) } |