From 4b8eb86360b106afbc69cc014e8f1a15017c9d1f Mon Sep 17 00:00:00 2001 From: Jan Janssen Date: Fri, 23 Sep 2022 09:54:03 +0200 Subject: [PATCH] fuzz: Introduce DO_NOT_OPTIMIZE The compiler may decide computations like these are not doing anything and decide to optimize them away. This would defeat the whole fuzzing exercise. This macro will force the compiler to materialize the value no matter what. It should be less prone to accidents compared to using log functions, which would either slow things down or still optimize the value away (or simply move it into the if branch the log macros create). The benefit over assert_se would be that no requirement is made on the value itself. If we are fine getting a string of any size (including zero), an assert_se would either create a noisy compiler warning about conditions that would alawys be met or yet again optimize the whole thing away. --- src/boot/efi/fuzz-bcd.c | 8 ++------ src/fuzz/fuzz.h | 3 +++ 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/src/boot/efi/fuzz-bcd.c b/src/boot/efi/fuzz-bcd.c index 6d76533e8f..297b71f60c 100644 --- a/src/boot/efi/fuzz-bcd.c +++ b/src/boot/efi/fuzz-bcd.c @@ -2,7 +2,6 @@ #include "alloc-util.h" #include "bcd.h" -#include "fd-util.h" #include "fuzz.h" #include "utf8.h" @@ -13,14 +12,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if (outside_size_range(size, 0, 100*1024)) return 0; - if (!getenv("SYSTEMD_LOG_LEVEL")) - log_set_max_level(LOG_CRIT); - p = memdup(data, size); assert_se(p); char16_t *title = get_bcd_title(p, size); - if (title) - (void) char16_strlen(title); + /* If we get something, it must be NUL-terminated, but an empty string is still valid! */ + DO_NOT_OPTIMIZE(title && char16_strlen(title)); return 0; } diff --git a/src/fuzz/fuzz.h b/src/fuzz/fuzz.h index 04c438edaf..a7d3a89fe2 100644 --- a/src/fuzz/fuzz.h +++ b/src/fuzz/fuzz.h @@ -27,3 +27,6 @@ static inline bool outside_size_range(size_t size, size_t lower, size_t upper) { return FUZZ_USE_SIZE_LIMIT; return false; } + +/* Force value to not be optimized away. */ +#define DO_NOT_OPTIMIZE(value) ({ asm volatile("" : : "g"(value) : "memory"); })