| Issue |
110430
|
| Summary |
Issue with libFuzzer on MSVC without LTCG
|
| Labels |
new issue
|
| Assignees |
|
| Reporter |
VA-GS
|
Hello, on MSVC builds without LTCG (so the default Debug build for example), on `Microsoft (R) C/C++ Optimizing Compiler Version 19.40.33813 for x64`, I obverse the following when running a simple
```
#include <cstdint>
extern "C" int LLVMFuzzerTestOneInput(const uint8_t * Data, size_t Size) {
return 0;
}
```
with `/fsanitize=fuzzer`: `ERROR: Function "LLVMFuzzerInitialize" not defined.`.
I looked at disassembly to try to understand how [this](https://github.com/llvm/llvm-project/commit/a4d569bc19de76dff6ad5d81e9380b75f8d22bba#diff-a3cd0a76989ba76daa188caf585fd7b3a1f4dae24e61a06663c6f4b29415fd1dR13) can result in LLVMFuzzerInitialize != LLVMFuzzerInitializeDef in GetFnPtr while still going to the body of LLVMFuzzerInitializeDef (where the is ERROR is) when calling LLVMFuzzerInitialize.
In the disassembly, LLVMFuzzerInitialize and LLVMFuzzerInitializeDef correspond to different addresses for the `call` instruction but both of those addresses are `jmp` (in the jmp stub) to the same address (= LLVMFuzzerInitializeDef body).
I can also reproduce the issue with just my own code below in a single cpp file:
```
template <typename T>
static T* GetFnPtr(T* Fun, T* FunDef, const char* FnName) {
if (Fun == FunDef) {
return nullptr;
}
return Fun;
}
__pragma(comment(linker, "/alternatename:LLVMFuzzerInitialize2=LLVMFuzzerInitialize2Def"))
extern "C" int LLVMFuzzerInitialize2(int* /*argc*/, char*** /*argv*/);
extern "C" int LLVMFuzzerInitialize2Def(int* /*argc*/, char*** /*argv*/) {
return 0;
}
auto N = GetFnPtr<decltype(LLVMFuzzerInitialize2)>(LLVMFuzzerInitialize2, LLVMFuzzerInitialize2Def, "LLVMFuzzerInitialize2");
```
where N is not set to nullptr.
This issue is not present if LTCG is added (e.g. default in Release builds).
![]()
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
