fuzzer: Supply mode argument to open() when required to#25
Open
James-A-Clark wants to merge 1 commit into
Open
fuzzer: Supply mode argument to open() when required to#25James-A-Clark wants to merge 1 commit into
James-A-Clark wants to merge 1 commit into
Conversation
When FORTIFY_SOURCE is enabled, libc will terminate the process on a call to open() with flags that require a mode argument but it's not provided. Here is the relevant part of the glibc docs: The mode argument must be supplied if O_CREAT or O_TMPFILE is specified in flags; if it is not supplied, some arbitrary bytes from the stack will be applied as the file mode. And this is what it looks like when running the fuzzer: ================================================== Starting fuzzing at 2022-03-17 13:15:53 ================================================== *** invalid open call: O_CREAT or O_TMPFILE without mode ***: ./perf_fuzzer terminated Aborted Fix this by supplying a mode argument when the random flags indicate it's required. The actual mode is not important because files can't be created in sysfs. Signed-off-by: James Clark <james.clark@arm.com>
rli9
added a commit
to intel/lkp-tests
that referenced
this pull request
May 25, 2023
Below issue at least occurs on glibc 2.28. *** invalid open call: O_CREAT or O_TMPFILE without mode ***: terminated Aborted Link: deater/perf_event_tests#25 Signed-off-by: Philip Li <philip.li@intel.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Hi,
I noticed that the default behaviour on some configs of libc is to terminate when there is an issue
with the open() flags. This change allows the fuzzer to run instead of instantly quitting
in that case.
See the commit message for more details.
Thanks
James