From: George Dunlap <george.dunlap@citrix.com>
Date: Mon, 9 Oct 2017 14:04:11 +0000 (+0200)
Subject: fuzz/x86_emulate: clear errors after each iteration
X-Git-Tag: 4.10.0-rc1~112
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=849a1f10c937ce0782db95b85da391a49317c49e;p=people%2Fdariof%2Fxen.git

fuzz/x86_emulate: clear errors after each iteration

Once feof() returns true for a stream, it will continue to return true
for that stream until clearerr() is called (or the stream is closed
and re-opened).

In llvm-clang-fast-mode, the same file descriptor is used for each
iteration of the loop, meaning that the "Input too large" check was
broken -- feof() would return true even if the fread() hadn't hit the
end of the file.  The result is that AFL generates testcases of
arbitrary size.

Fix this by clearing the error after each iteration.

Signed-off-by: George Dunlap <george.dunlap@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
---

diff --git a/tools/fuzz/x86_instruction_emulator/afl-harness.c b/tools/fuzz/x86_instruction_emulator/afl-harness.c
index 154869336a..b4d15451b5 100644
--- a/tools/fuzz/x86_instruction_emulator/afl-harness.c
+++ b/tools/fuzz/x86_instruction_emulator/afl-harness.c
@@ -97,6 +97,8 @@ int main(int argc, char **argv)
             fclose(fp);
             fp = NULL;
         }
+        else
+            clearerr(fp);
 
         LLVMFuzzerTestOneInput(input, size);
     }