From a2eb125d4d18e3e21b7dea6e857d2ffa288218e0 Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Mon, 17 May 2021 08:45:56 +0200
Subject: syz-manager: explicitly mark rotated fuzzers

Currently we use "f.rotatedSignal != nil" condition to denote rotated fuzzers.
However, it's possible that f.rotatedSignal is nil for a rotated fuzzer
if we select no signal at all during rotation somehow.
Use an explicit f.rotated flag instead.
---
 syz-manager/rpc.go | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/syz-manager/rpc.go b/syz-manager/rpc.go
index ca4edbbb8..d091bd01a 100644
--- a/syz-manager/rpc.go
+++ b/syz-manager/rpc.go
@@ -42,6 +42,7 @@ type RPCServer struct {
 
 type Fuzzer struct {
 	name          string
+	rotated       bool
 	inputs        []rpctype.RPCInput
 	newMaxSignal  signal.Signal
 	rotatedSignal signal.Signal
@@ -166,6 +167,7 @@ func (serv *RPCServer) rotateCorpus(f *Fuzzer, corpus []rpctype.RPCInput) *rpcty
 	// Remove the corresponding signal from rotatedSignal which will
 	// be used to accept new inputs from this manager.
 	f.rotatedSignal = serv.corpusSignal.Intersection(f.newMaxSignal)
+	f.rotated = true
 
 	result := *serv.checkResult
 	result.EnabledCalls = map[string][]int{serv.cfg.Sandbox: callIDs}
@@ -261,7 +263,7 @@ func (serv *RPCServer) NewInput(a *rpctype.NewInputArgs, r *int) error {
 	// but this request is already in-flight.
 	genuine := !serv.corpusSignal.Diff(inputSignal).Empty()
 	rotated := false
-	if !genuine && f != nil && f.rotatedSignal != nil {
+	if !genuine && f != nil && f.rotated {
 		rotated = !f.rotatedSignal.Diff(inputSignal).Empty()
 	}
 	if !genuine && !rotated {
@@ -271,7 +273,7 @@ func (serv *RPCServer) NewInput(a *rpctype.NewInputArgs, r *int) error {
 		return nil
 	}
 
-	if f != nil && f.rotatedSignal != nil {
+	if f != nil && f.rotated {
 		f.rotatedSignal.Merge(inputSignal)
 	}
 	diff := serv.corpusCover.MergeDiff(a.Cover)
@@ -301,7 +303,7 @@ func (serv *RPCServer) NewInput(a *rpctype.NewInputArgs, r *int) error {
 
 		a.RPCInput.Cover = nil // Don't send coverage back to all fuzzers.
 		for _, other := range serv.fuzzers {
-			if other == f || other.rotatedSignal != nil {
+			if other == f || other.rotated {
 				continue
 			}
 			other.inputs = append(other.inputs, a.RPCInput)
@@ -328,13 +330,13 @@ func (serv *RPCServer) Poll(a *rpctype.PollArgs, r *rpctype.PollRes) error {
 		serv.maxSignal.Merge(newMaxSignal)
 		serv.stats.maxSignal.set(len(serv.maxSignal))
 		for _, f1 := range serv.fuzzers {
-			if f1 == f || f1.rotatedSignal != nil {
+			if f1 == f || f1.rotated {
 				continue
 			}
 			f1.newMaxSignal.Merge(newMaxSignal)
 		}
 	}
-	if f.rotatedSignal != nil {
+	if f.rotated {
 		// Let rotated VMs run in isolation, don't send them anything.
 		return nil
 	}
-- 
cgit mrf-deployment