This is an archive of the discontinued LLVM Phabricator instance.

[libFuzzer] Fix off-by-one error in ApplyDictionaryEntry
ClosedPublic

Authored by fmeum on Apr 30 2021, 6:35 AM.

Details

Summary

In the overwrite branch of MutationDispatcher::ApplyDictionaryEntry in
FuzzerMutate.cpp, the index Idx at which W.size() bytes are overwritten
with the word W is chosen uniformly at random in the interval
[0, Size - W.size()). This means that Idx + W.size() will always be
strictly less than Size, i.e., the last byte of the current unit will
never be overwritten.

This is fixed by adding 1 to the exclusive upper bound.

Addresses https://bugs.llvm.org/show_bug.cgi?id=49989.

Diff Detail

Event Timeline

fmeum requested review of this revision.Apr 30 2021, 6:35 AM
fmeum created this revision.
Herald added a project: Restricted Project. · View Herald TranscriptApr 30 2021, 6:35 AM
Herald added a subscriber: Restricted Project. · View Herald Transcript
morehouse accepted this revision.Apr 30 2021, 8:21 AM

Thanks for the fix!

This revision is now accepted and ready to land.Apr 30 2021, 8:21 AM
This revision was automatically updated to reflect the committed changes.