File: 12-custom-mutator-fail.patch

package info (click to toggle)

firefox 147.0.3-1

links: PTS, VCS
area: main
in suites: sid
size: 4,683,320 kB
sloc: cpp: 7,607,359; javascript: 6,533,295; ansic: 3,775,223; python: 1,415,500; xml: 634,561; asm: 438,949; java: 186,241; sh: 62,752; makefile: 18,079; objc: 13,092; perl: 12,808; yacc: 4,583; cs: 3,846; pascal: 3,448; lex: 1,720; ruby: 1,003; php: 436; lisp: 258; awk: 247; sql: 66; sed: 54; csh: 10; exp: 6

file content (32 lines) | stat: -rw-r--r-- 1,296 bytes

parent folder | download | duplicates (2)

commit bde6e34b41ab68663a1c07a555432ecbd7358a55
Author: Christian Holler <choller@mozilla.com>
Date:   Thu Jul 30 18:32:48 2020 +0200

    [libFuzzer] Allow custom mutators to fail

diff --git a/FuzzerLoop.cpp b/FuzzerLoop.cpp
index 4339cf2e0dbb..263140c99f57 100644
--- a/FuzzerLoop.cpp
+++ b/FuzzerLoop.cpp
@@ -754,6 +754,10 @@ void Fuzzer::MutateAndTestOne() {
     // If MutateWithMask either failed or wasn't called, call default Mutate.
     if (!NewSize)
       NewSize = MD.Mutate(CurrentUnitData, Size, CurrentMaxMutationLen);
+
+    if (!NewSize)
+      continue;
+
     assert(NewSize > 0 && "Mutator returned empty unit");
     assert(NewSize <= CurrentMaxMutationLen && "Mutator return oversized unit");
     Size = NewSize;
@@ -923,7 +927,9 @@ void Fuzzer::MinimizeCrashLoop(const Unit &U) {
     memcpy(CurrentUnitData, U.data(), U.size());
     for (int i = 0; i < Options.MutateDepth; i++) {
       size_t NewSize = MD.Mutate(CurrentUnitData, U.size(), MaxMutationLen);
-      assert(NewSize > 0 && NewSize <= MaxMutationLen);
+      assert(NewSize <= MaxMutationLen);
+      if (!NewSize)
+        continue;
       ExecuteCallback(CurrentUnitData, NewSize);
       PrintPulseAndReportSlowInput(CurrentUnitData, NewSize);
       TryDetectingAMemoryLeak(CurrentUnitData, NewSize,