File: 12-custom-mutator-fail.patch

package info (click to toggle)

firefox 149.0-1

links: PTS, VCS
area: main
in suites: sid
size: 4,767,760 kB
sloc: cpp: 7,416,064; javascript: 6,752,859; ansic: 3,774,850; python: 1,250,473; xml: 641,578; asm: 439,191; java: 186,617; sh: 56,634; makefile: 18,856; objc: 13,092; perl: 12,763; pascal: 5,960; yacc: 4,583; cs: 3,846; lex: 1,720; ruby: 1,002; php: 436; lisp: 258; awk: 105; sql: 66; sed: 53; csh: 10; exp: 6

file content (32 lines) | stat: -rw-r--r-- 1,296 bytes

parent folder | download | duplicates (3)

commit bde6e34b41ab68663a1c07a555432ecbd7358a55
Author: Christian Holler <choller@mozilla.com>
Date:   Thu Jul 30 18:32:48 2020 +0200

    [libFuzzer] Allow custom mutators to fail

diff --git a/FuzzerLoop.cpp b/FuzzerLoop.cpp
index 4339cf2e0dbb..263140c99f57 100644
--- a/FuzzerLoop.cpp
+++ b/FuzzerLoop.cpp
@@ -754,6 +754,10 @@ void Fuzzer::MutateAndTestOne() {
     // If MutateWithMask either failed or wasn't called, call default Mutate.
     if (!NewSize)
       NewSize = MD.Mutate(CurrentUnitData, Size, CurrentMaxMutationLen);
+
+    if (!NewSize)
+      continue;
+
     assert(NewSize > 0 && "Mutator returned empty unit");
     assert(NewSize <= CurrentMaxMutationLen && "Mutator return oversized unit");
     Size = NewSize;
@@ -923,7 +927,9 @@ void Fuzzer::MinimizeCrashLoop(const Unit &U) {
     memcpy(CurrentUnitData, U.data(), U.size());
     for (int i = 0; i < Options.MutateDepth; i++) {
       size_t NewSize = MD.Mutate(CurrentUnitData, U.size(), MaxMutationLen);
-      assert(NewSize > 0 && NewSize <= MaxMutationLen);
+      assert(NewSize <= MaxMutationLen);
+      if (!NewSize)
+        continue;
       ExecuteCallback(CurrentUnitData, NewSize);
       PrintPulseAndReportSlowInput(CurrentUnitData, NewSize);
       TryDetectingAMemoryLeak(CurrentUnitData, NewSize,