Fix out-of-bounds access in regex fuzzer
Fixes the regex fuzzer so that when searching for an operator to replace, it takes account of the fact that the string being searched may be very small, avoiding an issue where unsigned integer underflow would occur. Bug: crbug.com/1359193 Change-Id: I653a20429dc20385a64f8d684c81d023702458e6 Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/102641 Kokoro: Kokoro <noreply+kokoro@google.com> Auto-Submit: Alastair Donaldson <afdx@google.com> Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: Ben Clayton <bclayton@google.com> Reviewed-by: Ryan Harrison <rharrison@chromium.org>
This commit is contained in:
parent
4f8ed34b94
commit
b7da8f612e
|
@ -545,6 +545,14 @@ d %= e;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
TEST(TestReplaceOperator, TestFindOperatorOccurrenceOnSmallStrings) {
|
||||||
|
RandomGenerator generator(0);
|
||||||
|
WgslMutatorTest mutator(generator);
|
||||||
|
ASSERT_FALSE(mutator.FindOperatorOccurrence("", 0).has_value());
|
||||||
|
ASSERT_FALSE(mutator.FindOperatorOccurrence(" ", 0).has_value());
|
||||||
|
ASSERT_FALSE(mutator.FindOperatorOccurrence(" ", 0).has_value());
|
||||||
|
}
|
||||||
|
|
||||||
TEST(TestInsertBreakOrContinue, TestLoopPositions1) {
|
TEST(TestInsertBreakOrContinue, TestLoopPositions1) {
|
||||||
RandomGenerator generator(0);
|
RandomGenerator generator(0);
|
||||||
WgslMutatorTest mutator(generator);
|
WgslMutatorTest mutator(generator);
|
||||||
|
|
|
@ -463,9 +463,9 @@ std::optional<std::pair<uint32_t, uint32_t>> WgslMutator::FindOperatorOccurrence
|
||||||
// case where search has reached the end of the code string.
|
// case where search has reached the end of the code string.
|
||||||
char first_character = wgsl_code[current_index];
|
char first_character = wgsl_code[current_index];
|
||||||
char second_character =
|
char second_character =
|
||||||
current_index == wgsl_code.size() - 1 ? '\0' : wgsl_code[current_index + 1];
|
current_index + 1 == wgsl_code.size() ? '\0' : wgsl_code[current_index + 1];
|
||||||
char third_character =
|
char third_character =
|
||||||
current_index >= wgsl_code.size() - 2 ? '\0' : wgsl_code[current_index + 2];
|
current_index + 2 >= wgsl_code.size() ? '\0' : wgsl_code[current_index + 2];
|
||||||
|
|
||||||
// This uses the extracted characters to match for the various WGSL operators.
|
// This uses the extracted characters to match for the various WGSL operators.
|
||||||
switch (first_character) {
|
switch (first_character) {
|
||||||
|
|
Loading…
Reference in New Issue