Fix null char in AST fuzzer

There is no need to take the null char into account when copying
mutated data with memcpy in AST fuzzer.

Change-Id: I78530c3679a31f252d2eaebd6de2a1261d346a57
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59449
Auto-Submit: Vasyl Teliman <vasniktel@gmail.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
This commit is contained in:
Vasyl Teliman 2021-07-26 11:25:17 +00:00 committed by Tint LUCI CQ
parent b32c22cead
commit badec55068
1 changed files with 8 additions and 5 deletions

View File

@ -70,14 +70,17 @@ extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data,
return 0; return 0;
} }
// +1 to account for \0 at the end of a string. if (result.wgsl.size() > max_size) {
auto mutated_size = result.wgsl.size() + 1;
if (mutated_size > max_size) {
return 0; return 0;
} }
std::memcpy(data, result.wgsl.data(), mutated_size); // No need to worry about the \0 here. The reason is that if \0 is included by
return mutated_size; // developer by mistake, it will be considered a part of the string and will
// cause all sorts of strange bugs. Thus, unless `data` below is used as a raw
// C string, the \0 symbol should be ignored.
std::memcpy( // NOLINT - clang-tidy warns about lack of null termination.
data, result.wgsl.data(), result.wgsl.size());
return result.wgsl.size();
} }
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {