encounter
/
dawn-cmake
mirror of https://github.com/encounter/dawn-cmake.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix null char in AST fuzzer 

There is no need to take the null char into account when copying
mutated data with memcpy in AST fuzzer.

Change-Id: I78530c3679a31f252d2eaebd6de2a1261d346a57
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59449
Auto-Submit: Vasyl Teliman <vasniktel@gmail.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
This commit is contained in:
Vasyl Teliman 2021-07-26 11:25:17 +00:00 committed by Tint LUCI CQ
parent b32c22cead
commit badec55068
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
fuzzers/tint_ast_fuzzer/fuzzer.cc
View File

@ -70,14 +70,17 @@ extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data,
return 0; return 0;
} }
// +1 to account for \0 at the end of a string. if (result.wgsl.size() > max_size) {
auto mutated_size = result.wgsl.size() + 1;
if (mutated_size > max_size) {
return 0; return 0;
} }
std::memcpy(data, result.wgsl.data(), mutated_size); // No need to worry about the \0 here. The reason is that if \0 is included by
return mutated_size; // developer by mistake, it will be considered a part of the string and will
// cause all sorts of strange bugs. Thus, unless `data` below is used as a raw
// C string, the \0 symbol should be ignored.
std::memcpy( // NOLINT - clang-tidy warns about lack of null termination.
data, result.wgsl.data(), result.wgsl.size());
return result.wgsl.size();
} }
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {