summaryrefslogtreecommitdiffstats
path: root/tools/fuzzing/libfuzzer/patches/12-custom-mutator-fail.patch
blob: 2457c1f0463496cac9b1bed8f168cef3a4a54cf4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# HG changeset patch
# User Christian Holler <choller@mozilla.com>
# Date 1596126768 -7200
#      Thu Jul 30 18:32:48 2020 +0200
# Node ID 64e7d096fa77a62b71a306b2c5383b8f75ac4945
# Parent  ea198a0331a6db043cb5978512226977514104db
[libFuzzer] Allow custom mutators to fail

diff --git a/tools/fuzzing/libfuzzer/FuzzerLoop.cpp b/tools/fuzzing/libfuzzer/FuzzerLoop.cpp
--- a/tools/fuzzing/libfuzzer/FuzzerLoop.cpp
+++ b/tools/fuzzing/libfuzzer/FuzzerLoop.cpp
@@ -690,16 +690,20 @@ void Fuzzer::MutateAndTestOne() {
     if (II.HasFocusFunction && !II.DataFlowTraceForFocusFunction.empty() &&
         Size <= CurrentMaxMutationLen)
       NewSize = MD.MutateWithMask(CurrentUnitData, Size, Size,
                                   II.DataFlowTraceForFocusFunction);
 
     // If MutateWithMask either failed or wasn't called, call default Mutate.
     if (!NewSize)
       NewSize = MD.Mutate(CurrentUnitData, Size, CurrentMaxMutationLen);
+
+    if (!NewSize)
+      continue;
+
     assert(NewSize > 0 && "Mutator returned empty unit");
     assert(NewSize <= CurrentMaxMutationLen && "Mutator return oversized unit");
     Size = NewSize;
     II.NumExecutedMutations++;
     Corpus.IncrementNumExecutedMutations();
 
     bool FoundUniqFeatures = false;
     bool NewCov = RunOne(CurrentUnitData, Size, /*MayDeleteFile=*/true, &II,
@@ -850,17 +854,19 @@ void Fuzzer::Loop(Vector<SizedFile> &Cor
 void Fuzzer::MinimizeCrashLoop(const Unit &U) {
   if (U.size() <= 1)
     return;
   while (!TimedOut() && TotalNumberOfRuns < Options.MaxNumberOfRuns) {
     MD.StartMutationSequence();
     memcpy(CurrentUnitData, U.data(), U.size());
     for (int i = 0; i < Options.MutateDepth; i++) {
       size_t NewSize = MD.Mutate(CurrentUnitData, U.size(), MaxMutationLen);
-      assert(NewSize > 0 && NewSize <= MaxMutationLen);
+      assert(NewSize <= MaxMutationLen);
+      if (!NewSize)
+        continue;
       ExecuteCallback(CurrentUnitData, NewSize);
       PrintPulseAndReportSlowInput(CurrentUnitData, NewSize);
       TryDetectingAMemoryLeak(CurrentUnitData, NewSize,
                               /*DuringInitialCorpusExecution*/ false);
     }
   }
 }