https://bugs.llvm.org/show_bug.cgi?id=36148
Bug ID: 36148
Summary: Suspicious use of sizeof(pointer) in FuzzerMutate.cpp
Product: new-bugs
Version: 5.0
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: new bugs
Assignee: unassignedb...@nondot.org
Reporter: w...@behrenhoff.de
CC: llvm-bugs@lists.llvm.org
In file lib/Fuzzer/FuzzerMutate.cpp, the function RandCh (lines 63--67) looks
like this:
static char RandCh(Random &Rand) {
if (Rand.RandBool()) return Rand(256);
const char *Special = "!*'();:@&=+$,/?%#[]012Az-`~.\xff\x00";
return Special[Rand(sizeof(Special) - 1)];
}
Special is thus a pointer to char. In the return line sizeof(pointer)-1 is used
as index. I think the intention was to return any of the predefined characters,
not any of the first 4-1=3 or 8-1=7 characters (or whatever size a pointer is
on the target platform).
I suggest using an array instead of a pointer:
const char Special[] = "!*'();:@&=+$,/?%#[]012Az-`~.\xff\x00";
I haven't tested this, but surely the sizeof(pointer) is wrong :-)
This bug is at least present in the 5.0.1 download. If it is also in 6 or
trunk: I don't know. Please check!
Cheers!
--
You are receiving this mail because:
You are on the CC list for the bug._______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
