You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A lot of our current generated fuzz targets have the following misuse of FDP:
constsize_t src_size = stream.ConsumeIntegralInRange<size_t>(0, 1024);
std::vector<uint8_t> src = stream.ConsumeBytes<uint8_t>(src_size);
// Call the function being tested.func(src.data(), src_size);
This makes an assumption that stream.ConsumeBytes will always return the requested number of bytes. This is not the case -- it will return at most the number of bytes remaining in the input stream.
This will lead to false positive crashes.
The text was updated successfully, but these errors were encountered:
A lot of our current generated fuzz targets have the following misuse of FDP:
This makes an assumption that
stream.ConsumeBytes
will always return the requested number of bytes. This is not the case -- it will return at most the number of bytes remaining in the input stream.This will lead to false positive crashes.
The text was updated successfully, but these errors were encountered: