[libFuzzer] Fix off-by-one error in ApplyDictionaryEntry
In the overwrite branch of MutationDispatcher::ApplyDictionaryEntry in FuzzerMutate.cpp, the index Idx at which W.size() bytes are overwritten with the word W is chosen uniformly at random in the interval [0, Size - W.size()). This means that Idx + W.size() will always be strictly less than Size, i.e., the last byte of the current unit will never be overwritten. This is fixed by adding 1 to the exclusive upper bound. Addresses https://bugs.llvm.org/show_bug.cgi?id=49989. Reviewed By: morehouse Differential Revision: https://reviews.llvm.org/D101625
Loading
Please register or sign in to comment