commit badec5506871fc81ae522b83e3f66fd481b4377b
author Vasyl Teliman <vasniktel@gmail.com> Mon Jul 26 11:25:17 2021 +0000
committer Tint LUCI CQ <tint-scoped@luci-project-accounts.iam.gserviceaccount.com> Mon Jul 26 11:25:17 2021 +0000
tree c81c343c709d1aaff28e83233dc2c98f906d10e4
parent b32c22ceadf959b88f22b6c2225cc96cd0a914f0

Fix null char in AST fuzzer

There is no need to take the null char into account when copying
mutated data with memcpy in AST fuzzer.

Change-Id: I78530c3679a31f252d2eaebd6de2a1261d346a57
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/59449
Auto-Submit: Vasyl Teliman <vasniktel@gmail.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Vasyl Teliman <vasniktel@gmail.com>
Reviewed-by: Ben Clayton <bclayton@google.com>

fuzzers/tint_ast_fuzzer/fuzzer.cc

diff --git a/fuzzers/tint_ast_fuzzer/fuzzer.cc b/fuzzers/tint_ast_fuzzer/fuzzer.cc
index a6c3129..218dce5 100644
--- a/fuzzers/tint_ast_fuzzer/fuzzer.cc
+++ b/fuzzers/tint_ast_fuzzer/fuzzer.cc
@@ -70,14 +70,17 @@
     return 0;
   }
 
-  // +1 to account for \0 at the end of a string.
-  auto mutated_size = result.wgsl.size() + 1;
-  if (mutated_size > max_size) {
+  if (result.wgsl.size() > max_size) {
     return 0;
   }
 
-  std::memcpy(data, result.wgsl.data(), mutated_size);
-  return mutated_size;
+  // No need to worry about the \0 here. The reason is that if \0 is included by
+  // developer by mistake, it will be considered a part of the string and will
+  // cause all sorts of strange bugs. Thus, unless `data` below is used as a raw
+  // C string, the \0 symbol should be ignored.
+  std::memcpy(  // NOLINT - clang-tidy warns about lack of null termination.
+      data, result.wgsl.data(), result.wgsl.size());
+  return result.wgsl.size();
 }
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {