summaryrefslogtreecommitdiffstats
path: root/lib/Fuzzer/FuzzerMutate.cpp
diff options
context:
space:
mode:
authordim <dim@FreeBSD.org>2016-01-06 20:01:02 +0000
committerdim <dim@FreeBSD.org>2016-01-06 20:01:02 +0000
commitff2ba393a56d9d99dcb76ceada542233db28af9a (patch)
treeea70b740d40cffe568a990c7aecd1acb5f83f786 /lib/Fuzzer/FuzzerMutate.cpp
parent7c35321d839f2c4d0fc8510bfbd8954b07908b76 (diff)
downloadFreeBSD-src-ff2ba393a56d9d99dcb76ceada542233db28af9a.zip
FreeBSD-src-ff2ba393a56d9d99dcb76ceada542233db28af9a.tar.gz
Vendor import of llvm trunk r256945:
https://llvm.org/svn/llvm-project/llvm/trunk@256945
Diffstat (limited to 'lib/Fuzzer/FuzzerMutate.cpp')
-rw-r--r--lib/Fuzzer/FuzzerMutate.cpp17
1 files changed, 12 insertions, 5 deletions
diff --git a/lib/Fuzzer/FuzzerMutate.cpp b/lib/Fuzzer/FuzzerMutate.cpp
index c3fa37a..84ee18e 100644
--- a/lib/Fuzzer/FuzzerMutate.cpp
+++ b/lib/Fuzzer/FuzzerMutate.cpp
@@ -117,11 +117,18 @@ size_t MutationDispatcher::Mutate_AddWordFromDictionary(uint8_t *Data,
assert(!D.empty());
if (D.empty()) return 0;
const Unit &Word = D[Rand(D.size())];
- if (Size + Word.size() > MaxSize) return 0;
- size_t Idx = Rand(Size + 1);
- memmove(Data + Idx + Word.size(), Data + Idx, Size - Idx);
- memcpy(Data + Idx, Word.data(), Word.size());
- return Size + Word.size();
+ if (Rand.RandBool()) { // Insert Word.
+ if (Size + Word.size() > MaxSize) return 0;
+ size_t Idx = Rand(Size + 1);
+ memmove(Data + Idx + Word.size(), Data + Idx, Size - Idx);
+ memcpy(Data + Idx, Word.data(), Word.size());
+ return Size + Word.size();
+ } else { // Overwrite some bytes with Word.
+ if (Word.size() > Size) return 0;
+ size_t Idx = Rand(Size - Word.size());
+ memcpy(Data + Idx, Word.data(), Word.size());
+ return Size;
+ }
}
size_t MutationDispatcher::Mutate_ChangeASCIIInteger(uint8_t *Data, size_t Size,
OpenPOWER on IntegriCloud