[libc-commits] [libc] [libc] Fix issue with fuzz input too short for atoi diff fuzz (PR #161705)

Thu Oct 2 10:30:46 PDT 2025

llvmbot wrote:




@llvm/pr-subscribers-libc

Author: Michael Jones (michaelrj-google)

<details>
<summary>Changes</summary>

The string to integer differential fuzzer assumes at least one byte of
meaningful input, but wasn't explicitly checking that. Now it does.


---
Full diff: https://github.com/llvm/llvm-project/pull/161705.diff


1 Files Affected:

- (modified) libc/fuzzing/stdlib/strtointeger_differential_fuzz.cpp (+4) 


``````````diff

diff --git a/libc/fuzzing/stdlib/strtointeger_differential_fuzz.cpp b/libc/fuzzing/stdlib/strtointeger_differential_fuzz.cpp
index 097e6193ee6ef..2fabbba231167 100644
--- a/libc/fuzzing/stdlib/strtointeger_differential_fuzz.cpp
+++ b/libc/fuzzing/stdlib/strtointeger_differential_fuzz.cpp
@@ -44,6 +44,10 @@
 // greater than 50% chance for each character to end the string, making the odds
 // of getting long numbers very low.
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  if (size < 2) // Needs at least one byte for the base and one byte for the
+                // string.
+    return 0;
+
   uint8_t *container = new uint8_t[size + 1];
   if (!container)
     __builtin_trap();

``````````

</details>


https://github.com/llvm/llvm-project/pull/161705
