[llvm-bugs] [Bug 25767] New: Seed values for LibFuzzer are read in as signed integers

via llvm-bugs llvm-bugs at lists.llvm.org
Mon Dec 7 11:03:03 PST 2015


            Bug ID: 25767
           Summary: Seed values for LibFuzzer are read in as signed
           Product: new-bugs
           Version: trunk
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P
         Component: new bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: danielaustin at google.com
                CC: llvm-bugs at lists.llvm.org
    Classification: Unclassified

In FuzzerDriver.cpp, this happened:

#define FUZZER_FLAG_INT(Name, Default, Description) int Name;

This results in 'stol: out of range' exceptions when processing a value larger
than 2147483647. This was identified by running:

./fuzzer -seed=2574387484 

on a 32-bit ARM device (Current AOSP, Nexus 6)

Fuzzing session replay requires first checking if the generated seed value is
greater than 2147483647, and translating it to its hex representation, which
does not trigger the out of range issue.

This only seems to be an issue when using the seed flag, the seed value in
FuzzerDriver is an unsigned and appears to be handled correctly in the rest of
the library.

You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20151207/6d51644f/attachment.html>

More information about the llvm-bugs mailing list