[llvm] r256900 - [libFuzzer] extend the dictionary mutator to optionally overwrite data with the dict entry

[Kostya Serebryany via llvm-commits]

Author: kcc
Date: Tue Jan  5 20:13:04 2016
New Revision: 256900

URL: http://llvm.org/viewvc/llvm-project?rev=256900&view=rev
Log:
[libFuzzer] extend the dictionary mutator to optionally overwrite data with the dict entry

Modified:
    llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp

Modified: llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp
URL: http://llvm.org/viewvc/llvm-project/llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp?rev=256900&r1=256899&r2=256900&view=diff
==============================================================================
--- llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp (original)
+++ llvm/trunk/lib/Fuzzer/FuzzerMutate.cpp Tue Jan  5 20:13:04 2016
@@ -117,11 +117,18 @@ size_t MutationDispatcher::Mutate_AddWor
   assert(!D.empty());
   if (D.empty()) return 0;
   const Unit &Word = D[Rand(D.size())];
-  if (Size + Word.size() > MaxSize) return 0;
-  size_t Idx = Rand(Size + 1);
-  memmove(Data + Idx + Word.size(), Data + Idx, Size - Idx);
-  memcpy(Data + Idx, Word.data(), Word.size());
-  return Size + Word.size();
+  if (Rand.RandBool()) {  // Insert Word.
+    if (Size + Word.size() > MaxSize) return 0;
+    size_t Idx = Rand(Size + 1);
+    memmove(Data + Idx + Word.size(), Data + Idx, Size - Idx);
+    memcpy(Data + Idx, Word.data(), Word.size());
+    return Size + Word.size();
+  } else {  // Overwrite some bytes with Word.
+    if (Word.size() > Size) return 0;
+    size_t Idx = Rand(Size - Word.size());
+    memcpy(Data + Idx, Word.data(), Word.size());
+    return Size;
+  }
 }
 
 size_t MutationDispatcher::Mutate_ChangeASCIIInteger(uint8_t *Data, size_t Size,