From: Dominik Loidolt Date: Thu, 5 Jun 2025 13:36:29 +0000 (+0200) Subject: fuzz: Fix FUZZ_malloc_rand() to return non-NULL for zero-size allocations X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F4403%2Fhead;p=thirdparty%2Fzstd.git fuzz: Fix FUZZ_malloc_rand() to return non-NULL for zero-size allocations The FUZZ_malloc_rand() function was incorrectly always returning NULL for zero-size allocations. The random offset generated by FUZZ_dataProducer_int32Range() was not being added to the pointer variable, causing the function to always return (void *)0. --- diff --git a/tests/fuzz/fuzz_helpers.c b/tests/fuzz/fuzz_helpers.c index f47ff2eb4..5c530f0e9 100644 --- a/tests/fuzz/fuzz_helpers.c +++ b/tests/fuzz/fuzz_helpers.c @@ -31,12 +31,11 @@ void* FUZZ_malloc_rand(size_t size, FUZZ_dataProducer_t *producer) return mem; } else { uintptr_t ptr = 0; - /* Add +- 1M 50% of the time */ + /* Return junk pointer 50% of the time */ if (FUZZ_dataProducer_uint32Range(producer, 0, 1)) - FUZZ_dataProducer_int32Range(producer, -1000000, 1000000); + ptr += FUZZ_dataProducer_int32Range(producer, -1000000, 1000000); return (void*)ptr; } - } int FUZZ_memcmp(void const* lhs, void const* rhs, size_t size) diff --git a/tests/fuzz/fuzz_helpers.h b/tests/fuzz/fuzz_helpers.h index f21ec4751..c5d75b402 100644 --- a/tests/fuzz/fuzz_helpers.h +++ b/tests/fuzz/fuzz_helpers.h @@ -66,6 +66,7 @@ void* FUZZ_malloc(size_t size); /** * malloc except returns random pointer for zero sized data and FUZZ_ASSERT * that malloc doesn't fail. + * WARNING: Only free the returned pointer if size > 0! */ void* FUZZ_malloc_rand(size_t size, FUZZ_dataProducer_t *producer);