FuzzedDataProvider::ConsumeSmallIntInRange reads from the back of input, rather than the front

google / atheris

Apache License 2.0

1.35k stars 112 forks source link

FuzzedDataProvider::ConsumeSmallIntInRange reads from the back of input, rather than the front #10

Closed alex closed 3 years ago

alex commented 3 years ago

https://github.com/google/atheris/blob/master/fuzzed_data_provider.cc#L256

Based on Advance I'd expect every method which looks at data to read from the front of the input (data_ptr[0]), but ConsumeSmallIntInRange reads from the back (data_ptr_).

TheShiftedBit commented 3 years ago

Hi Alex,

I'm sorry, I meant to respond to this much earlier. I got this behavior from LLVM's FuzzedDataProvider: https://github.com/llvm/llvm-project/blob/70de7e0d9a95b7fcd7c105b06bd90fdf4e01f563/compiler-rt/include/fuzzer/FuzzedDataProvider.h#L217 Apparently, it experimentally works better.

alex commented 3 years ago

Huh, interesting. I found it confusing when I was trying to manually craft fuzzer inputs, but if it works better than I guess that's what's important!