search

silentbicycle / theft

property-based testing for C: generate input to find obscure bugs, then reduce to minimal failing input
ISC License
611 stars 31 forks source link

theft_random_bits_bulk isn't zeroing buffer #55

Open dcreager opened 4 years ago

dcreager commented 4 years ago

The docs for theft_random_bits_bulk say that it will zero the buffer before filling in the random data that comes out of the PRNG, but it doesn't look like that is happening. The data is ORed into the buffer:

https://github.com/silentbicycle/theft/blob/62e093d9e33bb4218736dce2535eedda2904b8ba/src/theft_random.c#L75

but I don't see anywhere that's zeroing the buffer first. (:tophat: to valgrind tracking undefined data values for catching this!)

I can work around this with a memset before calling theft_random_bits_bulk, but wanted to report it upstream too!

silentbicycle commented 4 years ago

Thanks for reporting this, it will be fixed in the next release.