From 3e5d1beb82bfcac82b760b0113b14c891284070f Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Fri, 26 Jul 2019 10:43:08 +0200
Subject: [PATCH] prog: fix crash in blob mutation

If we deserialized a huge blob (larger than max blob size),
then we can get a negative size in the "Insert random bytes" case at:

		if r := int(maxLen) - len(data); n > r {
			n = r
		}

Don't insert bytes if data is already larger than maxLen.
---
 prog/mutation.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/prog/mutation.go b/prog/mutation.go
index 3a4c8cddb3d..dbb605041d9 100644
--- a/prog/mutation.go
+++ b/prog/mutation.go
@@ -465,7 +465,7 @@ var mutateDataFuncs = [...]func(r *randGen, data []byte, minLen, maxLen uint64)
 	},
 	// Insert random bytes.
 	func(r *randGen, data []byte, minLen, maxLen uint64) ([]byte, bool) {
-		if len(data) == 0 {
+		if len(data) == 0 || uint64(len(data)) >= maxLen {
 			return data, false
 		}
 		n := r.Intn(16) + 1