From 54645e8ce43ce84e275a65c77f64a4d6e479b075 Mon Sep 17 00:00:00 2001 From: Michael Jones Date: Thu, 2 Oct 2025 17:28:03 +0000 Subject: [PATCH] [libc] Fix issue with fuzz input too short for atoi diff fuzz The string to integer differential fuzzer assumes at least one byte of meaningful input, but wasn't explicitly checking that. Now it does. --- libc/fuzzing/stdlib/strtointeger_differential_fuzz.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libc/fuzzing/stdlib/strtointeger_differential_fuzz.cpp b/libc/fuzzing/stdlib/strtointeger_differential_fuzz.cpp index 097e6193ee6ef..2fabbba231167 100644 --- a/libc/fuzzing/stdlib/strtointeger_differential_fuzz.cpp +++ b/libc/fuzzing/stdlib/strtointeger_differential_fuzz.cpp @@ -44,6 +44,10 @@ // greater than 50% chance for each character to end the string, making the odds // of getting long numbers very low. extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + if (size < 2) // Needs at least one byte for the base and one byte for the + // string. + return 0; + uint8_t *container = new uint8_t[size + 1]; if (!container) __builtin_trap();