[libFuzzer] Fallback to default Mutate when MutateWithMask fails. Summary: In case the current corpus input doesn't have bytes going into the focus function, MutateWithMask is useless and may fail gently, allowing the default mutation routine happen, rather than crashing on an assertion. For more context and the initial fix suggestion, see: https://github.com/google/oss-fuzz/issues/1632#issuecomment-481862879 Reviewers: kcc, morehouse Reviewed By: kcc Subscribers: delcypher, #sanitizers, llvm-commits Tags: #llvm, #sanitizers Differential Revision: https://reviews.llvm.org/D60567 llvm-svn: 358190

commit: 9d5e7ee296651acc1e00ffbe0844532a78725e82 [log] [tgz]
author: Max Moroz <[email protected]> Thu Apr 11 16:24:53 2019
committer: Max Moroz <[email protected]> Thu Apr 11 16:24:53 2019
tree: f0034bbb418522989262de414c2ab3e7230ca1a5
parent: 7c142fcc06850c7cee3cdb07e98cc57f04ee5e8b [diff] [blame]
diff --git a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
index b86512b..40461c2 100644
--- a/compiler-rt/lib/fuzzer/FuzzerLoop.cpp
+++ b/compiler-rt/lib/fuzzer/FuzzerLoop.cpp

@@ -658,7 +658,9 @@
         Size <= CurrentMaxMutationLen)
       NewSize = MD.MutateWithMask(CurrentUnitData, Size, Size,
                                   II.DataFlowTraceForFocusFunction);
-    else
+    
+    // If MutateWithMask either failed or wasn't called, call default Mutate.
+    if (!NewSize)
       NewSize = MD.Mutate(CurrentUnitData, Size, CurrentMaxMutationLen);
     assert(NewSize > 0 && "Mutator returned empty unit");
     assert(NewSize <= CurrentMaxMutationLen && "Mutator return oversized unit");
commit	9d5e7ee296651acc1e00ffbe0844532a78725e82	[log] [tgz]
author	Max Moroz <[email protected]>	Thu Apr 11 16:24:53 2019
committer	Max Moroz <[email protected]>	Thu Apr 11 16:24:53 2019
tree	f0034bbb418522989262de414c2ab3e7230ca1a5
parent	7c142fcc06850c7cee3cdb07e98cc57f04ee5e8b [diff] [blame]