From b1048ff68298c1c4e303bbb77ca1832b2f873cd6 Mon Sep 17 00:00:00 2001 From: Fabian Meumertzheim Date: Tue, 4 May 2021 08:52:17 -0700 Subject: [PATCH] [libFuzzer] Preserve position hint in auto dictionary Currently, the position hint of an entry in the persistent auto dictionary is fixed to 1. As a consequence, with a 50% chance, the entry is applied right after the first byte of the input. As the position 1 does not appear to have any particular significance, this is likely a bug that may have been caused by confusing the constructor parameter with a success count. This commit resolves the issue by preserving any existing position hint or disabling the hint if the original entry didn't have one. Reviewed By: morehouse Differential Revision: https://reviews.llvm.org/D101686 --- compiler-rt/lib/fuzzer/FuzzerMutate.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compiler-rt/lib/fuzzer/FuzzerMutate.cpp b/compiler-rt/lib/fuzzer/FuzzerMutate.cpp index 9854e56b..4650f1b 100644 --- a/compiler-rt/lib/fuzzer/FuzzerMutate.cpp +++ b/compiler-rt/lib/fuzzer/FuzzerMutate.cpp @@ -480,7 +480,7 @@ void MutationDispatcher::RecordSuccessfulMutationSequence() { assert(DE->GetW().size()); // Linear search is fine here as this happens seldom. if (!PersistentAutoDictionary.ContainsWord(DE->GetW())) - PersistentAutoDictionary.push_back({DE->GetW(), 1}); + PersistentAutoDictionary.push_back(*DE); } } -- 2.7.4