fuzz: FuzzedFileProvider::write should not return negative value

Crypt-iQ · Crypt-iQ · commit fc471814dc34 · 2022-02-27T17:03:35.000-05:00
Doing so can lead to a glibc crash. Also the manpage for fopencookie warns against this: https://man7.org/linux/man-pages/man3/fopencookie.3.html
diff --git a/src/test/fuzz/util.cpp b/src/test/fuzz/util.cpp
@@ -566,7 +566,7 @@ ssize_t FuzzedFileProvider::write(void* cookie, const char* buf, size_t size)
     SetFuzzedErrNo(fuzzed_file->m_fuzzed_data_provider);
     const ssize_t n = fuzzed_file->m_fuzzed_data_provider.ConsumeIntegralInRange<ssize_t>(0, size);
     if (AdditionOverflow(fuzzed_file->m_offset, (int64_t)n)) {
-        return fuzzed_file->m_fuzzed_data_provider.ConsumeBool() ? 0 : -1;
+        return 0;
     }
     fuzzed_file->m_offset += n;
     return n;

Original file line number	Diff line number	Diff line change
`@@ -566,7 +566,7 @@ ssize_t FuzzedFileProvider::write(void* cookie, const char* buf, size_t size)`
`566`	`566`	`SetFuzzedErrNo(fuzzed_file->m_fuzzed_data_provider);`
`567`	`567`	`const ssize_t n = fuzzed_file->m_fuzzed_data_provider.ConsumeIntegralInRange<ssize_t>(0, size);`
`568`	`568`	`if (AdditionOverflow(fuzzed_file->m_offset, (int64_t)n)) {`
`569`		`- return fuzzed_file->m_fuzzed_data_provider.ConsumeBool() ? 0 : -1;`
	`569`	`+ return 0;`
`570`	`570`	`}`
`571`	`571`	`fuzzed_file->m_offset += n;`
`572`	`572`	`return n;`