fix another memset fuzz bug

3 files changed, 115 insertions, 0 deletions

diff --git a/src/library.js b/src/library.js
index 83d135ee..1676a82c 100644
--- a/src/library.js
+++ b/src/library.js
@@ -4316,6 +4316,7 @@ LibraryManager.library = {
     stop = (ptr + num)|0;
     if ((num|0) >= {{{ SEEK_OPTIMAL_ALIGN_MIN }}}) {
       // This is unaligned, but quite large, so work hard to get to aligned settings
+      value = value & 0xff;
       unaligned = ptr & 3;
       value4 = value | (value << 8) | (value << 16) | (value << 24);
       stop4 = stop & ~3;
diff --git a/tests/fuzz/5.c b/tests/fuzz/5.c
new file mode 100644
index 00000000..a62c18a3
--- /dev/null
+++ b/tests/fuzz/5.c
@@ -0,0 +1,13 @@
+#include <stdio.h>
+#include <string.h>
+
+int main(int argc, char **argv) {
+  printf("argc %d\n", argc);
+  char buffer[100];
+  for (int i = 0; i < 100; i++) buffer[i] = argc*(argc > 10 ? (argc*i) % 3 : (i*i));
+  memset(&buffer[10], -114, argc+25);
+  for(int i = 0; i < 100; i++) printf("%d:%d\n", i, buffer[i]);
+  //memset 5243040,-114,6,false,6
+  return buffer[15];
+}
+
diff --git a/tests/fuzz/5.c.txt b/tests/fuzz/5.c.txt
new file mode 100644
index 00000000..0c9d6dcd
--- /dev/null
+++ b/tests/fuzz/5.c.txt
@@ -0,0 +1,101 @@
+argc 1
+0:0
+1:1
+2:4
+3:9
+4:16
+5:25
+6:36
+7:49
+8:64
+9:81
+10:-114
+11:-114
+12:-114
+13:-114
+14:-114
+15:-114
+16:-114
+17:-114
+18:-114
+19:-114
+20:-114
+21:-114
+22:-114
+23:-114
+24:-114
+25:-114
+26:-114
+27:-114
+28:-114
+29:-114
+30:-114
+31:-114
+32:-114
+33:-114
+34:-114
+35:-114
+36:16
+37:89
+38:-92
+39:-15
+40:64
+41:-111
+42:-28
+43:57
+44:-112
+45:-23
+46:68
+47:-95
+48:0
+49:97
+50:-60
+51:41
+52:-112
+53:-7
+54:100
+55:-47
+56:64
+57:-79
+58:36
+59:-103
+60:16
+61:-119
+62:4
+63:-127
+64:0
+65:-127
+66:4
+67:-119
+68:16
+69:-103
+70:36
+71:-79
+72:64
+73:-47
+74:100
+75:-7
+76:-112
+77:41
+78:-60
+79:97
+80:0
+81:-95
+82:68
+83:-23
+84:-112
+85:57
+86:-28
+87:-111
+88:64
+89:-15
+90:-92
+91:89
+92:16
+93:-55
+94:-124
+95:65
+96:0
+97:-63
+98:-124
+99:73