diff options
| author | Alon Zakai <alonzakai@gmail.com> | 2013-03-02 15:43:38 -0800 |
|---|---|---|
| committer | Alon Zakai <alonzakai@gmail.com> | 2013-03-02 15:44:01 -0800 |
| commit | 80200fb5de158f265b76bcf4f99d2c7769e27b12 (patch) | |
| tree | 38b6d5d9ffdd6840da1a17411299824f55ead508 | |
| parent | 214fbe8e092b88573fcb3cadec886127ec87d701 (diff) | |
fix memset bug
| -rw-r--r-- | src/library.js | 2 | ||||
| -rw-r--r-- | tests/fuzz/4.c | 216 | ||||
| -rw-r--r-- | tests/fuzz/4.c.txt | 1 |
3 files changed, 218 insertions, 1 deletions
diff --git a/src/library.js b/src/library.js index 7f177441..83d135ee 100644 --- a/src/library.js +++ b/src/library.js @@ -4314,7 +4314,7 @@ LibraryManager.library = { ptr = ptr|0; value = value|0; num = num|0; var stop = 0, value4 = 0, stop4 = 0, unaligned = 0; stop = (ptr + num)|0; - if (num|0 >= {{{ SEEK_OPTIMAL_ALIGN_MIN }}}) { + if ((num|0) >= {{{ SEEK_OPTIMAL_ALIGN_MIN }}}) { // This is unaligned, but quite large, so work hard to get to aligned settings unaligned = ptr & 3; value4 = value | (value << 8) | (value << 16) | (value << 24); diff --git a/tests/fuzz/4.c b/tests/fuzz/4.c new file mode 100644 index 00000000..01949b54 --- /dev/null +++ b/tests/fuzz/4.c @@ -0,0 +1,216 @@ +/* + * This is a RANDOMLY GENERATED PROGRAM. + * + * Generator: csmith 2.2.0 + * Git version: a8697aa + * Options: --no-volatiles --no-math64 --no-packed-struct --max-block-depth 2 --max-block-size 2 --max-expr-complexity 2 --max-funcs 2 + * Seed: 3993484092 + */ + +#include "csmith.h" + + +static long __undefined; + +/* --- Struct/Union Declarations --- */ +struct S0 { + int16_t f0; + const int8_t f1; + int32_t f2; + const uint8_t f3; + unsigned f4 : 27; + uint32_t f5; + const int32_t f6; + int8_t f7; + uint32_t f8; +}; + +/* --- GLOBAL VARIABLES --- */ +static int8_t g_5[8] = {0x8EL,0x8EL,0x8EL,0x8EL,0x8EL,0x8EL,0x8EL,0x8EL}; +static int8_t *g_4 = &g_5[7]; +static int32_t g_6[4][10] = {{0x158018D9L,1L,0L,0xA7EF5D87L,0xA7EF5D87L,0L,1L,0x158018D9L,0x158018D9L,1L},{0x158018D9L,0xA7EF5D87L,1L,1L,0xA7EF5D87L,0x158018D9L,0L,0L,0x158018D9L,0xA7EF5D87L},{0xA7EF5D87L,1L,1L,0xA7EF5D87L,0x158018D9L,0L,0L,0x158018D9L,0xA7EF5D87L,1L},{0xA7EF5D87L,0xA7EF5D87L,0L,1L,0x158018D9L,0x158018D9L,1L,0L,0xA7EF5D87L,0xA7EF5D87L}}; +static int32_t g_11 = 0L; +static int32_t g_14[2][4] = {{0x69FF4CAAL,0x69FF4CAAL,0x69FF4CAAL,0x69FF4CAAL},{0x69FF4CAAL,0x69FF4CAAL,0x69FF4CAAL,0x69FF4CAAL}}; +static int32_t *g_13 = &g_14[0][0]; +static int32_t g_21 = 8L; + + +/* --- FORWARD DECLARATIONS --- */ +static uint8_t func_1(void); +static int32_t func_2(int8_t * p_3); + + +/* --- FUNCTIONS --- */ +/* ------------------------------------------ */ +/* + * reads : g_4 g_6 g_11 g_21 g_14 g_5 + * writes: g_6 g_11 g_13 g_14 g_21 g_5 + */ +static uint8_t func_1(void) +{ /* block id: 0 */ + int32_t *l_18 = &g_14[0][0]; + (*l_18) = func_2(g_4); + for (g_11 = 24; (g_11 > 9); g_11 = safe_sub_func_int8_t_s_s(g_11, 8)) + { /* block id: 17 */ + int32_t *l_24 = &g_21; + for (g_21 = (-6); (g_21 >= 8); g_21 = safe_add_func_int16_t_s_s(g_21, 9)) + { /* block id: 20 */ + (*l_18) ^= ((void*)0 == l_24); + (*l_18) = ((*l_24) ^ 1L); + } + for (g_21 = 5; (g_21 >= 0); g_21 -= 1) + { /* block id: 26 */ + const struct S0 l_29[7][5] = {{{0xB1C2L,0x10L,0xA4AECA2AL,0x28L,485,4294967294UL,-1L,0x00L,0x971708C9L},{-5L,0xA5L,0x7FB6F8A3L,0UL,6341,1UL,0xA1BBDB81L,-1L,4294967286UL},{2L,7L,0x396434D1L,0xEAL,9469,0xEFE6B3E9L,0x2DA72DF2L,0x08L,9UL},{0x32E7L,-1L,-4L,5UL,7688,4294967292UL,0L,7L,7UL},{-5L,0xA5L,0x7FB6F8A3L,0UL,6341,1UL,0xA1BBDB81L,-1L,4294967286UL}},{{0xC6C8L,0xCDL,-8L,0xD2L,1855,0x1A504A86L,0x6A6C3430L,0L,0x372A7181L},{-2L,0x94L,-1L,255UL,5118,0UL,3L,0xBDL,2UL},{-10L,0x93L,1L,1UL,3983,4294967288UL,0xC0DB1B79L,7L,4294967293UL},{0x254FL,0xD2L,1L,1UL,8061,0xDF93C581L,0xDA77236CL,0x42L,1UL},{-2L,0x94L,-1L,255UL,5118,0UL,3L,0xBDL,2UL}},{{3L,0xC4L,0x293E9FC6L,255UL,4667,2UL,0x4CA9A92EL,8L,6UL},{0xB1C2L,0x10L,0xA4AECA2AL,0x28L,485,4294967294UL,-1L,0x00L,0x971708C9L},{2L,7L,0x396434D1L,0xEAL,9469,0xEFE6B3E9L,0x2DA72DF2L,0x08L,9UL},{-5L,0xA5L,0x7FB6F8A3L,0UL,6341,1UL,0xA1BBDB81L,-1L,4294967286UL},{-5L,0xA5L,0x7FB6F8A3L,0UL,6341,1UL,0xA1BBDB81L,-1L,4294967286UL}},{{-10L,0x93L,1L,1UL,3983,4294967288UL,0xC0DB1B79L,7L,4294967293UL},{0xC6C8L,0xCDL,-8L,0xD2L,1855,0x1A504A86L,0x6A6C3430L,0L,0x372A7181L},{0xAF73L,7L,0x2A224D52L,0x10L,5709,0UL,0x3A9A7891L,-1L,0x7C6C5FB3L},{-2L,0x94L,-1L,255UL,5118,0UL,3L,0xBDL,2UL},{-2L,0x94L,-1L,255UL,5118,0UL,3L,0xBDL,2UL}},{{2L,7L,0x396434D1L,0xEAL,9469,0xEFE6B3E9L,0x2DA72DF2L,0x08L,9UL},{3L,0xC4L,0x293E9FC6L,255UL,4667,2UL,0x4CA9A92EL,8L,6UL},{0x32E7L,-1L,-4L,5UL,7688,4294967292UL,0L,7L,7UL},{0xB1C2L,0x10L,0xA4AECA2AL,0x28L,485,4294967294UL,-1L,0x00L,0x971708C9L},{0xB1C2L,0x10L,0xA4AECA2AL,0x28L,485,4294967294UL,-1L,0x00L,0x971708C9L}},{{0xAF73L,7L,0x2A224D52L,0x10L,5709,0UL,0x3A9A7891L,-1L,0x7C6C5FB3L},{0xC6C8L,0xCDL,-8L,0xD2L,1855,0x1A504A86L,0x6A6C3430L,0L,0x372A7181L},{0x254FL,0xD2L,1L,1UL,8061,0xDF93C581L,0xDA77236CL,0x42L,1UL},{0xC6C8L,0xCDL,-8L,0xD2L,1855,0x1A504A86L,0x6A6C3430L,0L,0x372A7181L},{0xC6C8L,0xCDL,-8L,0xD2L,1855,0x1A504A86L,0x6A6C3430L,0L,0x372A7181L}},{{0x32E7L,-1L,-4L,5UL,7688,4294967292UL,0L,7L,7UL},{3L,0xC4L,0x293E9FC6L,255UL,4667,2UL,0x4CA9A92EL,8L,6UL},{-5L,0xA5L,0x7FB6F8A3L,0UL,6341,1UL,0xA1BBDB81L,-1L,4294967286UL},{0xB1C2L,0x10L,0xA4AECA2AL,0x28L,485,4294967294UL,-1L,0x00L,0x971708C9L},{3L,0xC4L,0x293E9FC6L,255UL,4667,2UL,0x4CA9A92EL,8L,6UL}}}; + int i, j; + (*l_18) = (safe_mod_func_uint8_t_u_u((((safe_mul_func_int8_t_s_s((g_5[g_21] = (*g_4)), 0xFDL)) | g_14[1][2]) <= (*l_18)), 254UL)); + (*l_18) = (((l_29[4][2] , (void*)0) != &g_14[0][0]) <= l_29[4][2].f1); + } + } + return (*l_18); +} + + +/* ------------------------------------------ */ +/* + * reads : g_6 g_11 + * writes: g_6 g_11 g_13 + */ +static int32_t func_2(int8_t * p_3) +{ /* block id: 1 */ + uint32_t l_15[4][3][4] = {{{0x1943EC3EL,8UL,1UL,0x58E7EA1BL},{0x1943EC3EL,2UL,0x58E7EA1BL,4294967292UL},{0UL,1UL,0UL,4294967293UL}},{{0x4898D08FL,1UL,0x4898D08FL,4294967292UL},{0UL,0x1943EC3EL,4294967292UL,0x4898D08FL},{2UL,4294967293UL,4294967292UL,0UL}},{{0UL,0x1943EC3EL,8UL,0x1943EC3EL},{4294967292UL,0x58E7EA1BL,0x1943EC3EL,0x1943EC3EL},{0x1943EC3EL,0x58E7EA1BL,0x4898D08FL,2UL}},{{1UL,0UL,8UL,8UL},{0x4898D08FL,1UL,8UL,0UL},{0x58E7EA1BL,4294967292UL,0x58E7EA1BL,0x1943EC3EL}}}; + int i, j, k; + for (g_6[2][7] = (-24); (g_6[2][7] >= (-7)); g_6[2][7] = safe_add_func_uint32_t_u_u(g_6[2][7], 1)) + { /* block id: 4 */ + int32_t *l_9 = (void*)0; + int32_t *l_10 = &g_11; + (*l_10) &= 0x1B35D569L; + for (g_11 = 0; (g_11 <= 7); g_11 += 1) + { /* block id: 8 */ + int32_t **l_12[6] = {&l_10,&l_10,&l_10,&l_10,&l_10,&l_10}; + int i; + g_13 = l_9; + l_15[1][2][0]--; + } + } + return l_15[0][1][1]; +} + + + + +/* ---------------------------------------- */ +int main (int argc, char* argv[]) +{ + int i, j; + int print_hash_value = 0; + if (argc == 2 && strcmp(argv[1], "1") == 0) print_hash_value = 1; + platform_main_begin(); + crc32_gentab(); + func_1(); + for (i = 0; i < 8; i++) + { + transparent_crc(g_5[i], "g_5[i]", print_hash_value); + if (print_hash_value) printf("index = [%d]\n", i); + + } + for (i = 0; i < 4; i++) + { + for (j = 0; j < 10; j++) + { + transparent_crc(g_6[i][j], "g_6[i][j]", print_hash_value); + if (print_hash_value) printf("index = [%d][%d]\n", i, j); + + } + } + transparent_crc(g_11, "g_11", print_hash_value); + for (i = 0; i < 2; i++) + { + for (j = 0; j < 4; j++) + { + transparent_crc(g_14[i][j], "g_14[i][j]", print_hash_value); + if (print_hash_value) printf("index = [%d][%d]\n", i, j); + + } + } + transparent_crc(g_21, "g_21", print_hash_value); + platform_main_end(crc32_context ^ 0xFFFFFFFFUL, print_hash_value); + return 0; +} + +/************************ statistics ************************* +XXX max struct depth: 1 +breakdown: + depth: 0, occurrence: 4 + depth: 1, occurrence: 1 +XXX total union variables: 0 + +XXX non-zero bitfields defined in structs: 1 +XXX zero bitfields defined in structs: 0 +XXX const bitfields defined in structs: 0 +XXX volatile bitfields defined in structs: 0 +XXX structs with bitfields in the program: 1 +breakdown: + indirect level: 0, occurrence: 1 +XXX full-bitfields structs in the program: 0 +breakdown: +XXX times a bitfields struct's address is taken: 0 +XXX times a bitfields struct on LHS: 0 +XXX times a bitfields struct on RHS: 1 +XXX times a single bitfield on LHS: 0 +XXX times a single bitfield on RHS: 0 + +XXX max expression depth: 6 +breakdown: + depth: 1, occurrence: 13 + depth: 2, occurrence: 8 + depth: 4, occurrence: 1 + depth: 6, occurrence: 1 + +XXX total number of pointers: 8 + +XXX times a variable address is taken: 8 +XXX times a pointer is dereferenced on RHS: 4 +breakdown: + depth: 1, occurrence: 4 +XXX times a pointer is dereferenced on LHS: 6 +breakdown: + depth: 1, occurrence: 6 +XXX times a pointer is compared with null: 1 +XXX times a pointer is compared with address of another variable: 0 +XXX times a pointer is compared with another pointer: 0 +XXX times a pointer is qualified to be dereferenced: 39 + +XXX max dereference level: 1 +breakdown: + level: 0, occurrence: 0 + level: 1, occurrence: 16 +XXX number of pointers point to pointers: 1 +XXX number of pointers point to scalars: 7 +XXX number of pointers point to structs: 0 +XXX percent of pointers has null in alias set: 25 +XXX average alias set size: 1.12 + +XXX times a non-volatile is read: 20 +XXX times a non-volatile is write: 20 +XXX times a volatile is read: 0 +XXX times read thru a pointer: 0 +XXX times a volatile is write: 0 +XXX times written thru a pointer: 0 +XXX times a volatile is available for access: 0 +XXX percentage of non-volatile access: 100 + +XXX forward jumps: 0 +XXX backward jumps: 0 + +XXX stmts: 15 +XXX max block depth: 2 +breakdown: + depth: 0, occurrence: 5 + depth: 1, occurrence: 4 + depth: 2, occurrence: 6 + +XXX percentage a fresh-made variable is used: 23.8 +XXX percentage an existing variable is used: 76.2 +FYI: the random generator makes assumptions about the integer size. See platform.info for more details. +********************* end of statistics **********************/ + diff --git a/tests/fuzz/4.c.txt b/tests/fuzz/4.c.txt new file mode 100644 index 00000000..f27bcce5 --- /dev/null +++ b/tests/fuzz/4.c.txt @@ -0,0 +1 @@ +checksum = 157CE2A8 |