libfuzzer: fix looking at wrong memory for pc counters

this fix bypasses the slice bounds, reading garbage data for up to the last 7 bits (which are technically supposed to be ignored). that's going to need to be fixed, let's fix that along with switching from byte elems to usize elems.
2025-12-06 13:54:21 +00:00 · 2024-08-05 18:37:19 -07:00 · 2024-08-05 18:37:19 -07:00 · 529df8c007
commit 529df8c007
parent 5f5a7b53a4
1 changed files with 10 additions and 10 deletions
--- a/lib/fuzzer.zig
+++ b/lib/fuzzer.zig
@ -276,7 +276,7 @@ const Fuzzer = struct {
                .score = 0,
            }, {});
        } else {
-            if (f.n_runs % 1000 == 0) f.dumpStats();
+            if (f.n_runs % 10000 == 0) f.dumpStats();

            const analysis = f.analyzeLastRun();
            const gop = f.recent_cases.getOrPutAssumeCapacity(.{
@ -303,16 +303,16 @@ const Fuzzer = struct {
                {
                    const seen_pcs = f.seen_pcs.items[@sizeOf(SeenPcsHeader) + f.flagged_pcs.len * @sizeOf(usize) ..];
                    for (seen_pcs, 0..) |*elem, i| {
-                        const byte_i = i / 8;
+                        const byte_i = i * 8;
                        const mask: u8 =
-                            (@as(u8, @intFromBool(f.pc_counters[byte_i + 0] != 0)) << 0) |
-                            (@as(u8, @intFromBool(f.pc_counters[byte_i + 1] != 0)) << 1) |
-                            (@as(u8, @intFromBool(f.pc_counters[byte_i + 2] != 0)) << 2) |
-                            (@as(u8, @intFromBool(f.pc_counters[byte_i + 3] != 0)) << 3) |
-                            (@as(u8, @intFromBool(f.pc_counters[byte_i + 4] != 0)) << 4) |
-                            (@as(u8, @intFromBool(f.pc_counters[byte_i + 5] != 0)) << 5) |
-                            (@as(u8, @intFromBool(f.pc_counters[byte_i + 6] != 0)) << 6) |
-                            (@as(u8, @intFromBool(f.pc_counters[byte_i + 7] != 0)) << 7);
+                            (@as(u8, @intFromBool(f.pc_counters.ptr[byte_i + 0] != 0)) << 0) |
+                            (@as(u8, @intFromBool(f.pc_counters.ptr[byte_i + 1] != 0)) << 1) |
+                            (@as(u8, @intFromBool(f.pc_counters.ptr[byte_i + 2] != 0)) << 2) |
+                            (@as(u8, @intFromBool(f.pc_counters.ptr[byte_i + 3] != 0)) << 3) |
+                            (@as(u8, @intFromBool(f.pc_counters.ptr[byte_i + 4] != 0)) << 4) |
+                            (@as(u8, @intFromBool(f.pc_counters.ptr[byte_i + 5] != 0)) << 5) |
+                            (@as(u8, @intFromBool(f.pc_counters.ptr[byte_i + 6] != 0)) << 6) |
+                            (@as(u8, @intFromBool(f.pc_counters.ptr[byte_i + 7] != 0)) << 7);

                        _ = @atomicRmw(u8, elem, .Or, mask, .monotonic);
                    }