After calling FDP::ConsumeRandomLengthString, remaining bytes will never start with '\'

Question

After calling FDP::ConsumeRandomLengthString, remaining bytes will never start with '\'

nwellnhof opened this issue 4 years ago · 5 comments

Not sure if this is right place to report this bug, but I noticed that the escape mechanism used by FuzzedDataProvider::ConsumeRandomLengthString consumes all consecutive backslash characters at the end of a string, so that the remaining data can never start with a backslash character (ASCII byte 0x5C). This means that certain fuzz data patterns are impossible to be generated by a subsequent "Consume" operation.

nwellnhof commented 4 years ago

@Dor1s

Answer 1 · 2020-06-01T21:01:15.000Z

@Dor1s is OOO till end of June, so either this will have to wait or you can submit a patch upstream.

Answer 2 · 2020-06-03T04:30:06.000Z

If you have input data ending with N backslash characters, then yes, FDP will consume all of them and return N/2 backslash characters via ConsumeRandomLengthString

In order for remaining data to start with a backslash, the input data should be e.g., \\\A\\something. In such case FDP:: ConsumeRandomLengthString will first create a string containing a single backslash, then it will terminate the string when parsing \A (backslash followed by any non-backslash byte), and the remaining data will be \\something.

Does it make any sense?

Sorry If I misunderstood the issue. In such case, could you please provide an example to clarify?

Answer 3 · 2020-06-03T14:43:41.000Z

\\\A

Oh, I didn't realize that A is consumed as well. Sorry for the noise.

Answer 4 · 2020-06-04T04:50:46.000Z

No worries, thanks for reaching out!