Fix integer overflows in FuzzedDataProvider.

R=mmoroz@chromium.org,ochang@chromium.org Bug: 909950 Change-Id: I00c7a8dcab631a8e4f7334847733c4a10a1376f0 Reviewed-on: https://chromium-review.googlesource.com/c/1354684Reviewed-by: Max Moroz <mmoroz@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Oliver Chang <ochang@chromium.org> Commit-Queue: Abhishek Arya <inferno@chromium.org> Cr-Commit-Position: refs/heads/master@{#612296}

Fix integer overflows in FuzzedDataProvider.
R=mmoroz@chromium.org,ochang@chromium.org Bug: 909950 Change-Id: I00c7a8dcab631a8e4f7334847733c4a10a1376f0 Reviewed-on: https://chromium-review.googlesource.com/c/1354684Reviewed-by: Max Moroz <mmoroz@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Oliver Chang <ochang@chromium.org> Commit-Queue: Abhishek Arya <inferno@chromium.org> Cr-Commit-Position: refs/heads/master@{#612296}
2fedc715 · Abhishek Arya · Commit Bot · 69cf9f14 · 2fedc715
Commit 2fedc715 authored Nov 29, 2018 by Abhishek Arya Committed by Commit Bot Nov 29, 2018
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

base/test/fuzzed_data_provider.h base/test/fuzzed_data_provider.h +2 -2

No files found.
--- a/base/test/fuzzed_data_provider.h
+++ b/base/test/fuzzed_data_provider.h
@@ -87,7 +87,7 @@ class FuzzedDataProvider {
      abort();

    // Use the biggest type possible to hold the range and the result.
-    uint64_t range = max - min;
+    uint64_t range = static_cast<uint64_t>(max) - min;
    uint64_t result = 0;
    size_t offset = 0;

@@ -108,7 +108,7 @@ class FuzzedDataProvider {
    if (range != std::numeric_limits<decltype(range)>::max())
      result = result % (range + 1);

-    return min + static_cast<T>(result);
+    return static_cast<T>(min + result);
  }

  // Returns a std::string of length from 0 to |max_length|. When it runs out of