Open
Description
A lot of our current generated fuzz targets have the following misuse of FDP:
const size_t src_size = stream.ConsumeIntegralInRange<size_t>(0, 1024);
std::vector<uint8_t> src = stream.ConsumeBytes<uint8_t>(src_size);
// Call the function being tested.
func(src.data(), src_size);This makes an assumption that stream.ConsumeBytes will always return the requested number of bytes. This is not the case -- it will return at most the number of bytes remaining in the input stream.
This will lead to false positive crashes.