cairo_arc: Fun with NANs
One issue that arises frequently when fuzzing stuff:
cairo_arc_negative(cr, 0x1.500f0757575d5p+856, 0x0.000c075757575p-1022, 0x1.42afff7ff7521p-1021, 0x1.5757575757575p+856, -nan);
NAN has the property that it messes up naive floating-point comparisons.
The case angle_max >= angle_min
should not occur at that place, as that case should be handled beforehand.
But the NAN sneaks past that tests.
This is a question of policy, I guess, but my oppinion is that it would (of course) be better to return an error-code
when abnormal values get passed in. Just producing trash-output would also be okay, but triggering an abort() is not robust enough in my eyes.
vector_fuzzer: ../src/cairo-arc.c:189: void _cairo_arc_in_direction(cairo_t *, double, double, double, double, double, cairo_direction_t): Assertion `angle_max >= angle_min' failed.
==52340== ERROR: libFuzzer: deadly signal
#0 0x5647fa6df50b in __sanitizer_print_stack_trace (/crypt/android-native/root/src/cairo/b/fuzzing/vector_fuzzer+0x11e50b)
#1 0x5647fa62dad9 in fuzzer::PrintStackTrace() (/crypt/android-native/root/src/cairo/b/fuzzing/vector_fuzzer+0x6cad9)
#2 0x5647fa60e4f9 in fuzzer::Fuzzer::CrashCallback() (.part.0) (/crypt/android-native/root/src/cairo/b/fuzzing/vector_fuzzer+0x4d4f9)
#3 0x5647fa60e5b7 in fuzzer::Fuzzer::StaticCrashSignalCallback() (/crypt/android-native/root/src/cairo/b/fuzzing/vector_fuzzer+0x4d5b7)
#4 0x7feddd50d95f (/usr/lib/libpthread.so.0+0x1395f)
#5 0x7feddd1f6ef4 in raise (/usr/lib/libc.so.6+0x3cef4)
#6 0x7feddd1e0861 in abort (/usr/lib/libc.so.6+0x26861)
#7 0x7feddd1e0746 in __assert_fail_base.cold (/usr/lib/libc.so.6+0x26746)
#8 0x7feddd1ef645 in __assert_fail (/usr/lib/libc.so.6+0x35645)
#9 0x7feddd531802 in _cairo_arc_in_direction /crypt/android-native/root/src/cairo/b/../src/cairo-arc.c:189:5
#10 0x7feddd531cbb in _cairo_arc_path_negative /crypt/android-native/root/src/cairo/b/../src/cairo-arc.c:308:5
#11 0x7feddd550d44 in _cairo_default_context_arc /crypt/android-native/root/src/cairo/b/../src/cairo-default-context.c:788:2
#12 0x7feddd5e502d in cairo_arc_negative /crypt/android-native/root/src/cairo/b/../src/cairo.c:1904:14
#13 0x5647fa70e113 in random_arc /crypt/android-native/root/src/cairo/b/../fuzzing/vector_fuzzer.c:273:18
#14 0x5647fa712ead in random_operation /crypt/android-native/root/src/cairo/b/../fuzzing/vector_fuzzer.c:494:7
#15 0x5647fa7132fc in LLVMFuzzerTestOneInput /crypt/android-native/root/src/cairo/b/../fuzzing/vector_fuzzer.c:538:12
#16 0x5647fa60f15f in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) (/crypt/android-native/root/src/cairo/b/fuzzing/vector_fuzzer+0x4e15f)
#17 0x5647fa5f5a77 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) (/crypt/android-native/root/src/cairo/b/fuzzing/vector_fuzzer+0x34a77)
#18 0x5647fa5fabfe in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) (/crypt/android-native/root/src/cairo/b/fuzzing/vector_fuzzer+0x39bfe)
#19 0x5647fa5ea543 in main (/crypt/android-native/root/src/cairo/b/fuzzing/vector_fuzzer+0x29543)
#20 0x7feddd1e1b24 in __libc_start_main (/usr/lib/libc.so.6+0x27b24)
#21 0x5647fa5ea59d in _start (/crypt/android-native/root/src/cairo/b/fuzzing/vector_fuzzer+0x2959d)