Due to an integer overflow in mangle_getLen, which is the function largely used to pick the offsets to corrupt in the input file, there is a hard limit of this function returning 65536. Thus, for input files larger than 64 KiB, the fuzzer no longer will be able to corrupt past the 64 KiB boundary (except for when it expands/splices past it).

For example mangle_Bit uses mangle_getOffSet to get the index of the byte to corrupt. This goes into mangle_getLen which will overflow if the input size exceeds 64 KiB, thus causing a failure to generate offsets past the 64 KiB boundary.

Due to the nature of the overflow, the numerator overflows but the divisor does not (except when the input exceeds ~2.52 MiB, when even the divisor will overflow when cubed). This is ultimately due to the numerator potentially being the input length to the fourth power, which overflows a 64-bit int at a 64 KiB input. While the numerator overflows and the divisor does not, the window of indices provided by mangle_getOffSet reduces even more, resulting in the inability to corrupt even past the first 16 bytes of an input when the input size is 1 MiB.

Here's the possible indices returned, and thus the indices which can be used to corrupt the input based on the input file size.