luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-02-28 13:12:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

fuzzing: Ensure input to g_uri_parse() is nul-terminated

Browse Source 
The fuzzer will produce arbitrary binary blobs, which might not be
nul-terminated. `g_uri_parse()` has no length argument, so relies on
receiving a nul-terminated string as input. Guarantee that.

This should fix fuzzing build failures like
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23750.

Signed-off-by: Philip Withnall <withnall@endlessm.com>
This commit is contained in:
Philip Withnall 2020-06-29 11:52:40 +01:00
parent 1cf3ae6343
commit b2a6a9a434
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
fuzzing/fuzz_uri_parse.c
View File

@ -3,14 +3,18 @@
int int
LLVMFuzzerTestOneInput (const unsigned char *data, size_t size) LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
{ {
unsigned char *nul_terminated_data = NULL;
GUri *uri = NULL; GUri *uri = NULL;
gchar *uri_string = NULL; gchar *uri_string = NULL;
const GUriFlags flags = G_URI_FLAGS_NONE; const GUriFlags flags = G_URI_FLAGS_NONE;
fuzz_set_logging_func (); fuzz_set_logging_func ();
/* ignore @size */ /* ignore @size (g_uri_parse() doesnt support it); ensure @data is nul-terminated */
nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
uri = g_uri_parse ((const gchar *) data, flags, NULL); uri = g_uri_parse ((const gchar *) data, flags, NULL);
g_free (nul_terminated_data);
if (uri == NULL) if (uri == NULL)
return 0; return 0;