projects
/
platform
/
upstream
/
lz4.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
d5ceafd
)
Using size instead of LZ4_compressBound(size) <- causes heap overflow
author
Bimba Shrestha
<bimbashrestha@fb.com>
Mon, 23 Sep 2019 18:54:56 +0000
(11:54 -0700)
committer
Bimba Shrestha
<bimbashrestha@fb.com>
Mon, 23 Sep 2019 18:54:56 +0000
(11:54 -0700)
ossfuzz/compress_frame_fuzzer.c
patch
|
blob
|
history
diff --git
a/ossfuzz/compress_frame_fuzzer.c
b/ossfuzz/compress_frame_fuzzer.c
index
668d7c3
..
bb14fc2
100644
(file)
--- a/
ossfuzz/compress_frame_fuzzer.c
+++ b/
ossfuzz/compress_frame_fuzzer.c
@@
-17,7
+17,7
@@
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
- FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data,
LZ4_compressBound(size)
);
+ FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data,
size
);
LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
size = FUZZ_dataProducer_remainingBytes(producer);