Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[uriparser] Fix null dereference in uri_dissect_query_malloc_fuzzer (#4174) 

* fixed null dereference in uri_dissect_query_malloc_fuzzer

* removed unused include

* initialized chars_required, freed query_list if check unsuccessful, and used buf.data() instead of &buf[0]
This commit is contained in:
Ravi Jotwani 2020-07-22 14:24:05 -07:00 committed by GitHub
parent c4075a9101
commit bdb0b339d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
projects/uriparser/uri_dissect_query_malloc_fuzzer.cc
View File

@ -42,17 +42,20 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
if (query_list == nullptr || result != URI_SUCCESS || item_count < 0)
return 0;
int chars_required;
int chars_required = 0;
if (uriComposeQueryCharsRequiredA(query_list, &chars_required) != URI_SUCCESS)
return 0;
if (!chars_required) {
uriFreeQueryListA(query_list);
return 0;
}
std::vector<char> buf(chars_required, 0);
int written = -1;
char *dest = &buf[0];
// Reverse the process of uriDissectQueryMallocA.
result = uriComposeQueryA(dest, query_list, chars_required, &written);
result = uriComposeQueryA(buf.data(), query_list, chars_required, &written);
uriFreeQueryListA(query_list);
return 0;
}