Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Avoid calling strlen on uninitialized data (#6747) 

GetINCHIfromINCHI calls strlen on szOptions, which leads to undefined behavior as it's not a valid null-terminated byte string.
Explicitly NULL out the char* to avoid this.
This commit is contained in:
Peter Foley 2021-11-02 17:41:37 -04:00 committed by GitHub
parent ed02a7d820
commit dfaf20a5e2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
projects/inchi/inchi_input_fuzzer.c
View File

@ -40,6 +40,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
inchi_InputINCHI inpInChI; inchi_InputINCHI inpInChI;
inpInChI.szInChI = szINCHISource; inpInChI.szInChI = szINCHISource;
inpInChI.szOptions = NULL;
inchi_Output out; inchi_Output out;
GetINCHIfromINCHI(&inpInChI, &out); GetINCHIfromINCHI(&inpInChI, &out);