mirror of https://github.com/google/oss-fuzz.git
afdf1caa5d
oss-fuzz has reported numerous signed integer overflow problems
in flac that cannot be reasonably fixed. The problem is that
flac uses some math that is numerically unstable when fed with
random data, and as these are only audio samples, this overflow
is not a problem. Therefore, I added
`__attribute__((no_sanitize("signed-integer-overflow")))` to a few
functions in the flac sources.
However, while a decoder fed with random data has this problem,
an decoder that is being used to verify an encoder fed with random
data should never overflow. As the same functions are used, the
flac sources should be compiled twice: once with the mentioned
attributes for the decoder fuzzers, and once without them for the
encoder fuzzers.
Note that the define passed in this code is not yet integrated in
libflac, but this change should happen first or else the old
bugs appear again
|
||
|---|---|---|
| .. | ||
| Dockerfile | ||
| build.sh | ||
| fuzzer_exo.cpp | ||
| project.yaml | ||