Commit b2a6a9a4 authored by Philip Withnall's avatar Philip Withnall

fuzzing: Ensure input to g_uri_parse() is nul-terminated

The fuzzer will produce arbitrary binary blobs, which might not be
nul-terminated. `g_uri_parse()` has no length argument, so relies on
receiving a nul-terminated string as input. Guarantee that.

This should fix fuzzing build failures like
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23750.
Signed-off-by: Philip Withnall's avatarPhilip Withnall <withnall@endlessm.com>
parent 1cf3ae63
......@@ -3,14 +3,18 @@
int
LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
{
unsigned char *nul_terminated_data = NULL;
GUri *uri = NULL;
gchar *uri_string = NULL;
const GUriFlags flags = G_URI_FLAGS_NONE;
fuzz_set_logging_func ();
/* ignore @size */
/* ignore @size (g_uri_parse() doesn’t support it); ensure @data is nul-terminated */
nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
uri = g_uri_parse ((const gchar *) data, flags, NULL);
g_free (nul_terminated_data);
if (uri == NULL)
return 0;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment