reactos/syzkaller
1
0
Fork 0
mirror of https://github.com/reactos/syzkaller.git synced 2024-11-23 11:29:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

prog: fix out-of-bounds access

Browse Source 
ParseLog can access data out-of-bounds.
Fix that and fix regression fuzz tests to catch this.
This commit is contained in:
Dmitry Vyukov 2019-07-30 19:33:02 +02:00
parent 3b37734422
commit 7c7ded697e
3 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/report/report_test.go
View File

@ -372,6 +372,6 @@ func TestFuzz(t *testing.T) {
"cleaned vnod\re", "cleaned vnod\re",
"kernel\r:", "kernel\r:",
} { } {
Fuzz([]byte(data)) Fuzz([]byte(data)[:len(data):len(data)])
} }
} }

2
prog/parse.go
View File

@ -26,7 +26,7 @@ func (target *Target) ParseLog(data []byte) []*LogEntry {
for pos := 0; pos < len(data); { for pos := 0; pos < len(data); {
nl := bytes.IndexByte(data[pos:], '\n') nl := bytes.IndexByte(data[pos:], '\n')
if nl == -1 { if nl == -1 {
nl = len(data) nl = len(data) - 1
} else { } else {
nl += pos nl += pos
} }

6
prog/test/fuzz_test.go
View File

@ -22,9 +22,11 @@ mutate4()
mutate7() mutate7()
mutate8() mutate8()
`, `,
`E`,
} { } {
t.Logf("test #%v: %q", i, data) t.Logf("test #%v: %q", i, data)
FuzzDeserialize([]byte(data)) inp := []byte(data)[:len(data):len(data)]
FuzzParseLog([]byte(data)) FuzzDeserialize(inp)
FuzzParseLog(inp)
} }
} }