[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Mon Nov 18 21:03:02 UTC 2019
The branch, master has been updated
via d6fbfb276ce lib/fuzzing: Free memory after successful load in fuzz_tiniparser
via 43bc0b2c763 lib/fuzzing: Avoid NULL pointer de-ref from 0-length input
from 4aea5c0972d tevent: Release tevent 0.10.2
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d6fbfb276ce89ad40f47784300fb99cee9d4aac9
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Nov 7 16:52:48 2019 +1300
lib/fuzzing: Free memory after successful load in fuzz_tiniparser
Otherwise we have a memory leak and so fail the Google oss-fuzz check_build test.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Nov 18 21:02:52 UTC 2019 on sn-devel-184
commit 43bc0b2c763284ec63ca1e750602f6a9b354f9ae
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Nov 7 15:08:18 2019 +1300
lib/fuzzing: Avoid NULL pointer de-ref from 0-length input
fmemopen() does not like 0-length input.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/fuzzing/fuzz_oLschema2ldif.c | 8 ++++++++
lib/fuzzing/fuzz_tiniparser.c | 16 ++++++++++++++--
2 files changed, 22 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/fuzzing/fuzz_oLschema2ldif.c b/lib/fuzzing/fuzz_oLschema2ldif.c
index 4dd5668e673..a983f48d660 100644
--- a/lib/fuzzing/fuzz_oLschema2ldif.c
+++ b/lib/fuzzing/fuzz_oLschema2ldif.c
@@ -34,6 +34,14 @@ int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
TALLOC_CTX *mem_ctx;
struct conv_options opt;
+ if (len == 0) {
+ /*
+ * Otherwise fmemopen() will return null and set errno
+ * to EINVAL
+ */
+ return 0;
+ }
+
mem_ctx = talloc_init(__FUNCTION__);
opt.in = fmemopen(buf, len, "r");
diff --git a/lib/fuzzing/fuzz_tiniparser.c b/lib/fuzzing/fuzz_tiniparser.c
index a6e2ef7c2fe..6908f1815d7 100644
--- a/lib/fuzzing/fuzz_tiniparser.c
+++ b/lib/fuzzing/fuzz_tiniparser.c
@@ -27,11 +27,23 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
{
- FILE *fp;
+ FILE *fp = NULL;
+ struct tiniparser_dictionary *d = NULL;
+
+ if (len == 0) {
+ /*
+ * Otherwise fmemopen() will return null and set errno
+ * to EINVAL
+ */
+ return 0;
+ }
fp = fmemopen(buf, len, "r");
- tiniparser_load_stream(fp);
+ d = tiniparser_load_stream(fp);
+ if (d != NULL) {
+ tiniparser_freedict(d);
+ }
fclose(fp);
--
Samba Shared Repository
More information about the samba-cvs
mailing list