Fix stack overflow in fuzzer - too big on-stack array

2024-12-26 22:41:03 +08:00 · 2022-10-15 12:54:56 +01:00 · 2022-10-15 12:54:56 +01:00 · aacae6444e
commit aacae6444e
parent 0103f1f080
2 changed files with 3 additions and 1 deletions
--- a/mongoose.c
+++ b/mongoose.c
@ -5614,6 +5614,7 @@ uint64_t mg_millis(void) {
 }
 #endif

+
 #ifdef MG_ENABLE_LINES
 #line 1 "src/ws.c"
 #endif
--- a/test/fuzz.c
+++ b/test/fuzz.c
@ -67,7 +67,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    if_init(ifp, &mgr, &cfg, &mip_driver_mock, NULL, pktlen, 0);

    // Make a copy of the random data, in order to modify it
-    uint8_t pkt[size];
+    uint8_t *pkt = malloc(size);
    struct eth *eth = (struct eth *) pkt;
    memcpy(pkt, data, size);
    if (size > sizeof(*eth)) {
@ -81,6 +81,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
    mip_rx(ifp, (void *) pkt, size);
    mgr.priv = NULL;  // Don't let Mongoose free() ifp
    mg_mgr_free(&mgr);
+    free(pkt);
  }

  return 0;