3party/mongoose
0
0
Fork 0
mirror of https://github.com/cesanta/mongoose.git synced 2024-12-27 15:01:03 +08:00
Code Issues Projects Releases Wiki Activity

Fix stack overflow in fuzzer - too big on-stack array

Browse Source
This commit is contained in:
cpq 2022-10-15 12:54:56 +01:00
parent 0103f1f080
commit aacae6444e
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
mongoose.c
View File

@ -5614,6 +5614,7 @@ uint64_t mg_millis(void) {
} }
#endif #endif
#ifdef MG_ENABLE_LINES #ifdef MG_ENABLE_LINES
#line 1 "src/ws.c" #line 1 "src/ws.c"
#endif #endif

3
test/fuzz.c
View File

@ -67,7 +67,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
if_init(ifp, &mgr, &cfg, &mip_driver_mock, NULL, pktlen, 0); if_init(ifp, &mgr, &cfg, &mip_driver_mock, NULL, pktlen, 0);
// Make a copy of the random data, in order to modify it // Make a copy of the random data, in order to modify it
uint8_t pkt[size]; uint8_t *pkt = malloc(size);
struct eth *eth = (struct eth *) pkt; struct eth *eth = (struct eth *) pkt;
memcpy(pkt, data, size); memcpy(pkt, data, size);
if (size > sizeof(*eth)) { if (size > sizeof(*eth)) {
@ -81,6 +81,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
mip_rx(ifp, (void *) pkt, size); mip_rx(ifp, (void *) pkt, size);
mgr.priv = NULL; // Don't let Mongoose free() ifp mgr.priv = NULL; // Don't let Mongoose free() ifp
mg_mgr_free(&mgr); mg_mgr_free(&mgr);
free(pkt);
} }
return 0; return 0;