Commit graph

5 commits

Author SHA1 Message Date
Denis Kasak
4901435a0e Improve cleanup in fuzzing harnesses 2021-07-08 14:23:55 +00:00
Denis Kasak
0a7b6da9a0 Slightly refactor/comment the harness for clarity. 2021-05-10 21:04:44 +00:00
Denis Kasak
8d1cfd207a Fix a fuzzing harness double free when input is of size 0.
Consider the case when the input is size 0. In this case, `count` and
`buffer_pos` will be 0 as well. The `realloc` call in the `count == 0`
branch will then effectively become a free.

However, `realloc` can sometimes return `NULL` when a 0 is passed for
the size. The current code assumes that this only happens on a memory
allocation error and breaks out of the loop. This then becomes a double
free because the buffer is freed a second time, causing an abort.

The intent of the `realloc` is probably to downsize the buffer to fit
the data exactly in order to make incorrect memory access more obvious.
This commit skips this downsizing if the size of the input data is 0.
2021-05-10 21:04:44 +00:00
Mark Haines
bfeb554e86 Add a fuzzer for olm_group_decrypt 2016-05-26 13:25:34 +01:00
Mark Haines
f47aabd094 Add support for building fuzzers using american fuzzy lop
Builds fuzzers using http://lcamtuf.coredump.cx/afl/
2016-05-23 17:32:24 +01:00