Commit graph

6 commits

Author SHA1 Message Date
Denis Kasak
8d1cfd207a Fix a fuzzing harness double free when input is of size 0.
Consider the case when the input is size 0. In this case, `count` and
`buffer_pos` will be 0 as well. The `realloc` call in the `count == 0`
branch will then effectively become a free.

However, `realloc` can sometimes return `NULL` when a 0 is passed for
the size. The current code assumes that this only happens on a memory
allocation error and breaks out of the loop. This then becomes a double
free because the buffer is freed a second time, causing an abort.

The intent of the `realloc` is probably to downsize the buffer to fit
the data exactly in order to make incorrect memory access more obvious.
This commit skips this downsizing if the size of the input data is 0.
2021-05-10 21:04:44 +00:00
Damir Jelić
2fccf44015 python: Remove the python bindings.
Signed-off-by: Damir Jelić <poljar@termina.org.uk>
2018-07-18 17:44:32 -04:00
Richard van der Hoff
64130c1f8b Fix broken fuzzer compilation
fuzz_group_decrypt.cpp got broken by 653790e; fix it up
2016-10-24 16:32:21 +01:00
Richard van der Hoff
cada801de5 Add a README for the fuzzers 2016-10-19 14:59:50 +01:00
Mark Haines
bfeb554e86 Add a fuzzer for olm_group_decrypt 2016-05-26 13:25:34 +01:00
Mark Haines
f47aabd094 Add support for building fuzzers using american fuzzy lop
Builds fuzzers using http://lcamtuf.coredump.cx/afl/
2016-05-23 17:32:24 +01:00