Merge pull request #794 from bimbashrestha/compress_frame_fuzzer_heap_overflow

Using size instead of LZ4_compressBound(size) <- causes heap overflow
author: Yann Collet <Cyan4973@users.noreply.github.com> 2019-09-23 19:50:05 (GMT)
committer: GitHub <noreply@github.com> 2019-09-23 19:50:05 (GMT)
commit: e9d8e15263df4a0529dcd22ca48c82869d19abb9 (patch)
tree: 726c7fb3067e078d18159f4df67eb2126d099b3b
parent: d5ceafd4118c88e2372b0ccb35f8352f25f172a1 (diff)
parent: 192161e97e020b165a3cfc7821439e895ec194c8 (diff)
download: lz4-e9d8e15263df4a0529dcd22ca48c82869d19abb9.zip
lz4-e9d8e15263df4a0529dcd22ca48c82869d19abb9.tar.gz
lz4-e9d8e15263df4a0529dcd22ca48c82869d19abb9.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/ossfuzz/compress_frame_fuzzer.c b/ossfuzz/compress_frame_fuzzer.c
index 668d7c3..bb14fc2 100644
--- a/ossfuzz/compress_frame_fuzzer.c
+++ b/ossfuzz/compress_frame_fuzzer.c
@@ -17,7 +17,7 @@
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
-    FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, LZ4_compressBound(size));
+    FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
     LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
     size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
     size = FUZZ_dataProducer_remainingBytes(producer);
author	Yann Collet <Cyan4973@users.noreply.github.com>	2019-09-23 19:50:05 (GMT)
committer	GitHub <noreply@github.com>	2019-09-23 19:50:05 (GMT)
commit	e9d8e15263df4a0529dcd22ca48c82869d19abb9 (patch)
tree	726c7fb3067e078d18159f4df67eb2126d099b3b
parent	d5ceafd4118c88e2372b0ccb35f8352f25f172a1 (diff)
parent	192161e97e020b165a3cfc7821439e895ec194c8 (diff)
download	lz4-e9d8e15263df4a0529dcd22ca48c82869d19abb9.zip lz4-e9d8e15263df4a0529dcd22ca48c82869d19abb9.tar.gz lz4-e9d8e15263df4a0529dcd22ca48c82869d19abb9.tar.bz2