diff options
author | Bimba Shrestha <bimbashrestha@fb.com> | 2019-09-23 18:54:56 (GMT) |
---|---|---|
committer | Bimba Shrestha <bimbashrestha@fb.com> | 2019-09-23 18:54:56 (GMT) |
commit | 192161e97e020b165a3cfc7821439e895ec194c8 (patch) | |
tree | 726c7fb3067e078d18159f4df67eb2126d099b3b | |
parent | d5ceafd4118c88e2372b0ccb35f8352f25f172a1 (diff) | |
download | lz4-192161e97e020b165a3cfc7821439e895ec194c8.zip lz4-192161e97e020b165a3cfc7821439e895ec194c8.tar.gz lz4-192161e97e020b165a3cfc7821439e895ec194c8.tar.bz2 |
Using size instead of LZ4_compressBound(size) <- causes heap overflow
-rw-r--r-- | ossfuzz/compress_frame_fuzzer.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ossfuzz/compress_frame_fuzzer.c b/ossfuzz/compress_frame_fuzzer.c index 668d7c3..bb14fc2 100644 --- a/ossfuzz/compress_frame_fuzzer.c +++ b/ossfuzz/compress_frame_fuzzer.c @@ -17,7 +17,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, LZ4_compressBound(size)); + FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size); LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer); size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer); size = FUZZ_dataProducer_remainingBytes(producer); |