summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBimba Shrestha <bimbashrestha@fb.com>2019-09-23 18:54:56 (GMT)
committerBimba Shrestha <bimbashrestha@fb.com>2019-09-23 18:54:56 (GMT)
commit192161e97e020b165a3cfc7821439e895ec194c8 (patch)
tree726c7fb3067e078d18159f4df67eb2126d099b3b
parentd5ceafd4118c88e2372b0ccb35f8352f25f172a1 (diff)
downloadlz4-192161e97e020b165a3cfc7821439e895ec194c8.zip
lz4-192161e97e020b165a3cfc7821439e895ec194c8.tar.gz
lz4-192161e97e020b165a3cfc7821439e895ec194c8.tar.bz2
Using size instead of LZ4_compressBound(size) <- causes heap overflow
-rw-r--r--ossfuzz/compress_frame_fuzzer.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/ossfuzz/compress_frame_fuzzer.c b/ossfuzz/compress_frame_fuzzer.c
index 668d7c3..bb14fc2 100644
--- a/ossfuzz/compress_frame_fuzzer.c
+++ b/ossfuzz/compress_frame_fuzzer.c
@@ -17,7 +17,7 @@
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
- FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, LZ4_compressBound(size));
+ FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
size = FUZZ_dataProducer_remainingBytes(producer);