Using size instead of LZ4_compressBound(size) <- causes heap overflow

author: Bimba Shrestha <bimbashrestha@fb.com> 2019-09-23 18:54:56 (GMT)
committer: Bimba Shrestha <bimbashrestha@fb.com> 2019-09-23 18:54:56 (GMT)
commit: 192161e97e020b165a3cfc7821439e895ec194c8 (patch)
tree: 726c7fb3067e078d18159f4df67eb2126d099b3b /ossfuzz
parent: d5ceafd4118c88e2372b0ccb35f8352f25f172a1 (diff)
download: lz4-192161e97e020b165a3cfc7821439e895ec194c8.zip
lz4-192161e97e020b165a3cfc7821439e895ec194c8.tar.gz
lz4-192161e97e020b165a3cfc7821439e895ec194c8.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/ossfuzz/compress_frame_fuzzer.c b/ossfuzz/compress_frame_fuzzer.c
index 668d7c3..bb14fc2 100644
--- a/ossfuzz/compress_frame_fuzzer.c
+++ b/ossfuzz/compress_frame_fuzzer.c
@@ -17,7 +17,7 @@
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
-    FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, LZ4_compressBound(size));
+    FUZZ_dataProducer_t *producer = FUZZ_dataProducer_create(data, size);
     LZ4F_preferences_t const prefs = FUZZ_dataProducer_preferences(producer);
     size_t const dstCapacitySeed = FUZZ_dataProducer_retrieve32(producer);
     size = FUZZ_dataProducer_remainingBytes(producer);
author	Bimba Shrestha <bimbashrestha@fb.com>	2019-09-23 18:54:56 (GMT)
committer	Bimba Shrestha <bimbashrestha@fb.com>	2019-09-23 18:54:56 (GMT)
commit	192161e97e020b165a3cfc7821439e895ec194c8 (patch)
tree	726c7fb3067e078d18159f4df67eb2126d099b3b /ossfuzz
parent	d5ceafd4118c88e2372b0ccb35f8352f25f172a1 (diff)
download	lz4-192161e97e020b165a3cfc7821439e895ec194c8.zip lz4-192161e97e020b165a3cfc7821439e895ec194c8.tar.gz lz4-192161e97e020b165a3cfc7821439e895ec194c8.tar.bz2