projects / project / cgi-io.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ed8ce0d) | patch
Fix off-by-one in postdecode_fields
authorPetr Štetiar <ynezz@true.cz>
Sun, 11 Oct 2020 11:57:10 +0000 (13:57 +0200)
committerPetr Štetiar <ynezz@true.cz>
Tue, 27 Oct 2020 22:03:04 +0000 (23:03 +0100)
commit09f9ac5066ee71f7cc1d5a6401dfa7f49d1dd677
treeaaf6c6e4470628df9bdec25340b2ccabf386d8detree | snapshot
parented8ce0d5d28b745cfe9b2eda0d70f9ce4b147092commit | diff
Fix off-by-one in postdecode_fields

Fixes following error found by fuzzer:

 ERROR: AddressSanitizer: SEGV on unknown address 0x60c000120000 (pc 0x00000054f64f bp 0x000000000008 sp 0x7ffe4fc2c120 T0)
 The signal is caused by a READ memory access.
    #0 0x54f64f in postdecode_fields cgi-io/util.c:93:7
    #1 0x54f382 in LLVMFuzzerTestOneInput cgi-io/tests/fuzz/test-fuzz.c:36:6

That is caused by reading 1 byte past the size of the buffer.

Signed-off-by: Petr Štetiar <ynezz@true.cz>
tests/fuzz/corpus/crash-9adc1b00fe9189d66d3bfd8b7759b003cf3f5427 [new file with mode: 0644] blob
tests/fuzz/corpus/crash-c1e3b9cd71f83cc0de5ab4c0e3db39316cd5c6c0 [new file with mode: 0644] blob
util.c diff | blob | history
CGI utility for handling up/downloading of files etc.