diff options
author | Alan Antonuk <alan.antonuk@gmail.com> | 2023-03-01 03:15:27 +0000 |
---|---|---|
committer | Alan Antonuk <alan.antonuk@gmail.com> | 2023-02-28 22:28:37 -0500 |
commit | a78737482b3f5e9359c303099107644d7ee48e07 (patch) | |
tree | 671c39bab95e0a5fa6b3580a8451b3d67081156f | |
parent | cb04afb806447d509e7722776e8533c5069571a3 (diff) | |
download | rabbitmq-c-a78737482b3f5e9359c303099107644d7ee48e07.tar.gz |
Correct fuzz_url.c to conform to fuzzing API
1. Always null-terminate the string provided, this is a requirement of
the API itself (fixes: https://crbug.com/oss-fuzz/56157).
2. Provide a string that amqp_parse_url can modify. This API modifies
its input (fixes: https://crbug.com/oss-fuzz/56162).
3. Always return 0 from the fuzzing function. It is expected that
amqp_parse_url will return non-0 when it fails to parse the input.
Signed-off-by: GitHub <noreply@github.com>
-rw-r--r-- | fuzz/fuzz_url.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/fuzz/fuzz_url.c b/fuzz/fuzz_url.c index 5b3658a..250a3a4 100644 --- a/fuzz/fuzz_url.c +++ b/fuzz/fuzz_url.c @@ -4,14 +4,21 @@ #include <inttypes.h> #include <stddef.h> #include <stdint.h> +#include <stdlib.h> #include <string.h> #include <rabbitmq-c/amqp.h> extern int LLVMFuzzerTestOneInput(const char *data, size_t size) { + // amqp_parse_url expects null-terminated string that it can modify, + // LLVMFuzzer expects that data will not be modified and won't necessarily + // null terminate the string, so do that here. + char* in = malloc(size + 1); + memcpy(in, data, size); + in[size] = '\0'; struct amqp_connection_info ci; - int res; - res = amqp_parse_url((char *)data, &ci); - return res; + amqp_parse_url(in, &ci); + free(in); + return 0; } |