]> Cypherpunks repositories - keks.git/commitdiff
projects / keks.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fa9d0dd)
Missing buffer size check
authorSergey Matveev <stargrave@stargrave.org>
Wed, 11 Dec 2024 11:43:34 +0000 (14:43 +0300)
committerSergey Matveev <stargrave@stargrave.org>
Wed, 11 Dec 2024 11:43:38 +0000 (14:43 +0300)
Found immediately by fuzz test.

gyac/convert-fuzz-input-to-testdata [new file with mode: 0755] patch | blob
gyac/dec.go patch | blob | history
gyac/fuzz_test.go [new file with mode: 0644] patch | blob

diff --git a/gyac/convert-fuzz-input-to-testdata b/gyac/convert-fuzz-input-to-testdata
new file mode 100755 (executable)
index 0000000..c4386e3
--- /dev/null
+++ b/gyac/convert-fuzz-input-to-testdata
@@ -0,0 +1,6 @@
+#!/bin/sh -e
+
+dst=testdata/fuzz/FuzzItemDecode
+mkdir -p $dst
+# go install golang.org/x/tools/cmd/file2fuzz@latest
+file2fuzz -o $dst fuzz-input
diff --git a/gyac/dec.go b/gyac/dec.go
index 7accd44eef49ebf9801dbbc093142bd3b646e8d90f9fcff63f6991335b34768d..085b4a9cbefd3ccca3e2e3161709feab669392a76d9663e6a9ca912a80166a9c 100644 (file)
--- a/gyac/dec.go
+++ b/gyac/dec.go
@@ -189,6 +189,10 @@ func AtomDecode(buf []byte) (item *Item, off int, err error) {
                }
                var bin *Item
                var binOff int
+               if len(buf) < 2 {
+                       err = ErrNotEnough
+                       return
+               }
                if buf[1]&AtomStrings == 0 {
                        err = errors.New("wrong int value")
                        return
diff --git a/gyac/fuzz_test.go b/gyac/fuzz_test.go
new file mode 100644 (file)
index 0000000..37195da
--- /dev/null
+++ b/gyac/fuzz_test.go
@@ -0,0 +1,11 @@
+package gyac
+
+import (
+       "testing"
+)
+
+func FuzzItemDecode(f *testing.F) {
+       f.Fuzz(func(t *testing.T, b []byte) {
+               ItemDecode(b)
+       })
+}
KEKS codec