1. 13 Jul, 2021 1 commit
  2. 08 Jul, 2021 1 commit
  3. 10 May, 2021 2 commits
    • Denis Kasak's avatar
      Slightly refactor/comment the harness for clarity. · 0a7b6da9
      Denis Kasak authored and Hubert Chathi's avatar Hubert Chathi committed
      0a7b6da9
    • Denis Kasak's avatar
      Fix a fuzzing harness double free when input is of size 0. · 8d1cfd20
      Denis Kasak authored and Hubert Chathi's avatar Hubert Chathi committed
      Consider the case when the input is size 0. In this case, `count` and
      `buffer_pos` will be 0 as well. The `realloc` call in the `count == 0`
      branch will then effectively become a free.
      
      However, `realloc` can sometimes return `NULL` when a 0 is passed for
      the size. The current code assumes that this only happens on a memory
      allocation error and breaks out of the loop. This then becomes a double
      free because the buffer is freed a second time, causing an abort.
      
      The intent of the `realloc` is probably to downsize the buffer to fit
      the data exactly in order to make incorrect memory access more obvious.
      This commit skips this downsizing if the size of the input data is 0.
      8d1cfd20
  4. 26 May, 2016 1 commit
  5. 23 May, 2016 1 commit