generic-library/isa-l
1
0
Fork 0
mirror of https://github.com/intel/isa-l.git synced 2025-12-21 12:49:42 +01:00
Code Issues Projects Releases Wiki Activity

tests: [fuzz] fix potential null dereference

Browse Source 
There is a possibility that zstate.msg = NULL, which is set
in inflateInit2() function. In that case, we should not
compare against another string.

Signed-off-by: Pablo de Lara <pablo.de.lara.guarch@intel.com>
This commit is contained in:
Pablo de Lara
2025-08-11 11:09:33 +00:00
parent 768b77219f
commit fa32879c2d
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
tests/fuzz/igzip_checked_inflate_fuzz_test.c
View File

@@ -59,10 +59,11 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
/* If zlib errors, assert isal errors, excluding a few
* cases where zlib is overzealous and when zlib notices
* an error faster than isal */
assert(iret < 0 || strcmp(zstate.msg, z_msg_invalid_code_set) == 0 ||
assert(iret < 0 || (iret == ISAL_END_INPUT && zstate.avail_in < 3) ||
(zstate.msg != NULL &&
(strcmp(zstate.msg, z_msg_invalid_code_set) == 0 ||
strcmp(zstate.msg, z_msg_invalid_dist_set) == 0 ||
strcmp(zstate.msg, z_msg_invalid_lit_len_set) == 0 ||
(iret == ISAL_END_INPUT && zstate.avail_in < 3));
strcmp(zstate.msg, z_msg_invalid_lit_len_set) == 0)));
} else
/* If zlib did not finish or error, assert isal did not finish