Fix fuzzer off by one error (#1047)

* Fix fuzzer off by one error Currently the fuzzer has an off by one error, as it passing a bad length to the CharReader::parse method, resulting in a heap buffer overflow. * Rebase master, rerun clang format
2025-10-15 15:16:47 +02:00 · 2019-10-11 15:08:42 -07:00
parent ddc0748c4f
commit 2e33c218cb
3 changed files with 6 additions and 3 deletions
--- a/src/test_lib_json/fuzz.cpp
+++ b/src/test_lib_json/fuzz.cpp
@@ -25,6 +25,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

  uint32_t hash_settings = *(const uint32_t*)data;
  data += sizeof(uint32_t);
+  size -= sizeof(uint32_t);

  builder.settings_["failIfExtra"] = hash_settings & (1 << 0);
  builder.settings_["allowComments_"] = hash_settings & (1 << 1);