generic-library/jsoncpp
1
0
Fork 0
mirror of https://github.com/open-source-parsers/jsoncpp.git synced 2024-12-13 10:22:55 +01:00
Code Issues Projects Releases Wiki Activity

Fix fuzzer off by one error (#1047)

Browse Source 
* Fix fuzzer off by one error

Currently the fuzzer has an off by one error, as it passing a bad length
to the CharReader::parse method, resulting in a heap buffer overflow.

* Rebase master, rerun clang format
This commit is contained in:
Jordan Bayles 2019-10-11 15:08:42 -07:00 committed by GitHub
parent ddc0748c4f
commit 2e33c218cb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/lib_json/json_value.cpp
View File

@ -210,7 +210,9 @@ LogicError::LogicError(String const& msg) : Exception(msg) {}
JSONCPP_NORETURN void throwRuntimeError(String const& msg) {
throw RuntimeError(msg);
}
JSONCPP_NORETURN void throwLogicError(String const& msg) { throw LogicError(msg); }
JSONCPP_NORETURN void throwLogicError(String const& msg) {
throw LogicError(msg);
}
#else // !JSON_USE_EXCEPTION
JSONCPP_NORETURN void throwRuntimeError(String const& msg) { abort(); }
JSONCPP_NORETURN void throwLogicError(String const& msg) { abort(); }

1
src/test_lib_json/fuzz.cpp
View File

@ -25,6 +25,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
uint32_t hash_settings = *(const uint32_t*)data;
data += sizeof(uint32_t);
size -= sizeof(uint32_t);
builder.settings_["failIfExtra"] = hash_settings & (1 << 0);
builder.settings_["allowComments_"] = hash_settings & (1 << 1);