]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 50df71a)
render buf was too big
authorMark Andrews <marka@isc.org>
Mon, 5 Oct 2020 22:49:28 +0000 (09:49 +1100)
committerMark Andrews <marka@isc.org>
Mon, 5 Oct 2020 22:49:28 +0000 (09:49 +1100)
It was misdeclared as a array of pointers (uint8_t*[]) and there
where too many elements (64 * 1024) instead of (64 * 1024 - 1).

fuzz/dns_message_parse.c patch | blob | blame | history

diff --git a/fuzz/dns_message_parse.c b/fuzz/dns_message_parse.c
index 3e2f3662ae5d37c456f2118b2d80deb5e0519ebb..4202c609a875b329a3f93a5e81b57bb4e9dd1e67 100644 (file)
--- a/fuzz/dns_message_parse.c
+++ b/fuzz/dns_message_parse.c
@@ -31,7 +31,7 @@ bool debug = false;
 static isc_mem_t *mctx = NULL;
 static uint8_t *output = NULL;
 static size_t output_len = 1024;
-static uint8_t *render_buf[64 * 1024];
+static uint8_t render_buf[64 * 1024 - 1];
 
 int
 LLVMFuzzerInitialize(int *argc __attribute__((unused)),
@@ -103,7 +103,7 @@ render_message(dns_message_t **messagep) {
        isc_buffer_t buffer;
        dns_compress_t cctx;
 
-       isc_buffer_constinit(&buffer, render_buf, sizeof(render_buf));
+       isc_buffer_init(&buffer, render_buf, sizeof(render_buf));
 
        message->from_to_wire = DNS_MESSAGE_INTENTRENDER;
        for (size_t i = 0; i < DNS_SECTION_MAX; i++) {
Mirror of https://gitlab.isc.org/isc-projects/bind9.git