From: Douglas Bagnall Date: Thu, 16 Jan 2020 20:59:26 +0000 (+1300) Subject: fuzzing: check for NULL on ldb_init() X-Git-Tag: samba-4.12.0rc1~78 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6786ec2c9638f13efed8cba156e174644804a61e;p=thirdparty%2Fsamba.git fuzzing: check for NULL on ldb_init() We simply return 0 because failure here is not a problem with the code we are actually trying to fuzz. Without this asan is unhappy. Signed-off-by: Douglas Bagnall Reviewed-by: Andreas Schneider --- diff --git a/lib/fuzzing/fuzz_ldb_dn_explode.c b/lib/fuzzing/fuzz_ldb_dn_explode.c index dade67567cb..29747178e3e 100644 --- a/lib/fuzzing/fuzz_ldb_dn_explode.c +++ b/lib/fuzzing/fuzz_ldb_dn_explode.c @@ -27,6 +27,9 @@ int LLVMFuzzerTestOneInput(uint8_t *input, size_t len) { struct ldb_dn *dn = NULL; struct ldb_context *ldb = ldb_init(NULL, NULL); + if (ldb == NULL) { + return 0; + } /* * We copy the buffer in order to NUL-terminate, because running off * the end of the string would be an uninteresting crash. diff --git a/lib/fuzzing/fuzz_ldb_ldif_read.c b/lib/fuzzing/fuzz_ldb_ldif_read.c index f2c46bc9beb..4eee1701836 100644 --- a/lib/fuzzing/fuzz_ldb_ldif_read.c +++ b/lib/fuzzing/fuzz_ldb_ldif_read.c @@ -26,8 +26,11 @@ char buf[MAX_LENGTH + 1] = {0}; int LLVMFuzzerTestOneInput(uint8_t *input, size_t len) { struct ldb_ldif *ldif = NULL; - struct ldb_context *ldb = ldb_init(NULL, NULL); const char *s = NULL; + struct ldb_context *ldb = ldb_init(NULL, NULL); + if (ldb == NULL) { + return 0; + } if (len > MAX_LENGTH) { len = MAX_LENGTH; diff --git a/lib/fuzzing/fuzz_ldb_parse_control.c b/lib/fuzzing/fuzz_ldb_parse_control.c index bd3fda87fdb..98af24a8000 100644 --- a/lib/fuzzing/fuzz_ldb_parse_control.c +++ b/lib/fuzzing/fuzz_ldb_parse_control.c @@ -27,8 +27,11 @@ int LLVMFuzzerTestOneInput(uint8_t *input, size_t len) { struct ldb_control *control = NULL; struct ldb_context *ldb = ldb_init(NULL, NULL); + if (ldb == NULL) { + return 0; + } /* - * We copy the buffer in order to NUL-teminate, because running off + * We copy the buffer in order to NUL-terminate, because running off * the end of the string would be an uninteresting crash. */ if (len > MAX_LENGTH) {