From: Mark Andrews <marka@isc.org>
Date: Mon, 5 Oct 2020 22:49:28 +0000 (+1100)
Subject: render buf was too big
X-Git-Tag: v9.17.6~12^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8faf12eaced91bbcd71c544ae0b86ba4e4f807b9;p=thirdparty%2Fbind9.git

render buf was too big

It was misdeclared as a array of pointers (uint8_t*[]) and there
where too many elements (64 * 1024) instead of (64 * 1024 - 1).
---

diff --git a/fuzz/dns_message_parse.c b/fuzz/dns_message_parse.c
index 3e2f3662ae5..4202c609a87 100644
--- a/fuzz/dns_message_parse.c
+++ b/fuzz/dns_message_parse.c
@@ -31,7 +31,7 @@ bool debug = false;
 static isc_mem_t *mctx = NULL;
 static uint8_t *output = NULL;
 static size_t output_len = 1024;
-static uint8_t *render_buf[64 * 1024];
+static uint8_t render_buf[64 * 1024 - 1];
 
 int
 LLVMFuzzerInitialize(int *argc __attribute__((unused)),
@@ -103,7 +103,7 @@ render_message(dns_message_t **messagep) {
 	isc_buffer_t buffer;
 	dns_compress_t cctx;
 
-	isc_buffer_constinit(&buffer, render_buf, sizeof(render_buf));
+	isc_buffer_init(&buffer, render_buf, sizeof(render_buf));
 
 	message->from_to_wire = DNS_MESSAGE_INTENTRENDER;
 	for (size_t i = 0; i < DNS_SECTION_MAX; i++) {