lib/fuzzing: Avoid NULL pointer de-ref from 0-length input

fmemopen() does not like 0-length input.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/lib/fuzzing/fuzz_oLschema2ldif.c b/lib/fuzzing/fuzz_oLschema2ldif.c
index 4dd5668e6736a0024b0178b6d296e58b7f566f37..a983f48d660ecac3082618fa3ab1887642d12192 100644 (file)
--- a/lib/fuzzing/fuzz_oLschema2ldif.c
+++ b/lib/fuzzing/fuzz_oLschema2ldif.c
@@ -34,6 +34,14 @@ int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
        TALLOC_CTX *mem_ctx;
        struct conv_options opt;
 
+       if (len == 0) {
+               /*
+                * Otherwise fmemopen() will return null and set errno
+                * to EINVAL
+                */
+               return 0;
+       }
+
        mem_ctx = talloc_init(__FUNCTION__);
 
        opt.in = fmemopen(buf, len, "r");

diff --git a/lib/fuzzing/fuzz_tiniparser.c b/lib/fuzzing/fuzz_tiniparser.c
index a6e2ef7c2fee74241a37010596263f5cd607325e..ccc50da183a75edf1c5dabed8a016d938f73043e 100644 (file)
--- a/lib/fuzzing/fuzz_tiniparser.c
+++ b/lib/fuzzing/fuzz_tiniparser.c
@@ -27,7 +27,15 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
 
 int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len)
 {
-       FILE *fp;
+       FILE *fp = NULL;
+
+       if (len == 0) {
+               /*
+                * Otherwise fmemopen() will return null and set errno
+                * to EINVAL
+                */
+               return 0;
+       }
 
        fp = fmemopen(buf, len, "r");