[gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Thu Aug 1 11:48:44 CEST 2019
Tim Rühsen commented on a discussion on fuzz/libtasn1_encoding_fuzzer.c: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198648862
> + if (size > 2048) // same as max_len = 1000 in .options file
> + return 0;
> +
> + g_data = data;
> + g_size = size;
> +
> + int rc = asn1_parser2tree("pkix.asn", &definitions, errorDescription);
> + if (rc != ASN1_SUCCESS)
> + return 0;
> +
> + rc = asn1_create_element(definitions, "TEST_TREE.Koko", &asn1_element);
> + if (rc != ASN1_SUCCESS)
> + goto out;
> +
> + size_t vlen = size <= 32 ? size : 32;
> + value = malloc(vlen);
OK, I add an assert. Though for libFuzzer, malloc checking isn't relevant. The fuzzer will stop with an OOM, giving traceback and and `oom-...` corpus. So the assert is never executed.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198648862
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190801/5058da4e/attachment-0001.html>
More information about the Gnutls-devel
mailing list