[gnutls-devel] libtasn1 | Add initial fuzzing implementation (!38)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Aug 1 11:48:44 CEST 2019




Tim Rühsen commented on a discussion on fuzz/libtasn1_encoding_fuzzer.c: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198648862

> +	if (size > 2048) // same as max_len = 1000 in .options file
> +		return 0;
> +
> +	g_data = data;
> +	g_size = size;
> +
> +	int rc = asn1_parser2tree("pkix.asn", &definitions, errorDescription);
> +	if (rc != ASN1_SUCCESS)
> +		return 0;
> +
> +	rc = asn1_create_element(definitions, "TEST_TREE.Koko", &asn1_element);
> +	if (rc != ASN1_SUCCESS)
> +		goto out;
> +
> +	size_t vlen = size <= 32 ? size : 32;
> +	value = malloc(vlen);

OK, I add an assert. Though for libFuzzer, malloc checking isn't relevant. The fuzzer will stop with an OOM, giving traceback and and `oom-...` corpus. So the assert is never executed.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/libtasn1/merge_requests/38#note_198648862
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190801/5058da4e/attachment-0001.html>


More information about the Gnutls-devel mailing list