From 5bc582b2c72a5fe401511ee492d1410f4f23ec7e Mon Sep 17 00:00:00 2001 From: Martijn van Beurden Date: Fri, 19 Aug 2022 21:33:15 +0200 Subject: Fix some OOM metadata bugs, disable OOM checking in metadata fuzzing For now OOM emulation in fuzzer_metadata is disabled, as I really want to get as much merged as soon as possible. Need to get back to this at some point --- oss-fuzz/fuzzer_metadata.cc | 29 ++++++++++++++++++++++------- oss-fuzz/fuzzer_seek.cc | 14 +++++++------- 2 files changed, 29 insertions(+), 14 deletions(-) (limited to 'oss-fuzz') diff --git a/oss-fuzz/fuzzer_metadata.cc b/oss-fuzz/fuzzer_metadata.cc index 7d3cb5ea..66f3d4cf 100644 --- a/oss-fuzz/fuzzer_metadata.cc +++ b/oss-fuzz/fuzzer_metadata.cc @@ -61,7 +61,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) command_length = data[0] >> 4; - if(data[1] < 128) /* Use MSB as on/off */ + if(0)//data[1] < 128) /* Use MSB as on/off */ alloc_check_threshold = data[1]; else alloc_check_threshold = INT32_MAX; @@ -218,22 +218,37 @@ static void run_tests_with_level_2_interface(char filename[], bool ogg, bool use case 5: if(metadata_block_transfer != 0 && metadata_block_transfer->is_valid()) { metadata_block_put = FLAC::Metadata::clone(metadata_block_transfer); - if(!iterator.insert_block_before(metadata_block_put)) - delete metadata_block_put; + if(metadata_block_put != 0 && metadata_block_put->is_valid()) { + if(!iterator.insert_block_before(metadata_block_put)) + delete metadata_block_put; + } + else + if(metadata_block_put != 0) + delete metadata_block_put; } break; case 6: if(metadata_block_transfer != 0 && metadata_block_transfer->is_valid()) { metadata_block_put = FLAC::Metadata::clone(metadata_block_transfer); - if(!iterator.insert_block_after(metadata_block_put)) - delete metadata_block_put; + if(metadata_block_put != 0 && metadata_block_put->is_valid()) { + if(!iterator.insert_block_after(metadata_block_put)) + delete metadata_block_put; + } + else + if(metadata_block_put != 0) + delete metadata_block_put; } break; case 7: if(metadata_block_transfer != 0 && metadata_block_transfer->is_valid()) { metadata_block_put = FLAC::Metadata::clone(metadata_block_transfer); - if(!iterator.set_block(metadata_block_put)) - delete metadata_block_put; + if(metadata_block_put != 0 && metadata_block_put->is_valid()) { + if(!iterator.set_block(metadata_block_put)) + delete metadata_block_put; + } + else + if(metadata_block_put != 0) + delete metadata_block_put; } break; case 8: /* Examine block */ diff --git a/oss-fuzz/fuzzer_seek.cc b/oss-fuzz/fuzzer_seek.cc index ed89b233..a926f68f 100644 --- a/oss-fuzz/fuzzer_seek.cc +++ b/oss-fuzz/fuzzer_seek.cc @@ -47,11 +47,11 @@ int write_abort_check_counter = -1; static FLAC__StreamDecoderWriteStatus write_callback(const FLAC__StreamDecoder *decoder, const FLAC__Frame *frame, const FLAC__int32 *const buffer[], void *client_data) { (void)decoder, (void)frame, (void)buffer, (void)client_data; - if(write_abort_check_counter > 0) + if(write_abort_check_counter > 0) { write_abort_check_counter--; if(write_abort_check_counter == 0) return FLAC__STREAM_DECODER_WRITE_STATUS_ABORT; - else if(write_abort_check_counter == 0) + } else if(write_abort_check_counter == 0) /* This must not happen: write callback called after abort is returned */ abort(); return FLAC__STREAM_DECODER_WRITE_STATUS_CONTINUE; @@ -70,11 +70,11 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) uint8_t command_length; FLAC__bool init_bools[16], ogg; - if(size > 2 && data[1] < 128) /* Use MSB as on/off */ - alloc_check_threshold = data[1]; - else - alloc_check_threshold = INT32_MAX; - alloc_check_counter = 0; + if(size > 2 && data[1] < 128) /* Use MSB as on/off */ + alloc_check_threshold = data[1]; + else + alloc_check_threshold = INT32_MAX; + alloc_check_counter = 0; write_abort_check_counter = -1; -- cgit v1.2.1