fuzz_dcerpc_parse_binding: don't leak

Also, by not tallocing at all in the too-long case, we can short circuit quicker. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Oct 20 02:26:40 UTC 2020 on sn-devel-184
author: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 2020-10-18 11:59:40 +1300
committer: Jeremy Allison <jra@samba.org> 2020-10-20 02:26:40 +0000
commit: 930695b04d2c3984c4e335ff25471b2432885884 (patch)
tree: 0f45162d5d0a1f1383a3af29b2591a51903853aa /lib/fuzzing
parent: 67c437bf11caf6b9ec1ead62fbc5ba0f0f10d77a (diff)
download: samba-930695b04d2c3984c4e335ff25471b2432885884.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/fuzzing/fuzz_dcerpc_parse_binding.c b/lib/fuzzing/fuzz_dcerpc_parse_binding.c
index 5f1c68707ed..61df0c0670e 100644
--- a/lib/fuzzing/fuzz_dcerpc_parse_binding.c
+++ b/lib/fuzzing/fuzz_dcerpc_parse_binding.c
@@ -26,7 +26,7 @@ char buf[MAX_LENGTH + 1];
 
 int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
 {
-	TALLOC_CTX *mem_ctx = talloc_new(NULL);
+	TALLOC_CTX *mem_ctx = NULL;
 	struct dcerpc_binding *binding = NULL;
 	struct dcerpc_binding *dup = NULL;
 	struct epm_tower tower;
@@ -36,9 +36,11 @@ int LLVMFuzzerTestOneInput(uint8_t *input, size_t len)
 	if (len > MAX_LENGTH) {
 		return 0;
 	}
+
 	memcpy(buf, input, len);
 	buf[len]  = '\0';
 
+	mem_ctx = talloc_new(NULL);
 	status = dcerpc_parse_binding(mem_ctx, buf, &binding);
 
 	if (! NT_STATUS_IS_OK(status)) {
author	Douglas Bagnall <douglas.bagnall@catalyst.net.nz>	2020-10-18 11:59:40 +1300
committer	Jeremy Allison <jra@samba.org>	2020-10-20 02:26:40 +0000
commit	930695b04d2c3984c4e335ff25471b2432885884 (patch)
tree	0f45162d5d0a1f1383a3af29b2591a51903853aa /lib/fuzzing
parent	67c437bf11caf6b9ec1ead62fbc5ba0f0f10d77a (diff)
download	samba-930695b04d2c3984c4e335ff25471b2432885884.tar.gz