You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@qpid.apache.org by "ASF GitHub Bot (Jira)" <ji...@apache.org> on 2019/11/13 13:06:00 UTC

[jira] [Commented] (PROTON-2136) fuzz-connection-driver.c exits with 1 when the engine stops accepting additional input

    [ https://issues.apache.org/jira/browse/PROTON-2136?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16973327#comment-16973327 ] 

ASF GitHub Bot commented on PROTON-2136:
----------------------------------------

jdanekrh commented on pull request #208: PROTON-2136 Fix fuzz-connection-driver to be tolerant of NULL input buffer
URL: https://github.com/apache/qpid-proton/pull/208
 
 
   I completely forgot about this one. Maybe when it is fixed, the fuzz target will not be crashing so much and the OSS Fuzz infra will run it more.
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


> fuzz-connection-driver.c exits with 1 when the engine stops accepting additional input
> --------------------------------------------------------------------------------------
>
>                 Key: PROTON-2136
>                 URL: https://issues.apache.org/jira/browse/PROTON-2136
>             Project: Qpid Proton
>          Issue Type: Test
>          Components: proton-c
>    Affects Versions: proton-c-0.29.0
>            Reporter: Jiri Daněk
>            Assignee: Jiri Daněk
>            Priority: Major
>
> {noformat}
> size_t fcd_read(pn_connection_driver_t *driver, uint8_t **data, size_t *size) {
>   pn_rwbytes_t buf = pn_connection_driver_read_buffer(driver);
>   size_t s = (*size < buf.size) ? *size : buf.size;
>   if (buf.start == NULL) {
>     exit(1);
>   }
> {noformat}
> The engine offers a null buffer for further input. AFAIK that is legit, because it is just that the "socket" was closed for further input, after reading the invalid header.
> The fuzz target should just return peacefully at this point and not crash.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org