Skip to content

Commit

Permalink
fuzz: fix size type
Browse files Browse the repository at this point in the history 
Fix silent overflow in the fuzzer. 255 is clearly << 65536 so that means
we are not able to exercise the full buffer. But upon further inspection
its clear that numbers are a minimum truncated if not rolling over based
on the code in the size_t to uint8_t conversions.

This was validated by converting the type temporarily to signed and
observing the fuzzer using a negative index.

Signed-off-by: Curtis Malainey <[email protected]>
  • Loading branch information
@cujomalainey
cujomalainey committed Oct 1, 2024
1 parent 484ea0b commit 998f2d0
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/platform/posix/ipc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ extern uint8_t *posix_fuzz_buf, posix_fuzz_sz;
// thinking/experimentation about how much fuzzing we want to do at a
// time...
static uint8_t fuzz_in[65536];
static uint8_t fuzz_in_sz;
static size_t fuzz_in_sz;

// The protocol here is super simple: the first byte is a message size
// in units of 16 bits (the buffer maximum defaults to 384 bytes, and
Expand Down

0 comments on commit 998f2d0

Please sign in to comment.