Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OSS-Fuzz Fixes #1008

Open
wants to merge 4 commits into
base: next
Choose a base branch
from
Open

OSS-Fuzz Fixes #1008

wants to merge 4 commits into from
+52 −5

Commits on Oct 27, 2021

  1. Fix memset'ing of buffer in strrep 

    `strlen(buf)` is not guaranteed to return the size of the buffer, as it
might contain some null bytes in the middle.

Fixes htacg#1001
    @alpire
    alpire committed Oct 27, 2021
    Configuration menu
    Copy the full SHA
    df5bc80 View commit details
    Browse the repository at this point in the history

  2. Fix infinite loop in ParsePre 

    The loop was introduced 91f29ea when switching to a non-recursive
algorithm. `InlineDup` should not be called when `ParsePre` restarts.

This should fix the oss-fuzz build failure @ https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36721
    @alpire
    alpire committed Oct 27, 2021
    Configuration menu
    Copy the full SHA
    8b8b3de View commit details
    Browse the repository at this point in the history

  3. Fix out-of-bounds write in NormalizeSpaces 

    NormalizeSpaces decodes and re-encodes UTF-8 characters while looking to
replace non-breaking spaces with regular spaces. When the UTF-8 decoding
hits an error, a replacement character (0xFFFD) is returned and
re-encoded as a 3-byte UTF-8 character. In some cases, this increases
the size of strings, leading to writing past the end of the allocated
buffer.

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13191.
    @alpire
    alpire committed Oct 27, 2021
    Configuration menu
    Copy the full SHA
    216d8c3 View commit details
    Browse the repository at this point in the history

Commits on Feb 2, 2022

  1. mapped_io: fix mapped_eof on windows 

    The mmaped IO implementation on windows does not always increment `pos`
on each `getByte`. It relies on an incrementing pointer `iter`, and
update `pos` only when a new chunk gets maped.

However, mmaped_eof was only considering `pos` and not `iter`, and
therefore was sometimes incorrectly returning false until a later call
to `getByte` would update `pos`.
    @alpire
    alpire committed Feb 2, 2022
    Configuration menu
    Copy the full SHA
    5f3eb66 View commit details
    Browse the repository at this point in the history