forked from OSchip/llvm-project
b42db1567c
Summary: Original oss-fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3727#c2 The minimized test case that causes this failure: 5b 5b 5b 3d 47 53 00 5b 3d 5d 5b 5d 0a [[[=GS.[=][]. Note the string "=GS\x00". The failure happens because the code is searching the string against an array of known collated names. "GS\x00" is a hit, but since len takes into account an extra NUL byte, indexing into cp->name[len] goes one byte past it's allocated memory. Fix this to use a strlen(cp->name) comparison to account for NUL bytes in the input. Reviewers: pcc Reviewed By: pcc Subscribers: hctim, kcc Differential Revision: https://reviews.llvm.org/D39380 llvm-svn: 316786 |
||
|---|---|---|
| .. | ||
| ADT | ||
| Analysis | ||
| AsmParser | ||
| BinaryFormat | ||
| Bitcode | ||
| CodeGen | ||
| DebugInfo | ||
| ExecutionEngine | ||
| FuzzMutate | ||
| IR | ||
| LineEditor | ||
| Linker | ||
| MC | ||
| MI | ||
| Object | ||
| ObjectYAML | ||
| Option | ||
| ProfileData | ||
| Support | ||
| Target | ||
| Transforms | ||
| XRay | ||
| tools | ||
| CMakeLists.txt | ||