experiments/STT-tensorflow
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix base64_fuzz crash due to non-zero-terminated strings.

Browse Source 
If the fuzzing data is not a null terminated string, `std::string(data)` will cause a crash. This is because `std::string(char*)` calls `strlen` on the `char*` argument to know the size of the string. So, if `data` does not contain any `\0` this results in a heap overflow.

PiperOrigin-RevId: 342670802
Change-Id: I1c85836d58f7204ed8562babe1911c14dcbb0ae0
This commit is contained in:
Mihai Maruseac 2020-11-16 10:46:52 -08:00 committed by TensorFlower Gardener
parent 6d1218d210
commit 2dac0812a5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tensorflow/security/fuzzing/base64_fuzz.cc
View File

@ -25,7 +25,7 @@ limitations under the License.
namespace {
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
std::string input(reinterpret_cast<const char *>(data));
std::string input(reinterpret_cast<const char *>(data), size);
std::string encoded_string;
std::string decoded_string;
tensorflow::Status s;