From 2dac0812a52cc72661a55487d2bc9ed84fd7b268 Mon Sep 17 00:00:00 2001
From: Mihai Maruseac <mihaimaruseac@google.com>
Date: Mon, 16 Nov 2020 10:46:52 -0800
Subject: [PATCH] Fix `base64_fuzz` crash due to non-zero-terminated strings.

If the fuzzing data is not a null terminated string, `std::string(data)` will cause a crash. This is because `std::string(char*)` calls `strlen` on the `char*` argument to know the size of the string. So, if `data` does not contain any `\0` this results in a heap overflow.

PiperOrigin-RevId: 342670802
Change-Id: I1c85836d58f7204ed8562babe1911c14dcbb0ae0
---
 tensorflow/security/fuzzing/base64_fuzz.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tensorflow/security/fuzzing/base64_fuzz.cc b/tensorflow/security/fuzzing/base64_fuzz.cc
index 13aa590e52d..19ff181a79a 100644
--- a/tensorflow/security/fuzzing/base64_fuzz.cc
+++ b/tensorflow/security/fuzzing/base64_fuzz.cc
@@ -25,7 +25,7 @@ limitations under the License.
 namespace {
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
-  std::string input(reinterpret_cast<const char *>(data));
+  std::string input(reinterpret_cast<const char *>(data), size);
   std::string encoded_string;
   std::string decoded_string;
   tensorflow::Status s;