Prevent argv[0] from being modified in magic and chewing fuzzers. (#303)

dirname() may modify the input argument. Changing argv[0] breaks any libFuzzer functionality that requires it to invoke itself (e.g. failure-resistant merge, minimize).
author: Oliver Chang <oliverchang@users.noreply.github.com> 2017-01-20 12:54:04 -0800
committer: Abhishek Arya <inferno@chromium.org> 2017-01-20 12:54:04 -0800
commit: 8b1c72c8cd001d2997e4912e5e52ec5d709e7357 (patch)
tree: 84c324863427827396e16a8e75ed8981a4299dc2 /projects/libchewing
parent: 7617655609913a8abafd40e7db4986715e537843 (diff)
download: oss-fuzz-8b1c72c8cd001d2997e4912e5e52ec5d709e7357.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/projects/libchewing/chewing_fuzzer_common.c b/projects/libchewing/chewing_fuzzer_common.c
index de249df67..34426ea37 100644
--- a/projects/libchewing/chewing_fuzzer_common.c
+++ b/projects/libchewing/chewing_fuzzer_common.c
@@ -3,14 +3,20 @@
 #include <libgen.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 
 static char userphrase_path[] = "/tmp/chewing_userphrase.db.XXXXXX";
 
 int LLVMFuzzerInitialize(int* argc, char*** argv) {
   char* exe_path = (*argv)[0];
-  char* dir = dirname(exe_path);
+
+  // dirname() can modify its argument.
+  char* exe_path_copy = strdup(exe_path);
+  char* dir = dirname(exe_path_copy);
+
   // Assume data files are at the same location as executable.
   setenv("CHEWING_PATH", dir, 0);
+  free(exe_path_copy);
 
   // Specify user db of this process. So we can run multiple fuzzers at the
   // same time.
author	Oliver Chang <oliverchang@users.noreply.github.com>	2017-01-20 12:54:04 -0800
committer	Abhishek Arya <inferno@chromium.org>	2017-01-20 12:54:04 -0800
commit	8b1c72c8cd001d2997e4912e5e52ec5d709e7357 (patch)
tree	84c324863427827396e16a8e75ed8981a4299dc2 /projects/libchewing
parent	7617655609913a8abafd40e7db4986715e537843 (diff)
download	oss-fuzz-8b1c72c8cd001d2997e4912e5e52ec5d709e7357.tar.gz