diff options
author | Oliver Chang <oliverchang@users.noreply.github.com> | 2017-01-20 12:54:04 -0800 |
---|---|---|
committer | Abhishek Arya <inferno@chromium.org> | 2017-01-20 12:54:04 -0800 |
commit | 8b1c72c8cd001d2997e4912e5e52ec5d709e7357 (patch) | |
tree | 84c324863427827396e16a8e75ed8981a4299dc2 /projects/libchewing | |
parent | 7617655609913a8abafd40e7db4986715e537843 (diff) | |
download | oss-fuzz-8b1c72c8cd001d2997e4912e5e52ec5d709e7357.tar.gz |
Prevent argv[0] from being modified in magic and chewing fuzzers. (#303)
dirname() may modify the input argument. Changing argv[0] breaks any
libFuzzer functionality that requires it to invoke itself (e.g.
failure-resistant merge, minimize).
Diffstat (limited to 'projects/libchewing')
-rw-r--r-- | projects/libchewing/chewing_fuzzer_common.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/projects/libchewing/chewing_fuzzer_common.c b/projects/libchewing/chewing_fuzzer_common.c index de249df67..34426ea37 100644 --- a/projects/libchewing/chewing_fuzzer_common.c +++ b/projects/libchewing/chewing_fuzzer_common.c @@ -3,14 +3,20 @@ #include <libgen.h> #include <stdio.h> #include <stdlib.h> +#include <string.h> static char userphrase_path[] = "/tmp/chewing_userphrase.db.XXXXXX"; int LLVMFuzzerInitialize(int* argc, char*** argv) { char* exe_path = (*argv)[0]; - char* dir = dirname(exe_path); + + // dirname() can modify its argument. + char* exe_path_copy = strdup(exe_path); + char* dir = dirname(exe_path_copy); + // Assume data files are at the same location as executable. setenv("CHEWING_PATH", dir, 0); + free(exe_path_copy); // Specify user db of this process. So we can run multiple fuzzers at the // same time. |