diff options
| author | John Stiles <johnstiles@google.com> | 2023-08-04 11:39:07 -0400 |
|---|---|---|
| committer | SkCQ <skcq-be@skia-corp.google.com.iam.gserviceaccount.com> | 2023-08-04 16:33:45 +0000 |
| commit | 85938bb68e757d84fa50eda1fb19979577f2dc3d (patch) | |
| tree | 21b042c2fd48a74d0bdeca5812a265a49f1fd206 /fuzz | |
| parent | 5eef2e2b94b48eb955bc5ebd80671f241f3e7ddf (diff) | |
| download | skia-85938bb68e757d84fa50eda1fb19979577f2dc3d.tar.gz | |
Fix MSAN uninitialized-value error in fuzzer harness.
If we stop processing before filling out the entire Attribute
structure, MSAN will detect a read from Attribute::offset as a
use-of-uninitialized-value error. It is safe to continue calling
`extract` even when there is no data left (it just returns zero)
so we can fix this just by removing the early exit.
Bug: oss-fuzz:61130
Change-Id: If00696667e964746ed73110ba13702aa7a02b421
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/736079
Commit-Queue: Brian Osman <brianosman@google.com>
Reviewed-by: Brian Osman <brianosman@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Diffstat (limited to 'fuzz')
| -rw-r--r-- | fuzz/oss_fuzz/FuzzSkMeshSpecification.cpp | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/fuzz/oss_fuzz/FuzzSkMeshSpecification.cpp b/fuzz/oss_fuzz/FuzzSkMeshSpecification.cpp index 7773184ef7..034e370e5c 100644 --- a/fuzz/oss_fuzz/FuzzSkMeshSpecification.cpp +++ b/fuzz/oss_fuzz/FuzzSkMeshSpecification.cpp @@ -165,9 +165,6 @@ static void FuzzSkMeshSpecification(SkSpan<const uint8_t> data) { Attribute& a = attributes.push_back(); a.type = (Attribute::Type)(extract<uint8_t>(data) % ((int)Attribute::Type::kLast + 1)); - if (data.empty()) { - continue; - } a.offset = extract<uint16_t>(data) % (SkMeshSpecification::kMaxStride + 2); while (uint8_t c = extract<char>(data)) { if (!fuzzByteToASCII(c, &a.name)) { |