diff options
author | Syoyo Fujita <syoyo@lighttransport.com> | 2021-04-08 18:57:52 +0900 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-08 18:57:52 +0900 |
commit | 0ed6c38f20c63b996fbb9fa949569b2acb213a3d (patch) | |
tree | 51dc8f1370f25a1166615db1b14f22ed6d982c00 | |
parent | 15bc2685b51612748bcfdb820bb4d42087a7dce1 (diff) | |
download | tinyobjloader-0ed6c38f20c63b996fbb9fa949569b2acb213a3d.tar.gz |
Catenacyber iofix (#304)
* Prevent integer overflow in tryParseDouble
* Add regression test data to be run by fuzz target
* Add simple regression test runner.
Co-authored-by: Philippe Antoine <contact@catenacyber.fr>
-rw-r--r-- | fuzzer/README.md | 4 | ||||
-rw-r--r-- | fuzzer/regression_runner/Makefile | 2 | ||||
-rw-r--r-- | fuzzer/regression_runner/README.md | 11 | ||||
-rw-r--r-- | fuzzer/regressions/clusterfuzz-testcase-minimized-fuzz_ParseFromString-4877060179886080 | bin | 0 -> 16 bytes | |||
-rw-r--r-- | tiny_obj_loader.h | 4 |
5 files changed, 21 insertions, 0 deletions
diff --git a/fuzzer/README.md b/fuzzer/README.md index a30cd67..1cd63a2 100644 --- a/fuzzer/README.md +++ b/fuzzer/README.md @@ -45,3 +45,7 @@ cf libfuzzer.info for all options ``` $ ./fuzz_ParseFromString -rss_limit_mb=2000 ``` + +## Regression tests + +See `regression_runner/` diff --git a/fuzzer/regression_runner/Makefile b/fuzzer/regression_runner/Makefile new file mode 100644 index 0000000..f2c38a0 --- /dev/null +++ b/fuzzer/regression_runner/Makefile @@ -0,0 +1,2 @@ +all: + clang++ -fsanitize=address,undefined ../../loader_example.cc diff --git a/fuzzer/regression_runner/README.md b/fuzzer/regression_runner/README.md new file mode 100644 index 0000000..f59b9f6 --- /dev/null +++ b/fuzzer/regression_runner/README.md @@ -0,0 +1,11 @@ +# Run fuzzer regression tests + +Currently we only support Linux + clang. + +## How to run + +``` +$ make +$ ./a.out ../regressions/<regression_file> +``` + diff --git a/fuzzer/regressions/clusterfuzz-testcase-minimized-fuzz_ParseFromString-4877060179886080 b/fuzzer/regressions/clusterfuzz-testcase-minimized-fuzz_ParseFromString-4877060179886080 Binary files differnew file mode 100644 index 0000000..e509449 --- /dev/null +++ b/fuzzer/regressions/clusterfuzz-testcase-minimized-fuzz_ParseFromString-4877060179886080 diff --git a/tiny_obj_loader.h b/tiny_obj_loader.h index 4bfd7b7..bc5b188 100644 --- a/tiny_obj_loader.h +++ b/tiny_obj_loader.h @@ -941,6 +941,10 @@ static bool tryParseDouble(const char *s, const char *s_end, double *result) { read = 0; end_not_reached = (curr != s_end); while (end_not_reached && IS_DIGIT(*curr)) { + if (exponent > std::numeric_limits<int>::max()/10) { + // Integer overflow + goto fail; + } exponent *= 10; exponent += static_cast<int>(*curr - 0x30); curr++; |