[libfreerdp] Fix msan's use-of-uninitialized-value
Uninitialized bytes in __interceptor_strlen at offset 0 inside [0x701000000040, 1) ==220==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x535c13 in freerdp_assistance_hex_string_to_bin /src/FreeRDP/libfreerdp/common/assistance.c:711:11 #1 0x533deb in LLVMFuzzerTestOneInput /src/FreeRDP/libfreerdp/common/test/TestFuzzCommonAssistanceHexStringToBin.c:5:15 #2 0x43f5f3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15 #3 0x4409a4 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:804:3 #4 0x440e79 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:857:3 #5 0x4304df in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6 #6 0x459b32 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #7 0x7effc08bb082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee) #8 0x420f1d in _start (/tmp/not-out/tmpu5o6go0a/TestFuzzCommonAssistanceHexStringToBin+0x420f1d)
This commit is contained in:
parent
a4c6b36a19
commit
d8254c5ff3
@ -704,15 +704,14 @@ fail:
|
||||
BYTE* freerdp_assistance_hex_string_to_bin(const void* raw, size_t* size)
|
||||
{
|
||||
BYTE* buffer = NULL;
|
||||
size_t length, rc;
|
||||
if (!raw || !size)
|
||||
return NULL;
|
||||
*size = 0;
|
||||
length = strlen(raw);
|
||||
const size_t length = strlen(raw);
|
||||
buffer = calloc(length, sizeof(BYTE));
|
||||
if (!buffer)
|
||||
return NULL;
|
||||
rc = winpr_HexStringToBinBuffer(raw, length, buffer, length);
|
||||
const size_t rc = winpr_HexStringToBinBuffer(raw, length, buffer, length);
|
||||
if (rc == 0)
|
||||
{
|
||||
free(buffer);
|
||||
|
Loading…
Reference in New Issue
Block a user