You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Yes, assuming that len == 0 implies zero terminated string was a mistake. However, I'd prefer the second option as it will not break the existing API and its usage. I would like to go with the first option if compatibility was not important tbh...
The fuzzer for ucl_parser_add_string runs into a bug very quickly when fuzzing the function:
libucl/src/ucl_parser.c
Lines 3049 to 3059 in 91a3fb4
This function accepts a length argument, however, the following function:
libucl/src/ucl_parser.c
Lines 3033 to 3047 in 91a3fb4
may cause a buffer overflow if the len argument is 0 and the data string is not null-terminated.
I suggest we do one of two things:
The OSS-Fuzz build is currently blocking because the bug is found too quickly:
https://travis-ci.org/github/google/oss-fuzz/jobs/670351676?utm_medium=notification&utm_source=github_status
The text was updated successfully, but these errors were encountered: