Skip to content

Commit

Permalink
fuzz: avoid buffer overflow in bech32 target
Browse files Browse the repository at this point in the history 
If the fuzzer passes an empty data buffer, the fuzz target currently
attempts to read from it. We should short-circuit instead.
  • Loading branch information
@morehouse @rustyrussell
morehouse authored and rustyrussell committed Mar 23, 2023
1 parent df085a8 commit 07527d9
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions tests/fuzz/fuzz-bech32.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,9 @@ void run(const uint8_t *data, size_t size)
int wit_version;
bech32_encoding benc;

if (size < 1)
return;

/* Buffer size is defined in each function's doc comment. */
bech32_str = malloc(size + strlen(hrp_inv) + 8);
benc = data[0] ? BECH32_ENCODING_BECH32 : BECH32_ENCODING_BECH32M;
Expand Down

0 comments on commit 07527d9

Please sign in to comment.