Uploaded image for project: 'Qpid Proton'
  1. Qpid Proton
  2. PROTON-2136

fuzz-connection-driver.c exits with 1 when the engine stops accepting additional input

    XMLWordPrintableJSON

    Details

    • Type: Test
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: proton-c-0.29.0
    • Fix Version/s: proton-c-0.30.0
    • Component/s: proton-c
    • Labels:
      None

      Description

      size_t fcd_read(pn_connection_driver_t *driver, uint8_t **data, size_t *size) {
        pn_rwbytes_t buf = pn_connection_driver_read_buffer(driver);
        size_t s = (*size < buf.size) ? *size : buf.size;
        if (buf.start == NULL) {
          exit(1);
        }
      

      The engine offers a null buffer for further input. AFAIK that is legit, because it is just that the "socket" was closed for further input, after reading the invalid header.

      The fuzz target should just return peacefully at this point and not crash.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                jdanek Jiri Daněk
                Reporter:
                jdanek Jiri Daněk
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: