1
1
mirror of https://github.com/wader/fq.git synced 2024-11-21 23:04:07 +03:00

pcapng,fuzz: Fix infinite loop by fatal error on block length <= 0

Also add dev/fuzzbytes.go tool to convert fuzz input to raw bytes
This commit is contained in:
Mattias Wadman 2022-01-23 12:38:41 +01:00
parent 6c519ea890
commit d1943dad49
4 changed files with 46 additions and 1 deletions

View File

@ -35,3 +35,9 @@ linters-settings:
# allow md5
- G401
- G501
issues:
exclude-rules:
- path: dev/.*\.go
linters:
# ignore main re-declared errors
- typecheck

32
dev/fuzzbytes.go Normal file
View File

@ -0,0 +1,32 @@
// tool to convert go fuzz input files to bytes
// Usage: cat format/testdata/fuzz/FuzzFormats/144bde49b40c90fd05d302ec90b6ddb2b6d6aea553bad520a8b954797e40fe72 | go run dev/fuzzbytes.go | go run fq.go
package main
import (
"bytes"
"io/ioutil"
"os"
"strconv"
)
func main() {
bs, err := ioutil.ReadAll(os.Stdin)
if err != nil {
panic(err)
}
// Input looks like this:
// go test fuzz v1
// []byte("...")
prefix := []byte("[]byte(")
start := bytes.Index(bs, prefix) + len(prefix)
end := len(bs) - 2
s, err := strconv.Unquote(string(bs[start:end]))
if err != nil {
panic(err)
}
if _, err := os.Stdout.Write([]byte(s)); err != nil {
panic(err)
}
}

View File

@ -295,7 +295,11 @@ func decodeBlock(d *decode.D, dc *decodeContext) {
typ := d.FieldU32("type", blockTypeMap, scalar.Hex)
length := d.FieldU32("length") - 8
const footerLengthSize = 32
d.LenFn(int64(length)*8-footerLengthSize, func(d *decode.D) {
blockLen := int64(length)*8 - footerLengthSize
if blockLen <= 0 {
d.Fatalf("%d blockLen < 0", blockLen)
}
d.LenFn(blockLen, func(d *decode.D) {
if fn, ok := blockFns[typ]; ok {
fn(d, dc)
} else {

View File

@ -664,6 +664,9 @@ func (d *D) FieldValueRaw(name string, a []byte, sms ...scalar.Mapper) {
}
func (d *D) LenFn(nBits int64, fn func(d *D)) {
if nBits < 0 {
d.Fatalf("%d nBits < 0", nBits)
}
d.RangeFn(d.Pos(), nBits, fn)
d.SeekRel(nBits)
}