diff options
| -rw-r--r-- | fuzz/oplist-crashes/clusterfuzz-testcase-minimized-oplist_fuzzer-4716194114699264 | 1 | ||||
| -rw-r--r-- | src/oplist.c | 7 |
2 files changed, 8 insertions, 0 deletions
diff --git a/fuzz/oplist-crashes/clusterfuzz-testcase-minimized-oplist_fuzzer-4716194114699264 b/fuzz/oplist-crashes/clusterfuzz-testcase-minimized-oplist_fuzzer-4716194114699264 new file mode 100644 index 0000000..2fa08dc --- /dev/null +++ b/fuzz/oplist-crashes/clusterfuzz-testcase-minimized-oplist_fuzzer-4716194114699264 | |||
| @@ -0,0 +1 @@ | |||
| (< \ No newline at end of file | |||
diff --git a/src/oplist.c b/src/oplist.c index 8936cce..4dd0df5 100644 --- a/src/oplist.c +++ b/src/oplist.c | |||
| @@ -715,6 +715,13 @@ static int node_from_openstep(parse_ctx ctx, plist_t *plist) | |||
| 715 | plist_free_data(data); | 715 | plist_free_data(data); |
| 716 | goto err_out; | 716 | goto err_out; |
| 717 | } | 717 | } |
| 718 | if (ctx->pos >= ctx->end) { | ||
| 719 | byte_array_free(bytes); | ||
| 720 | plist_free_data(data); | ||
| 721 | PLIST_OSTEP_ERR("EOF while parsing data terminator '>' at offset %ld\n", ctx->pos - ctx->start); | ||
| 722 | ctx->err++; | ||
| 723 | goto err_out; | ||
| 724 | } | ||
| 718 | if (*ctx->pos != '>') { | 725 | if (*ctx->pos != '>') { |
| 719 | byte_array_free(bytes); | 726 | byte_array_free(bytes); |
| 720 | plist_free_data(data); | 727 | plist_free_data(data); |