Subscriber fuzzer encounters assert
Description
For reference (link is subject to login) https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49818
Reproducer: clusterfuzz-testcase-minimized-sub_fuzzer-5995303672610816
The sub fuzzer triggers the following assert in its LLVMFuzzerTestOneInput
:
SOPC_ReturnStatus status = SOPC_Buffer_Write(sopc_buffer, buf, (uint32_t) len);
assert(SOPC_STATUS_OK == status);
Analysis
The assert is triggered because the test case is more than 4096 long and the sopc_buffer
is allocated to MAX_LEN
which is 4096.
Possible solutions:
- the buffer should be recreated if test case length is higher than the current value,
- the buffer should be created for each buffer according to its length (less efficient), as it is done in other fuzzers,
- use a
MAX_LEN
of several megabytes.
NOTE: the mention Credit to OSS-Fuzz
should appear in the commits titles or textes
Edited by Pierre-Antoine BRAMERET