zakarya/puzzles
1
0
Fork 0
mirror of git://git.tartarus.org/simon/puzzles.git synced 2025-04-21 08:01:30 -07:00
Code Issues Packages Projects Releases Wiki Activity

Fix use-after-free in fuzzpuzz

Browse Source 
When reporting that the game name in a save file isn't recognised,
don't include the name from the save file in the error message, partly
to avoid the complexity of freeing it properly on two different code
paths and partly because including unsanitized data from a
fuzzer-supplied save file in the error message just seems dangerous.
And properly sanitising it would waste the fuzzer's time exploring the
sanitising code.

Thanks to Ben Hutchings for reporting the bug.
This commit is contained in:
Ben Harris
2023-01-16 10:43:41 +00:00
parent f5924fc8a7
commit 4b5422181d
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
fuzzpuzz.c
View File

@ -81,7 +81,7 @@ int main(int argc, char **argv)
ourgame = gamelist[i]; ourgame = gamelist[i];
sfree(gamename); sfree(gamename);
if (ourgame == NULL) { if (ourgame == NULL) {
fprintf(stderr, "Game '%s' not recognised\n", gamename); fprintf(stderr, "Game not recognised\n");
ret = 1; ret = 1;
continue; continue;
} }