Repository: qpid-proton Updated Branches: refs/heads/master 58ec2b1e5 -> 203ffed56
PROTON-1979: [c] Only allow scalars (non compound types) as descriptors Project: http://git-wip-us.apache.org/repos/asf/qpid-proton/repo Commit: http://git-wip-us.apache.org/repos/asf/qpid-proton/commit/203ffed5 Tree: http://git-wip-us.apache.org/repos/asf/qpid-proton/tree/203ffed5 Diff: http://git-wip-us.apache.org/repos/asf/qpid-proton/diff/203ffed5 Branch: refs/heads/master Commit: 203ffed56811e32839fded56c00d4f07438f7269 Parents: 58ec2b1 Author: Andrew Stitcher <astitc...@apache.org> Authored: Tue Dec 11 14:53:35 2018 -0500 Committer: Andrew Stitcher <astitc...@apache.org> Committed: Tue Dec 11 14:53:35 2018 -0500 ---------------------------------------------------------------------- c/src/core/decoder.c | 9 ++++++++- .../fuzz-message-decode/crash/5633695940083712 | Bin 0 -> 96636 bytes 2 files changed, 8 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/203ffed5/c/src/core/decoder.c ---------------------------------------------------------------------- diff --git a/c/src/core/decoder.c b/c/src/core/decoder.c index a2e99b2..1755db2 100644 --- a/c/src/core/decoder.c +++ b/c/src/core/decoder.c @@ -485,9 +485,16 @@ static int pni_decoder_decode_type(pn_decoder_t *decoder, pn_data_t *data, uint8 size_t pn_data_siblings(pn_data_t *data); +// We disallow using any compound type as a described descriptor to avoid recursion +// in decoding. Although these seem syntactically valid they don't seem to be of any +// conceivable use! static inline bool pni_allowed_descriptor_code(uint8_t code) { - return code != PNE_DESCRIPTOR && code != PNE_ARRAY8 && code != PNE_ARRAY32; + return + code != PNE_DESCRIPTOR && + code != PNE_ARRAY8 && code != PNE_ARRAY32 && + code != PNE_LIST8 && code != PNE_LIST32 && + code != PNE_MAP8 && code != PNE_MAP32; } int pni_decoder_single_described(pn_decoder_t *decoder, pn_data_t *data) http://git-wip-us.apache.org/repos/asf/qpid-proton/blob/203ffed5/c/tests/fuzz/fuzz-message-decode/crash/5633695940083712 ---------------------------------------------------------------------- diff --git a/c/tests/fuzz/fuzz-message-decode/crash/5633695940083712 b/c/tests/fuzz/fuzz-message-decode/crash/5633695940083712 new file mode 100644 index 0000000..3e679be Binary files /dev/null and b/c/tests/fuzz/fuzz-message-decode/crash/5633695940083712 differ --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@qpid.apache.org For additional commands, e-mail: commits-h...@qpid.apache.org