Open CWResearcher opened 10 months ago
Thanks for reporting this issue @CWResearcher ! Can I ask what is FuzzTargetNg
?
Since you already analyzed the problem, would you consider introducing a fix?
FuzzTargetNg
is a fuzzer binary name. It is believed to be compiled from the following source code:
https://github.com/seladb/PcapPlusPlus/blob/master/Tests/Fuzzers/FuzzTarget.cpp
If you are maintaining this source code, I recommend adding validation logic for NULL values in structure pointers.
FuzzTargetNg
is a fuzzer binary name. It is believed to be compiled from the following source code:https://github.com/seladb/PcapPlusPlus/blob/master/Tests/Fuzzers/FuzzTarget.cpp
If you are maintaining this source code, I recommend adding validation logic for NULL values in structure pointers.
Got it thanks! @CWResearcher would you consider opening a PR with a fix?
@CWResearcher I looked again at the screenshots you shared. In order to debug it and provide a fix I need the input file that was given to the fuzzer. The crash seems to be related to the pcapng file parser. Do you have this input file?
Description
A potential fuzz blocker has been identified in the pcapplusplus fuzzer within the OSS-Fuzz project, due to a null-pointer-dereference issue. We kindly request a review of the following report for further details and assessment.
Log
Analyze
Based on the crash log information, it seems that the cause of the crash was due to a NULL being passed as an argument to a structure pointer.
Below is a capture confirming that a NULL value is actually being passed as a function argument.