Closed schwehr closed 4 years ago
gdr_offset
is -9
when calling read_GDR
. This is probably not quite the right solution. My guess is that the offset
arg to read_GDR
should actually always be >= 0
, yes? at coda-cdf.c:1107
:
static int read_GDR(coda_cdf_product *product_file, int64_t offset)
{
int32_t record_type;
int64_t rvdr_head;
int64_t zvdr_head;
int64_t adr_head;
int64_t eof;
int32_t nr_vars;
int32_t num_attr;
int32_t nz_vars;
if (offset < -8)
{
coda_set_error(CODA_ERROR_PRODUCT, "CDF file has invalid offset (%ld) for GDR record", offset);
return -1;
}
I added checks on (I hope) all the variables that could result in a negative offset: c0e662b2c110d40a79007105aaa1344d4377bdc5
Let me know if you find anything else.
This looks to have caught 3 additional issues that the fuzzer had. I have just over 10 more that need to add for this fuzzer. I will add them as I get time. Alternatively, you can sign up for ossfuzz. And you are welcome to any of the fuzzers I've made. They are all pretty simple and I am sure you could improve them quite a bit.
I can't seem to find any information on how to sign up. Do you have any pointers?
https://google.github.io/oss-fuzz/getting-started/new-project-guide/ has the instructions. When you get to the bottom, it says to send a pull requests to add the project
It seems to still take quite some steps after this pull request. And if I understand it correctly then we would have to add all the fuzz tests to the CODA repository (or some other repo of our own)? We are not looking to maintain a fuzz repo for our repositories. However, we are still willing to look into issues that are found by whoever finds issues via fuzzing.
Also, I don't see HDF5 in the OSS-Fuzz build status. Is this library also fuzz tested? We definitely won't be able to take on responsibility for fuzz problems in our external dependencies.
You don't have to take on the responsibility of issues for the deps. GDAL already fuzzes into hdf5, but probably doesn't get very far in it. I fuzz hdf5 a bit deeper in gdal than the external fuzzers and haven't hit much myself. If you hit a bug in hdf5, just let the hdf folks know and let it go.
I added a much more generic check against negative offsets in bb512d343bd6397803ec4b5a135106b54c492c46. This might eliminate a few more cases.
testcase-5685773629652992.zip