| Message ID | 20190621125035.17458-1-bshas3@gmail.com |
|---|---|
| State | Accepted |
| Commit | 998bfdccf5c39630446b37449205ecc43894585f |
| Headers | show |
| Series | [ovs-dev] ossfuzz: Remove duplicate tcp flags parsing in flow extract target | expand |
On Fri, Jun 21, 2019 at 02:50:35PM +0200, bshas3@gmail.com wrote: > From: Bhargava Shastry <bshas3@gmail.com> > > During a code audit, the flow extraction fuzzer target was seen to be > parsing tcp flags from the fuzzer supplied input twice. This is > probably a typo since the second call to `parse_tcp_flags()` is > identical to the first. > Since a call to `parse_tcp_flags()` parses the Ethernet and IP headers > contained in the packet, the second (buggy) call to `parse_tcp_flags()` > creates an expectation that there is a second set of Ethernet and IP > headers beyond the first which is incorrect. This patch fixes this > problem by removing the duplicate code in question. > > Signed-off-by: Bhargava Shastry <bshas3@gmail.com> Thanks. Applied to master.
diff --git a/tests/oss-fuzz/flow_extract_target.c b/tests/oss-fuzz/flow_extract_target.c index 4a7451411..869d1e63e 100644 --- a/tests/oss-fuzz/flow_extract_target.c +++ b/tests/oss-fuzz/flow_extract_target.c @@ -60,12 +60,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) ignore(tcp_flags); } - /* Parse TCP flags. */ - if (dp_packet_size(&packet) >= ETH_HEADER_LEN) { - uint16_t tcp_flags = parse_tcp_flags(&packet); - ignore(tcp_flags); - } - /* Count headers. */ int count = flow_count_vlan_headers(&flow); ignore(count);