fuzzer crash fix: Null-dereference WRITE

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18363
This commit is contained in:
Qunxin Liu 2019-10-21 13:24:52 -07:00 committed by Ebrahim Byagowi
parent cf414e361a
commit b33a0d628e
2 changed files with 3 additions and 1 deletions

View File

@ -1545,6 +1545,7 @@ struct ClassDefFormat2
range_rec.value = prev_klass; range_rec.value = prev_klass;
RangeRecord *record = c->copy (range_rec); RangeRecord *record = c->copy (range_rec);
if (unlikely (!record)) return_trace (false);
for (const auto gid_klass_pair : + (++it)) for (const auto gid_klass_pair : + (++it))
{ {
@ -1554,6 +1555,7 @@ struct ClassDefFormat2
if (cur_gid != prev_gid + 1 || if (cur_gid != prev_gid + 1 ||
cur_klass != prev_klass) cur_klass != prev_klass)
{ {
if (unlikely (!record)) break;
record->end = prev_gid; record->end = prev_gid;
num_ranges++; num_ranges++;
@ -1568,7 +1570,7 @@ struct ClassDefFormat2
prev_gid = cur_gid; prev_gid = cur_gid;
} }
record->end = prev_gid; if (likely (record)) record->end = prev_gid;
rangeRecord.len = num_ranges; rangeRecord.len = num_ranges;
return_trace (true); return_trace (true);
} }