[glib: 2/3] fuzzing: Ensure input to g_uri_parse() is nul-terminated

[Sebastian Dröge <sdroege src gnome org>]

commit b2a6a9a434b29a70807dc9f811056318ff490bfa
Author: Philip Withnall <withnall endlessm com>
Date:   Mon Jun 29 11:52:40 2020 +0100

    fuzzing: Ensure input to g_uri_parse() is nul-terminated
    
    The fuzzer will produce arbitrary binary blobs, which might not be
    nul-terminated. `g_uri_parse()` has no length argument, so relies on
    receiving a nul-terminated string as input. Guarantee that.
    
    This should fix fuzzing build failures like
    https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23750.
    
    Signed-off-by: Philip Withnall <withnall endlessm com>

 fuzzing/fuzz_uri_parse.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
---
diff --git a/fuzzing/fuzz_uri_parse.c b/fuzzing/fuzz_uri_parse.c
index 5c2934f1a..e4687091b 100644
--- a/fuzzing/fuzz_uri_parse.c
+++ b/fuzzing/fuzz_uri_parse.c
@@ -3,14 +3,18 @@
 int
 LLVMFuzzerTestOneInput (const unsigned char *data, size_t size)
 {
+  unsigned char *nul_terminated_data = NULL;
   GUri *uri = NULL;
   gchar *uri_string = NULL;
   const GUriFlags flags = G_URI_FLAGS_NONE;
 
   fuzz_set_logging_func ();
 
-  /* ignore @size */
+  /* ignore @size (g_uri_parse() doesn’t support it); ensure @data is nul-terminated */
+  nul_terminated_data = (unsigned char *) g_strndup ((const gchar *) data, size);
   uri = g_uri_parse ((const gchar *) data, flags, NULL);
+  g_free (nul_terminated_data);
+
   if (uri == NULL)
     return 0;