From: Bhargava Shastry <[email protected]> During a code audit, the flow extraction fuzzer target was seen to be parsing tcp flags from the fuzzer supplied input twice. This is probably a typo since the second call to `parse_tcp_flags()` is identical to the first. Since a call to `parse_tcp_flags()` parses the Ethernet and IP headers contained in the packet, the second (buggy) call to `parse_tcp_flags()` creates an expectation that there is a second set of Ethernet and IP headers beyond the first which is incorrect. This patch fixes this problem by removing the duplicate code in question.
Signed-off-by: Bhargava Shastry <[email protected]> --- tests/oss-fuzz/flow_extract_target.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tests/oss-fuzz/flow_extract_target.c b/tests/oss-fuzz/flow_extract_target.c index 4a7451411..869d1e63e 100644 --- a/tests/oss-fuzz/flow_extract_target.c +++ b/tests/oss-fuzz/flow_extract_target.c @@ -60,12 +60,6 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) ignore(tcp_flags); } - /* Parse TCP flags. */ - if (dp_packet_size(&packet) >= ETH_HEADER_LEN) { - uint16_t tcp_flags = parse_tcp_flags(&packet); - ignore(tcp_flags); - } - /* Count headers. */ int count = flow_count_vlan_headers(&flow); ignore(count); -- 2.17.1 _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
