fuzzing: fix string value

liteserver · Jan 31, 2024 · d2230a4 · d2230a4
1 parent 3365649
commit d2230a4
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/fuzzing/fuzz_encoder.c b/fuzzing/fuzz_encoder.c
@@ -96,7 +96,8 @@ static binn* create_list(const unsigned char *buf, unsigned int len) {
       // the value can be up to 16-bit size
       if (len < 2) goto done;
       value_size = *(unsigned short*)buf;
-      value = (char*)malloc(value_size); // random content
+      value = (char*)malloc(value_size+1); // random content
+      value[value_size] = 0; // null terminator
       binn_list_add_str(list, value);
       free(value);
       buf += 2; len -= 2;
@@ -208,7 +209,8 @@ static binn* create_map(const unsigned char *buf, unsigned int len) {
       // the value can be up to 16-bit size
       if (len < 2) goto done;
       value_size = *(unsigned short*)buf;
-      value = (char*)malloc(value_size); // random content
+      value = (char*)malloc(value_size+1); // random content
+      value[value_size] = 0; // null terminator
       binn_map_set_str(map, key, value);
       free(value);
       buf += 2; len -= 2;
@@ -325,7 +327,8 @@ static binn* create_object(const unsigned char *buf, unsigned int len) {
       // the value can be up to 16-bit size
       if (len < 2) goto done;
       value_size = *(unsigned short*)buf;
-      value = (char*)malloc(value_size); // random content
+      value = (char*)malloc(value_size+1); // random content
+      value[value_size] = 0; // null terminator
       binn_object_set_str(obj, key, value);
       free(value);
       buf += 2; len -= 2;