Fix fuzzer off by one error

baylesj · baylesj · commit 230e9b2dbdda · 2019-10-11T14:36:22.000-07:00
Currently the fuzzer has an off by one error, as it passing a bad length
to the CharReader::parse method, resulting in a heap buffer overflow.
diff --git a/src/test_lib_json/fuzz.cpp b/src/test_lib_json/fuzz.cpp
@@ -25,6 +25,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
 
   uint32_t hash_settings = *(const uint32_t*)data;
   data += sizeof(uint32_t);
+  size -= sizeof(uint32_t);
 
   builder.settings_["failIfExtra"] = hash_settings & (1 << 0);
   builder.settings_["allowComments_"] = hash_settings & (1 << 1);
