Closed Bug 1920470 Opened 1 month ago Closed 1 month ago

nssfuzz-tls-client: Assertion `input->len == outputLen' failed

Tracking

(Not tracked)

Status:

RESOLVED FIXED

People

(Reporter: mdauer, Assigned: mdauer)

Details

Attachments

(1 file)

Bug 1920470 - Remove incorrect assert, r?djackson,#nss-reviewers 1 month ago Maurice Dauer [:mdauer] 48 bytes, text/x-phabricator-request		Details \| Review

Maurice Dauer [:mdauer]

Assignee

Description

•

1 month ago

•

Edited

OSS-Fuzz: https://oss-fuzz.com/testcase-detail/4722752127303680

The assertion at https://searchfox.org/nss/rev/7705b3868dbf14cdfc3315791d01709e1041a5cd/fuzz/tls_common.cc#78 is wrong as outputLen may also be greater than input->len. Additionally, the decoding function is responsible for checking that outputLen is sufficiently large.

Maurice Dauer [:mdauer]

Assignee

Comment 1

•

1 month ago

Attached file Bug 1920470 - Remove incorrect assert, r?djackson,#nss-reviewers — Details

John Schanck [:jschanck]

Comment 2

•

1 month ago

https://hg.mozilla.org/projects/nss/rev/ef2dd397b8f99be2953c549806c59d4e1b2e56ac

Status: ASSIGNED → RESOLVED

Closed: 1 month ago

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

nssfuzz-tls-client: Assertion `input->len == outputLen' failed

Categories

(NSS :: Test, defect)

Tracking

(Not tracked)

People

(Reporter: mdauer, Assigned: mdauer)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Attachment

General

Description

File Name

Content Type