tidy-html5:tidy_fuzzer: Heap-buffer-overflow in prvTidyEncodeCharToUTF8Bytes #1138

ddkilzer · 2025-03-15T21:18:10Z

https://issues.oss-fuzz.com/issues/42498297

Found by oss-fuzz.

Fixes potential out-of-bounds write in both NormalizeSpaces() and DowngradeTypography(). Adds assert() statements to catch more bugs with fuzzing.

src/clean.c: (NormalizeSpaces):
(DowngradeTypography):

Use a temporary buffer when calling PutUTF8() to avoid a heap buffer overflow write and to avoid clobbering data in-place.
Handle all possible return values after calling PutUTF8().

src/utf8.c: (DecodeUTF8BytesToChar):
(GetUTF8):
(PutUTF8):

Add assert() statements to catch bugs during fuzzing.

…F8Bytes <https://issues.oss-fuzz.com/issues/42498297> Found by oss-fuzz. Fixes potential out-of-bounds write in both NormalizeSpaces() and DowngradeTypography(). Adds assert() statements to catch more bugs with fuzzing. * src/clean.c: (NormalizeSpaces): (DowngradeTypography): - Use a temporary buffer when calling PutUTF8() to avoid a heap buffer overflow write and to avoid clobbering data in-place. - Handle all possible return values after calling PutUTF8(). * src/utf8.c: (DecodeUTF8BytesToChar): (GetUTF8): (PutUTF8): - Add assert() statements to catch bugs during fuzzing.

This was referenced Mar 15, 2025

Continuously fuzzing tidy-html5 with OSS-Fuzz #788

Open

OSS-Fuzz Fixes #1008

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

tidy-html5:tidy_fuzzer: Heap-buffer-overflow in prvTidyEncodeCharToUTF8Bytes #1138

tidy-html5:tidy_fuzzer: Heap-buffer-overflow in prvTidyEncodeCharToUTF8Bytes #1138

ddkilzer commented Mar 15, 2025

tidy-html5:tidy_fuzzer: Heap-buffer-overflow in prvTidyEncodeCharToUTF8Bytes #1138

Are you sure you want to change the base?

tidy-html5:tidy_fuzzer: Heap-buffer-overflow in prvTidyEncodeCharToUTF8Bytes #1138

Conversation

ddkilzer commented Mar 15, 2025