Check string size before using strlen Otherwise, if the string is shorter than 'cdex' we will have a heap-buffer-overflow. Bug: 282186582 Test: Run the fuzzer locally with a 2 byte file Change-Id: Iaa8baae926ae6c1d4ee6b7772489e8382618f79b

commit: fbe3fe1ba2a27bbfbd9e3e9691269dc14ecbe31c [log] [tgz]
author: Santiago Aboy Solanes <solanes@google.com> Mon May 15 12:23:13 2023 +0100
committer: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Mon May 15 12:37:35 2023 +0000
tree: a616b82d2acc0182eb7411a71c10c3fb6a7e0fe9
parent: fef5e57e4b82a966614cd5372226ec4a15598491 [diff]
diff --git a/tools/fuzzer/libart_verify_dex_fuzzer.cc b/tools/fuzzer/libart_verify_dex_fuzzer.cc
index 718e3df..8c57da3 100644
--- a/tools/fuzzer/libart_verify_dex_fuzzer.cc
+++ b/tools/fuzzer/libart_verify_dex_fuzzer.cc

@@ -31,7 +31,8 @@
   // Skip compact DEX.
   // TODO(dsrbecky): Remove after removing compact DEX.
   const char* dex_string = "cdex";
-  if (strncmp(dex_string, (const char*)data, strlen(dex_string)) == 0) {
+  if (size >= strlen(dex_string) &&
+      strncmp(dex_string, (const char*)data, strlen(dex_string)) == 0) {
     // A -1 indicates we don't want this DEX added to the corpus.
     return -1;
   }
commit	fbe3fe1ba2a27bbfbd9e3e9691269dc14ecbe31c	[log] [tgz]
author	Santiago Aboy Solanes <solanes@google.com>	Mon May 15 12:23:13 2023 +0100
committer	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	Mon May 15 12:37:35 2023 +0000
tree	a616b82d2acc0182eb7411a71c10c3fb6a7e0fe9
parent	fef5e57e4b82a966614cd5372226ec4a15598491 [diff]