Check string size before using strlen
Otherwise, if the string is shorter than 'cdex'
we will have a heap-buffer-overflow.
Bug: 282186582
Test: Run the fuzzer locally with a 2 byte file
Change-Id: Iaa8baae926ae6c1d4ee6b7772489e8382618f79b
diff --git a/tools/fuzzer/libart_verify_dex_fuzzer.cc b/tools/fuzzer/libart_verify_dex_fuzzer.cc
index 718e3df..8c57da3 100644
--- a/tools/fuzzer/libart_verify_dex_fuzzer.cc
+++ b/tools/fuzzer/libart_verify_dex_fuzzer.cc
@@ -31,7 +31,8 @@
// Skip compact DEX.
// TODO(dsrbecky): Remove after removing compact DEX.
const char* dex_string = "cdex";
- if (strncmp(dex_string, (const char*)data, strlen(dex_string)) == 0) {
+ if (size >= strlen(dex_string) &&
+ strncmp(dex_string, (const char*)data, strlen(dex_string)) == 0) {
// A -1 indicates we don't want this DEX added to the corpus.
return -1;
}