WARNING! Gitlab maintenance operation scheduled for Monday, 20 April between 12:00 and 14:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.

Unverified Commit a14f7152 authored Sep 08, 2017 by Daniel Stenberg

rtsp: do not call fwrite() with NULL pointer FILE *

If the default write callback is used and no destination has been set, a
NULL pointer would be passed to fwrite()'s 4th argument.

OSS-fuzz bug https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3327
(not publicly open yet)

Detected by OSS-fuzz
Closes #1874

parent f8548e84

lib/rtsp.c

+9 −0

Original line number	Original line	Diff line number	Diff line
	@@ -756,6 +756,15 @@ CURLcode rtp_client_write(struct connectdata conn, char ptr, size_t len)
	}		}

	writeit = data->set.fwrite_rtp?data->set.fwrite_rtp:data->set.fwrite_func;		writeit = data->set.fwrite_rtp?data->set.fwrite_rtp:data->set.fwrite_func;

			if(!data->set.fwrite_rtp && !data->set.is_fwrite_set &&
			!data->set.rtp_out) {
			/* if no callback is set for either RTP or default, the default function
			fwrite() is utilized and that can't handle a NULL input */
			failf(data, "No destination to default data callback!");
			return CURLE_WRITE_ERROR;
			}

	wrote = writeit(ptr, 1, len, data->set.rtp_out);		wrote = writeit(ptr, 1, len, data->set.rtp_out);

	if(CURL_WRITEFUNC_PAUSE == wrote) {		if(CURL_WRITEFUNC_PAUSE == wrote) {

tests/fuzz/curl_fuzz_data/oss-fuzz-3327

0 → 100644

+27 B

File added.

No diff preview for this file type.