mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-10-22 08:00:45 +00:00
086a921213
JsonParser has a footgun where it does not retain ownership of the
string to be parsed. For example, the following results in UAF:
JsonParser parser(something_returning_a_string());
parser.parse();
Let's avoid this altogether by only allowing use of JsonParser with
a static, safe method.
14 lines
299 B
C++
14 lines
299 B
C++
/*
|
|
* Copyright (c) 2023, the SerenityOS developers.
|
|
*
|
|
* SPDX-License-Identifier: BSD-2-Clause
|
|
*/
|
|
|
|
#include <AK/JsonParser.h>
|
|
|
|
extern "C" int LLVMFuzzerTestOneInput(uint8_t const* data, size_t size)
|
|
{
|
|
AK::set_debug_enabled(false);
|
|
(void)JsonParser::parse({ data, size });
|
|
return 0;
|
|
}
|