tests: prefer dynamically allocated buffers

Help detecting Valgrind OOB reads and other issues.

 Conditional jump or move depends on uninitialised value(s)
   at 0x5452886: blobmsg_parse (blobmsg.c:203)
   by 0x400A8E: test_blobmsg (tests/test-blobmsg-parse.c:66)
   by 0x400A8E: main (tests/test-blobmsg-parse.c:82)

 Conditional jump or move depends on uninitialised value(s)
   at 0x545247F: blobmsg_check_name (blobmsg.c:39)
   by 0x545247F: blobmsg_check_attr_len (blobmsg.c:79)
   by 0x5452710: blobmsg_parse_array (blobmsg.c:159)
   by 0x400AB8: test_blobmsg (tests/test-blobmsg-parse.c:69)
   by 0x400AB8: main (tests/test-blobmsg-parse.c:82)

 Conditional jump or move depends on uninitialised value(s)
   at 0x54524A0: blobmsg_check_name (blobmsg.c:42)
   by 0x54524A0: blobmsg_check_attr_len (blobmsg.c:79)
   by 0x5452710: blobmsg_parse_array (blobmsg.c:159)
   by 0x400AB8: test_blobmsg (tests/test-blobmsg-parse.c:69)
   by 0x400AB8: main (tests/test-blobmsg-parse.c:82)

Ref: http://lists.infradead.org/pipermail/openwrt-devel/2020-January/021204.html
Signed-off-by: Petr Štetiar <ynezz@true.cz>

1 files changed, 9 insertions, 1 deletions

diff --git a/tests/fuzz/test-fuzz.c b/tests/fuzz/test-fuzz.c
index 4dc13a8..026a3fd 100644
--- a/tests/fuzz/test-fuzz.c
+++ b/tests/fuzz/test-fuzz.c
@@ -91,10 +91,18 @@ static void fuzz_blob_parse(const uint8_t *data, size_t size)
 	blob_parse_untrusted(buf, size, foo, foo_policy, __FOO_ATTR_MAX);
 }
 
-int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+int LLVMFuzzerTestOneInput(const uint8_t *input, size_t size)
 {
+	uint8_t *data;
+
+	data = malloc(size);
+	if (!data)
+		return -1;
+
+	memcpy(data, input, size);
 	fuzz_blob_parse(data, size);
 	fuzz_blobmsg_parse(data, size);
+	free(data);
 
 	return 0;
 }