diff --git a/fuzz/cms.c b/fuzz/cms.c index f97173add354f77fda7953f257523dd02b4c919a..94390e7c91c5d4f936d223044c27f2458a120d2e 100644 --- a/fuzz/cms.c +++ b/fuzz/cms.c @@ -22,8 +22,12 @@ int FuzzerInitialize(int *argc, char ***argv) { int FuzzerTestOneInput(const uint8_t *buf, size_t len) { CMS_ContentInfo *i; - BIO *in = BIO_new(BIO_s_mem()); + BIO *in; + if (!len) { + return 0; + } + in = BIO_new(BIO_s_mem()); OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); i = d2i_CMS_bio(in, NULL); CMS_ContentInfo_free(i); diff --git a/fuzz/server.c b/fuzz/server.c index 0076306db9c8c3f4f6ec8b32a75e9642f886d418..35449d8caa8a769b68e10dfb52dee46ed0670499 100644 --- a/fuzz/server.c +++ b/fuzz/server.c @@ -217,6 +217,12 @@ int FuzzerInitialize(int *argc, char ***argv) { } int FuzzerTestOneInput(const uint8_t *buf, size_t len) { + SSL *server; + BIO *in; + BIO *out; + if (!len) { + return 0; + } /* TODO: make this work for OpenSSL. There's a PREDICT define that may do * the job. * TODO: use the ossltest engine (optionally?) to disable crypto checks. @@ -224,9 +230,9 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) { */ /* This only fuzzes the initial flow from the client so far. */ - SSL *server = SSL_new(ctx); - BIO *in = BIO_new(BIO_s_mem()); - BIO *out = BIO_new(BIO_s_mem()); + server = SSL_new(ctx); + in = BIO_new(BIO_s_mem()); + out = BIO_new(BIO_s_mem()); SSL_set_bio(server, in, out); SSL_set_accept_state(server); OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);