Fixed a bug in MiniTable construction for extensions. #fuzzing

We were failing to assign the f->presence field, which resulted in a read of uninitialized memory. PiperOrigin-RevId: 462138061
2 years ago · fcb5ef37f7
parent ececc21624
commit fcb5ef37f7
2 changed files with 11 additions and 1 deletions
--- a/upb/mini_table.c
+++ b/upb/mini_table.c
@ -1119,6 +1119,7 @@ const char* upb_MiniTable_BuildExtension(const char* data, size_t len,
      upb_MtDecoder_Parse(&decoder, data, len, ext, sizeof(*ext), &count, NULL);
  ext->field.mode |= kUpb_LabelFlags_IsExtension;
  ext->field.offset = 0;
  ext->field.presence = 0;
  return ret;
 }
--- a/upb/msg_test.cc
+++ b/upb/msg_test.cc
@ -515,7 +515,7 @@ TEST(MessageTest, MapField) {
 // }
 // FUZZ_TEST(FuzzTest, DecodeEncodeArbitrarySchemaAndPayload);
 //
-// TEST(FuzzTest, DecodeEncodeArbitrarySchemaAndPayloadRegression) {
+// TEST(FuzzTest, DecodeUnknownProto2EnumExtension) {
 //   DecodeEncodeArbitrarySchemaAndPayload(
 //       {{"\256\354Rt\216\3271\234", "\243\243\267\207\336gV\366w"},
 //        {"z"},
@ -525,4 +525,13 @@ TEST(MessageTest, MapField) {
 //       "\010", -724543908, -591643538);
 // }
 //
 // TEST(FuzzTest, DecodeExtensionEnsurePresenceInitialized) {
 //   DecodeEncodeArbitrarySchemaAndPayload(
 //       {{"\031", "S", "\364", "", "", "j", "\303", "", "\224", "\277"},
 //        {},
 //        "_C-\236$*)C0C>",
 //        {4041515984, 2147483647, 1929379871, 0, 3715937258, 4294967295}},
 //       "\010\002", 342248070, -806315555);
 // }
 //
 // end:google_only