release-request-319cd093-b0d8-4b32-b6ef-e921d10edf73-for-git_oc-dr1-release-4012016 snap-temp-L54300000064339674
Change-Id: I7a1938a3139f26aa8276b7e60350effb80b58b90
diff --git a/MemoryLib.c b/MemoryLib.c
index 7beac63..178848e 100644
--- a/MemoryLib.c
+++ b/MemoryLib.c
@@ -75,15 +75,15 @@
UINT32 size // IN: size of bytes being compared
)
{
- BOOL equal = TRUE;
+ BOOL diff = FALSE;
const BYTE *b1, *b2;
b1 = (BYTE *)buffer1;
b2 = (BYTE *)buffer2;
// Compare all bytes so that there is no leakage of information
// due to timing differences.
for(; size > 0; size--)
- equal = (*b1++ == *b2++) && equal;
- return equal;
+ diff |= *b1++ ^ *b2++;
+ return !diff;
}
//
//
diff --git a/fuzz/Dockerfile b/fuzz/Dockerfile
index 69e2878..db3e560 100644
--- a/fuzz/Dockerfile
+++ b/fuzz/Dockerfile
@@ -1,11 +1,13 @@
-# Copyright 2016 The Chromium Authors. All rights reserved.
+# Copyright 2017 The Chromium Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
#
# Defines a docker image that can build fuzzers.
#
-FROM ossfuzz/base-libfuzzer
-RUN apt-get install -y make libssl-dev binutils libgcc-5-dev
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make libssl-dev binutils libgcc-5-dev
COPY . /src/tpm2/
COPY fuzz/build.sh /src/
+
+WORKDIR tpm2
diff --git a/fuzz/README b/fuzz/README
index 4c0cc04..90fd5f6 100644
--- a/fuzz/README
+++ b/fuzz/README
@@ -32,6 +32,12 @@
$ docker run -ti --rm -v $(pwd):/src/tpm2 -v /tmp/fuzzers:/out \
ossfuzz/tpm2
+ or
+
+ $ docker run -ti --rm -v $(pwd):/src/tpm2 -v /tmp/fuzzers:/out \
+ -e FUZZING_ENGINE=libfuzzer \
+ -e SANITIZER=<address/memory/undefined> \
+ ossfuzz/tpm2
Get a shell in the container
