The change from the last patch I submitted is the removal of the memory leak fix.
This patch focuses on fixing the buffer overflow.
This fixes an ASan crash discovered by OSS-Fuzz:
```
==402==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x502000000218 at pc 0x564763e67877 bp 0x7ffc1a9f92b0 sp 0x7ffc1a9f92a8
READ of size 4 at 0x502000000218 thread T0
#0 0x564763e67876 in compute_seq_size bluez/src/sdp-xml.c:62:21
#1 0x564763e67876 in element_end bluez/src/sdp-xml.c:548:42
#2 0x564763ea5416 in emit_end_element glib/glib/gmarkup.c:1045:5
#3 0x564763ea4978 in g_markup_parse_context_parse glib/glib/gmarkup.c:1603:19
#4 0x564763e65c55 in sdp_xml_parse_record bluez/src/sdp-xml.c:621:6
#5 0x564763e6acf1 in LLVMFuzzerTestOneInput /src/fuzz_xml.c:30:9
#6 0x564763d1a730 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:614:13
#7 0x564763d059a5 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:327:6
#8 0x564763d0b43f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:862:9
#9 0x564763d366e2 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#10 0x79ed69692082 in __libc_start_main /build/glibc-LcI20x/glibc-2.31/csu/libc-start.c:308:16
#11 0x564763cfdb8d in _start
```
Oliver Chang (1):
Fixed heap-buffer-overflow in `compute_seq_size`.
src/sdp-xml.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
--
2.50.1.703.g449372360f-goog
