Fix fuzzer

OriginProtocol · Feb 20, 2024 · 630351e · 630351e
1 parent 50c7846
commit 630351e
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 6 deletions.
diff --git a/src/handle_init_contract.c b/src/handle_init_contract.c
@@ -44,12 +44,13 @@ void handle_init_contract(ethPluginInitContract_t *msg) {
             break;
         case CURVE_POOL_EXCHANGE:
         case CURVE_POOL_EXCHANGE_UNDERLYING:
-            if (memcmp(CURVE_OETH_POOL_ADDRESS,
-                       msg->pluginSharedRO->txContent->destination,
-                       ADDRESS_LENGTH) == 0 ||
-                memcmp(CURVE_OUSD_POOL_ADDRESS,
-                       msg->pluginSharedRO->txContent->destination,
-                       ADDRESS_LENGTH) == 0) {
+            if (&msg->pluginSharedRO->txContent != NULL &&
+                (memcmp(CURVE_OETH_POOL_ADDRESS,
+                        msg->pluginSharedRO->txContent->destination,
+                        ADDRESS_LENGTH) == 0 ||
+                 memcmp(CURVE_OUSD_POOL_ADDRESS,
+                        msg->pluginSharedRO->txContent->destination,
+                        ADDRESS_LENGTH) == 0)) {
                 context->next_param = TOKEN_SENT;
                 break;
             }

diff --git a/src/handle_provide_parameter.c b/src/handle_provide_parameter.c
@@ -347,6 +347,11 @@ static void handle_uniswap_v3_exchange(ethPluginProvideParameter_t *msg, context
             context->next_param = TOKEN_RECEIVED_REST;
             break;
         case TOKEN_RECEIVED_REST:
+            if ((PARAMETER_LENGTH - (context->offset - ADDRESS_LENGTH) % PARAMETER_LENGTH) > 20) {
+                context->next_param = NONE;
+                break;
+            }
+
             // copy rest of address in case it overflows into the next param
             memcpy(&context->contract_address_received[PARAMETER_LENGTH -
                                                        (context->offset - ADDRESS_LENGTH) %