Merge 63a74a92a8 into 06167b4f4b

[Core] Fix a potential null pointer deref in scroll GetScrollContainerData
Rename fuzzing_target.cc to fuzzing_target.c
2025-04-15 10:48:04 +00:00 · 2025-04-12 19:45:03 +04:00 · 2025-04-12 11:27:10 +12:00 · 2024-12-22 21:10:58 +05:30 · 2024-12-21 17:04:07 +05:30
2 changed files with 29 additions and 1 deletions
--- a/clay.h
+++ b/clay.h
@ -4118,11 +4118,15 @@ Clay_ScrollContainerData Clay_GetScrollContainerData(Clay_ElementId id) {
    for (int32_t i = 0; i < context->scrollContainerDatas.length; ++i) {
        Clay__ScrollContainerDataInternal *scrollContainerData = Clay__ScrollContainerDataInternalArray_Get(&context->scrollContainerDatas, i);
        if (scrollContainerData->elementId == id.id) {
+            Clay_ScrollElementConfig *scrollElementConfig = Clay__FindElementConfigWithType(scrollContainerData->layoutElement, CLAY__ELEMENT_CONFIG_TYPE_SCROLL).scrollElementConfig;
+            if (!scrollElementConfig) { // This can happen on the first frame before a scroll container is declared
+                return CLAY__INIT(Clay_ScrollContainerData) CLAY__DEFAULT_STRUCT;
+            }
            return CLAY__INIT(Clay_ScrollContainerData) {
                .scrollPosition = &scrollContainerData->scrollPosition,
                .scrollContainerDimensions = { scrollContainerData->boundingBox.width, scrollContainerData->boundingBox.height },
                .contentDimensions = scrollContainerData->contentSize,
-                .config = *Clay__FindElementConfigWithType(scrollContainerData->layoutElement, CLAY__ELEMENT_CONFIG_TYPE_SCROLL).scrollElementConfig,
+                .config = *scrollElementConfig,
                .found = true
            };
        }
--- a/fuzz/fuzzing_target.c
+++ b/fuzz/fuzzing_target.c
@ -0,0 +1,24 @@
+#include "clay.h"
+#include <stdint.h>
+#include <stddef.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+    if (size < sizeof(Clay_String)) return 0;
+
+    Clay_String testString = { .length = size, .chars = (const char *)data };
+
+    Clay_Dimensions dimensions = MeasureText(&testString, NULL);
+
+    // Call other critical functions
+    Clay_Arena arena = Clay_CreateArenaWithCapacityAndMemory(1024, (void*)data);
+    Clay_Initialize(arena, (Clay_Dimensions){1024, 768});
+    Clay_SetPointerState((Clay_Vector2){0, 0}, false);
+    Clay_BeginLayout();
+    Clay_EndLayout();
+
+    // Handle pointer state changes
+    Clay_SetPointerState((Clay_Vector2){1, 1}, true);
+    Clay_SetPointerState((Clay_Vector2){2, 2}, false);
+
+    return 0;
+}
Author	SHA1	Message	Date
Shivam7-1	763f61a0e4	Merge `63a74a92a8` into `06167b4f4b`	2025-04-12 19:45:03 +04:00
Nic Barker	06167b4f4b	[Core] Fix a potential null pointer deref in scroll GetScrollContainerData Some checks failed CMake on multiple platforms / build (Release, cl, cl, windows-latest) (push) Has been cancelled Details CMake on multiple platforms / build (Release, clang, clang++, ubuntu-latest) (push) Has been cancelled Details CMake on multiple platforms / build (Release, gcc, g++, ubuntu-latest) (push) Has been cancelled Details	2025-04-12 11:27:10 +12:00
Shivam7-1	63a74a92a8	Rename fuzzing_target.cc to fuzzing_target.c	2024-12-22 21:10:58 +05:30
Shivam7-1	8d3cadc52e	initial fuzzing support	2024-12-21 17:04:07 +05:30