Skip to content

fix: add null check for file_saver in GenerateBinary to prevent null dereference#9161

Open
freinkxhihani-a11y wants to merge 1 commit into
google:masterfrom
freinkxhihani-a11y:fix/null-check-file-saver
Open

fix: add null check for file_saver in GenerateBinary to prevent null dereference#9161
freinkxhihani-a11y wants to merge 1 commit into
google:masterfrom
freinkxhihani-a11y:fix/null-check-file-saver

Conversation

@freinkxhihani-a11y

@freinkxhihani-a11y freinkxhihani-a11y commented Jun 28, 2026

Copy link
Copy Markdown

Summary

Add a null pointer check for parser.opts.file_saver before dereferencing
it in GenerateBinary() in src/idl_gen_binary.cpp.

Problem

GenerateBinary() unconditionally dereferences parser.opts.file_saver
without verifying it is non-null. When the parser is initialized without
a valid file saver, this causes a null pointer dereference (SEGV).

This was discovered via OSS-Fuzz using the codegen_fuzzer target.

Fix

Added an early return if (!parser.opts.file_saver) return false;
at the start of GenerateBinary(), before any dereference occurs.

Impact

Prevents a deterministic crash (SCARINESS: 10, null-deref) when
processing malformed .fbs schema files.

@github-actions github-actions Bot added c++ codegen Involving generating code from schema labels Jun 28, 2026
@freinkxhihani-a11y freinkxhihani-a11y mentioned this pull request Jun 28, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dbaileychess dbaileychess Awaiting requested review from dbaileychess dbaileychess is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

c++ codegen Involving generating code from schema

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@freinkxhihani-a11y