1 files changed, 9 insertions, 6 deletions

diff --git a/fuzz/README b/fuzz/README
index 2e88db74975e..427625c6e714 100644
--- a/fuzz/README
+++ b/fuzz/README
@@ -8,7 +8,8 @@ use preload-fuzz.c to read device data from stdin.
 
 libFuzzer is better suited for bespoke fuzzers; see fuzz_cred.c, fuzz_credman.c,
 fuzz_assert.c, fuzz_hid.c, and fuzz_mgmt.c for examples. To build these
-harnesses, use -DFUZZ=ON -DLIBFUZZER=ON.
+harnesses, use -DCMAKE_C_FLAGS=-fsanitize=fuzzer-no-link
+-DFUZZ_LDFLAGS=-fsanitize=fuzzer -DFUZZ=ON.
 
 If -DFUZZ=ON is enabled, symbols listed in wrapped.sym are wrapped in the
 resulting shared object. The wrapper functions simulate failure according to a
@@ -21,20 +22,22 @@ To run under ASAN/MSAN/UBSAN, libfido2 needs to be linked against flavours of
 libcbor and OpenSSL built with the respective sanitiser. In order to keep
 memory utilisation at a manageable level, you can either enforce limits at
 the OS level (e.g. cgroups on Linux), or patch libcbor with the diff below.
+N.B., the patch below is relative to libcbor 0.10.1.
 
 diff --git src/cbor/internal/memory_utils.c src/cbor/internal/memory_utils.c
-index aa049a2..e294b38 100644
+index bbea63c..3f7c9af 100644
 --- src/cbor/internal/memory_utils.c
 +++ src/cbor/internal/memory_utils.c
-@@ -28,7 +28,10 @@ bool _cbor_safe_to_multiply(size_t a, size_t b) {
+@@ -41,7 +41,11 @@ size_t _cbor_safe_signaling_add(size_t a, size_t b) {
  
  void* _cbor_alloc_multiple(size_t item_size, size_t item_count) {
    if (_cbor_safe_to_multiply(item_size, item_count)) {
--    return _CBOR_MALLOC(item_size * item_count);
+-    return _cbor_malloc(item_size * item_count);
 +    if (item_count > 1000) {
 +      return NULL;
-+    } else
-+      return _CBOR_MALLOC(item_size * item_count);
++    } else {
++      return _cbor_malloc(item_size * item_count);
++    }
    } else {
      return NULL;
    }