API misuse in fuzz_ppd_gen_conflicts.c: cupsGetConflicts return value ignored

## Summary

The fuzzer `fuzz_ppd_gen_conflicts.c` incorrectly uses the `cupsGetConflicts` API by ignoring its return value, causing mismatched option count and pointer state when calling `cupsResolveConflicts`.

## Problem

**Line 38** ignores the return value:
```c
cupsGetConflicts(ppd, "SampleOption", "SampleChoice", &options);  // ❌ Return value ignored
```

`cupsGetConflicts` modifies `*options` and returns the new count, but the fuzzer continues using the old `num_options` value from line 31.

## Consequence

- Passes mismatched `num_options` and `*options` to `cupsResolveConflicts`
- Before upstream fix (5b5f5c0d6): NULL pointer dereference crash
- After fix: Logic errors, cannot properly test conflict resolution

## Correct Usage

From `cups/testppd.c`:
```c
num_options = cupsGetConflicts(ppd, "InputSlot", "Envelope", &options);
```

Should capture and use the return value.

## Reference

As noted by @michaelrsweet in GHSA-r4j5-9gvw-5h7q:
> "your PoC code uses the cupsGetConflicts API incorrectly - it returns the number of conflicting options, but you are ignoring the return value."

---

This prevents proper fuzzing of CUPS conflict resolution logic.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

API misuse in fuzz_ppd_gen_conflicts.c: cupsGetConflicts return value ignored #45

Summary

Problem

Consequence

Correct Usage

Reference

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

API misuse in fuzz_ppd_gen_conflicts.c: cupsGetConflicts return value ignored #45

Description

Summary

Problem

Consequence

Correct Usage

Reference

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions