From fcb5ef37f7916f64208e9aba538c4d57cd8c1b25 Mon Sep 17 00:00:00 2001
From: Joshua Haberman <haberman@google.com>
Date: Wed, 20 Jul 2022 07:36:54 -0700
Subject: [PATCH] Fixed a bug in MiniTable construction for extensions. 
 #fuzzing

We were failing to assign the f->presence field, which resulted in a read of uninitialized memory.

PiperOrigin-RevId: 462138061
---
 upb/mini_table.c |  1 +
 upb/msg_test.cc  | 11 ++++++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/upb/mini_table.c b/upb/mini_table.c
index 1dfd00904e..0b59607053 100644
--- a/upb/mini_table.c
+++ b/upb/mini_table.c
@@ -1119,6 +1119,7 @@ const char* upb_MiniTable_BuildExtension(const char* data, size_t len,
       upb_MtDecoder_Parse(&decoder, data, len, ext, sizeof(*ext), &count, NULL);
   ext->field.mode |= kUpb_LabelFlags_IsExtension;
   ext->field.offset = 0;
+  ext->field.presence = 0;
   return ret;
 }
 
diff --git a/upb/msg_test.cc b/upb/msg_test.cc
index 696e1c1f4e..68fd6267ee 100644
--- a/upb/msg_test.cc
+++ b/upb/msg_test.cc
@@ -515,7 +515,7 @@ TEST(MessageTest, MapField) {
 // }
 // FUZZ_TEST(FuzzTest, DecodeEncodeArbitrarySchemaAndPayload);
 //
-// TEST(FuzzTest, DecodeEncodeArbitrarySchemaAndPayloadRegression) {
+// TEST(FuzzTest, DecodeUnknownProto2EnumExtension) {
 //   DecodeEncodeArbitrarySchemaAndPayload(
 //       {{"\256\354Rt\216\3271\234", "\243\243\267\207\336gV\366w"},
 //        {"z"},
@@ -525,4 +525,13 @@ TEST(MessageTest, MapField) {
 //       "\010", -724543908, -591643538);
 // }
 //
+// TEST(FuzzTest, DecodeExtensionEnsurePresenceInitialized) {
+//   DecodeEncodeArbitrarySchemaAndPayload(
+//       {{"\031", "S", "\364", "", "", "j", "\303", "", "\224", "\277"},
+//        {},
+//        "_C-\236$*)C0C>",
+//        {4041515984, 2147483647, 1929379871, 0, 3715937258, 4294967295}},
+//       "\010\002", 342248070, -806315555);
+// }
+//
 // end:google_only