Created attachment 16165 [details] the fuzz input. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22653 librpc/gen_ndr/ndr_spoolss.c:35202:4: runtime error: applying zero offset to null pointer #0 0x55924e9fa5fe in ndr_push___spoolss_EnumPrinterDataEx samba/bin/default/librpc/gen_ndr/ndr_spoolss.c:35202:4 #1 0x55924ec634a3 in ndr_push_spoolss_EnumPrinterDataEx samba/bin/default/../../librpc/ndr/ndr_spoolss_buf.c:628:4 #2 0x55924ecb7e4f in LLVMFuzzerTestOneInput samba/bin/default/lib/fuzzing/fuzz_ndr_spoolss_TYPE_OUT.c:305:13 #3 0x55924e6d3151 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:559:15 #4 0x55924e6be8f2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:301:6 #5 0x55924e6c488d in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:801:9 #6 0x55924e6ec172 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #7 0x7f72f04db83f in __libc_start_main (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_samba_2e2f9e03439b06bef98c668055db3b9dbd019852/revisions/lib/libc.so.6+0x2083f) #8 0x55924e699068 in _start (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_samba_2e2f9e03439b06bef98c668055db3b9dbd019852/revisions/fuzz_ndr_spoolss_TYPE_OUT+0x8f7068) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior librpc/gen_ndr/ndr_spoolss.c:35202:4 in librpc/gen_ndr/ndr_spoolss.c:22898:4: runtime error: member access within null pointer of type 'const struct spoolss_PrinterEnumValues' #0 0x55924e903704 in ndr_push_spoolss_PrinterEnumValues samba/bin/default/librpc/gen_ndr/ndr_spoolss.c:22898:4 #1 0x55924e9fa495 in ndr_push___spoolss_EnumPrinterDataEx samba/bin/default/librpc/gen_ndr/ndr_spoolss.c:35202:4 #2 0x55924ec634a3 in ndr_push_spoolss_EnumPrinterDataEx samba/bin/default/../../librpc/ndr/ndr_spoolss_buf.c:628:4 #3 0x55924ecb7e4f in LLVMFuzzerTestOneInput samba/bin/default/lib/fuzzing/fuzz_ndr_spoolss_TYPE_OUT.c:305:13 #4 0x55924e6d3151 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:559:15 #5 0x55924e6be8f2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:301:6 #6 0x55924e6c488d in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:801:9 #7 0x55924e6ec172 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10 #8 0x7f72f04db83f in __libc_start_main (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_samba_2e2f9e03439b06bef98c668055db3b9dbd019852/revisions/lib/libc.so.6+0x2083f) #9 0x55924e699068 in _start (/mnt/scratch0/clusterfuzz/bot/builds/clusterfuzz-builds_samba_2e2f9e03439b06bef98c668055db3b9dbd019852/revisions/fuzz_ndr_spoolss_TYPE_OUT+0x8f7068)
the ndrdump equivalent is bin/ndrdump spoolss 79 out --base64-input --input AAAAAAAAAAAgICAgICAgIA== valgrind has no complaints.