From 37519064790d8cd14c97335b6792552d760f2b81 Mon Sep 17 00:00:00 2001 From: Matt Whitlock Date: Fri, 22 May 2026 00:41:31 -0400 Subject: [PATCH] tests/fuzz/fuzz-open_channel: fix bad local variable access after longjmp You can't access a local variable from a point before it was initialized and expect it to have the initialized value. Move the setjmp() call to after run_ctx is initialized so that the tal_free() call at cleanup will see the correct address and not crash. Fixes: https://github.com/ElementsProject/lightning/issues/9131 Changelog-None --- tests/fuzz/fuzz-open_channel.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/fuzz/fuzz-open_channel.c b/tests/fuzz/fuzz-open_channel.c index bffbedd460f8..999685c65060 100644 --- a/tests/fuzz/fuzz-open_channel.c +++ b/tests/fuzz/fuzz-open_channel.c @@ -439,14 +439,14 @@ void init(int *argc, char ***argv) void run(const u8 *data, size_t size) { - if (setjmp(fuzz_env) != 0) - goto cleanup; - /* The function under test: fundee_channel(), calls * clean_tmpctx() mid-run, so create a separate context. */ const tal_t *run_ctx = tal(NULL, tal_t); + if (setjmp(fuzz_env) != 0) + goto cleanup; + /* Initialize the global pointers to the fuzz data. */ cursor = &data; max = &size;