fuzz-unit-file: simply do not test ListenNetlink= at all

msan doesn't understand sscanf with %ms, so it falsely reports unitialized
memory. Using sscanf with %ms is quite convenient in
socket_address_parse_netlink(), so let's just not run the fuzzer for
ListenNetlink= at all for now. If msan is fixed, we can remove this.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6884

1 files changed, 18 insertions, 0 deletions

diff --git a/src/fuzz/fuzz-unit-file.c b/src/fuzz/fuzz-unit-file.c
index 45f1a72db2..44c68db64d 100644
--- a/src/fuzz/fuzz-unit-file.c
+++ b/src/fuzz/fuzz-unit-file.c
@@ -18,6 +18,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         _cleanup_(manager_freep) Manager *m = NULL;
         Unit *u;
         const char *name;
+        long offset;
 
         if (size == 0)
                 return 0;
@@ -35,6 +36,23 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         if (!unit_vtable[t]->load)
                 return 0;
 
+        offset = ftell(f);
+        assert_se(offset >= 0);
+
+        for (;;) {
+                _cleanup_free_ char *l = NULL;
+
+                if (read_line(f, LINE_MAX, &l) <= 0)
+                        break;
+
+                if (startswith(l, "ListenNetlink="))
+                        /* ListenNetlink causes a false positive in msan,
+                         * let's skip this for now. */
+                        return 0;
+        }
+
+        assert_se(fseek(f, offset, SEEK_SET) == 0);
+
         /* We don't want to fill the logs with messages about parse errors.
          * Disable most logging if not running standalone */
         if (!getenv("SYSTEMD_LOG_LEVEL"))