diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-03-18 13:39:38 +0100 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-03-18 21:05:43 +0100 |
commit | bd0763b642055647be789b30c393c5e93b046336 (patch) | |
tree | 72f9d017571f5536f5f25efbabf502bc71f3ca16 /src/fuzz | |
parent | 5685efde88f3d228cc25b17c6a7b29155e8a1ea2 (diff) | |
download | systemd-bd0763b642055647be789b30c393c5e93b046336.tar.gz systemd-bd0763b642055647be789b30c393c5e93b046336.tar.bz2 systemd-bd0763b642055647be789b30c393c5e93b046336.zip |
fuzz-unit-file: simply do not test ListenNetlink= at all
msan doesn't understand sscanf with %ms, so it falsely reports unitialized
memory. Using sscanf with %ms is quite convenient in
socket_address_parse_netlink(), so let's just not run the fuzzer for
ListenNetlink= at all for now. If msan is fixed, we can remove this.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6884
Diffstat (limited to 'src/fuzz')
-rw-r--r-- | src/fuzz/fuzz-unit-file.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/src/fuzz/fuzz-unit-file.c b/src/fuzz/fuzz-unit-file.c index 45f1a72db2..44c68db64d 100644 --- a/src/fuzz/fuzz-unit-file.c +++ b/src/fuzz/fuzz-unit-file.c @@ -18,6 +18,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { _cleanup_(manager_freep) Manager *m = NULL; Unit *u; const char *name; + long offset; if (size == 0) return 0; @@ -35,6 +36,23 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { if (!unit_vtable[t]->load) return 0; + offset = ftell(f); + assert_se(offset >= 0); + + for (;;) { + _cleanup_free_ char *l = NULL; + + if (read_line(f, LINE_MAX, &l) <= 0) + break; + + if (startswith(l, "ListenNetlink=")) + /* ListenNetlink causes a false positive in msan, + * let's skip this for now. */ + return 0; + } + + assert_se(fseek(f, offset, SEEK_SET) == 0); + /* We don't want to fill the logs with messages about parse errors. * Disable most logging if not running standalone */ if (!getenv("SYSTEMD_LOG_LEVEL")) |