From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Fri, 19 Feb 2021 12:07:29 +0000 (+0100)
Subject: basic/alloc-util: also reset the cleaned-up variable in freep()
X-Git-Tag: v248-rc1~39
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5800f0fc682baccb24ae076b3ffea0a548812486;p=thirdparty%2Fsystemd.git

basic/alloc-util: also reset the cleaned-up variable in freep()

freep() has it's own definition, so I missed it in fd421c4adc7406de02e03e2f7ceede2cc6e1d9d4.

Again, there is a small growth, but the compiler should be able to optimize it away:
-Dbuildtype=debug:

-rwxrwxr-x 1 zbyszek zbyszek 4106816 Feb 19 12:52 build/libsystemd.so.0.30.0
-rwxrwxr-x 1 zbyszek zbyszek 7492952 Feb 19 12:52 build/src/shared/libsystemd-shared-247.so
-rwxrwxr-x 1 zbyszek zbyszek 4472624 Feb 19 12:53 build/systemd

-rwxrwxr-x 1 zbyszek zbyszek 4107056 Feb 19 13:03 build/libsystemd.so.0.30.0
-rwxrwxr-x 1 zbyszek zbyszek 7493480 Feb 19 13:03 build/src/shared/libsystemd-shared-247.so
-rwxrwxr-x 1 zbyszek zbyszek 4472760 Feb 19 13:03 build/systemd

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31055.
---

diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h
index 5885d890b58..698a6583c5c 100644
--- a/src/basic/alloc-util.h
+++ b/src/basic/alloc-util.h
@@ -80,7 +80,7 @@ void* memdup_suffix0(const void *p, size_t l); /* We can't use _alloc_() here, s
         })
 
 static inline void freep(void *p) {
-        free(*(void**) p);
+        *(void**)p = mfree(*(void**) p);
 }
 
 #define _cleanup_free_ _cleanup_(freep)
diff --git a/test/fuzz/fuzz-systemctl-parse-argv/oss-fuzz-31055 b/test/fuzz/fuzz-systemctl-parse-argv/oss-fuzz-31055
new file mode 100644
index 00000000000..a8f90711090
Binary files /dev/null and b/test/fuzz/fuzz-systemctl-parse-argv/oss-fuzz-31055 differ