git.ipfire.org Git - thirdparty/systemd.git/commit

xdg-autostart: avoid quadratic behaviour in strv parsing

The fuzzer test case has a giant line with ";;;;;;;;;;;..." which is turned into
a strv of empty strings. Unfortunately, when pushing each string, strv_push() needs
to walk the whole array, which leads to quadratic behaviour. So let's use
greedy_allocation here and also keep location in the string to avoid iterating.

build/fuzz-xdg-desktop test/fuzz/fuzz-xdg-desktop/oss-fuzz-22812  51.10s user 0.01s system 99% cpu 51.295 total
↓
build/fuzz-xdg-desktop test/fuzz/fuzz-xdg-desktop/oss-fuzz-22812  0.07s user 0.01s system 96% cpu 0.083 total

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22812.

Other minor changes:
- say "was already defined" instead of "defined multiple times" to make it
  clear that we're ignoring this second definition, and not all definitions
  of the key
- unescaping needs to be done also for the last entry

author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Tue, 7 Jul 2020 09:24:36 +0000 (11:24 +0200)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Tue, 7 Jul 2020 10:20:43 +0000 (12:20 +0200)
commit	d1ca1f7c2ae052e59d0cbe8512e852b9ef059451
tree	4df512d796ecf2c79c29f49c5bc695f7edc50aa7	tree \| snapshot
parent	9ecf5d9340aeddc2fae51134ac1ff15100da974d	commit \| diff

src/xdg-autostart-generator/xdg-autostart-service.c		diff \| blob \| blame \| history
test/fuzz/fuzz-xdg-desktop/oss-fuzz-22812	[new file with mode: 0644]	blob