From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 8 Dec 2022 09:06:40 +0000 (+0100)
Subject: fuzz: fix use of uninitialized value
X-Git-Tag: suricata-7.0.0-rc1~155
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1c436fe0ca4f47757822fbd304a6c298fffde71f;p=thirdparty%2Fsuricata.git

fuzz: fix use of uninitialized value

packet timestamp is not set when function returns error.
also use C positive modulo for microseconds
---

diff --git a/src/tests/fuzz/fuzz_predefpcap_aware.c b/src/tests/fuzz/fuzz_predefpcap_aware.c
index 0095e249e9..bd70371d3d 100644
--- a/src/tests/fuzz/fuzz_predefpcap_aware.c
+++ b/src/tests/fuzz/fuzz_predefpcap_aware.c
@@ -117,7 +117,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     // loop over packets
     r = FPC_next(&pkts, &header, &pkt);
     p = PacketGetFromAlloc();
-    if (header.ts.tv_sec >= INT_MAX - 3600) {
+    if (r <= 0 || header.ts.tv_sec >= INT_MAX - 3600) {
         goto bail;
     }
     p->ts.tv_sec = header.ts.tv_sec;
@@ -143,7 +143,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
             }
         }
         r = FPC_next(&pkts, &header, &pkt);
-        if (header.ts.tv_sec >= INT_MAX - 3600) {
+        if (r <= 0 || header.ts.tv_sec >= INT_MAX - 3600) {
             goto bail;
         }
         PacketRecycle(p);
diff --git a/src/tests/fuzz/fuzz_sigpcap.c b/src/tests/fuzz/fuzz_sigpcap.c
index 1560691fbe..2aa584ac09 100644
--- a/src/tests/fuzz/fuzz_sigpcap.c
+++ b/src/tests/fuzz/fuzz_sigpcap.c
@@ -160,7 +160,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     //loop over packets
     r = pcap_next_ex(pkts, &header, &pkt);
     p = PacketGetFromAlloc();
-    if (header->ts.tv_sec >= INT_MAX - 3600) {
+    if (r <= 0 || header->ts.tv_sec >= INT_MAX - 3600) {
         goto bail;
     }
     p->ts.tv_sec = header->ts.tv_sec;
@@ -187,7 +187,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
             }
         }
         r = pcap_next_ex(pkts, &header, &pkt);
-        if (header->ts.tv_sec >= INT_MAX - 3600) {
+        if (r <= 0 || header->ts.tv_sec >= INT_MAX - 3600) {
             goto bail;
         }
         PacketRecycle(p);
diff --git a/src/tests/fuzz/fuzz_sigpcap_aware.c b/src/tests/fuzz/fuzz_sigpcap_aware.c
index c03ecd840a..2e5c5a7a2f 100644
--- a/src/tests/fuzz/fuzz_sigpcap_aware.c
+++ b/src/tests/fuzz/fuzz_sigpcap_aware.c
@@ -157,7 +157,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     // loop over packets
     r = FPC_next(&pkts, &header, &pkt);
     p = PacketGetFromAlloc();
-    if (header.ts.tv_sec >= INT_MAX - 3600) {
+    if (r <= 0 || header.ts.tv_sec >= INT_MAX - 3600) {
         goto bail;
     }
     p->pkt_src = PKT_SRC_WIRE;
@@ -184,7 +184,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
             }
         }
         r = FPC_next(&pkts, &header, &pkt);
-        if (header.ts.tv_sec >= INT_MAX - 3600) {
+        if (r <= 0 || header.ts.tv_sec >= INT_MAX - 3600) {
             goto bail;
         }
         PacketRecycle(p);