From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Wed, 14 Mar 2018 13:31:24 +0000 (+0100)
Subject: fuzz: commit test case for oss-fuzz issue 6884
X-Git-Tag: v239~548^2~3
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8d89e51f3c58e3712765e7a9e1cddf45d3594509;p=thirdparty%2Fsystemd.git

fuzz: commit test case for oss-fuzz issue 6884

This seems to be a false positive in msan:
https://github.com/google/sanitizers/issues/767.

I don't see anything wrong with the code either, and valgrind does not see the
issue. Anyway, let's add the test case.

We don't have msan hooked up yet, but hopefully we'll in the future.

oss-fuzz #6884.
---

diff --git a/src/test/test-socket-util.c b/src/test/test-socket-util.c
index e35a27fa61a..76896b03281 100644
--- a/src/test/test-socket-util.c
+++ b/src/test/test-socket-util.c
@@ -118,6 +118,9 @@ static void test_socket_address_parse_netlink(void) {
         assert_se(socket_address_parse_netlink(&a, "route 10") >= 0);
         assert_se(a.sockaddr.sa.sa_family == AF_NETLINK);
         assert_se(a.protocol == NETLINK_ROUTE);
+
+        /* oss-fuzz #6884 */
+        assert_se(socket_address_parse_netlink(&a, "\xff") < 0);
 }
 
 static void test_socket_address_equal(void) {
diff --git a/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6884 b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6884
new file mode 100644
index 00000000000..00d105ade5d
--- /dev/null
+++ b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6884
@@ -0,0 +1,3 @@
+socket
+[Socket]
+ListenNetlink=ÿ
\ No newline at end of file
diff --git a/test/fuzz-regressions/meson.build b/test/fuzz-regressions/meson.build
index 25ec51148b1..c1416f93cf3 100644
--- a/test/fuzz-regressions/meson.build
+++ b/test/fuzz-regressions/meson.build
@@ -29,4 +29,5 @@ sanitizers = [['address', sanitize_address]]
 fuzz_regression_tests = '''
         fuzz-dns-packet/oss-fuzz-5465
         fuzz-dns-packet/issue-7888
+        fuzz-unit-file/oss-fuzz-6884
 '''.split()