From: Frantisek Sumsal <frantisek@sumsal.cz>
Date: Sun, 21 May 2023 21:13:16 +0000 (+0200)
Subject: test: avoid memleak when allocation fails
X-Git-Tag: v254-rc1~419^2~5
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=9a1ebef3780f737fd5388f212c424a3666506faa;p=thirdparty%2Fsystemd.git

test: avoid memleak when allocation fails

==8==ERROR: LeakSanitizer: detected memory leaks

Indirect leak of 168 byte(s) in 3 object(s) allocated from:
    #0 0x4a0e6e in __interceptor_calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:77:3
    #1 0x4dec61 in calloc (/build/fuzz-bus-match+0x4dec61)
    #2 0x7f7c25e2b92d in bus_match_add_leaf /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-match.c:548:13
    #3 0x7f7c25e2b92d in bus_match_add /work/build/../../src/systemd/src/libsystemd/sd-bus/bus-match.c:886:16
    #4 0x4de864 in LLVMFuzzerTestOneInput /work/build/../../src/systemd/src/libsystemd/sd-bus/fuzz-bus-match.c:83:21
    #5 0x4defc8 in NaloFuzzerTestOneInput (/build/fuzz-bus-match+0x4defc8)
    #6 0x4fdf53 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
    #7 0x4fd73a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:514:3
    #8 0x4fee09 in fuzzer::Fuzzer::MutateAndTestOne() /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:757:19
    #9 0x4ffad5 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, std::__Fuzzer::allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:895:5
    #10 0x4eee3f in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:912:6
    #11 0x4ef708 in LLVMFuzzerRunDriver /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:925:10
    #12 0x4df225 in main (/build/fuzz-bus-match+0x4df225)
    #13 0x7f7c252e3082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)

DEDUP_TOKEN: __interceptor_calloc--calloc--bus_match_add_leaf
SUMMARY: AddressSanitizer: 168 byte(s) leaked in 3 allocation(s).

Found by Nallocfuzz.
---

diff --git a/src/libsystemd/sd-bus/fuzz-bus-match.c b/src/libsystemd/sd-bus/fuzz-bus-match.c
index 65461a1661c..d183460ea7b 100644
--- a/src/libsystemd/sd-bus/fuzz-bus-match.c
+++ b/src/libsystemd/sd-bus/fuzz-bus-match.c
@@ -8,6 +8,8 @@
 #include "fileio.h"
 #include "fuzz.h"
 
+DEFINE_TRIVIAL_DESTRUCTOR(bus_match_donep, struct bus_match_node, bus_match_free);
+
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         _cleanup_free_ char *out = NULL; /* out should be freed after g */
         size_t out_size;
@@ -26,7 +28,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         r = sd_bus_new(&bus);
         assert_se(r >= 0);
 
-        struct bus_match_node root = {
+        _cleanup_(bus_match_donep) struct bus_match_node root = {
                 .type = BUS_MATCH_ROOT,
         };