From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Sun, 18 Mar 2018 12:39:38 +0000 (+0100)
Subject: fuzz-unit-file: simply do not test ListenNetlink= at all
X-Git-Tag: v239~538^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=bd0763b642055647be789b30c393c5e93b046336;p=thirdparty%2Fsystemd.git

fuzz-unit-file: simply do not test ListenNetlink= at all

msan doesn't understand sscanf with %ms, so it falsely reports unitialized
memory. Using sscanf with %ms is quite convenient in
socket_address_parse_netlink(), so let's just not run the fuzzer for
ListenNetlink= at all for now. If msan is fixed, we can remove this.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6884
---

diff --git a/src/fuzz/fuzz-unit-file.c b/src/fuzz/fuzz-unit-file.c
index 45f1a72db29..44c68db64dd 100644
--- a/src/fuzz/fuzz-unit-file.c
+++ b/src/fuzz/fuzz-unit-file.c
@@ -18,6 +18,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         _cleanup_(manager_freep) Manager *m = NULL;
         Unit *u;
         const char *name;
+        long offset;
 
         if (size == 0)
                 return 0;
@@ -35,6 +36,23 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         if (!unit_vtable[t]->load)
                 return 0;
 
+        offset = ftell(f);
+        assert_se(offset >= 0);
+
+        for (;;) {
+                _cleanup_free_ char *l = NULL;
+
+                if (read_line(f, LINE_MAX, &l) <= 0)
+                        break;
+
+                if (startswith(l, "ListenNetlink="))
+                        /* ListenNetlink causes a false positive in msan,
+                         * let's skip this for now. */
+                        return 0;
+        }
+
+        assert_se(fseek(f, offset, SEEK_SET) == 0);
+
         /* We don't want to fill the logs with messages about parse errors.
          * Disable most logging if not running standalone */
         if (!getenv("SYSTEMD_LOG_LEVEL"))
diff --git a/test/fuzz-corpus/unit-file/directives.service b/test/fuzz-corpus/unit-file/directives.service
index f01c0ed172c..0077ae739b1 100644
--- a/test/fuzz-corpus/unit-file/directives.service
+++ b/test/fuzz-corpus/unit-file/directives.service
@@ -124,7 +124,7 @@ LazyUnmount=
 ListenDatagram=
 ListenFIFO=
 ListenMessageQueue=
-ListenNetlink=
+#ListenNetlink=
 ListenSequentialPacket=
 ListenSpecial=
 ListenStream=
diff --git a/test/fuzz-corpus/unit-file/syslog.socket b/test/fuzz-corpus/unit-file/syslog.socket
index 3d28a261f5e..2eb316fcaa6 100644
--- a/test/fuzz-corpus/unit-file/syslog.socket
+++ b/test/fuzz-corpus/unit-file/syslog.socket
@@ -53,7 +53,7 @@ ListenDatagram=1.2.3.4:1234
 ListenSequentialPacket=1.2.3.4:1234
 ListenFIFO=
 ListenSpecial=
-ListenNetlink=
+#ListenNetlink=
 ListenMessageQueue=
 ListenUSBFunction=
 SocketProtocol=udplite