mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-24 21:34:08 +03:00
fuzz: add test case for oss-fuzz #6897 and a work-around
The orignal reproducer from oss-fuzz depends on the hostname (via %H and %c). The hostname needs a dash for msan to report this, so a simpler case from @evverx with the dash hardcoded is also added. The issue is a false positive from msan, which does not instruct stpncpy (https://github.com/google/sanitizers/issues/926). Let's add a work-around until this is fixed.
This commit is contained in:
parent
10062bbc35
commit
1c56d50109
@ -1977,6 +1977,14 @@ int cg_slice_to_path(const char *unit, char **ret) {
|
||||
_cleanup_free_ char *escaped = NULL;
|
||||
char n[dash - p + sizeof(".slice")];
|
||||
|
||||
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||
/* msan doesn't instrument stpncpy, so it thinks
|
||||
* n is later used unitialized:
|
||||
* https://github.com/google/sanitizers/issues/926
|
||||
*/
|
||||
zero(n);
|
||||
#endif
|
||||
|
||||
/* Don't allow trailing or double dashes */
|
||||
if (IN_SET(dash[1], 0, '-'))
|
||||
return -EINVAL;
|
||||
|
4
test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6897
Normal file
4
test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6897
Normal file
@ -0,0 +1,4 @@
|
||||
service
|
||||
[Service]
|
||||
Slice=%H.slice
|
||||
TemporaryFileSystem=%c
|
@ -0,0 +1,4 @@
|
||||
service
|
||||
[Service]
|
||||
Slice=abc-def.slice
|
||||
TemporaryFileSystem=%c
|
@ -35,4 +35,6 @@ fuzz_regression_tests = '''
|
||||
fuzz-unit-file/oss-fuzz-6917
|
||||
fuzz-unit-file/oss-fuzz-6892
|
||||
fuzz-unit-file/oss-fuzz-6908
|
||||
fuzz-unit-file/oss-fuzz-6897
|
||||
fuzz-unit-file/oss-fuzz-6897-evverx
|
||||
'''.split()
|
||||
|
Loading…
Reference in New Issue
Block a user