1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-24 21:34:08 +03:00

fuzz: add test case for oss-fuzz #6897 and a work-around

The orignal reproducer from oss-fuzz depends on the hostname (via %H and %c).
The hostname needs a dash for msan to report this, so a simpler case from
@evverx with the dash hardcoded is also added.

The issue is a false positive from msan, which does not instruct stpncpy
(https://github.com/google/sanitizers/issues/926). Let's add a work-around
until this is fixed.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2018-03-16 12:02:54 +01:00
parent 10062bbc35
commit 1c56d50109
4 changed files with 18 additions and 0 deletions

View File

@ -1977,6 +1977,14 @@ int cg_slice_to_path(const char *unit, char **ret) {
_cleanup_free_ char *escaped = NULL;
char n[dash - p + sizeof(".slice")];
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
/* msan doesn't instrument stpncpy, so it thinks
* n is later used unitialized:
* https://github.com/google/sanitizers/issues/926
*/
zero(n);
#endif
/* Don't allow trailing or double dashes */
if (IN_SET(dash[1], 0, '-'))
return -EINVAL;

View File

@ -0,0 +1,4 @@
service
[Service]
Slice=%H.slice
TemporaryFileSystem=%c

View File

@ -0,0 +1,4 @@
service
[Service]
Slice=abc-def.slice
TemporaryFileSystem=%c

View File

@ -35,4 +35,6 @@ fuzz_regression_tests = '''
fuzz-unit-file/oss-fuzz-6917
fuzz-unit-file/oss-fuzz-6892
fuzz-unit-file/oss-fuzz-6908
fuzz-unit-file/oss-fuzz-6897
fuzz-unit-file/oss-fuzz-6897-evverx
'''.split()