fuzz: add test case for oss-fuzz #6897 and a work-around
The orignal reproducer from oss-fuzz depends on the hostname (via %H and %c). The hostname needs a dash for msan to report this, so a simpler case from @evverx with the dash hardcoded is also added. The issue is a false positive from msan, which does not instruct stpncpy (https://github.com/google/sanitizers/issues/926). Let's add a work-around until this is fixed.
This commit is contained in:
parent
10062bbc35
commit
1c56d50109
|
@ -1977,6 +1977,14 @@ int cg_slice_to_path(const char *unit, char **ret) {
|
||||||
_cleanup_free_ char *escaped = NULL;
|
_cleanup_free_ char *escaped = NULL;
|
||||||
char n[dash - p + sizeof(".slice")];
|
char n[dash - p + sizeof(".slice")];
|
||||||
|
|
||||||
|
#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
|
||||||
|
/* msan doesn't instrument stpncpy, so it thinks
|
||||||
|
* n is later used unitialized:
|
||||||
|
* https://github.com/google/sanitizers/issues/926
|
||||||
|
*/
|
||||||
|
zero(n);
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Don't allow trailing or double dashes */
|
/* Don't allow trailing or double dashes */
|
||||||
if (IN_SET(dash[1], 0, '-'))
|
if (IN_SET(dash[1], 0, '-'))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
4
test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6897
Normal file
4
test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6897
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
service
|
||||||
|
[Service]
|
||||||
|
Slice=%H.slice
|
||||||
|
TemporaryFileSystem=%c
|
|
@ -0,0 +1,4 @@
|
||||||
|
service
|
||||||
|
[Service]
|
||||||
|
Slice=abc-def.slice
|
||||||
|
TemporaryFileSystem=%c
|
|
@ -35,4 +35,6 @@ fuzz_regression_tests = '''
|
||||||
fuzz-unit-file/oss-fuzz-6917
|
fuzz-unit-file/oss-fuzz-6917
|
||||||
fuzz-unit-file/oss-fuzz-6892
|
fuzz-unit-file/oss-fuzz-6892
|
||||||
fuzz-unit-file/oss-fuzz-6908
|
fuzz-unit-file/oss-fuzz-6908
|
||||||
|
fuzz-unit-file/oss-fuzz-6897
|
||||||
|
fuzz-unit-file/oss-fuzz-6897-evverx
|
||||||
'''.split()
|
'''.split()
|
||||||
|
|
Loading…
Reference in a new issue