teknoraver / rpms / systemd

Forked from rpms/systemd 4 months ago
Clone

Blame SOURCES/0264-fuzz-journal-stream-avoid-assertion-failure-on-sampl.patch

b9a53a
From 2d197adc6d7109d5901401a90288530582f3f991 Mon Sep 17 00:00:00 2001
b9a53a
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
b9a53a
Date: Tue, 26 Feb 2019 13:00:35 +0100
b9a53a
Subject: [PATCH] fuzz-journal-stream: avoid assertion failure on samples which
b9a53a
 don't fit in pipe
b9a53a
MIME-Version: 1.0
b9a53a
Content-Type: text/plain; charset=UTF-8
b9a53a
Content-Transfer-Encoding: 8bit
b9a53a
b9a53a
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11587.
b9a53a
We had a sample which was large enough that write(2) failed to push all the
b9a53a
data into the pipe, and an assert failed. The code could be changed to use
b9a53a
a loop, but then we'd need to interleave writes and sd_event_run (to process
b9a53a
the journal). I don't think the complexity is worth it — fuzzing works best
b9a53a
if the sample is not too huge anyway. So let's just reject samples above 64k,
b9a53a
and tell oss-fuzz about this limit.
b9a53a
b9a53a
(cherry picked from commit eafadd069c4e30ed62173123326a7237448615d1)
b9a53a
b9a53a
Resolves: #1764560
b9a53a
---
b9a53a
 src/fuzz/fuzz-journald-stream.c       | 2 +-
b9a53a
 src/fuzz/fuzz-journald-stream.options | 2 ++
b9a53a
 2 files changed, 3 insertions(+), 1 deletion(-)
b9a53a
 create mode 100644 src/fuzz/fuzz-journald-stream.options
b9a53a
b9a53a
diff --git a/src/fuzz/fuzz-journald-stream.c b/src/fuzz/fuzz-journald-stream.c
b9a53a
index 247c0889bc..693b197d3a 100644
b9a53a
--- a/src/fuzz/fuzz-journald-stream.c
b9a53a
+++ b/src/fuzz/fuzz-journald-stream.c
b9a53a
@@ -14,7 +14,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
b9a53a
         StdoutStream *stream;
b9a53a
         int v;
b9a53a
 
b9a53a
-        if (size == 0)
b9a53a
+        if (size == 0 || size > 65536)
b9a53a
                 return 0;
b9a53a
 
b9a53a
         if (!getenv("SYSTEMD_LOG_LEVEL"))
b9a53a
diff --git a/src/fuzz/fuzz-journald-stream.options b/src/fuzz/fuzz-journald-stream.options
b9a53a
new file mode 100644
b9a53a
index 0000000000..678d526b1e
b9a53a
--- /dev/null
b9a53a
+++ b/src/fuzz/fuzz-journald-stream.options
b9a53a
@@ -0,0 +1,2 @@
b9a53a
+[libfuzzer]
b9a53a
+max_len = 65536