fuzz: commit test case for oss-fuzz issue 6884

This seems to be a false positive in msan:
https://github.com/google/sanitizers/issues/767.

I don't see anything wrong with the code either, and valgrind does not see the
issue. Anyway, let's add the test case.

We don't have msan hooked up yet, but hopefully we'll in the future.

oss-fuzz #6884.

diff --git a/src/test/test-socket-util.c b/src/test/test-socket-util.c
index e35a27f..76896b0 100644 (file)
--- a/src/test/test-socket-util.c
+++ b/src/test/test-socket-util.c
@@ -118,6 +118,9 @@ static void test_socket_address_parse_netlink(void) {
         assert_se(socket_address_parse_netlink(&a, "route 10") >= 0);
         assert_se(a.sockaddr.sa.sa_family == AF_NETLINK);
         assert_se(a.protocol == NETLINK_ROUTE);
+
+        /* oss-fuzz #6884 */
+        assert_se(socket_address_parse_netlink(&a, "\xff") < 0);
 }
 
 static void test_socket_address_equal(void) {

diff --git a/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6884 b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6884
new file mode 100644 (file)
index 0000000..00d105a
--- /dev/null
+++ b/test/fuzz-regressions/fuzz-unit-file/oss-fuzz-6884
@@ -0,0 +1,3 @@
+socket
+[Socket]
+ListenNetlink=ÿ
\ No newline at end of file

diff --git a/test/fuzz-regressions/meson.build b/test/fuzz-regressions/meson.build
index 25ec511..c1416f9 100644 (file)
--- a/test/fuzz-regressions/meson.build
+++ b/test/fuzz-regressions/meson.build
@@ -29,4 +29,5 @@ sanitizers = [['address', sanitize_address]]
 fuzz_regression_tests = '''
         fuzz-dns-packet/oss-fuzz-5465
         fuzz-dns-packet/issue-7888
+        fuzz-unit-file/oss-fuzz-6884
 '''.split()