[xen master] fuzz/x86_emulate: Fix afl-harness batch mode file pointer leak

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[xen master] fuzz/x86_emulate: Fix afl-harness batch mode file pointer leak

patchbot
commit d525519bedbcb3fb7b9cc297e352a35124681850
Author:     George Dunlap <[hidden email]>
AuthorDate: Fri Oct 13 09:36:00 2017 +0100
Commit:     George Dunlap <[hidden email]>
CommitDate: Fri Oct 27 14:44:05 2017 +0100

    fuzz/x86_emulate: Fix afl-harness batch mode file pointer leak
   
    Changeset 2b1cde7783 introduced "batch mode" to afl-harness, which allowed
    the handling of several inputs in sequence.
   
    Unfortunately, it introduced a file pointer leak when the file was
    larger than the maximum size.  Restructure the code to always close fp
    if we opened it.
   
    Signed-off-by: George Dunlap <[hidden email]>
    Reviewed-by: Jan Beulich <[hidden email]>
    Release-acked-by: Julien Grall <[hidden email]>
---
 tools/fuzz/x86_instruction_emulator/afl-harness.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/tools/fuzz/x86_instruction_emulator/afl-harness.c b/tools/fuzz/x86_instruction_emulator/afl-harness.c
index d514468..a2bae46 100644
--- a/tools/fuzz/x86_instruction_emulator/afl-harness.c
+++ b/tools/fuzz/x86_instruction_emulator/afl-harness.c
@@ -99,13 +99,17 @@ int main(int argc, char **argv)
             exit(-1);
         }
 
-        if ( !feof(fp) )
+        /* Only run the test if the input file was smaller than INPUT_SIZE */
+        if ( feof(fp) )
+        {
+            LLVMFuzzerTestOneInput(input, size);
+        }
+        else
         {
             printf("Input too large\n");
             /* Don't exit if we're doing batch processing */
             if ( max == 1 )
                 exit(-1);
-            continue;
         }
 
         if ( fp != stdin )
@@ -113,8 +117,6 @@ int main(int argc, char **argv)
             fclose(fp);
             fp = NULL;
         }
-
-        LLVMFuzzerTestOneInput(input, size);
     }
 
     return 0;
--
generated by git-patchbot for /home/xen/git/xen.git#master

_______________________________________________
Xen-changelog mailing list
[hidden email]
https://lists.xenproject.org/xen-changelog