File: | build-scan/../src/fuzz/fuzz-compress.c |
Warning: | line 61, column 17 Potential leak of memory pointed to by 'buf' |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* SPDX-License-Identifier: LGPL-2.1+ */ | |||
2 | ||||
3 | #include <errno(*__errno_location ()).h> | |||
4 | ||||
5 | #include "alloc-util.h" | |||
6 | #include "compress.h" | |||
7 | #include "fuzz.h" | |||
8 | ||||
9 | static int compress(int alg, | |||
10 | const void *src, uint64_t src_size, | |||
11 | void *dst, size_t dst_alloc_size, size_t *dst_size) { | |||
12 | ||||
13 | if (alg == OBJECT_COMPRESSED_LZ4) | |||
14 | return compress_blob_lz4(src, src_size, dst, dst_alloc_size, dst_size); | |||
15 | if (alg == OBJECT_COMPRESSED_XZ) | |||
16 | return compress_blob_xz(src, src_size, dst, dst_alloc_size, dst_size); | |||
17 | return -EOPNOTSUPP95; | |||
18 | } | |||
19 | ||||
20 | typedef struct header { | |||
21 | uint32_t alg:2; /* We have only two compression algorithms so far, but we might add | |||
22 | * more in the future. Let's make this a bit wider so our fuzzer | |||
23 | * cases remain stable in the future. */ | |||
24 | uint32_t sw_len; | |||
25 | uint32_t sw_alloc; | |||
26 | uint32_t reserved[3]; /* Extra space to keep fuzz cases stable in case we need to | |||
27 | * add stuff in the future. */ | |||
28 | uint8_t data[]; | |||
29 | } header; | |||
30 | ||||
31 | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { | |||
32 | _cleanup_free___attribute__((cleanup(freep))) void *buf = NULL((void*)0), *buf2 = NULL((void*)0); | |||
33 | int r; | |||
34 | ||||
35 | if (size < offsetof(header, data)__builtin_offsetof(header, data) + 1) | |||
| ||||
36 | return 0; | |||
37 | ||||
38 | const header *h = (struct header*) data; | |||
39 | const size_t data_len = size - offsetof(header, data)__builtin_offsetof(header, data); | |||
40 | ||||
41 | int alg = h->alg; | |||
42 | ||||
43 | /* We don't want to fill the logs with messages about parse errors. | |||
44 | * Disable most logging if not running standalone */ | |||
45 | if (!getenv("SYSTEMD_LOG_LEVEL")) | |||
46 | log_set_max_level(LOG_CRIT)log_set_max_level_realm(LOG_REALM_SYSTEMD, (2)); | |||
47 | ||||
48 | log_info("Using compression %s, data size=%zu",({ int _level = (((6))), _e = ((0)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/fuzz/fuzz-compress.c", 50, __func__, "Using compression %s, data size=%zu" , object_compressed_to_string(alg) ?: "(none)", data_len) : - abs(_e); }) | |||
49 | object_compressed_to_string(alg) ?: "(none)",({ int _level = (((6))), _e = ((0)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/fuzz/fuzz-compress.c", 50, __func__, "Using compression %s, data size=%zu" , object_compressed_to_string(alg) ?: "(none)", data_len) : - abs(_e); }) | |||
50 | data_len)({ int _level = (((6))), _e = ((0)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/fuzz/fuzz-compress.c", 50, __func__, "Using compression %s, data size=%zu" , object_compressed_to_string(alg) ?: "(none)", data_len) : - abs(_e); }); | |||
51 | ||||
52 | buf = malloc(MAX(size, 128u)__extension__ ({ const typeof((size)) __unique_prefix_A6 = (( size)); const typeof((128u)) __unique_prefix_B7 = ((128u)); __unique_prefix_A6 > __unique_prefix_B7 ? __unique_prefix_A6 : __unique_prefix_B7 ; })); /* Make the buffer a bit larger for very small data */ | |||
53 | if (!buf) { | |||
54 | log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/fuzz/fuzz-compress.c" , 54, __func__); | |||
55 | return 0; | |||
56 | } | |||
57 | ||||
58 | size_t csize; | |||
59 | r = compress(alg, h->data, data_len, buf, size, &csize); | |||
60 | if (r
| |||
61 | log_error_errno(r, "Compression failed: %m")({ int _level = ((3)), _e = ((r)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/fuzz/fuzz-compress.c", 61, __func__, "Compression failed: %m" ) : -abs(_e); }); | |||
| ||||
62 | return 0; | |||
63 | } | |||
64 | ||||
65 | log_debug("Compressed %zu bytes to → %zu bytes", data_len, csize)({ int _level = (((7))), _e = ((0)), _realm = (LOG_REALM_SYSTEMD ); (log_get_max_level_realm(_realm) >= ((_level) & 0x07 )) ? log_internal_realm(((_realm) << 10 | (_level)), _e , "../src/fuzz/fuzz-compress.c", 65, __func__, "Compressed %zu bytes to → %zu bytes" , data_len, csize) : -abs(_e); }); | |||
66 | ||||
67 | size_t sw_alloc = MAX(h->sw_alloc, 1u)__extension__ ({ const typeof((h->sw_alloc)) __unique_prefix_A8 = ((h->sw_alloc)); const typeof((1u)) __unique_prefix_B9 = ((1u)); __unique_prefix_A8 > __unique_prefix_B9 ? __unique_prefix_A8 : __unique_prefix_B9; }); | |||
68 | buf2 = malloc(sw_alloc); | |||
69 | if (!buf) { | |||
70 | log_oom()log_oom_internal(LOG_REALM_SYSTEMD, "../src/fuzz/fuzz-compress.c" , 70, __func__); | |||
71 | return 0; | |||
72 | } | |||
73 | ||||
74 | size_t sw_len = MIN(data_len - 1, h->sw_len)__extension__ ({ const typeof((data_len - 1)) __unique_prefix_A10 = ((data_len - 1)); const typeof((h->sw_len)) __unique_prefix_B11 = ((h->sw_len)); __unique_prefix_A10 < __unique_prefix_B11 ? __unique_prefix_A10 : __unique_prefix_B11; }); | |||
75 | ||||
76 | r = decompress_startswith(alg, buf, csize, &buf2, &sw_alloc, h->data, sw_len, h->data[sw_len]); | |||
77 | assert_se(r > 0)do { if ((__builtin_expect(!!(!(r > 0)),0))) log_assert_failed_realm (LOG_REALM_SYSTEMD, ("r > 0"), "../src/fuzz/fuzz-compress.c" , 77, __PRETTY_FUNCTION__); } while (0); | |||
78 | ||||
79 | return 0; | |||
80 | } |