From 44903da8fd039f28f8cca703b4c6ccda9af6c7ee Mon Sep 17 00:00:00 2001
From: Jon Siwek <jsiwek@corelight.com>
Date: Mon, 14 Dec 2020 12:58:06 -0800
Subject: [PATCH] GH-1329: call Zeek's cleanup function from standalone fuzzer
 driver

Otherwise, the global Broker manager object containing CAF/threading
logic is never destructed and can result in a heap-use-after-free if it
tries to access other global objects after they're cleaned up from
__cxa_finalize().
---
 src/fuzzers/standalone-driver.cc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/fuzzers/standalone-driver.cc b/src/fuzzers/standalone-driver.cc
index 64cabaefc8..64517d6e51 100644
--- a/src/fuzzers/standalone-driver.cc
+++ b/src/fuzzers/standalone-driver.cc
@@ -6,6 +6,8 @@
 #include <memory>
 #include <chrono>
 
+#include "zeek/zeek-setup.h"
+
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size);
 extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv);
 
@@ -64,4 +66,5 @@ int main(int argc, char** argv)
 	auto fuzz_dt = duration<double>(agg_stop - fuzz_start).count();
 	printf("Processed %d inputs in %fs (%fs w/ initialization), avg = %fs\n",
 	       num_inputs, fuzz_dt, agg_dt, fuzz_dt / num_inputs);
+	return zeek::detail::cleanup(false);
 	}