Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

GH-1329: call Zeek's cleanup function from standalone fuzzer driver

Browse source 
Otherwise, the global Broker manager object containing CAF/threading
logic is never destructed and can result in a heap-use-after-free if it
tries to access other global objects after they're cleaned up from
__cxa_finalize().
This commit is contained in:
Jon Siwek 2020-12-14 12:58:06 -08:00
parent 144ca0f45b
commit 44903da8fd
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/fuzzers/standalone-driver.cc
View file

@ -6,6 +6,8 @@
#include <memory> #include <memory>
#include <chrono> #include <chrono>
#include "zeek/zeek-setup.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size); extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size);
extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv); extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv);
@ -64,4 +66,5 @@ int main(int argc, char** argv)
auto fuzz_dt = duration<double>(agg_stop - fuzz_start).count(); auto fuzz_dt = duration<double>(agg_stop - fuzz_start).count();
printf("Processed %d inputs in %fs (%fs w/ initialization), avg = %fs\n", printf("Processed %d inputs in %fs (%fs w/ initialization), avg = %fs\n",
num_inputs, fuzz_dt, agg_dt, fuzz_dt / num_inputs); num_inputs, fuzz_dt, agg_dt, fuzz_dt / num_inputs);
return zeek::detail::cleanup(false);
} }