diff --git a/CHANGES b/CHANGES index c4e2b7d945..f8b574af1a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,17 @@ +3.3.0-dev.663 | 2020-12-14 14:27:45 -0800 + + * Rename a 'do_net_run' variable to 'do_run_loop' + + For clarity, since the net_run() function was renamed to run_loop(). (Jon Siwek, Corelight) + + * GH-1329: call Zeek's cleanup function from standalone fuzzer driver (Jon Siwek, Corelight) + + Otherwise, the global Broker manager object containing CAF/threading + logic is never destructed and can result in a heap-use-after-free if it + tries to access other global objects after they're cleaned up from + __cxa_finalize(). + 3.3.0-dev.660 | 2020-12-14 10:55:15 -0800 * Fix typo in table iterator invalidation test comment (Tim Wojtulewicz, Corelight) diff --git a/VERSION b/VERSION index 35b6599117..17a8315d41 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -3.3.0-dev.660 +3.3.0-dev.663 diff --git a/src/fuzzers/standalone-driver.cc b/src/fuzzers/standalone-driver.cc index 64cabaefc8..64517d6e51 100644 --- a/src/fuzzers/standalone-driver.cc +++ b/src/fuzzers/standalone-driver.cc @@ -6,6 +6,8 @@ #include #include +#include "zeek/zeek-setup.h" + extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size); extern "C" int LLVMFuzzerInitialize(int* argc, char*** argv); @@ -64,4 +66,5 @@ int main(int argc, char** argv) auto fuzz_dt = duration(agg_stop - fuzz_start).count(); printf("Processed %d inputs in %fs (%fs w/ initialization), avg = %fs\n", num_inputs, fuzz_dt, agg_dt, fuzz_dt / num_inputs); + return zeek::detail::cleanup(false); } diff --git a/src/main.cc b/src/main.cc index c8b55c9f79..e96bfc9adf 100644 --- a/src/main.cc +++ b/src/main.cc @@ -16,11 +16,11 @@ int main(int argc, char** argv) return setup_result.code; auto& options = setup_result.options; - auto do_net_run = zeek::iosource_mgr->Size() > 0 || - zeek::run_state::detail::have_pending_timers || - zeek::BifConst::exit_only_after_terminate; + auto do_run_loop = zeek::iosource_mgr->Size() > 0 || + zeek::run_state::detail::have_pending_timers || + zeek::BifConst::exit_only_after_terminate; - if ( do_net_run ) + if ( do_run_loop ) { if ( zeek::detail::profiling_logger ) zeek::detail::profiling_logger->Log(); @@ -78,5 +78,5 @@ int main(int argc, char** argv) } } - return zeek::detail::cleanup(do_net_run); + return zeek::detail::cleanup(do_run_loop); } diff --git a/src/zeek-setup.cc b/src/zeek-setup.cc index 42c0abe3cb..26262d85f7 100644 --- a/src/zeek-setup.cc +++ b/src/zeek-setup.cc @@ -908,9 +908,9 @@ SetupResult setup(int argc, char** argv, Options* zopts) return {0, std::move(options)}; } -int cleanup(bool did_net_run) +int cleanup(bool did_run_loop ) { - if ( did_net_run ) + if ( did_run_loop ) done_with_network(); run_state::detail::delete_run(); diff --git a/src/zeek-setup.h b/src/zeek-setup.h index afba00fe19..46ffa90613 100644 --- a/src/zeek-setup.h +++ b/src/zeek-setup.h @@ -24,8 +24,8 @@ SetupResult setup(int argc, char** argv, Options* options = nullptr); /** * Cleans up Zeek's global state. - * @param did_net_run whether the net_run() was called. + * @param did_run_loop whether the run_loop() function was called. */ -int cleanup(bool did_net_run); +int cleanup(bool did_run_loop); } // namespace zeek::detail