From 1e3b6d2d83e2eecc4dcbec58f57a55f515ea6976 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Thu, 22 Jun 2023 15:43:04 +0200 Subject: [PATCH] Don't cleanup the dns_message_checksig fuzzer in atexit handler After the dns_badcache refactoring, the dns_badcache_destroy() would call call_rcu(). The dns_message_checksig cleanup which calls dns_view_detach() happens in the atexit handler, so there might be call_rcu threads started very late in the process. The liburcu registers library destructor that destroys the data structured internal to liburcu and this clashes with the call_rcu thread that just got started in the atexit() handler causing either (depending on timing): - a normal run - a straight segfault - an assertion failure from liburcu Instead of trying to cleanup the dns_message_checksig unit, ignore the leaked memory as we do with all the other fuzzing tests. --- fuzz/dns_message_checksig.c | 53 ------------------------------------- 1 file changed, 53 deletions(-) diff --git a/fuzz/dns_message_checksig.c b/fuzz/dns_message_checksig.c index a6544b80dc..f3385ab4a8 100644 --- a/fuzz/dns_message_checksig.c +++ b/fuzz/dns_message_checksig.c @@ -126,57 +126,6 @@ sig0key. 0 IN KEY 512 3 8 AwEAAa22lgHi1vAbQvu5ETdTrm2H8rwga9tvyMa6LFiSDyevLvSv0U static bool destroy_dst = false; -static void -cleanup(void) { - char pathbuf[PATH_MAX]; - char *pwd = getcwd(pathbuf, sizeof(pathbuf)); - - if (view != NULL) { - dns_view_detach(&view); - } - if (tsigkey != NULL) { - dns_tsigkey_detach(&tsigkey); - } - if (ring != NULL) { - dns_tsigkeyring_detach(&ring); - } - if (emptyring != NULL) { - dns_tsigkeyring_detach(&emptyring); - } - if (destroy_dst) { - dst_lib_destroy(); - } - if (mctx != NULL) { - isc_mem_detach(&mctx); - } - if (wd != NULL && chdir(wd) == 0) { - if (remove(f1) != 0) { - fprintf(stderr, "remove(%s) failed\n", f1); - } - if (remove(f2) != 0) { - fprintf(stderr, "remove(%s) failed\n", f2); - } - if (remove(f3) != 0) { - fprintf(stderr, "remove(%s) failed\n", f3); - } - /* - * Restore working directory if possible before cleaning - * up the key directory. This will help with any other - * cleanup routines as the directory should not be in use - * when rmdir() is called. - */ - if (pwd != NULL && chdir(pwd) != 0) { - fprintf(stderr, "can't restore working directory: %s\n", - pwd); - } - if (rmdir(wd) != 0) { - fprintf(stderr, "rmdir(%s) failed\n", wd); - } - } else { - fprintf(stderr, "cleanup of %s failed\n", wd ? wd : "(null)"); - } -} - int LLVMFuzzerInitialize(int *argc ISC_ATTR_UNUSED, char ***argv ISC_ATTR_UNUSED) { isc_result_t result; @@ -189,8 +138,6 @@ LLVMFuzzerInitialize(int *argc ISC_ATTR_UNUSED, char ***argv ISC_ATTR_UNUSED) { char pathbuf[PATH_MAX]; FILE *fd; - atexit(cleanup); - wd = mkdtemp(template); if (wd == NULL) { fprintf(stderr, "mkdtemp failed\n");