4433e03492
The DocumentBroker dtor adds a callback: #0 SocketPoll::addCallback(std::function<void ()> const&) (this=0x377dce0 <Admin::instance()::admin>, fn=...) at ./net/Socket.hpp:773 #1 0x0000000000947db5 in Admin::rmDoc (this=<optimized out>, docKey=...) at wsd/Admin.cpp:544 #2 0x0000000000bb8192 in DocumentBroker::~DocumentBroker (this=0x61900000e690) at wsd/DocumentBroker.cpp:579 So even if the fuzzer called Admin::instance().poll() on shutdown, there was one more callback inserted to the list later, leading to OOM in the long run. Signed-off-by: Miklos Vajna <vmiklos@collabora.com> Change-Id: I0832d839b098407fa9e8aadb6f84388a85d62323 |
||
|---|---|---|
| .. | ||
| admin-data | ||
| data | ||
| httpresponse-data | ||
| Admin.cpp | ||
| ClientSession.cpp | ||
| HttpResponse.cpp | ||
| README | ||
These fuzzers are meant to be built and executed inside lode.git's sanitizers environment (currently enables both asan and ubsan). online.git can be built the usual way, just the additional `--enable-fuzzers` flag is needed to build the fuzzers. It is useful to do this in a separate build tree, since the fuzzers config doesn't produce a `coolwsd` binary. Run the fuzzers like this: - Admin: ---- ./admin_fuzzer -max_len=16384 fuzzer/admin-data/ ---- - ClientSession: ---- ./clientsession_fuzzer -max_len=16384 fuzzer/data/ ---- - HttpResponse: ---- ./httpresponse_fuzzer -max_len=16384 fuzzer/httpresponse-data/ ----