[Fuzzing] oss-fuzz cifuzz

[0x34d]

• Add cifuzz for PR.
• Fix some Use-of-uninitialized-value bugs.

[0x34d]

Update:

• I'm unable to run tests while using the Memory Sanitizer because:
• But they are working fine under Address Sanitizer.

./tests/check_marshal

Running suite(s): Marshalling
Uninitialized bytes in __interceptor_fwrite at offset 0 inside [0x7010000000d0, 8)
==638380==WARNING: MemorySanitizer: use-of-uninitialized-value
    #0 0x7f70201af077 in ppack (/lib64/libcheck.so.0+0x7077) (BuildId: 42e1acf24cd9e562a39c5da5ba2112fda984ece5)
    #1 0x7f70201af454 in send_ctx_info (/lib64/libcheck.so.0+0x7454) (BuildId: 42e1acf24cd9e562a39c5da5ba2112fda984ece5)
    #2 0x7f70201b0776  (/lib64/libcheck.so.0+0x8776) (BuildId: 42e1acf24cd9e562a39c5da5ba2112fda984ece5)
    #3 0x7f70201b100c in srunner_run_tagged (/lib64/libcheck.so.0+0x900c) (BuildId: 42e1acf24cd9e562a39c5da5ba2112fda984ece5)
    #4 0x5579ad3970fa in main /home/0x34d/project.lldpd/lldpd.save/tests/check_marshal.c:921:2
    #5 0x7f701fedab49 in __libc_start_call_main (/lib64/libc.so.6+0x27b49) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9)
    #6 0x7f701fedac0a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x27c0a) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9)
    #7 0x5579ad30c3e4 in _start (/home/0x34d/project.lldpd/lldpd.save/tests/check_marshal+0x253e4) (BuildId: d78d192d9abeedfc4dfe5a2b36fefe2f5dca2792)

  Uninitialized value was created by a heap allocation
    #0 0x5579ad3404c6 in __interceptor_malloc (/home/0x34d/project.lldpd/lldpd.save/tests/check_marshal+0x594c6) (BuildId: d78d192d9abeedfc4dfe5a2b36fefe2f5dca2792)
    #1 0x7f70201ad944 in emalloc (/lib64/libcheck.so.0+0x5944) (BuildId: 42e1acf24cd9e562a39c5da5ba2112fda984ece5)
    #2 0x7f70201adaca  (/lib64/libcheck.so.0+0x5aca) (BuildId: 42e1acf24cd9e562a39c5da5ba2112fda984ece5)
    #3 0x7f70201aeeb8 in pack (/lib64/libcheck.so.0+0x6eb8) (BuildId: 42e1acf24cd9e562a39c5da5ba2112fda984ece5)
    #4 0x7f70201af017 in ppack (/lib64/libcheck.so.0+0x7017) (BuildId: 42e1acf24cd9e562a39c5da5ba2112fda984ece5)
    #5 0x7f70201af454 in send_ctx_info (/lib64/libcheck.so.0+0x7454) (BuildId: 42e1acf24cd9e562a39c5da5ba2112fda984ece5)
    #6 0x7f70201b0776  (/lib64/libcheck.so.0+0x8776) (BuildId: 42e1acf24cd9e562a39c5da5ba2112fda984ece5)
    #7 0x7f70201b100c in srunner_run_tagged (/lib64/libcheck.so.0+0x900c) (BuildId: 42e1acf24cd9e562a39c5da5ba2112fda984ece5)
    #8 0x5579ad3970fa in main /home/0x34d/project.lldpd/lldpd.save/tests/check_marshal.c:921:2
    #9 0x7f701fedab49 in __libc_start_call_main (/lib64/libc.so.6+0x27b49) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9)
    #10 0x7f701fedac0a in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x27c0a) (BuildId: 245240a31888ad5c11bbc55b18e02d87388f59a9)
    #11 0x5579ad30c3e4 in _start (/home/0x34d/project.lldpd/lldpd.save/tests/check_marshal+0x253e4) (BuildId: d78d192d9abeedfc4dfe5a2b36fefe2f5dca2792)

SUMMARY: MemorySanitizer: use-of-uninitialized-value (/lib64/libcheck.so.0+0x7077) (BuildId: 42e1acf24cd9e562a39c5da5ba2112fda984ece5) in ppack
Exiting
/builddir/build/BUILD/check-0.15.2/src/check_msg.c:133: Error in call to punpack

[vincentbernat]

Thanks! How did you solve the problem?

[0x34d]

Thanks! How did you solve the problem?

After fucking around, I found out that the string from asprintf doesn't have a null 00 byte at the end. This can cause a Use-of-uninitialized-value bug. However, asprintf does return the size of the string as its return value.