[Libreoffice-commits] online.git: fuzzer/ClientSession.cpp
Miklos Vajna (via logerrit)
logerrit at kemper.freedesktop.org
Thu Feb 27 14:11:49 UTC 2020
fuzzer/ClientSession.cpp | 3 +++
1 file changed, 3 insertions(+)
New commits:
commit 1016de956a80ccb34bbc784801007197a79cef81
Author: Miklos Vajna <vmiklos at collabora.com>
AuthorDate: Thu Feb 27 13:58:06 2020 +0100
Commit: Miklos Vajna <vmiklos at collabora.com>
CommitDate: Thu Feb 27 15:11:31 2020 +0100
fuzzer: fix OOM with an ever-growing SocketPoll::_newCallbacks
Admin::instance().dumpState(std::cerr) at the end of a run shows:
Poll [0] - wakeup r: 11 w: 12
callbacks: 103
fd events rsize wsize
This is more a problem in the fuzzer itself than in the code, the
unprocessed callbacks reached the intentionally set 2GB limit in about
20 mins, so process them at the end of each run.
Change-Id: Ic12d3e8555417371f4ca44228fc1ff515d704592
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/89632
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice at gmail.com>
Reviewed-by: Miklos Vajna <vmiklos at collabora.com>
diff --git a/fuzzer/ClientSession.cpp b/fuzzer/ClientSession.cpp
index 53872d5ca..d68f27fb7 100644
--- a/fuzzer/ClientSession.cpp
+++ b/fuzzer/ClientSession.cpp
@@ -34,6 +34,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
std::vector<char> lineVector(line.data(), line.data() + line.size());
session->handleMessage(fin, code, lineVector);
}
+
+ // Make sure SocketPoll::_newCallbacks does not grow forever, leading to OOM.
+ Admin::instance().poll(SocketPoll::DefaultPollTimeoutMs);
return 0;
}
More information about the Libreoffice-commits
mailing list