libFuzzer: Fix a leak in compile_filter() cleanup This crash was found by running libFuzzer+ASan. Under some circumstances, the cleanup performed in compile_filter() skips free(3)-ing some things before returning. This change restructures the function so the cleanup is always performed. Bug: None Test: make tests (with ASan) Change-Id: I5fd22ecc6a400d7ef44ad0c1ccfcd2fafeaa04ed

commit: 1a87c8afa8d3971d30fe6a37f1659f45b79e0a27 [log] [tgz]
author: Luis Hector Chavez <lhchavez@google.com> Sat Sep 02 13:18:31 2017 -0700
committer: Luis Hector Chavez <lhchavez@google.com> Sat Sep 02 13:18:42 2017 -0700
tree: 28ebe0d77484473cb231de846d74995c914b33a9
parent: 52f3dd721747e1c88e9ac320a2b56c4d500b13a0 [diff] [blame]
diff --git a/syscall_filter_unittest.cc b/syscall_filter_unittest.cc
index 98a28c3..8dd1828 100644
--- a/syscall_filter_unittest.cc
+++ b/syscall_filter_unittest.cc

@@ -1616,4 +1616,21 @@
   ASSERT_NE(res, 0);
 }
 
+TEST(FilterTest, error_cleanup_leak) {
+  struct sock_fprog actual;
+  const char *policy =
+      "read:&&\n"
+      "read:&&";
+
+  FILE *policy_file = write_policy_to_pipe(policy, strlen(policy));
+  ASSERT_NE(policy_file, nullptr);
+  int res = compile_filter(policy_file, &actual, USE_RET_KILL, NO_LOGGING);
+  fclose(policy_file);
+
+  /*
+   * Policy is malformed, but process should not leak.
+   */
+  ASSERT_EQ(res, -1);
+}
+
 #endif  // !__ANDROID__
commit	1a87c8afa8d3971d30fe6a37f1659f45b79e0a27	[log] [tgz]
author	Luis Hector Chavez <lhchavez@google.com>	Sat Sep 02 13:18:31 2017 -0700
committer	Luis Hector Chavez <lhchavez@google.com>	Sat Sep 02 13:18:42 2017 -0700
tree	28ebe0d77484473cb231de846d74995c914b33a9
parent	52f3dd721747e1c88e9ac320a2b56c4d500b13a0 [diff] [blame]