libFuzzer: Fix a leak in compile_filter() cleanup
This crash was found by running libFuzzer+ASan. Under some
circumstances, the cleanup performed in compile_filter() skips
free(3)-ing some things before returning. This change restructures the
function so the cleanup is always performed.
Bug: None
Test: make tests (with ASan)
Change-Id: I5fd22ecc6a400d7ef44ad0c1ccfcd2fafeaa04ed
diff --git a/syscall_filter_unittest.cc b/syscall_filter_unittest.cc
index 98a28c3..8dd1828 100644
--- a/syscall_filter_unittest.cc
+++ b/syscall_filter_unittest.cc
@@ -1616,4 +1616,21 @@
ASSERT_NE(res, 0);
}
+TEST(FilterTest, error_cleanup_leak) {
+ struct sock_fprog actual;
+ const char *policy =
+ "read:&&\n"
+ "read:&&";
+
+ FILE *policy_file = write_policy_to_pipe(policy, strlen(policy));
+ ASSERT_NE(policy_file, nullptr);
+ int res = compile_filter(policy_file, &actual, USE_RET_KILL, NO_LOGGING);
+ fclose(policy_file);
+
+ /*
+ * Policy is malformed, but process should not leak.
+ */
+ ASSERT_EQ(res, -1);
+}
+
#endif // !__ANDROID__