afl-fuzz: Fix invalid return This crash was found by running afl-fuzz. When a semicolon is found, the compiler assumes that there must be a 'return' keyword followed by a space. This change handles the case where this assumption is not true. Bug: None Test: make tests Change-Id: Ib572459b80e62acb11313801f8c062cfb2be9baf

commit: 52f3dd721747e1c88e9ac320a2b56c4d500b13a0 [log] [tgz]
author: Luis Hector Chavez <lhchavez@google.com> Fri Sep 01 19:14:22 2017 -0700
committer: Luis Hector Chavez <lhchavez@google.com> Fri Sep 01 19:16:46 2017 -0700
tree: ea0bd3aaa1bbb18426ec8fd71248d4fd6ff4e71c
parent: 18c49c8dbf1e293f81baeb092c7afa8b790686f0 [diff] [blame]
diff --git a/syscall_filter_unittest.cc b/syscall_filter_unittest.cc
index a1f546c..98a28c3 100644
--- a/syscall_filter_unittest.cc
+++ b/syscall_filter_unittest.cc

@@ -980,6 +980,22 @@
   ASSERT_EQ(res, -1);
 }
 
+TEST_F(FileTest, invalid_return) {
+  const char *policy =
+      "read:arg0 == 0; ;";
+
+  FILE *policy_file = write_policy_to_pipe(policy, strlen(policy));
+  ASSERT_NE(policy_file, nullptr);
+  int res = compile_file(
+      policy_file, head_, &arg_blocks_, &labels_, USE_RET_KILL, NO_LOGGING, 0);
+  fclose(policy_file);
+
+  /*
+   * Policy is malformed, but process should not crash.
+   */
+  ASSERT_EQ(res, -1);
+}
+
 TEST_F(FileTest, seccomp_mode1) {
   const char *policy =
       "read: 1\n"
commit	52f3dd721747e1c88e9ac320a2b56c4d500b13a0	[log] [tgz]
author	Luis Hector Chavez <lhchavez@google.com>	Fri Sep 01 19:14:22 2017 -0700
committer	Luis Hector Chavez <lhchavez@google.com>	Fri Sep 01 19:16:46 2017 -0700
tree	ea0bd3aaa1bbb18426ec8fd71248d4fd6ff4e71c
parent	18c49c8dbf1e293f81baeb092c7afa8b790686f0 [diff] [blame]