client session fuzzer: try harder to empty SocketPoll::_newCallbacks on shutdown
The DocumentBroker dtor adds a callback: #0 SocketPoll::addCallback(std::function<void ()> const&) (this=0x377dce0 <Admin::instance()::admin>, fn=...) at ./net/Socket.hpp:773 #1 0x0000000000947db5 in Admin::rmDoc (this=<optimized out>, docKey=...) at wsd/Admin.cpp:544 #2 0x0000000000bb8192 in DocumentBroker::~DocumentBroker (this=0x61900000e690) at wsd/DocumentBroker.cpp:579 So even if the fuzzer called Admin::instance().poll() on shutdown, there was one more callback inserted to the list later, leading to OOM in the long run. Signed-off-by: Miklos Vajna <vmiklos@collabora.com> Change-Id: I0832d839b098407fa9e8aadb6f84388a85d62323pull/4838/head
parent
9ebffaa172
commit
4433e03492
|
@ -41,6 +41,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
|
|||
session->handleMessage(lineVector);
|
||||
}
|
||||
|
||||
// The DocumentBroker dtor grows SocketPoll::_newCallbacks.
|
||||
docBroker.reset();
|
||||
|
||||
// Make sure SocketPoll::_newCallbacks does not grow forever, leading to OOM.
|
||||
Admin::instance().poll(std::chrono::microseconds(0));
|
||||
|
||||
|
|
Loading…
Reference in New Issue