haraldwolff
/
collabora-online
mirror of https://github.com/CollaboraOnline/online.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

client session fuzzer: try harder to empty SocketPoll::_newCallbacks on shutdown 

The DocumentBroker dtor adds a callback:

	#0  SocketPoll::addCallback(std::function<void ()> const&) (this=0x377dce0 <Admin::instance()::admin>, fn=...) at ./net/Socket.hpp:773
	#1  0x0000000000947db5 in Admin::rmDoc (this=<optimized out>, docKey=...) at wsd/Admin.cpp:544
	#2  0x0000000000bb8192 in DocumentBroker::~DocumentBroker (this=0x61900000e690) at wsd/DocumentBroker.cpp:579

So even if the fuzzer called Admin::instance().poll() on shutdown, there
was one more callback inserted to the list later, leading to OOM in the
long run.

Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: I0832d839b098407fa9e8aadb6f84388a85d62323
pull/4838/head
Miklos Vajna 2022-05-31 11:10:45 +02:00
parent 9ebffaa172
commit 4433e03492
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
fuzzer/ClientSession.cpp
View File

@ -41,6 +41,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
session->handleMessage(lineVector);
}
// The DocumentBroker dtor grows SocketPoll::_newCallbacks.
docBroker.reset();
// Make sure SocketPoll::_newCallbacks does not grow forever, leading to OOM.
Admin::instance().poll(std::chrono::microseconds(0));