[PATCH] fuzz: Fix leak when assembling datadir path string

[PATCH] fuzz: Fix leak when assembling datadir path string

[Alexander Bulekov]

We freed the string containing the final datadir path, but did not free
the path to the executable's directory that we get from
g_path_get_dirname(). Fix that.

Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
---

I ran it with Thomas' fixed build-oss-fuzz job:
https://gitlab.com/a1xndr/qemu/-/jobs/644463736

 tests/qtest/fuzz/fuzz.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
index 6bc17ef313..031594a686 100644
--- a/tests/qtest/fuzz/fuzz.c
+++ b/tests/qtest/fuzz/fuzz.c
@@ -143,7 +143,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp)
 {
 
     char *target_name;
-    char *dir;
+    char *bindir, *datadir;
     bool serialize = false;
 
     /* Initialize qgraph and modules */
@@ -164,11 +164,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp)
          * location of the executable. Using this we add exec_dir/pc-bios to
          * the datadirs.
          */
-        dir = g_build_filename(g_path_get_dirname(**argv), "pc-bios", NULL);
-        if (g_file_test(dir, G_FILE_TEST_IS_DIR)) {
-            qemu_add_data_dir(dir);
+        bindir = g_path_get_dirname(**argv);
+        datadir = g_build_filename(bindir, "pc-bios", NULL);
+        g_free(bindir);
+        if (g_file_test(datadir, G_FILE_TEST_IS_DIR)) {
+            qemu_add_data_dir(datadir);
         }
-        g_free(dir);
+        g_free(datadir);
     } else if (*argc > 1) {  /* The target is specified as an argument */
         target_name = (*argv)[1];
         if (!strstr(target_name, "--fuzz-target=")) {
-- 
2.26.2

Re: [PATCH] fuzz: Fix leak when assembling datadir path string

[Thomas Huth]

On 17/07/2020 18.35, Alexander Bulekov wrote:
> We freed the string containing the final datadir path, but did not free
> the path to the executable's directory that we get from
> g_path_get_dirname(). Fix that.
> 
> Reported-by: Thomas Huth <thuth@redhat.com>
> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> ---
> 
> I ran it with Thomas' fixed build-oss-fuzz job:
> https://gitlab.com/a1xndr/qemu/-/jobs/644463736

Looks like the fuzzer triggered a crash there, see line 5850 ...
shouldn't the job fail in that case? ... i.e. is the fuzzer still
exiting with return code 0?

> diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
> index 6bc17ef313..031594a686 100644
> --- a/tests/qtest/fuzz/fuzz.c
> +++ b/tests/qtest/fuzz/fuzz.c
> @@ -143,7 +143,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp)
>  {
>  
>      char *target_name;
> -    char *dir;
> +    char *bindir, *datadir;
>      bool serialize = false;
>  
>      /* Initialize qgraph and modules */
> @@ -164,11 +164,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp)
>           * location of the executable. Using this we add exec_dir/pc-bios to
>           * the datadirs.
>           */
> -        dir = g_build_filename(g_path_get_dirname(**argv), "pc-bios", NULL);
> -        if (g_file_test(dir, G_FILE_TEST_IS_DIR)) {
> -            qemu_add_data_dir(dir);
> +        bindir = g_path_get_dirname(**argv);
> +        datadir = g_build_filename(bindir, "pc-bios", NULL);
> +        g_free(bindir);
> +        if (g_file_test(datadir, G_FILE_TEST_IS_DIR)) {
> +            qemu_add_data_dir(datadir);
>          }
> -        g_free(dir);
> +        g_free(datadir);
>      } else if (*argc > 1) {  /* The target is specified as an argument */
>          target_name = (*argv)[1];
>          if (!strstr(target_name, "--fuzz-target=")) {
> 

Patch looks fine, thanks!

Reviewed-by: Thomas Huth <thuth@redhat.com>

Re: [PATCH] fuzz: Fix leak when assembling datadir path string

[no-reply]

Patchew URL: https://patchew.org/QEMU/20200717163523.1591-1-alxndr@bu.edu/



Hi,

This series failed the docker-mingw@fedora build test. Please find the testing commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.

=== TEST SCRIPT BEGIN ===
#! /bin/bash
export ARCH=x86_64
make docker-image-fedora V=1 NETWORK=1
time make docker-test-mingw@fedora J=14 NETWORK=1
=== TEST SCRIPT END ===

Configure options:
--enable-werror --target-list=x86_64-softmmu,aarch64-softmmu --prefix=/tmp/qemu-test/install --python=/usr/bin/python3 --cross-prefix=x86_64-w64-mingw32- --enable-trace-backends=simple --enable-gnutls --enable-nettle --enable-curl --enable-vnc --enable-bzip2 --enable-guest-agent --enable-docs

ERROR: configure test passed without -Werror but failed with -Werror.
       This is probably a bug in the configure script. The failing command
       will be at the bottom of config.log.
       You can run configure with --disable-werror to bypass this check.
---
funcs: do_compiler do_cc compile_object check_define main
lines: 93 128 636 662 0
x86_64-w64-mingw32-gcc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -c -o config-temp/qemu-conf.o config-temp/qemu-conf.c
config-temp/qemu-conf.c:2:2: error: #error __linux__ not defined
    2 | #error __linux__ not defined
      |  ^~~~~

---
funcs: do_compiler do_cc compile_object check_define main
lines: 93 128 636 714 0
x86_64-w64-mingw32-gcc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -c -o config-temp/qemu-conf.o config-temp/qemu-conf.c
config-temp/qemu-conf.c:2:2: error: #error __i386__ not defined
    2 | #error __i386__ not defined
      |  ^~~~~

---
funcs: do_compiler do_cc compile_object check_define main
lines: 93 128 636 717 0
x86_64-w64-mingw32-gcc -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -c -o config-temp/qemu-conf.o config-temp/qemu-conf.c
config-temp/qemu-conf.c:2:2: error: #error __ILP32__ not defined
    2 | #error __ILP32__ not defined
      |  ^~~~~

---
lines: 93 134 987 0
x86_64-w64-mingw32-gcc -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -liberty
/usr/lib/gcc/x86_64-w64-mingw32/9.2.1/../../../../x86_64-w64-mingw32/bin/ld: cannot find -liberty
collect2: error: ld returned 1 exit status

funcs: do_compiler do_cc compile_object main
lines: 93 128 1998 0
---
funcs: do_compiler do_cc compile_prog cc_has_warning_flag main
lines: 93 134 2098 2102 0
x86_64-w64-mingw32-gcc -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Werror -Winitializer-overrides -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -m64
x86_64-w64-mingw32-gcc: error: unrecognized command line option '-Winitializer-overrides'

funcs: do_compiler do_cc compile_prog cc_has_warning_flag main
lines: 93 134 2098 2102 0
---
funcs: do_compiler do_cc compile_prog cc_has_warning_flag main
lines: 93 134 2098 2102 0
x86_64-w64-mingw32-gcc -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Werror -Wstring-plus-int -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -m64
x86_64-w64-mingw32-gcc: error: unrecognized command line option '-Wstring-plus-int'

funcs: do_compiler do_cc compile_prog cc_has_warning_flag main
lines: 93 134 2098 2102 0
x86_64-w64-mingw32-gcc -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Werror -Wtypedef-redefinition -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -m64
x86_64-w64-mingw32-gcc: error: unrecognized command line option '-Wtypedef-redefinition'

funcs: do_compiler do_cc compile_prog cc_has_warning_flag main
lines: 93 134 2098 2102 0
x86_64-w64-mingw32-gcc -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Werror -Wtautological-type-limit-compare -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -m64
x86_64-w64-mingw32-gcc: error: unrecognized command line option '-Wtautological-type-limit-compare'; did you mean '-Wtautological-compare'?

funcs: do_compiler do_cc compile_prog cc_has_warning_flag main
lines: 93 134 2098 2102 0
---
x86_64-w64-mingw32-gcc -fno-pie -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -no-pie -m64 -fstack-protector-strong -Wl,-z,relro -Wl,-z,now
/usr/lib/gcc/x86_64-w64-mingw32/9.2.1/../../../../x86_64-w64-mingw32/bin/ld: unrecognized option '-z'
/usr/lib/gcc/x86_64-w64-mingw32/9.2.1/../../../../x86_64-w64-mingw32/bin/ld: use the --help option for usage information
collect2: error: ld returned 1 exit status

funcs: do_compiler do_cc compile_object main
lines: 93 128 2341 0
---
lines: 93 128 2387 0
x86_64-w64-mingw32-gcc -fno-pie -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -Werror -c -o config-temp/qemu-conf.o config-temp/qemu-conf.c
config-temp/qemu-conf.c: In function 'main':
config-temp/qemu-conf.c:4:21: error: unknown conversion type character 'z' in format [-Werror=format=]
    4 |     return printf("%zu", SIZE_MAX);
      |                     ^
config-temp/qemu-conf.c:4:19: error: too many arguments for format [-Werror=format-extra-args]
    4 |     return printf("%zu", SIZE_MAX);
      |                   ^~~~~
config-temp/qemu-conf.c:4:21: error: unknown conversion type character 'z' in format [-Werror=format=]
    4 |     return printf("%zu", SIZE_MAX);
      |                     ^
config-temp/qemu-conf.c:4:19: error: too many arguments for format [-Werror=format-extra-args]
    4 |     return printf("%zu", SIZE_MAX);
      |                   ^~~~~
cc1: all warnings being treated as errors
---
funcs: do_compiler do_cc compile_prog main
lines: 93 134 2399 0
x86_64-w64-mingw32-gcc -fno-pie -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -no-pie -m64 -fstack-protector-strong
config-temp/qemu-conf.c:1:10: fatal error: sys/socket.h: No such file or directory
    1 | #include <sys/socket.h>
      |          ^~~~~~~~~~~~~~
compilation terminated.
---
funcs: do_compiler do_cc compile_object check_include main
lines: 93 128 644 2405 0
x86_64-w64-mingw32-gcc -fno-pie -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -c -o config-temp/qemu-conf.o config-temp/qemu-conf.c
config-temp/qemu-conf.c:1:10: fatal error: pty.h: No such file or directory
    1 | #include <pty.h>
      |          ^~~~~~~
compilation terminated.
---
funcs: do_compiler do_cc compile_prog main
lines: 93 134 2417 0
x86_64-w64-mingw32-gcc -fno-pie -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -no-pie -m64 -fstack-protector-strong
config-temp/qemu-conf.c:1:10: fatal error: sys/mman.h: No such file or directory
    1 | #include <sys/mman.h>
      |          ^~~~~~~~~~~~
compilation terminated.
---
funcs: do_compiler do_cc compile_prog main
lines: 93 134 2540 0
x86_64-w64-mingw32-gcc -fno-pie -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -no-pie -m64 -fstack-protector-strong -llzo2
config-temp/qemu-conf.c:1:10: fatal error: lzo/lzo1x.h: No such file or directory
    1 | #include <lzo/lzo1x.h>
      |          ^~~~~~~~~~~~~
compilation terminated.
---
funcs: do_compiler do_cc compile_prog main
lines: 93 134 2559 0
x86_64-w64-mingw32-gcc -fno-pie -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -no-pie -m64 -fstack-protector-strong -lsnappy
config-temp/qemu-conf.c:1:10: fatal error: snappy-c.h: No such file or directory
    1 | #include <snappy-c.h>
      |          ^~~~~~~~~~~~
compilation terminated.
---
funcs: do_compiler do_cc compile_prog main
lines: 93 134 2596 0
x86_64-w64-mingw32-gcc -fno-pie -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -no-pie -m64 -fstack-protector-strong -llzfse
config-temp/qemu-conf.c:1:10: fatal error: lzfse.h: No such file or directory
    1 | #include <lzfse.h>
      |          ^~~~~~~~~
compilation terminated.
---
funcs: do_compiler do_cc compile_prog main
lines: 93 134 2678 0
x86_64-w64-mingw32-gcc -fno-pie -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -no-pie -m64 -fstack-protector-strong -lxenstore -lxenctrl -lxenguest
config-temp/qemu-conf.c:1:10: fatal error: xenctrl.h: No such file or directory
    1 | #include <xenctrl.h>
      |          ^~~~~~~~~~~
compilation terminated.
---
funcs: do_compiler do_cc compile_prog main
lines: 93 134 3221 0
x86_64-w64-mingw32-gcc -fno-pie -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -I/usr/x86_64-w64-mingw32/sys-root/mingw/include/p11-kit-1 -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -no-pie -m64 -fstack-protector-strong -lpam
config-temp/qemu-conf.c:1:10: fatal error: security/pam_appl.h: No such file or directory
    1 | #include <security/pam_appl.h>
      |          ^~~~~~~~~~~~~~~~~~~~~
compilation terminated.
---
funcs: do_compiler do_cc compile_object check_include main
lines: 93 128 644 3236 0
x86_64-w64-mingw32-gcc -fno-pie -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -I/usr/x86_64-w64-mingw32/sys-root/mingw/include/p11-kit-1 -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -c -o config-temp/qemu-conf.o config-temp/qemu-conf.c
config-temp/qemu-conf.c:1:10: fatal error: ifaddrs.h: No such file or directory
    1 | #include <ifaddrs.h>
      |          ^~~~~~~~~~~
compilation terminated.
---
funcs: do_compiler do_cc compile_object check_include main
lines: 93 128 644 3243 0
x86_64-w64-mingw32-gcc -fno-pie -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -I/usr/x86_64-w64-mingw32/sys-root/mingw/include/p11-kit-1 -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -c -o config-temp/qemu-conf.o config-temp/qemu-conf.c
config-temp/qemu-conf.c:1:10: fatal error: libdrm/drm.h: No such file or directory
    1 | #include <libdrm/drm.h>
      |          ^~~~~~~~~~~~~~
compilation terminated.
---
funcs: do_compiler do_cc compile_object check_include main
lines: 93 128 644 3250 0
x86_64-w64-mingw32-gcc -fno-pie -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -I/usr/x86_64-w64-mingw32/sys-root/mingw/include/p11-kit-1 -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -c -o config-temp/qemu-conf.o config-temp/qemu-conf.c
config-temp/qemu-conf.c:1:10: fatal error: sys/signal.h: No such file or directory
    1 | #include <sys/signal.h>
      |          ^~~~~~~~~~~~~~
compilation terminated.
---
funcs: do_compiler do_cc compile_prog main
lines: 93 134 3388 0
x86_64-w64-mingw32-gcc -fno-pie -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -I/usr/x86_64-w64-mingw32/sys-root/mingw/include/p11-kit-1 -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -Dmain=SDL_main -I/usr/x86_64-w64-mingw32/sys-root/mingw/include/SDL2 -Wno-undef -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -no-pie -m64 -fstack-protector-strong -L/usr/x86_64-w64-mingw32/sys-root/mingw/lib -lmingw32 -lSDL2main -lSDL2 -mwindows
config-temp/qemu-conf.c:5:2: error: #error No x11 support
    5 | #error No x11 support
      |  ^~~~~
In file included from /usr/x86_64-w64-mingw32/sys-root/mingw/include/SDL2/SDL.h:32,
                 from config-temp/qemu-conf.c:1:
/usr/x86_64-w64-mingw32/sys-root/mingw/include/SDL2/SDL_main.h:109:17: error: conflicting types for 'SDL_main'
  109 | #define main    SDL_main
      |                 ^~~~~~~~
config-temp/qemu-conf.c:7:5: note: in expansion of macro 'main'
---
funcs: do_compiler do_cc compile_prog main
lines: 93 134 3403 0
x86_64-w64-mingw32-gcc -fno-pie -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -I/usr/x86_64-w64-mingw32/sys-root/mingw/include/p11-kit-1 -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -no-pie -m64 -fstack-protector-strong -lrdmacm -libverbs -libumad
config-temp/qemu-conf.c:1:10: fatal error: rdma/rdma_cma.h: No such file or directory
    1 | #include <rdma/rdma_cma.h>
      |          ^~~~~~~~~~~~~~~~~
compilation terminated.
---
funcs: do_compiler do_cc compile_prog main
lines: 93 134 3503 0
x86_64-w64-mingw32-gcc -fno-pie -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -I/usr/x86_64-w64-mingw32/sys-root/mingw/include/p11-kit-1 -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -DSTRUCT_IOVEC_DEFINED -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -no-pie -m64 -fstack-protector-strong -lsasl2
config-temp/qemu-conf.c:1:10: fatal error: sasl/sasl.h: No such file or directory
    1 | #include <sasl/sasl.h>
      |          ^~~~~~~~~~~~~
compilation terminated.
---
lines: 93 134 3525 0
x86_64-w64-mingw32-gcc -fno-pie -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -I/usr/x86_64-w64-mingw32/sys-root/mingw/include/p11-kit-1 -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -no-pie -m64 -fstack-protector-strong -ljpeg
x86_64-w64-mingw32-gcc -Werror -fno-pie -m64 -mcx16 -mthreads -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wall -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -std=gnu99 -Wold-style-declaration -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fstack-protector-strong -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -I/usr/x86_64-w64-mingw32/sys-root/mingw/include/p11-kit-1 -I/usr/x86_64-w64-mingw32/sys-root/mingw/include -o config-temp/qemu-conf.exe config-temp/qemu-conf.c -no-pie -m64 -fstack-protector-strong -ljpeg
collect2: error: ld returned 1 exit status
Failed to run 'configure'
Traceback (most recent call last):
  File "./tests/docker/docker.py", line 708, in <module>
---
    raise CalledProcessError(retcode, cmd)
subprocess.CalledProcessError: Command '['sudo', '-n', 'docker', 'run', '--label', 'com.qemu.instance.uuid=ed18dbc8fd3944d7af765b8930ec747b', '-u', '1003', '--security-opt', 'seccomp=unconfined', '--rm', '-e', 'TARGET_LIST=', '-e', 'EXTRA_CONFIGURE_OPTS=', '-e', 'V=', '-e', 'J=14', '-e', 'DEBUG=', '-e', 'SHOW_ENV=', '-e', 'CCACHE_DIR=/var/tmp/ccache', '-v', '/home/patchew2/.cache/qemu-docker-ccache:/var/tmp/ccache:z', '-v', '/var/tmp/patchew-tester-tmp-sadilc79/src/docker-src.2020-07-17-12.56.46.24410:/var/tmp/qemu:z,ro', 'qemu/fedora', '/var/tmp/qemu/run', 'test-mingw']' returned non-zero exit status 1.
filter=--filter=label=com.qemu.instance.uuid=ed18dbc8fd3944d7af765b8930ec747b
make[1]: *** [docker-run] Error 1
make[1]: Leaving directory `/var/tmp/patchew-tester-tmp-sadilc79/src'
make: *** [docker-run-test-mingw@fedora] Error 2

real    1m21.952s
user    0m8.434s


The full log is available at
http://patchew.org/logs/20200717163523.1591-1-alxndr@bu.edu/testing.docker-mingw@fedora/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

Re: [PATCH] fuzz: Fix leak when assembling datadir path string

[Alexander Bulekov]

On 200717 1847, Thomas Huth wrote:
> On 17/07/2020 18.35, Alexander Bulekov wrote:
> > We freed the string containing the final datadir path, but did not free
> > the path to the executable's directory that we get from
> > g_path_get_dirname(). Fix that.
> > 
> > Reported-by: Thomas Huth <thuth@redhat.com>
> > Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> > ---
> > 
> > I ran it with Thomas' fixed build-oss-fuzz job:
> > https://gitlab.com/a1xndr/qemu/-/jobs/644463736
> 
> Looks like the fuzzer triggered a crash there, see line 5850 ...
> shouldn't the job fail in that case? ... i.e. is the fuzzer still
> exiting with return code 0?

Ah. We run each input in a forked process. If the child crashes, the
parent can continue forking+fuzzing, as if nothing happened. This also
unfortunately means that the job might succeed even if there is a crash
in the actual fuzz target code, as long as the error only happens in the
child processes. Maybe we could add an env variable to have the parent
exit -1 if the child crashes, but then the job would fail even for
non-fuzzer issues (such as this virtio-net crash).

-Alex

> 
> > diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
> > index 6bc17ef313..031594a686 100644
> > --- a/tests/qtest/fuzz/fuzz.c
> > +++ b/tests/qtest/fuzz/fuzz.c
> > @@ -143,7 +143,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp)
> >  {
> >  
> >      char *target_name;
> > -    char *dir;
> > +    char *bindir, *datadir;
> >      bool serialize = false;
> >  
> >      /* Initialize qgraph and modules */
> > @@ -164,11 +164,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp)
> >           * location of the executable. Using this we add exec_dir/pc-bios to
> >           * the datadirs.
> >           */
> > -        dir = g_build_filename(g_path_get_dirname(**argv), "pc-bios", NULL);
> > -        if (g_file_test(dir, G_FILE_TEST_IS_DIR)) {
> > -            qemu_add_data_dir(dir);
> > +        bindir = g_path_get_dirname(**argv);
> > +        datadir = g_build_filename(bindir, "pc-bios", NULL);
> > +        g_free(bindir);
> > +        if (g_file_test(datadir, G_FILE_TEST_IS_DIR)) {
> > +            qemu_add_data_dir(datadir);
> >          }
> > -        g_free(dir);
> > +        g_free(datadir);
> >      } else if (*argc > 1) {  /* The target is specified as an argument */
> >          target_name = (*argv)[1];
> >          if (!strstr(target_name, "--fuzz-target=")) {
> > 
> 
> Patch looks fine, thanks!
> 
> Reviewed-by: Thomas Huth <thuth@redhat.com>
>