fuzz: never return an uninitialized sockaddr in FuzzedSock::GetSockName

darosior · darosior · commit 0d472c19533a · 2025-02-12T10:31:43.000-05:00
The fuzz provider's `ConsumeData` may return less data than necessary
to fill the sockaddr struct and still return success. Fix this to avoid
the caller using uninitialized memory.
diff --git a/src/test/fuzz/util/net.cpp b/src/test/fuzz/util/net.cpp
@@ -357,7 +357,9 @@ int FuzzedSock::GetSockName(sockaddr* name, socklen_t* name_len) const
         SetFuzzedErrNo(m_fuzzed_data_provider, getsockname_errnos);
         return -1;
     }
+    assert(name_len);
     *name_len = m_fuzzed_data_provider.ConsumeData(name, *name_len);
+    if (*name_len < (int)sizeof(sockaddr)) return -1;
     return 0;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -357,7 +357,9 @@ int FuzzedSock::GetSockName(sockaddr* name, socklen_t* name_len) const`
`357`	`357`	`SetFuzzedErrNo(m_fuzzed_data_provider, getsockname_errnos);`
`358`	`358`	`return -1;`
`359`	`359`	`}`
	`360`	`+ assert(name_len);`
`360`	`361`	`name_len = m_fuzzed_data_provider.ConsumeData(name, name_len);`
	`362`	`+ if (*name_len < (int)sizeof(sockaddr)) return -1;`
`361`	`363`	`return 0;`
`362`	`364`	`}`
`363`	`365`