From ea0e23c172ea1e97613c70550afbb5ce1e89fa10 Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Tue, 30 May 2017 22:50:52 +0800
Subject: [PATCH] don't longjmp for fuzzer-preauth (temporary to debug asan)

--HG--
branch : fuzz
---
 fuzzer-preauth.c | 38 +++++++++++++++++++++-----------------
 1 file changed, 21 insertions(+), 17 deletions(-)

diff --git a/fuzzer-preauth.c b/fuzzer-preauth.c
index 7f314712..12b7fc27 100644
--- a/fuzzer-preauth.c
+++ b/fuzzer-preauth.c
@@ -19,35 +19,39 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 		return 0;
 	}
 
-    // get prefix. input format is
-    // string prefix
-    //     uint32 wrapfd seed
-    //     ... to be extended later
-    // [bytes] ssh input stream
-
-    // be careful to avoid triggering buffer.c assertions
-    if (fuzz.input->len < 8) {
-        return 0;
-    }
-    size_t prefix_size = buf_getint(fuzz.input);
-    if (prefix_size != 4) {
-        return 0;
-    }
-    uint32_t wrapseed = buf_getint(fuzz.input);
-    wrapfd_setseed(wrapseed);
+	// get prefix. input format is
+	// string prefix
+	//     uint32 wrapfd seed
+	//     ... to be extended later
+	// [bytes] ssh input stream
+
+	// be careful to avoid triggering buffer.c assertions
+	if (fuzz.input->len < 8) {
+		return 0;
+	}
+	size_t prefix_size = buf_getint(fuzz.input);
+	if (prefix_size != 4) {
+		return 0;
+	}
+	uint32_t wrapseed = buf_getint(fuzz.input);
+	wrapfd_setseed(wrapseed);
 
 	int fakesock = 20;
 	wrapfd_add(fakesock, fuzz.input, PLAIN);
 
 	m_malloc_set_epoch(1);
+	// temporarily disable setjmp to debug asan segv
+	svr_session(fakesock, fakesock);
+	#if 0
 	if (setjmp(fuzz.jmp) == 0) {
 		svr_session(fakesock, fakesock);
-        m_malloc_free_epoch(1, 0);
+		m_malloc_free_epoch(1, 0);
 	} else {
 		m_malloc_free_epoch(1, 1);
 		TRACE(("dropbear_exit longjmped"))
 		// dropbear_exit jumped here
 	}
+	#endif
 
 	return 0;
 }
-- 
GitLab