With this patch applied the fuzz target can be built (with ASan)
and run with
```
./src/tests/oss-fuzz.sh
./out/fuzz-lxc-config-read doc/examples/
```
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32475 can be
reproduced by running
```
$ echo "lxc.console.buffer.size=d" >oss-fuzz-32475
$ ./out/fuzz-lxc-config-read ./oss-fuzz-32475
INFO: Seed: 1044753468
INFO: Loaded 1 modules (18770 inline 8-bit counters): 18770 [0x883cc0, 0x888612),
INFO: Loaded 1 PC tables (18770 PCs): 18770 [0x888618,0x8d1b38),
./out/fuzz-lxc-config-read: Running 1 inputs 1 time(s) each.
Running: oss-fuzz-32475
=================================================================
==2052097==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffcca063e7f at pc 0x000000659e0d bp 0x7ffcca063e30 sp 0x7ffcca063e28
READ of size 1 at 0x7ffcca063e7f thread T0
...
```
I'll point OSS-Fuzz to the build script once this patch is merged.
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Now that lxc has been integrated into OSS-Fuzz it should be
possible to start using https://google.github.io/oss-fuzz/getting-started/continuous-integration/
(mostly to make sure that the project is buildable there).
It should help to keep the integration in more or less good shape.
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
It was triggered by passing "lxc.selinux.context.keyring=xroot" to the
fuzz target introduced in https://github.com/google/oss-fuzz/pull/5498
```
=================================================================
==22==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 6 byte(s) in 1 object(s) allocated from:
#0 0x538ca4 in __strdup /src/llvm-project/compiler-rt/lib/asan/asan_interceptors.cpp:468:3
#1 0x5c40e8 in set_config_string_item /src/lxc/src/lxc/confile_utils.c:635:14
#2 0x44394e in set_config_selinux_context_keyring /src/lxc/src/lxc/confile.c:1596:9
#3 0x5af955 in parse_line /src/lxc/src/lxc/confile.c:2953:9
#4 0x4475cd in lxc_file_for_each_line_mmap /src/lxc/src/lxc/parse.c:125:9
#5 0x5af24f in lxc_config_read /src/lxc/src/lxc/confile.c:3024:9
#6 0x580b04 in LLVMFuzzerTestOneInput /src/fuzz-lxc-config-read.c:36:2
#7 0x483643 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
#8 0x46d4a2 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:323:6
#9 0x4732ea in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:856:9
#10 0x49f022 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#11 0x7f16d09b883f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
```
This is a follow-up to https://github.com/lxc/lxc/commit/4fef78bc332a2d186dca6f
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Travis-CI has been a disaster lately with us running out of credits or
their system thinking we're out of credit anyway...
So with Jenkins now covering arm64, let's move the rest of the CI to
Github Actions instead.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Someone might have created a name=<controller> controller after the
container has started and so the container doesn't make use of this
controller.
Link: https://github.com/lxc/lxd/issues/8577
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
