ospfd: size fuzzing stream exactly to input

ASAN only sees reads outside of allocated blocks; uninitialized data is
MSAN's domain

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>

diff --git a/ospfd/ospf_main.c b/ospfd/ospf_main.c
index 5a0f4d67d665ae00c3b39a780ffa9ae7b98f61a9..03df0a9ad1105a272b3a5f5acbf4e0e9c7fdc2ed 100644 (file)
--- a/ospfd/ospf_main.c
+++ b/ospfd/ospf_main.c
@@ -224,12 +224,15 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
        struct ospf *o;
 
 #ifdef FUZZING_LIBFUZZER
-       o = FuzzingCreateOspf();
+       o = FuzzingOspf;
 #else
        o = FuzzingOspf;
 #endif
 
        /* Simulate the read process done by ospf_recv_packet */
+       stream_free(o->ibuf);
+       o->ibuf = stream_new(MAX(1, size));
+
        stream_put(o->ibuf, data, size);
        {
                struct ip *iph;
@@ -252,8 +255,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
        ospf_read_helper(o);
 
 done:
-       stream_reset(o->ibuf);
-
        return 0;
 }
 #endif