From 2a34964f8c0d9a47801892fc06277b71cccb76bf Mon Sep 17 00:00:00 2001
From: Quentin Young <qlyoung@cumulusnetworks.com>
Date: Tue, 14 Apr 2020 00:37:50 -0400
Subject: [PATCH] ospfd: size fuzzing stream exactly to input

ASAN only sees reads outside of allocated blocks; uninitialized data is
MSAN's domain

Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
---
 ospfd/ospf_main.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/ospfd/ospf_main.c b/ospfd/ospf_main.c
index 5a0f4d67d6..03df0a9ad1 100644
--- a/ospfd/ospf_main.c
+++ b/ospfd/ospf_main.c
@@ -224,12 +224,15 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	struct ospf *o;
 
 #ifdef FUZZING_LIBFUZZER
-	o = FuzzingCreateOspf();
+	o = FuzzingOspf;
 #else
 	o = FuzzingOspf;
 #endif
 
 	/* Simulate the read process done by ospf_recv_packet */
+	stream_free(o->ibuf);
+	o->ibuf = stream_new(MAX(1, size));
+
 	stream_put(o->ibuf, data, size);
 	{
 		struct ip *iph;
@@ -252,8 +255,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	ospf_read_helper(o);
 
 done:
-	stream_reset(o->ibuf);
-
 	return 0;
 }
 #endif
-- 
2.39.5