handling exit(3) and err(3)

plusun · plusun · commit 0652e35542ba · 2018-06-24T13:40:36.000Z
diff --git a/sbin/ping/fuzzer_ops.h b/sbin/ping/fuzzer_ops.h
@@ -5,6 +5,7 @@
 #include <stddef.h>
 #include <stdint.h>
 #include <poll.h>
+#include <setjmp.h>
 
 typedef struct s_fuzzer_buffer_t {
 	size_t len, off;
@@ -29,4 +30,8 @@ ssize_t fuzzer_sendto(int s, const void *msg, size_t len, int flags,
 		      const struct sockaddr *to, socklen_t tolen);
 int fuzzer_close(int s);
 
+extern jmp_buf fuzzer_exit;
+#define exit(...) longjmp(fuzzer_exit, 1)
+#define err(...) longjmp(fuzzer_exit, 1)
+
 #endif
diff --git a/sbin/ping/ping.c b/sbin/ping/ping.c
@@ -749,7 +749,7 @@ int fuzzer_init(void) {
 }
 
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
-
+jmp_buf fuzzer_exit;
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 	buffer = Data;
 	blen = Size;
@@ -766,6 +766,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 	u_char ttl = 0;
 	u_long tos = 0;
 
+	if (setjmp(fuzzer_exit))
+		return 0;
 	if (prog_init && prog_init() == -1)
 		return 0;
 	if ((s = prog_socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)) < 0)
