break [am]san to test oss-fuzz; to be reverted

src/assert.c

@@ -679,6 +679,11 @@ fido_assert_allow_cred(fido_assert_t *assert, const unsigned char *ptr,
 	return (FIDO_OK);
 fail:
 	free(id.ptr);
+#ifdef BREAK_ASAN
+	/* XXX pedro: test fuzz_assert + asan */
+	if (!*id.ptr)
+		return (FIDO_OK);
+#endif
 
 	return (r);
 
@@ -1057,7 +1062,12 @@ fido_assert_set_sig(fido_assert_t *a, size_t idx, const unsigned char *ptr,
 	if ((sig = malloc(len)) == NULL)
 		return (FIDO_ERR_INTERNAL);
 
+#ifdef BREAK_MSAN
+	/* XXX pedro: test fuzz_assert + msan */
+	memcpy(sig, ptr, len - 1);
+#else
 	memcpy(sig, ptr, len);
+#endif
 	a->stmt[idx].sig.ptr = sig;
 	a->stmt[idx].sig.len = len;
 

src/bio.c

@@ -48,7 +48,12 @@ bio_prepare_hmac(uint8_t cmd, cbor_item_t **argv, size_t argc,
 	}
 
 	memcpy(hmac_data->ptr, prefix, sizeof(prefix));
+#ifdef BREAK_ASAN
+	/* XXX pedro: test fuzz_bio + asan */
+	memcpy(hmac_data->ptr + sizeof(prefix), cbor, cbor_len + 1);
+#else
 	memcpy(hmac_data->ptr + sizeof(prefix), cbor, cbor_len);
+#endif
 	hmac_data->len = cbor_len + sizeof(prefix);
 
 	ok = 0;
@@ -512,7 +517,12 @@ bio_enroll_continue_wait(fido_dev_t *dev, const fido_bio_template_t *t,
 	const uint8_t	 cmd = CMD_ENROLL_NEXT;
 	int		 r = FIDO_ERR_INTERNAL;
 
+#ifdef BREAK_MSAN
+	/* XXX pedro: test fuzz_bio + msan */
+	memset(&argv, 0, sizeof(argv) - 1);
+#else
 	memset(&argv, 0, sizeof(argv));
+#endif
 
 	if ((argv[0] = fido_blob_encode(&t->id)) == NULL ||
 	    (argv[2] = cbor_build_uint32(timo_ms)) == NULL) {

src/cred.c

@@ -49,7 +49,12 @@ fido_dev_make_cred_tx(fido_dev_t *dev, fido_cred_t *cred, const char *pin)
 	int		 r;
 
 	memset(&f, 0, sizeof(f));
+#ifdef BREAK_MSAN
+	/* XXX pedro: test fuzz_cred + msan */
+	memset(argv, 0, sizeof(argv) - 1);
+#else
 	memset(argv, 0, sizeof(argv));
+#endif
 
 	if (cred->cdh.ptr == NULL || cred->type == 0) {
 		fido_log_debug("%s: cdh=%p, type=%d", __func__,
@@ -704,6 +709,11 @@ fido_cred_exclude(fido_cred_t *cred, const unsigned char *id_ptr, size_t id_len)
 	if ((list_ptr = recallocarray(cred->excl.ptr, cred->excl.len,
 	    cred->excl.len + 1, sizeof(fido_blob_t))) == NULL) {
 		free(id_blob.ptr);
+#ifdef BREAK_ASAN
+		/* XXX pedro: test fuzz_cred + asan */
+		if (!*id_blob.ptr)
+			return (FIDO_OK);
+#endif
 		return (FIDO_ERR_INTERNAL);
 	}
 

src/credman.c

@@ -110,7 +110,12 @@ credman_tx(fido_dev_t *dev, uint8_t cmd, const fido_blob_t *param,
 	int		 r = FIDO_ERR_INTERNAL;
 
 	memset(&f, 0, sizeof(f));
+#ifdef BREAK_MSAN
+	/* XXX pedro: test fuzz_credman + msan */
+	(void)hmac;
+#else
 	memset(&hmac, 0, sizeof(hmac));
+#endif
 	memset(&argv, 0, sizeof(argv));
 
 	/* subCommand */
@@ -424,6 +429,10 @@ credman_del_rk_wait(fido_dev_t *dev, const unsigned char *cred_id,
 		goto fail;
 
 	r = FIDO_OK;
+#ifdef BREAK_ASAN
+	/* XXX pedro: test fuzz_credman + asan */
+	free(cred.ptr);
+#endif
 fail:
 	free(cred.ptr);
 

src/fido.h

@@ -22,6 +22,21 @@
 #include "../openbsd-compat/openbsd-compat.h"
 #include "iso7816.h"
 #include "extern.h"
+
+/* XXX pedro: remove me */
+#if defined(__clang__)
+#if defined(FIDO_FUZZ) && __has_feature(memory_sanitizer)
+#define BREAK_MSAN
+#endif
+#endif
+
+/* XXX pedro: remove me */
+#if defined(__clang__)
+#if defined(FIDO_FUZZ) && __has_feature(address_sanitizer)
+#define BREAK_ASAN
+#endif
+#endif
+
 #endif
 
 #include "fido/err.h"

src/pin.c

@@ -264,7 +264,13 @@ fido_dev_change_pin_tx(fido_dev_t *dev, const char *pin, const char *oldpin)
 	int r;
 
 	memset(&f, 0, sizeof(f));
+
+#ifdef BREAK_MSAN
+	/* XXX pedro: test fuzz_mgmt + msan */
+	memset(argv, 0, sizeof(argv) - 1);
+#else
 	memset(argv, 0, sizeof(argv));
+#endif
 
 	if ((opin = fido_blob_new()) == NULL || fido_blob_set(opin,
 	    (const unsigned char *)oldpin, strlen(oldpin)) < 0) {
@@ -356,7 +362,12 @@ fido_dev_set_pin_tx(fido_dev_t *dev, const char *pin)
 
 	r = FIDO_OK;
 fail:
+#ifdef BREAK_ASAN
+	/* XXX pedro: test fuzz_mgmt + asan */
+	cbor_vector_free(argv, nitems(argv) + 1);
+#else
 	cbor_vector_free(argv, nitems(argv));
+#endif
 	es256_pk_free(&pk);
 	fido_blob_free(&ppin);
 	fido_blob_free(&ecdh);