From bd66b11f37c4b9c40e178cb84cb3ffb7182a57d3 Mon Sep 17 00:00:00 2001
From: Maksym Sobolyev <sobomax@sippysoft.com>
Date: Mon, 9 Sep 2024 22:08:03 -0700
Subject: [PATCH] Set RTPP_DEBUG_refcnt, enable tracing for the
 cmd->reply->rcnt and check that both cmd->reply and cmd->reply->rcnt are
 intact after running a test case. This is to debug fuzzer-triggered memory
 leaks.

---
 scripts/fuzz/oss-fuzz-build.sh | 7 +++++--
 scripts/fuzz/rfz_command.c     | 8 ++++++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/scripts/fuzz/oss-fuzz-build.sh b/scripts/fuzz/oss-fuzz-build.sh
index 06121b2b..c83dd497 100755
--- a/scripts/fuzz/oss-fuzz-build.sh
+++ b/scripts/fuzz/oss-fuzz-build.sh
@@ -88,9 +88,12 @@ LD="lld"
 LD_BIN="ld.lld"
 LDFLAGS="-fuse-ld=${LD}"
 
+CFLAGS="${CFLAGS} -DRTPP_DEBUG_refcnt=1"
+CXXFLAGS="${CXXFLAGS} -DRTPP_DEBUG_refcnt=1"
+
 if ! AR=llvm-ar RANLIB=llvm-ranlib NM=llvm-nm STRIP=llvm-strip \
- LDFLAGS="${LDFLAGS}" ./configure --enable-librtpproxy --enable-lto \
-  --enable-silent --enable-noinst=no
+ LDFLAGS="${LDFLAGS}" CFLAGS="${CFLAGS}" ./configure --enable-librtpproxy \
+  --enable-lto --enable-silent --enable-noinst=no
 then
   cat config.log
   exit 1
diff --git a/scripts/fuzz/rfz_command.c b/scripts/fuzz/rfz_command.c
index 6cda6b6e..6c886e37 100644
--- a/scripts/fuzz/rfz_command.c
+++ b/scripts/fuzz/rfz_command.c
@@ -1,4 +1,5 @@
 #include <sys/socket.h>
+#include <assert.h>
 #include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
@@ -8,11 +9,13 @@
 
 #include "rtpp_types.h"
 #include "rtpp_cfg.h"
+#include "rtpp_codeptr.h"
 #include "rtpp_refcnt.h"
 #include "rtpp_command.h"
 #include "rtpp_command_args.h"
 #include "rtpp_command_sub.h"
 #include "rtpp_command_private.h"
+#include "rtpp_command_reply.h"
 #include "rtpp_command_stats.h"
 #include "rtpp_time.h"
 
@@ -33,6 +36,9 @@ ExecuteRTPPCommand(struct rtpp_conf *gcp, const char *data, size_t size)
     cmd = rtpp_command_ctor(gcp->cfsp, gcp->tfd, &dtime, &cstat, 0);
     if (cmd == NULL)
         return (-1);
+    const void *tp = cmd->reply;
+    const void *trp = cmd->reply->rcnt;
+    CALL_SMETHOD(cmd->reply->rcnt, traceen, HEREVAL);
     memcpy(cmd->buf, data, size);
     cmd->buf[size] = '\0';
 
@@ -40,6 +46,8 @@ ExecuteRTPPCommand(struct rtpp_conf *gcp, const char *data, size_t size)
     if (rval == 0) {
         rval = handle_command(gcp->cfsp, cmd);
     }
+    assert(tp == cmd->reply);
+    assert(trp == cmd->reply->rcnt);
     free_command(cmd);
     return (rval);
 }