diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:30:55 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:30:55 +0000 |
commit | 17e81f2cd1843f01838245eae7b5ed5edf83d6be (patch) | |
tree | a0f685dff11ce5a2dc546a7b46a48bae5d1c0140 /fuzz | |
parent | Initial commit. (diff) | |
download | ngtcp2-upstream.tar.xz ngtcp2-upstream.zip |
Adding upstream version 0.12.1+dfsg.upstream/0.12.1+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'fuzz')
24 files changed, 112 insertions, 0 deletions
diff --git a/fuzz/corpus/decode_frame/ack b/fuzz/corpus/decode_frame/ack Binary files differnew file mode 100644 index 0000000..3460d0d --- /dev/null +++ b/fuzz/corpus/decode_frame/ack diff --git a/fuzz/corpus/decode_frame/ack_ecn b/fuzz/corpus/decode_frame/ack_ecn Binary files differnew file mode 100644 index 0000000..09b2bf7 --- /dev/null +++ b/fuzz/corpus/decode_frame/ack_ecn diff --git a/fuzz/corpus/decode_frame/connection_close b/fuzz/corpus/decode_frame/connection_close Binary files differnew file mode 100644 index 0000000..61409da --- /dev/null +++ b/fuzz/corpus/decode_frame/connection_close diff --git a/fuzz/corpus/decode_frame/crypto b/fuzz/corpus/decode_frame/crypto new file mode 100644 index 0000000..8d03ebf --- /dev/null +++ b/fuzz/corpus/decode_frame/crypto @@ -0,0 +1 @@ +ñòóôõö÷ø0123456789abcdef1
\ No newline at end of file diff --git a/fuzz/corpus/decode_frame/data_blocked b/fuzz/corpus/decode_frame/data_blocked new file mode 100644 index 0000000..e195a8c --- /dev/null +++ b/fuzz/corpus/decode_frame/data_blocked @@ -0,0 +1 @@ +ñòóôõö÷ø
\ No newline at end of file diff --git a/fuzz/corpus/decode_frame/datagram b/fuzz/corpus/decode_frame/datagram new file mode 100644 index 0000000..72b1e3e --- /dev/null +++ b/fuzz/corpus/decode_frame/datagram @@ -0,0 +1 @@ +00123456789abcdef3
\ No newline at end of file diff --git a/fuzz/corpus/decode_frame/datagram_len b/fuzz/corpus/decode_frame/datagram_len new file mode 100644 index 0000000..07198a7 --- /dev/null +++ b/fuzz/corpus/decode_frame/datagram_len @@ -0,0 +1 @@ +10123456789abcdef3
\ No newline at end of file diff --git a/fuzz/corpus/decode_frame/max_data b/fuzz/corpus/decode_frame/max_data new file mode 100644 index 0000000..9c0d924 --- /dev/null +++ b/fuzz/corpus/decode_frame/max_data @@ -0,0 +1 @@ +ñòóôõö÷ø
\ No newline at end of file diff --git a/fuzz/corpus/decode_frame/max_stream_data b/fuzz/corpus/decode_frame/max_stream_data Binary files differnew file mode 100644 index 0000000..3e45818 --- /dev/null +++ b/fuzz/corpus/decode_frame/max_stream_data diff --git a/fuzz/corpus/decode_frame/max_streams b/fuzz/corpus/decode_frame/max_streams Binary files differnew file mode 100644 index 0000000..17440a6 --- /dev/null +++ b/fuzz/corpus/decode_frame/max_streams diff --git a/fuzz/corpus/decode_frame/new_connection_id b/fuzz/corpus/decode_frame/new_connection_id new file mode 100644 index 0000000..6004466 --- /dev/null +++ b/fuzz/corpus/decode_frame/new_connection_id @@ -0,0 +1 @@ +»šÊ @ÿªªªªªªªªªªªªªªîáááááááááááááááá
\ No newline at end of file diff --git a/fuzz/corpus/decode_frame/new_token b/fuzz/corpus/decode_frame/new_token new file mode 100644 index 0000000..8fa359c --- /dev/null +++ b/fuzz/corpus/decode_frame/new_token @@ -0,0 +1 @@ +0123456789abcdef2
\ No newline at end of file diff --git a/fuzz/corpus/decode_frame/path_challenge b/fuzz/corpus/decode_frame/path_challenge new file mode 100644 index 0000000..3e94fb7 --- /dev/null +++ b/fuzz/corpus/decode_frame/path_challenge @@ -0,0 +1 @@ +
\ No newline at end of file diff --git a/fuzz/corpus/decode_frame/path_response b/fuzz/corpus/decode_frame/path_response new file mode 100644 index 0000000..e33140e --- /dev/null +++ b/fuzz/corpus/decode_frame/path_response @@ -0,0 +1 @@ +
\ No newline at end of file diff --git a/fuzz/corpus/decode_frame/reset_stream b/fuzz/corpus/decode_frame/reset_stream Binary files differnew file mode 100644 index 0000000..baee7ce --- /dev/null +++ b/fuzz/corpus/decode_frame/reset_stream diff --git a/fuzz/corpus/decode_frame/retire_connection_id b/fuzz/corpus/decode_frame/retire_connection_id new file mode 100644 index 0000000..15ce00a --- /dev/null +++ b/fuzz/corpus/decode_frame/retire_connection_id @@ -0,0 +1 @@ +»šÊ
\ No newline at end of file diff --git a/fuzz/corpus/decode_frame/stop_sending b/fuzz/corpus/decode_frame/stop_sending Binary files differnew file mode 100644 index 0000000..d9abd24 --- /dev/null +++ b/fuzz/corpus/decode_frame/stop_sending diff --git a/fuzz/corpus/decode_frame/stream b/fuzz/corpus/decode_frame/stream Binary files differnew file mode 100644 index 0000000..f85b928 --- /dev/null +++ b/fuzz/corpus/decode_frame/stream diff --git a/fuzz/corpus/decode_frame/stream_data_blocked b/fuzz/corpus/decode_frame/stream_data_blocked Binary files differnew file mode 100644 index 0000000..8ccc9cc --- /dev/null +++ b/fuzz/corpus/decode_frame/stream_data_blocked diff --git a/fuzz/corpus/decode_frame/stream_len b/fuzz/corpus/decode_frame/stream_len Binary files differnew file mode 100644 index 0000000..c0ad3d6 --- /dev/null +++ b/fuzz/corpus/decode_frame/stream_len diff --git a/fuzz/corpus/decode_frame/streams_blocked b/fuzz/corpus/decode_frame/streams_blocked Binary files differnew file mode 100644 index 0000000..f6fae51 --- /dev/null +++ b/fuzz/corpus/decode_frame/streams_blocked diff --git a/fuzz/corpus/ksl/random b/fuzz/corpus/ksl/random Binary files differnew file mode 100644 index 0000000..b2f626a --- /dev/null +++ b/fuzz/corpus/ksl/random diff --git a/fuzz/decode_frame.cc b/fuzz/decode_frame.cc new file mode 100644 index 0000000..13431fd --- /dev/null +++ b/fuzz/decode_frame.cc @@ -0,0 +1,25 @@ +#ifdef __cplusplus +extern "C" { +#endif + +#include "ngtcp2_conn.h" + +#ifdef __cplusplus +} +#endif + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + for (; size;) { + ngtcp2_max_frame mfr{}; + + auto nread = ngtcp2_pkt_decode_frame(&mfr.fr, data, size); + if (nread < 0) { + return 0; + } + + data += nread; + size -= nread; + } + + return 0; +} diff --git a/fuzz/ksl.cc b/fuzz/ksl.cc new file mode 100644 index 0000000..9bbf4c4 --- /dev/null +++ b/fuzz/ksl.cc @@ -0,0 +1,77 @@ +#include <byteswap.h> + +#include <cstring> +#include <memory> + +#ifdef __cplusplus +extern "C" { +#endif + +#include "ngtcp2_ksl.h" + +#ifdef __cplusplus +} +#endif + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + using KeyType = uint16_t; + using DataType = int64_t; + constexpr size_t keylen = sizeof(KeyType); + + auto compar = [](auto *lhs, auto *rhs) -> int { + return *static_cast<const KeyType *>(lhs) < + *static_cast<const KeyType *>(rhs); + }; + + ngtcp2_ksl ksl; + + ngtcp2_ksl_init(&ksl, compar, keylen, ngtcp2_mem_default()); + + for (; size >= keylen; ++data, --size) { + KeyType d; + + memcpy(&d, data, keylen); + + for (size_t i = 0; i < 2; ++i) { + auto add = (d & 0x8000) != 0; + auto key = static_cast<KeyType>(d & 0x7fff); + + if (add) { + auto data = std::make_unique<DataType>(key); + auto rv = ngtcp2_ksl_insert(&ksl, nullptr, &key, data.get()); + if (rv != 0) { + continue; + } + + data.release(); + ngtcp2_ksl_lower_bound(&ksl, &key); + + continue; + } + + auto it = ngtcp2_ksl_lower_bound(&ksl, &key); + if (ngtcp2_ksl_it_end(&it)) { + continue; + } + + if (*static_cast<KeyType *>(ngtcp2_ksl_it_key(&it)) != key) { + continue; + } + + delete static_cast<DataType *>(ngtcp2_ksl_it_get(&it)); + + ngtcp2_ksl_remove(&ksl, nullptr, &key); + + d = bswap_16(d); + } + } + + for (auto it = ngtcp2_ksl_begin(&ksl); !ngtcp2_ksl_it_end(&it); + ngtcp2_ksl_it_next(&it)) { + delete static_cast<DataType *>(ngtcp2_ksl_it_get(&it)); + } + + ngtcp2_ksl_free(&ksl); + + return 0; +} |