summaryrefslogtreecommitdiffstats
path: root/fuzz
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 07:30:55 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 07:30:55 +0000
commit17e81f2cd1843f01838245eae7b5ed5edf83d6be (patch)
treea0f685dff11ce5a2dc546a7b46a48bae5d1c0140 /fuzz
parentInitial commit. (diff)
downloadngtcp2-upstream.tar.xz
ngtcp2-upstream.zip
Adding upstream version 0.12.1+dfsg.upstream/0.12.1+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'fuzz')
-rw-r--r--fuzz/corpus/decode_frame/ackbin0 -> 41 bytes
-rw-r--r--fuzz/corpus/decode_frame/ack_ecnbin0 -> 48 bytes
-rw-r--r--fuzz/corpus/decode_frame/connection_closebin0 -> 1032 bytes
-rw-r--r--fuzz/corpus/decode_frame/crypto1
-rw-r--r--fuzz/corpus/decode_frame/data_blocked1
-rw-r--r--fuzz/corpus/decode_frame/datagram1
-rw-r--r--fuzz/corpus/decode_frame/datagram_len1
-rw-r--r--fuzz/corpus/decode_frame/max_data1
-rw-r--r--fuzz/corpus/decode_frame/max_stream_databin0 -> 17 bytes
-rw-r--r--fuzz/corpus/decode_frame/max_streamsbin0 -> 9 bytes
-rw-r--r--fuzz/corpus/decode_frame/new_connection_id1
-rw-r--r--fuzz/corpus/decode_frame/new_token1
-rw-r--r--fuzz/corpus/decode_frame/path_challenge1
-rw-r--r--fuzz/corpus/decode_frame/path_response1
-rw-r--r--fuzz/corpus/decode_frame/reset_streambin0 -> 17 bytes
-rw-r--r--fuzz/corpus/decode_frame/retire_connection_id1
-rw-r--r--fuzz/corpus/decode_frame/stop_sendingbin0 -> 13 bytes
-rw-r--r--fuzz/corpus/decode_frame/streambin0 -> 25 bytes
-rw-r--r--fuzz/corpus/decode_frame/stream_data_blockedbin0 -> 17 bytes
-rw-r--r--fuzz/corpus/decode_frame/stream_lenbin0 -> 35 bytes
-rw-r--r--fuzz/corpus/decode_frame/streams_blockedbin0 -> 9 bytes
-rw-r--r--fuzz/corpus/ksl/randombin0 -> 4096 bytes
-rw-r--r--fuzz/decode_frame.cc25
-rw-r--r--fuzz/ksl.cc77
24 files changed, 112 insertions, 0 deletions
diff --git a/fuzz/corpus/decode_frame/ack b/fuzz/corpus/decode_frame/ack
new file mode 100644
index 0000000..3460d0d
--- /dev/null
+++ b/fuzz/corpus/decode_frame/ack
Binary files differ
diff --git a/fuzz/corpus/decode_frame/ack_ecn b/fuzz/corpus/decode_frame/ack_ecn
new file mode 100644
index 0000000..09b2bf7
--- /dev/null
+++ b/fuzz/corpus/decode_frame/ack_ecn
Binary files differ
diff --git a/fuzz/corpus/decode_frame/connection_close b/fuzz/corpus/decode_frame/connection_close
new file mode 100644
index 0000000..61409da
--- /dev/null
+++ b/fuzz/corpus/decode_frame/connection_close
Binary files differ
diff --git a/fuzz/corpus/decode_frame/crypto b/fuzz/corpus/decode_frame/crypto
new file mode 100644
index 0000000..8d03ebf
--- /dev/null
+++ b/fuzz/corpus/decode_frame/crypto
@@ -0,0 +1 @@
+ñòóôõö÷ø0123456789abcdef1 \ No newline at end of file
diff --git a/fuzz/corpus/decode_frame/data_blocked b/fuzz/corpus/decode_frame/data_blocked
new file mode 100644
index 0000000..e195a8c
--- /dev/null
+++ b/fuzz/corpus/decode_frame/data_blocked
@@ -0,0 +1 @@
+ñòóôõö÷ø \ No newline at end of file
diff --git a/fuzz/corpus/decode_frame/datagram b/fuzz/corpus/decode_frame/datagram
new file mode 100644
index 0000000..72b1e3e
--- /dev/null
+++ b/fuzz/corpus/decode_frame/datagram
@@ -0,0 +1 @@
+00123456789abcdef3 \ No newline at end of file
diff --git a/fuzz/corpus/decode_frame/datagram_len b/fuzz/corpus/decode_frame/datagram_len
new file mode 100644
index 0000000..07198a7
--- /dev/null
+++ b/fuzz/corpus/decode_frame/datagram_len
@@ -0,0 +1 @@
+10123456789abcdef3 \ No newline at end of file
diff --git a/fuzz/corpus/decode_frame/max_data b/fuzz/corpus/decode_frame/max_data
new file mode 100644
index 0000000..9c0d924
--- /dev/null
+++ b/fuzz/corpus/decode_frame/max_data
@@ -0,0 +1 @@
+ñòóôõö÷ø \ No newline at end of file
diff --git a/fuzz/corpus/decode_frame/max_stream_data b/fuzz/corpus/decode_frame/max_stream_data
new file mode 100644
index 0000000..3e45818
--- /dev/null
+++ b/fuzz/corpus/decode_frame/max_stream_data
Binary files differ
diff --git a/fuzz/corpus/decode_frame/max_streams b/fuzz/corpus/decode_frame/max_streams
new file mode 100644
index 0000000..17440a6
--- /dev/null
+++ b/fuzz/corpus/decode_frame/max_streams
Binary files differ
diff --git a/fuzz/corpus/decode_frame/new_connection_id b/fuzz/corpus/decode_frame/new_connection_id
new file mode 100644
index 0000000..6004466
--- /dev/null
+++ b/fuzz/corpus/decode_frame/new_connection_id
@@ -0,0 +1 @@
+»šÊ @ÿªªªªªªªªªªªªªªîáááááááááááááááá \ No newline at end of file
diff --git a/fuzz/corpus/decode_frame/new_token b/fuzz/corpus/decode_frame/new_token
new file mode 100644
index 0000000..8fa359c
--- /dev/null
+++ b/fuzz/corpus/decode_frame/new_token
@@ -0,0 +1 @@
+0123456789abcdef2 \ No newline at end of file
diff --git a/fuzz/corpus/decode_frame/path_challenge b/fuzz/corpus/decode_frame/path_challenge
new file mode 100644
index 0000000..3e94fb7
--- /dev/null
+++ b/fuzz/corpus/decode_frame/path_challenge
@@ -0,0 +1 @@
+ \ No newline at end of file
diff --git a/fuzz/corpus/decode_frame/path_response b/fuzz/corpus/decode_frame/path_response
new file mode 100644
index 0000000..e33140e
--- /dev/null
+++ b/fuzz/corpus/decode_frame/path_response
@@ -0,0 +1 @@
+ \ No newline at end of file
diff --git a/fuzz/corpus/decode_frame/reset_stream b/fuzz/corpus/decode_frame/reset_stream
new file mode 100644
index 0000000..baee7ce
--- /dev/null
+++ b/fuzz/corpus/decode_frame/reset_stream
Binary files differ
diff --git a/fuzz/corpus/decode_frame/retire_connection_id b/fuzz/corpus/decode_frame/retire_connection_id
new file mode 100644
index 0000000..15ce00a
--- /dev/null
+++ b/fuzz/corpus/decode_frame/retire_connection_id
@@ -0,0 +1 @@
+»šÊ \ No newline at end of file
diff --git a/fuzz/corpus/decode_frame/stop_sending b/fuzz/corpus/decode_frame/stop_sending
new file mode 100644
index 0000000..d9abd24
--- /dev/null
+++ b/fuzz/corpus/decode_frame/stop_sending
Binary files differ
diff --git a/fuzz/corpus/decode_frame/stream b/fuzz/corpus/decode_frame/stream
new file mode 100644
index 0000000..f85b928
--- /dev/null
+++ b/fuzz/corpus/decode_frame/stream
Binary files differ
diff --git a/fuzz/corpus/decode_frame/stream_data_blocked b/fuzz/corpus/decode_frame/stream_data_blocked
new file mode 100644
index 0000000..8ccc9cc
--- /dev/null
+++ b/fuzz/corpus/decode_frame/stream_data_blocked
Binary files differ
diff --git a/fuzz/corpus/decode_frame/stream_len b/fuzz/corpus/decode_frame/stream_len
new file mode 100644
index 0000000..c0ad3d6
--- /dev/null
+++ b/fuzz/corpus/decode_frame/stream_len
Binary files differ
diff --git a/fuzz/corpus/decode_frame/streams_blocked b/fuzz/corpus/decode_frame/streams_blocked
new file mode 100644
index 0000000..f6fae51
--- /dev/null
+++ b/fuzz/corpus/decode_frame/streams_blocked
Binary files differ
diff --git a/fuzz/corpus/ksl/random b/fuzz/corpus/ksl/random
new file mode 100644
index 0000000..b2f626a
--- /dev/null
+++ b/fuzz/corpus/ksl/random
Binary files differ
diff --git a/fuzz/decode_frame.cc b/fuzz/decode_frame.cc
new file mode 100644
index 0000000..13431fd
--- /dev/null
+++ b/fuzz/decode_frame.cc
@@ -0,0 +1,25 @@
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "ngtcp2_conn.h"
+
+#ifdef __cplusplus
+}
+#endif
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ for (; size;) {
+ ngtcp2_max_frame mfr{};
+
+ auto nread = ngtcp2_pkt_decode_frame(&mfr.fr, data, size);
+ if (nread < 0) {
+ return 0;
+ }
+
+ data += nread;
+ size -= nread;
+ }
+
+ return 0;
+}
diff --git a/fuzz/ksl.cc b/fuzz/ksl.cc
new file mode 100644
index 0000000..9bbf4c4
--- /dev/null
+++ b/fuzz/ksl.cc
@@ -0,0 +1,77 @@
+#include <byteswap.h>
+
+#include <cstring>
+#include <memory>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include "ngtcp2_ksl.h"
+
+#ifdef __cplusplus
+}
+#endif
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ using KeyType = uint16_t;
+ using DataType = int64_t;
+ constexpr size_t keylen = sizeof(KeyType);
+
+ auto compar = [](auto *lhs, auto *rhs) -> int {
+ return *static_cast<const KeyType *>(lhs) <
+ *static_cast<const KeyType *>(rhs);
+ };
+
+ ngtcp2_ksl ksl;
+
+ ngtcp2_ksl_init(&ksl, compar, keylen, ngtcp2_mem_default());
+
+ for (; size >= keylen; ++data, --size) {
+ KeyType d;
+
+ memcpy(&d, data, keylen);
+
+ for (size_t i = 0; i < 2; ++i) {
+ auto add = (d & 0x8000) != 0;
+ auto key = static_cast<KeyType>(d & 0x7fff);
+
+ if (add) {
+ auto data = std::make_unique<DataType>(key);
+ auto rv = ngtcp2_ksl_insert(&ksl, nullptr, &key, data.get());
+ if (rv != 0) {
+ continue;
+ }
+
+ data.release();
+ ngtcp2_ksl_lower_bound(&ksl, &key);
+
+ continue;
+ }
+
+ auto it = ngtcp2_ksl_lower_bound(&ksl, &key);
+ if (ngtcp2_ksl_it_end(&it)) {
+ continue;
+ }
+
+ if (*static_cast<KeyType *>(ngtcp2_ksl_it_key(&it)) != key) {
+ continue;
+ }
+
+ delete static_cast<DataType *>(ngtcp2_ksl_it_get(&it));
+
+ ngtcp2_ksl_remove(&ksl, nullptr, &key);
+
+ d = bswap_16(d);
+ }
+ }
+
+ for (auto it = ngtcp2_ksl_begin(&ksl); !ngtcp2_ksl_it_end(&it);
+ ngtcp2_ksl_it_next(&it)) {
+ delete static_cast<DataType *>(ngtcp2_ksl_it_get(&it));
+ }
+
+ ngtcp2_ksl_free(&ksl);
+
+ return 0;
+}