From 17e81f2cd1843f01838245eae7b5ed5edf83d6be Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 28 Apr 2024 09:30:55 +0200 Subject: Adding upstream version 0.12.1+dfsg. Signed-off-by: Daniel Baumann --- fuzz/corpus/decode_frame/ack | Bin 0 -> 41 bytes fuzz/corpus/decode_frame/ack_ecn | Bin 0 -> 48 bytes fuzz/corpus/decode_frame/connection_close | Bin 0 -> 1032 bytes fuzz/corpus/decode_frame/crypto | 1 + fuzz/corpus/decode_frame/data_blocked | 1 + fuzz/corpus/decode_frame/datagram | 1 + fuzz/corpus/decode_frame/datagram_len | 1 + fuzz/corpus/decode_frame/max_data | 1 + fuzz/corpus/decode_frame/max_stream_data | Bin 0 -> 17 bytes fuzz/corpus/decode_frame/max_streams | Bin 0 -> 9 bytes fuzz/corpus/decode_frame/new_connection_id | 1 + fuzz/corpus/decode_frame/new_token | 1 + fuzz/corpus/decode_frame/path_challenge | 1 + fuzz/corpus/decode_frame/path_response | 1 + fuzz/corpus/decode_frame/reset_stream | Bin 0 -> 17 bytes fuzz/corpus/decode_frame/retire_connection_id | 1 + fuzz/corpus/decode_frame/stop_sending | Bin 0 -> 13 bytes fuzz/corpus/decode_frame/stream | Bin 0 -> 25 bytes fuzz/corpus/decode_frame/stream_data_blocked | Bin 0 -> 17 bytes fuzz/corpus/decode_frame/stream_len | Bin 0 -> 35 bytes fuzz/corpus/decode_frame/streams_blocked | Bin 0 -> 9 bytes fuzz/corpus/ksl/random | Bin 0 -> 4096 bytes fuzz/decode_frame.cc | 25 +++++++++ fuzz/ksl.cc | 77 ++++++++++++++++++++++++++ 24 files changed, 112 insertions(+) create mode 100644 fuzz/corpus/decode_frame/ack create mode 100644 fuzz/corpus/decode_frame/ack_ecn create mode 100644 fuzz/corpus/decode_frame/connection_close create mode 100644 fuzz/corpus/decode_frame/crypto create mode 100644 fuzz/corpus/decode_frame/data_blocked create mode 100644 fuzz/corpus/decode_frame/datagram create mode 100644 fuzz/corpus/decode_frame/datagram_len create mode 100644 fuzz/corpus/decode_frame/max_data create mode 100644 fuzz/corpus/decode_frame/max_stream_data create mode 100644 fuzz/corpus/decode_frame/max_streams create mode 100644 fuzz/corpus/decode_frame/new_connection_id create mode 100644 fuzz/corpus/decode_frame/new_token create mode 100644 fuzz/corpus/decode_frame/path_challenge create mode 100644 fuzz/corpus/decode_frame/path_response create mode 100644 fuzz/corpus/decode_frame/reset_stream create mode 100644 fuzz/corpus/decode_frame/retire_connection_id create mode 100644 fuzz/corpus/decode_frame/stop_sending create mode 100644 fuzz/corpus/decode_frame/stream create mode 100644 fuzz/corpus/decode_frame/stream_data_blocked create mode 100644 fuzz/corpus/decode_frame/stream_len create mode 100644 fuzz/corpus/decode_frame/streams_blocked create mode 100644 fuzz/corpus/ksl/random create mode 100644 fuzz/decode_frame.cc create mode 100644 fuzz/ksl.cc (limited to 'fuzz') diff --git a/fuzz/corpus/decode_frame/ack b/fuzz/corpus/decode_frame/ack new file mode 100644 index 0000000..3460d0d Binary files /dev/null and b/fuzz/corpus/decode_frame/ack differ diff --git a/fuzz/corpus/decode_frame/ack_ecn b/fuzz/corpus/decode_frame/ack_ecn new file mode 100644 index 0000000..09b2bf7 Binary files /dev/null and b/fuzz/corpus/decode_frame/ack_ecn differ diff --git a/fuzz/corpus/decode_frame/connection_close b/fuzz/corpus/decode_frame/connection_close new file mode 100644 index 0000000..61409da Binary files /dev/null and b/fuzz/corpus/decode_frame/connection_close differ diff --git a/fuzz/corpus/decode_frame/crypto b/fuzz/corpus/decode_frame/crypto new file mode 100644 index 0000000..8d03ebf --- /dev/null +++ b/fuzz/corpus/decode_frame/crypto @@ -0,0 +1 @@ +ñòóôõö÷ø0123456789abcdef1 \ No newline at end of file diff --git a/fuzz/corpus/decode_frame/data_blocked b/fuzz/corpus/decode_frame/data_blocked new file mode 100644 index 0000000..e195a8c --- /dev/null +++ b/fuzz/corpus/decode_frame/data_blocked @@ -0,0 +1 @@ +ñòóôõö÷ø \ No newline at end of file diff --git a/fuzz/corpus/decode_frame/datagram b/fuzz/corpus/decode_frame/datagram new file mode 100644 index 0000000..72b1e3e --- /dev/null +++ b/fuzz/corpus/decode_frame/datagram @@ -0,0 +1 @@ +00123456789abcdef3 \ No newline at end of file diff --git a/fuzz/corpus/decode_frame/datagram_len b/fuzz/corpus/decode_frame/datagram_len new file mode 100644 index 0000000..07198a7 --- /dev/null +++ b/fuzz/corpus/decode_frame/datagram_len @@ -0,0 +1 @@ +10123456789abcdef3 \ No newline at end of file diff --git a/fuzz/corpus/decode_frame/max_data b/fuzz/corpus/decode_frame/max_data new file mode 100644 index 0000000..9c0d924 --- /dev/null +++ b/fuzz/corpus/decode_frame/max_data @@ -0,0 +1 @@ +ñòóôõö÷ø \ No newline at end of file diff --git a/fuzz/corpus/decode_frame/max_stream_data b/fuzz/corpus/decode_frame/max_stream_data new file mode 100644 index 0000000..3e45818 Binary files /dev/null and b/fuzz/corpus/decode_frame/max_stream_data differ diff --git a/fuzz/corpus/decode_frame/max_streams b/fuzz/corpus/decode_frame/max_streams new file mode 100644 index 0000000..17440a6 Binary files /dev/null and b/fuzz/corpus/decode_frame/max_streams differ diff --git a/fuzz/corpus/decode_frame/new_connection_id b/fuzz/corpus/decode_frame/new_connection_id new file mode 100644 index 0000000..6004466 --- /dev/null +++ b/fuzz/corpus/decode_frame/new_connection_id @@ -0,0 +1 @@ +»šÊ @ÿªªªªªªªªªªªªªªîáááááááááááááááá \ No newline at end of file diff --git a/fuzz/corpus/decode_frame/new_token b/fuzz/corpus/decode_frame/new_token new file mode 100644 index 0000000..8fa359c --- /dev/null +++ b/fuzz/corpus/decode_frame/new_token @@ -0,0 +1 @@ +0123456789abcdef2 \ No newline at end of file diff --git a/fuzz/corpus/decode_frame/path_challenge b/fuzz/corpus/decode_frame/path_challenge new file mode 100644 index 0000000..3e94fb7 --- /dev/null +++ b/fuzz/corpus/decode_frame/path_challenge @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/fuzz/corpus/decode_frame/path_response b/fuzz/corpus/decode_frame/path_response new file mode 100644 index 0000000..e33140e --- /dev/null +++ b/fuzz/corpus/decode_frame/path_response @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/fuzz/corpus/decode_frame/reset_stream b/fuzz/corpus/decode_frame/reset_stream new file mode 100644 index 0000000..baee7ce Binary files /dev/null and b/fuzz/corpus/decode_frame/reset_stream differ diff --git a/fuzz/corpus/decode_frame/retire_connection_id b/fuzz/corpus/decode_frame/retire_connection_id new file mode 100644 index 0000000..15ce00a --- /dev/null +++ b/fuzz/corpus/decode_frame/retire_connection_id @@ -0,0 +1 @@ +»šÊ \ No newline at end of file diff --git a/fuzz/corpus/decode_frame/stop_sending b/fuzz/corpus/decode_frame/stop_sending new file mode 100644 index 0000000..d9abd24 Binary files /dev/null and b/fuzz/corpus/decode_frame/stop_sending differ diff --git a/fuzz/corpus/decode_frame/stream b/fuzz/corpus/decode_frame/stream new file mode 100644 index 0000000..f85b928 Binary files /dev/null and b/fuzz/corpus/decode_frame/stream differ diff --git a/fuzz/corpus/decode_frame/stream_data_blocked b/fuzz/corpus/decode_frame/stream_data_blocked new file mode 100644 index 0000000..8ccc9cc Binary files /dev/null and b/fuzz/corpus/decode_frame/stream_data_blocked differ diff --git a/fuzz/corpus/decode_frame/stream_len b/fuzz/corpus/decode_frame/stream_len new file mode 100644 index 0000000..c0ad3d6 Binary files /dev/null and b/fuzz/corpus/decode_frame/stream_len differ diff --git a/fuzz/corpus/decode_frame/streams_blocked b/fuzz/corpus/decode_frame/streams_blocked new file mode 100644 index 0000000..f6fae51 Binary files /dev/null and b/fuzz/corpus/decode_frame/streams_blocked differ diff --git a/fuzz/corpus/ksl/random b/fuzz/corpus/ksl/random new file mode 100644 index 0000000..b2f626a Binary files /dev/null and b/fuzz/corpus/ksl/random differ diff --git a/fuzz/decode_frame.cc b/fuzz/decode_frame.cc new file mode 100644 index 0000000..13431fd --- /dev/null +++ b/fuzz/decode_frame.cc @@ -0,0 +1,25 @@ +#ifdef __cplusplus +extern "C" { +#endif + +#include "ngtcp2_conn.h" + +#ifdef __cplusplus +} +#endif + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + for (; size;) { + ngtcp2_max_frame mfr{}; + + auto nread = ngtcp2_pkt_decode_frame(&mfr.fr, data, size); + if (nread < 0) { + return 0; + } + + data += nread; + size -= nread; + } + + return 0; +} diff --git a/fuzz/ksl.cc b/fuzz/ksl.cc new file mode 100644 index 0000000..9bbf4c4 --- /dev/null +++ b/fuzz/ksl.cc @@ -0,0 +1,77 @@ +#include + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#include "ngtcp2_ksl.h" + +#ifdef __cplusplus +} +#endif + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + using KeyType = uint16_t; + using DataType = int64_t; + constexpr size_t keylen = sizeof(KeyType); + + auto compar = [](auto *lhs, auto *rhs) -> int { + return *static_cast(lhs) < + *static_cast(rhs); + }; + + ngtcp2_ksl ksl; + + ngtcp2_ksl_init(&ksl, compar, keylen, ngtcp2_mem_default()); + + for (; size >= keylen; ++data, --size) { + KeyType d; + + memcpy(&d, data, keylen); + + for (size_t i = 0; i < 2; ++i) { + auto add = (d & 0x8000) != 0; + auto key = static_cast(d & 0x7fff); + + if (add) { + auto data = std::make_unique(key); + auto rv = ngtcp2_ksl_insert(&ksl, nullptr, &key, data.get()); + if (rv != 0) { + continue; + } + + data.release(); + ngtcp2_ksl_lower_bound(&ksl, &key); + + continue; + } + + auto it = ngtcp2_ksl_lower_bound(&ksl, &key); + if (ngtcp2_ksl_it_end(&it)) { + continue; + } + + if (*static_cast(ngtcp2_ksl_it_key(&it)) != key) { + continue; + } + + delete static_cast(ngtcp2_ksl_it_get(&it)); + + ngtcp2_ksl_remove(&ksl, nullptr, &key); + + d = bswap_16(d); + } + } + + for (auto it = ngtcp2_ksl_begin(&ksl); !ngtcp2_ksl_it_end(&it); + ngtcp2_ksl_it_next(&it)) { + delete static_cast(ngtcp2_ksl_it_get(&it)); + } + + ngtcp2_ksl_free(&ksl); + + return 0; +} -- cgit v1.2.3