summaryrefslogtreecommitdiffstats
path: root/fuzz/fuzz_target_fdp.cc
blob: f94b96433d25ff788a393d3cd68304e4560dad08 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#include <string>
#include <vector>
#include <fuzzer/FuzzedDataProvider.h>

#include <nghttp2/nghttp2.h>

namespace {
int on_frame_recv_callback(nghttp2_session *session, const nghttp2_frame *frame,
                           void *user_data) {
  return 0;
}
} // namespace

namespace {
int on_begin_headers_callback(nghttp2_session *session,
                              const nghttp2_frame *frame, void *user_data) {
  return 0;
}
} // namespace

namespace {
int on_header_callback2(nghttp2_session *session, const nghttp2_frame *frame,
                        nghttp2_rcbuf *name, nghttp2_rcbuf *value,
                        uint8_t flags, void *user_data) {
  return 0;
}
} // namespace

namespace {
int before_frame_send_callback(nghttp2_session *session,
                               const nghttp2_frame *frame, void *user_data) {
  return 0;
}
} // namespace

namespace {
int on_frame_send_callback(nghttp2_session *session, const nghttp2_frame *frame,
                           void *user_data) {
  return 0;
}
} // namespace

namespace {
void send_pending(nghttp2_session *session) {
  for (;;) {
    const uint8_t *data;
    auto n = nghttp2_session_mem_send(session, &data);
    if (n == 0) {
      return;
    }
  }
}
} // namespace

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  nghttp2_session *session;
  nghttp2_session_callbacks *callbacks;

  nghttp2_session_callbacks_new(&callbacks);
  nghttp2_session_callbacks_set_on_frame_recv_callback(callbacks,
                                                       on_frame_recv_callback);
  nghttp2_session_callbacks_set_on_begin_headers_callback(
      callbacks, on_begin_headers_callback);
  nghttp2_session_callbacks_set_on_header_callback2(callbacks,
                                                    on_header_callback2);
  nghttp2_session_callbacks_set_before_frame_send_callback(
      callbacks, before_frame_send_callback);
  nghttp2_session_callbacks_set_on_frame_send_callback(callbacks,
                                                       on_frame_send_callback);

  nghttp2_session_server_new(&session, callbacks, nullptr);
  nghttp2_session_callbacks_del(callbacks);

  FuzzedDataProvider data_provider(data, size);

  /* Initialise a random iv */
  nghttp2_settings_entry *iv;
  int size_of_iv = data_provider.ConsumeIntegralInRange(1, 10);
  iv = (nghttp2_settings_entry *)malloc(sizeof(nghttp2_settings_entry) *
                                        size_of_iv);
  for (int i = 0; i < size_of_iv; i++) {
    iv[i].settings_id = data_provider.ConsumeIntegralInRange(0, 1000);
    iv[i].value = data_provider.ConsumeIntegralInRange(0, 1000);
  }

  nghttp2_submit_settings(session, NGHTTP2_FLAG_NONE, iv, size_of_iv);
  send_pending(session);

  std::vector<uint8_t> d = data_provider.ConsumeRemainingBytes<uint8_t>();
  nghttp2_session_mem_recv(session, d.data(), d.size());

  send_pending(session);

  nghttp2_session_del(session);

  free(iv);

  return 0;
}