diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2022-12-06 17:41:58 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-12-06 17:41:58 +0100 |
| commit | ada4fe4aa8f88300cfc0dbe6ee965975274b1c40 (patch) | |
| tree | 08010d2055d0159330ded8e5c15113deb0c41c3b /example/reader_util.c | |
| parent | 946c3dba0f6c393c2e41b98103cec3e7308fbf2c (diff) | |
fuzz: add a new fuzzer testing memory allocation failures (#1818)
Try to fuzz error paths triggered by allocation errors.
Fix some errors already found by this new fuzzer.
Basic idea taken from: https://github.com/harfbuzz/harfbuzz/pull/2566/files
`FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION` is a standard define used to
(not)compile specific code in fuzzing builds.
See: https://llvm.org/docs/LibFuzzer.html
Diffstat (limited to 'example/reader_util.c')
| -rw-r--r-- | example/reader_util.c | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/example/reader_util.c b/example/reader_util.c index f3d7f73ff..276215eff 100644 --- a/example/reader_util.c +++ b/example/reader_util.c @@ -858,7 +858,10 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow struct ndpi_flow_info *newflow = (struct ndpi_flow_info*)ndpi_malloc(sizeof(struct ndpi_flow_info)); if(newflow == NULL) { +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + /* Avoid too much logging while fuzzing */ LOG(NDPI_LOG_ERROR, "[NDPI] %s(1): not enough memory\n", __FUNCTION__); +#endif return(NULL); } else workflow->num_allocated_flows++; @@ -899,12 +902,11 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow } if((newflow->ndpi_flow = ndpi_flow_malloc(SIZEOF_FLOW_STRUCT)) == NULL) { +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + /* Avoid too much logging while fuzzing */ LOG(NDPI_LOG_ERROR, "[NDPI] %s(2): not enough memory\n", __FUNCTION__); -#ifdef DIRECTION_BINS - ndpi_free_bin(&newflow->payload_len_bin_src2dst), ndpi_free_bin(&newflow->payload_len_bin_dst2src); -#else - ndpi_free_bin(&newflow->payload_len_bin); #endif + ndpi_flow_info_free_data(newflow); ndpi_free(newflow); return(NULL); } else @@ -916,11 +918,17 @@ static struct ndpi_flow_info *get_ndpi_flow_info(struct ndpi_workflow * workflow workflow->ndpi_serialization_format) != 0) { LOG(NDPI_LOG_ERROR, "ndpi serializer init failed\n"); - exit(-1); + ndpi_flow_info_free_data(newflow); + ndpi_free(newflow); + return(NULL); } } - ndpi_tsearch(newflow, &workflow->ndpi_flows_root[idx], ndpi_workflow_node_cmp); /* Add */ + if(ndpi_tsearch(newflow, &workflow->ndpi_flows_root[idx], ndpi_workflow_node_cmp) == NULL) { /* Add */ + ndpi_flow_info_free_data(newflow); + ndpi_free(newflow); + return(NULL); + } workflow->stats.ndpi_flow_count++; if(*proto == IPPROTO_TCP) workflow->stats.flow_count[0]++; @@ -1099,13 +1107,15 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl if(flow->ndpi_flow->protos.bittorrent.hash[0] != '\0') { flow->bittorent_hash = ndpi_malloc(sizeof(flow->ndpi_flow->protos.bittorrent.hash) * 2 + 1); - for(i=0, j = 0; i < sizeof(flow->ndpi_flow->protos.bittorrent.hash); i++) { - sprintf(&flow->bittorent_hash[j], "%02x", - flow->ndpi_flow->protos.bittorrent.hash[i]); + if(flow->bittorent_hash) { + for(i=0, j = 0; i < sizeof(flow->ndpi_flow->protos.bittorrent.hash); i++) { + sprintf(&flow->bittorent_hash[j], "%02x", + flow->ndpi_flow->protos.bittorrent.hash[i]); - j += 2; + j += 2; + } + flow->bittorent_hash[j] = '\0'; } - flow->bittorent_hash[j] = '\0'; } } /* TIVOCONNECT */ |