diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-01-20 14:27:33 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-20 14:27:33 +0100 |
| commit | 5e8c1ebbb7f67033916ed4878cd6c2a662073898 (patch) | |
| tree | f538977aa08015bffcf99ec9f6bb505c9143232c /fuzz/fuzz_alg_bins.cpp | |
| parent | 496b284c9888c090696cc8e570d0b20c08dc3d63 (diff) | |
fuzz: fix memory allocation failure logic (#1867)
We *do* want to have some allocation errors.
Fix some related bugs
Fix: 29be01ef
Diffstat (limited to 'fuzz/fuzz_alg_bins.cpp')
| -rw-r--r-- | fuzz/fuzz_alg_bins.cpp | 33 |
1 files changed, 19 insertions, 14 deletions
diff --git a/fuzz/fuzz_alg_bins.cpp b/fuzz/fuzz_alg_bins.cpp index 221a081a3..cce530940 100644 --- a/fuzz/fuzz_alg_bins.cpp +++ b/fuzz/fuzz_alg_bins.cpp @@ -5,25 +5,21 @@ #include <stdio.h> #include "fuzzer/FuzzedDataProvider.h" -struct ndpi_detection_module_struct *ndpi_info_mod = NULL; - extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { FuzzedDataProvider fuzzed_data(data, size); u_int16_t j, i, num_iteration; struct ndpi_bin b, *b_cloned, *bins; - u_int16_t num_bins, num_cluster_ids, num_element; + u_int16_t num_bins, num_cluster_ids, num_element, num_allocated_bins, rc; enum ndpi_bin_family family; u_int16_t *cluster_ids; + char buf[128]; /* Just to have some data */ if(fuzzed_data.remaining_bytes() < 2048) return -1; - /* We don't really need the detection module, but this way we can enable - memory allocation failures */ - if (ndpi_info_mod == NULL) { - fuzz_init_detection_module(&ndpi_info_mod, 0); - } + /* To allow memory allocation failures */ + fuzz_set_alloc_callbacks_and_seed(size); num_bins = fuzzed_data.ConsumeIntegral<u_int16_t>(); family = fuzzed_data.ConsumeEnum<enum ndpi_bin_family>(); @@ -58,6 +54,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_normalize_bin(&b); ndpi_normalize_bin(b_cloned); + ndpi_print_bin(&b, fuzzed_data.ConsumeBool(), buf, sizeof(buf)); + ndpi_free_bin(&b); ndpi_free_bin(b_cloned); ndpi_free(b_cloned); @@ -70,22 +68,29 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { bins = (struct ndpi_bin *)ndpi_malloc(sizeof(struct ndpi_bin) * num_bins); cluster_ids = (u_int16_t *)ndpi_malloc(sizeof(u_int16_t) * num_bins); + num_allocated_bins = 0; if (bins && cluster_ids) { for (i = 0; i < num_bins; i++) { - ndpi_init_bin(&bins[i], ndpi_bin_family64 /* Use 64 bit to avoid overlaps */, - num_element); + rc = ndpi_init_bin(&bins[num_allocated_bins], ndpi_bin_family64 /* Use 64 bit to avoid overlaps */, + num_element); + if (rc != 0) { + continue; + } num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>(); for (j = 0; j < num_iteration; j++) { - ndpi_set_bin(&bins[i], fuzzed_data.ConsumeIntegralInRange(0, num_element + 1), + ndpi_set_bin(&bins[num_allocated_bins], + fuzzed_data.ConsumeIntegralInRange(0, num_element + 1), fuzzed_data.ConsumeIntegral<u_int64_t>()); } + num_allocated_bins++; } - ndpi_cluster_bins(bins, num_bins, num_cluster_ids, cluster_ids, NULL); + ndpi_cluster_bins(bins, num_allocated_bins, num_cluster_ids, cluster_ids, NULL); } ndpi_free(cluster_ids); - for (i = 0; i < num_bins; i++) - ndpi_free_bin(&bins[i]); + if (bins) + for (i = 0; i < num_allocated_bins; i++) + ndpi_free_bin(&bins[i]); ndpi_free(bins); return 0; |