diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2023-01-25 11:44:59 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-25 11:44:59 +0100 |
| commit | 9fc724de5a6539b84dfbec5d0d0fff68dc5676de (patch) | |
| tree | d9f72cc9fe448a2ce36bed4aed65a3df93821d43 /fuzz/fuzz_ds_libcache.cpp | |
| parent | 29c5cc39fb7f714897c3d6a3454e696e263fb9bc (diff) | |
Add some fuzzers to test other data structures. (#1870)
Start using a dictionary for fuzzing (see:
https://llvm.org/docs/LibFuzzer.html#dictionaries).
Remove some dead code.
Fuzzing with debug enabled is not usually a great idea (from performance
POV). Keep the code since it might be useful while debugging.
Diffstat (limited to 'fuzz/fuzz_ds_libcache.cpp')
| -rw-r--r-- | fuzz/fuzz_ds_libcache.cpp | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/fuzz/fuzz_ds_libcache.cpp b/fuzz/fuzz_ds_libcache.cpp new file mode 100644 index 000000000..f4b30092f --- /dev/null +++ b/fuzz/fuzz_ds_libcache.cpp @@ -0,0 +1,68 @@ +#include "ndpi_api.h" +#include "../src/lib/third_party/include/libcache.h" +#include "fuzz_common_code.h" + +#include <stdint.h> +#include <stdio.h> +#include <assert.h> +#include "fuzzer/FuzzedDataProvider.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + FuzzedDataProvider fuzzed_data(data, size); + u_int16_t i, rc, num_iteration, data_len, is_added = 0; + std::vector<u_int8_t>value_added; + cache_t c; + + /* Just to have some data */ + if (fuzzed_data.remaining_bytes() < 2048) + return -1; + + /* To allow memory allocation failures */ + fuzz_set_alloc_callbacks_and_seed(size); + + c = cache_new(fuzzed_data.ConsumeIntegral<u_int8_t>()); + + num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>(); + for (i = 0; i < num_iteration; i++) { + + data_len = fuzzed_data.ConsumeIntegralInRange(0, 127); + std::vector<u_int8_t>data = fuzzed_data.ConsumeBytes<u_int8_t>(data_len); + + rc = cache_add(c, data.data(), data.size()); + /* Keep one random entry really added */ + if (rc == CACHE_NO_ERROR && is_added == 0 && fuzzed_data.ConsumeBool()) { + value_added = data; + is_added = 1; + } + } + + /* "Random" search */ + num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>(); + for (i = 0; i < num_iteration; i++) { + data_len = fuzzed_data.ConsumeIntegralInRange(0, 127); + std::vector<u_int8_t>data = fuzzed_data.ConsumeBytes<u_int8_t>(data_len); + + cache_contains(c, data.data(), data.size()); + } + /* Search of an added entry */ + if (is_added) { + cache_contains(c, value_added.data(), value_added.size()); + } + + /* "Random" remove */ + num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>(); + for (i = 0; i < num_iteration; i++) { + data_len = fuzzed_data.ConsumeIntegralInRange(0, 127); + std::vector<u_int8_t>data = fuzzed_data.ConsumeBytes<u_int8_t>(data_len); + + cache_remove(c, data.data(), data.size()); + } + /* Remove of an added entry */ + if (is_added) { + cache_remove(c, value_added.data(), value_added.size()); + } + + cache_free(c); + + return 0; +} |