diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-06-17 13:45:47 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-06-17 13:45:47 +0200 |
| commit | 26cc1f131f2576a49a3b9c43cd4b787b067b3f5a (patch) | |
| tree | 90fc819791daee5fafb3372fa0e2f9b75b4368b5 /fuzz/fuzz_serialization.cpp | |
| parent | a35fae6b75924394ddbf7df4fc5a6eb114cf76d6 (diff) | |
fuzz: improve fuzzing coverage (#2474)
Remove some code never triggered
AFP: the removed check is included in the following one
MQTT: fix flags extraction
Diffstat (limited to 'fuzz/fuzz_serialization.cpp')
| -rw-r--r-- | fuzz/fuzz_serialization.cpp | 24 |
1 files changed, 14 insertions, 10 deletions
diff --git a/fuzz/fuzz_serialization.cpp b/fuzz/fuzz_serialization.cpp index d097c683c..5b5de9fe0 100644 --- a/fuzz/fuzz_serialization.cpp +++ b/fuzz/fuzz_serialization.cpp @@ -14,7 +14,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { int rc; std::vector<char>d; char kbuf[32]; - u_int32_t buffer_len; + u_int32_t buffer_len, kbuf_len; /* To allow memory allocation failures */ fuzz_set_alloc_callbacks_and_seed(size); @@ -66,19 +66,23 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_serialize_string_raw(&serializer, kbuf, d.data(), d.size()); ndpi_serialize_string_boolean(&serializer, kbuf, fuzzed_data.ConsumeIntegral<int8_t>()); - if (fuzzed_data.ConsumeBool()) + if (fuzzed_data.ConsumeBool()) { snprintf(kbuf, sizeof(kbuf), "%d", i); /* To trigger OPTIMIZE_NUMERIC_KEYS */ - ndpi_serialize_binary_uint32(&serializer, kbuf, sizeof(kbuf), fuzzed_data.ConsumeIntegral<u_int32_t>()); - ndpi_serialize_binary_int32(&serializer, kbuf, sizeof(kbuf), fuzzed_data.ConsumeIntegral<int32_t>()); - ndpi_serialize_binary_uint64(&serializer, kbuf, sizeof(kbuf), fuzzed_data.ConsumeIntegral<u_int64_t>()); - ndpi_serialize_binary_int64(&serializer, kbuf, sizeof(kbuf), fuzzed_data.ConsumeIntegral<int64_t>()); - ndpi_serialize_binary_float(&serializer, kbuf, sizeof(kbuf), fuzzed_data.ConsumeFloatingPoint<float>(), "%f"); + kbuf_len = strlen(kbuf); + } else { + kbuf_len = sizeof(kbuf); + } + ndpi_serialize_binary_uint32(&serializer, kbuf, kbuf_len, fuzzed_data.ConsumeIntegral<u_int32_t>()); + ndpi_serialize_binary_int32(&serializer, kbuf, kbuf_len, fuzzed_data.ConsumeIntegral<int32_t>()); + ndpi_serialize_binary_uint64(&serializer, kbuf, kbuf_len, fuzzed_data.ConsumeIntegral<u_int64_t>()); + ndpi_serialize_binary_int64(&serializer, kbuf, kbuf_len, fuzzed_data.ConsumeIntegral<int64_t>()); + ndpi_serialize_binary_float(&serializer, kbuf, kbuf_len, fuzzed_data.ConsumeFloatingPoint<float>(), "%f"); if (fmt != ndpi_serialization_format_tlv) - ndpi_serialize_binary_double(&serializer, kbuf, sizeof(kbuf), fuzzed_data.ConsumeFloatingPoint<double>(), "%lf"); - ndpi_serialize_binary_boolean(&serializer, kbuf, sizeof(kbuf), fuzzed_data.ConsumeIntegral<int8_t>()); + ndpi_serialize_binary_double(&serializer, kbuf, kbuf_len, fuzzed_data.ConsumeFloatingPoint<double>(), "%lf"); + ndpi_serialize_binary_boolean(&serializer, kbuf, kbuf_len, fuzzed_data.ConsumeIntegral<int8_t>()); d = fuzzed_data.ConsumeBytes<char>(16); if (d.size()) - ndpi_serialize_binary_binary(&serializer, kbuf, sizeof(kbuf), d.data(), d.size()); + ndpi_serialize_binary_binary(&serializer, kbuf, kbuf_len, d.data(), d.size()); if ((i & 0x3) == 0x3) ndpi_serialize_end_of_record(&serializer); |