diff options
| author | Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> | 2024-01-29 10:53:28 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-01-29 10:53:28 +0100 |
| commit | 92c2ac5a0f14e4dc02de4c375d6e96aa3034b234 (patch) | |
| tree | f713b674eb31b95c352efd28baacc5e085c1f740 /fuzz | |
| parent | fb095a339db96151bd69e1b6c221906a856f4d7c (diff) | |
fuzz: fuzz_config: try restoring good coverage (#2291)
Last changes reduce fuzzing coverage of this fuzzer :(
Diffstat (limited to 'fuzz')
| -rw-r--r-- | fuzz/fuzz_config.cpp | 43 |
1 files changed, 22 insertions, 21 deletions
diff --git a/fuzz/fuzz_config.cpp b/fuzz/fuzz_config.cpp index f906dab02..6f8ea2b9f 100644 --- a/fuzz/fuzz_config.cpp +++ b/fuzz/fuzz_config.cpp @@ -41,10 +41,13 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { set_ndpi_debug_function(ndpi_info_mod, NULL); - NDPI_BITMASK_RESET(enabled_bitmask); - for(i = 0; i < NDPI_MAX_SUPPORTED_PROTOCOLS + NDPI_MAX_NUM_CUSTOM_PROTOCOLS ; i++) { - if(fuzzed_data.ConsumeBool()) - NDPI_BITMASK_ADD(enabled_bitmask, i); + NDPI_BITMASK_SET_ALL(enabled_bitmask); + if(fuzzed_data.ConsumeBool()) { + NDPI_BITMASK_RESET(enabled_bitmask); + for(i = 0; i < NDPI_MAX_SUPPORTED_PROTOCOLS; i++) { + if(fuzzed_data.ConsumeBool()) + NDPI_BITMASK_ADD(enabled_bitmask, i); + } } if(ndpi_set_protocol_detection_bitmask2(ndpi_info_mod, &enabled_bitmask) == -1) { ndpi_exit_detection_module(ndpi_info_mod); @@ -170,15 +173,14 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_config(ndpi_info_mod, "any", "log", cfg_value); ndpi_get_config(ndpi_info_mod, "any", "log", cfg_value, sizeof(cfg_value)); } - for(i = 0; i < NDPI_MAX_SUPPORTED_PROTOCOLS; i++) { - if(fuzzed_data.ConsumeBool()) { - value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); - sprintf(cfg_value, "%d", value); - sprintf(cfg_proto, "%d", i); - /* TODO: we should try to map integer into name */ - ndpi_set_config(ndpi_info_mod, cfg_proto, "log", cfg_value); - ndpi_get_config(ndpi_info_mod, cfg_proto, "log", cfg_value, sizeof(cfg_value)); - } + if(fuzzed_data.ConsumeBool()) { + pid = fuzzed_data.ConsumeIntegralInRange<u_int16_t>(0, NDPI_MAX_SUPPORTED_PROTOCOLS + 1); /* + 1 to trigger invalid pid */ + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_value, "%d", value); + sprintf(cfg_proto, "%d", pid); + /* TODO: we should try to map integer into name */ + ndpi_set_config(ndpi_info_mod, cfg_proto, "log", cfg_value); + ndpi_get_config(ndpi_info_mod, cfg_proto, "log", cfg_value, sizeof(cfg_value)); } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); @@ -186,14 +188,13 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_set_config(ndpi_info_mod, "any", "ip_list.load", cfg_value); ndpi_get_config(ndpi_info_mod, "any", "ip_list.load", cfg_value, sizeof(cfg_value)); } - for(i = 0; i < NDPI_MAX_SUPPORTED_PROTOCOLS; i++) { - if(fuzzed_data.ConsumeBool()) { - value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); - sprintf(cfg_value, "%d", value); - sprintf(cfg_proto, "%d", i); - ndpi_set_config(ndpi_info_mod, cfg_proto, "ip_list.load", cfg_value); - ndpi_get_config(ndpi_info_mod, cfg_proto, "ip_list.load", cfg_value, sizeof(cfg_value)); - } + if(fuzzed_data.ConsumeBool()) { + pid = fuzzed_data.ConsumeIntegralInRange<u_int16_t>(0, NDPI_MAX_SUPPORTED_PROTOCOLS + 1); /* + 1 to trigger invalid pid */ + value = fuzzed_data.ConsumeIntegralInRange(0, 1 + 1); + sprintf(cfg_value, "%d", value); + sprintf(cfg_proto, "%d", pid); + ndpi_set_config(ndpi_info_mod, cfg_proto, "ip_list.load", cfg_value); + ndpi_get_config(ndpi_info_mod, cfg_proto, "ip_list.load", cfg_value, sizeof(cfg_value)); } if(fuzzed_data.ConsumeBool()) { value = fuzzed_data.ConsumeIntegralInRange(0, 255 + 1); |