From 560280e6f082d22e6a9de8e537b7876bacf8d072 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Fri, 23 Dec 2022 19:07:13 +0100
Subject: fuzz: add fuzzer testing nDPI (initial) configurations (#1830)

The goal of this fuzzer is to test init and deinit of the library, with
different configurations. In details:
* random memory allocation failures, even during init phase
* random `ndpi_init_prefs` parameter of `ndpi_init_detection_module()`
* random LRU caches sizes
* random bitmask of enabled protocols
* random parameters of `ndpi_set_detection_preferences()`
* random initialization of opportunistic TLS
* random load/don't load of configuration files

This new fuzzer is a C++ file, because it uses `FuzzedDataProvider`
class (see
https://github.com/google/fuzzing/blob/master/docs/split-inputs.md).
Note that the (existing) fuzzers need to be linked with C++ compiler
anyway, so this new fuzzer doesn't add any new requirements.
---
 fuzz/fuzz_common_code.c | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

(limited to 'fuzz/fuzz_common_code.c')

diff --git a/fuzz/fuzz_common_code.c b/fuzz/fuzz_common_code.c
index 5ad2a5899..bd5ef20a4 100644
--- a/fuzz/fuzz_common_code.c
+++ b/fuzz/fuzz_common_code.c
@@ -1,6 +1,32 @@
 
 #include "fuzz_common_code.h"
 
+
+#ifdef ENABLE_MEM_ALLOC_FAILURES
+
+static int mem_alloc_state = 0;
+
+__attribute__((no_sanitize("integer")))
+static int fastrand ()
+{
+  if(!mem_alloc_state) return 1; /* No failures */
+  mem_alloc_state = (214013 * mem_alloc_state + 2531011);
+  return (mem_alloc_state >> 16) & 0x7FFF;
+}
+
+void *malloc_wrapper(size_t size) {
+  return (fastrand () % 16) ? malloc (size) : NULL;
+}
+void free_wrapper(void *freeable) {
+  free(freeable);
+}
+
+void set_mem_alloc_state(int value) {
+  mem_alloc_state = value;
+}
+
+#endif
+
 void fuzz_init_detection_module(struct ndpi_detection_module_struct **ndpi_info_mod,
 				int enable_log)
 {
@@ -8,6 +34,10 @@ void fuzz_init_detection_module(struct ndpi_detection_module_struct **ndpi_info_
   NDPI_PROTOCOL_BITMASK all, debug_bitmask;
 
   if(*ndpi_info_mod == NULL) {
+#ifdef ENABLE_MEM_ALLOC_FAILURES
+    set_ndpi_malloc(malloc_wrapper);
+    set_ndpi_free(free_wrapper);
+#endif
     *ndpi_info_mod = ndpi_init_detection_module(prefs);
     NDPI_BITMASK_SET_ALL(all);
     ndpi_set_protocol_detection_bitmask2(*ndpi_info_mod, &all);
-- 
cgit v1.2.3