From 9fc724de5a6539b84dfbec5d0d0fff68dc5676de Mon Sep 17 00:00:00 2001 From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> Date: Wed, 25 Jan 2023 11:44:59 +0100 Subject: Add some fuzzers to test other data structures. (#1870) Start using a dictionary for fuzzing (see: https://llvm.org/docs/LibFuzzer.html#dictionaries). Remove some dead code. Fuzzing with debug enabled is not usually a great idea (from performance POV). Keep the code since it might be useful while debugging. --- fuzz/fuzz_ds_libcache.cpp | 68 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 fuzz/fuzz_ds_libcache.cpp (limited to 'fuzz/fuzz_ds_libcache.cpp') diff --git a/fuzz/fuzz_ds_libcache.cpp b/fuzz/fuzz_ds_libcache.cpp new file mode 100644 index 000000000..f4b30092f --- /dev/null +++ b/fuzz/fuzz_ds_libcache.cpp @@ -0,0 +1,68 @@ +#include "ndpi_api.h" +#include "../src/lib/third_party/include/libcache.h" +#include "fuzz_common_code.h" + +#include +#include +#include +#include "fuzzer/FuzzedDataProvider.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + FuzzedDataProvider fuzzed_data(data, size); + u_int16_t i, rc, num_iteration, data_len, is_added = 0; + std::vectorvalue_added; + cache_t c; + + /* Just to have some data */ + if (fuzzed_data.remaining_bytes() < 2048) + return -1; + + /* To allow memory allocation failures */ + fuzz_set_alloc_callbacks_and_seed(size); + + c = cache_new(fuzzed_data.ConsumeIntegral()); + + num_iteration = fuzzed_data.ConsumeIntegral(); + for (i = 0; i < num_iteration; i++) { + + data_len = fuzzed_data.ConsumeIntegralInRange(0, 127); + std::vectordata = fuzzed_data.ConsumeBytes(data_len); + + rc = cache_add(c, data.data(), data.size()); + /* Keep one random entry really added */ + if (rc == CACHE_NO_ERROR && is_added == 0 && fuzzed_data.ConsumeBool()) { + value_added = data; + is_added = 1; + } + } + + /* "Random" search */ + num_iteration = fuzzed_data.ConsumeIntegral(); + for (i = 0; i < num_iteration; i++) { + data_len = fuzzed_data.ConsumeIntegralInRange(0, 127); + std::vectordata = fuzzed_data.ConsumeBytes(data_len); + + cache_contains(c, data.data(), data.size()); + } + /* Search of an added entry */ + if (is_added) { + cache_contains(c, value_added.data(), value_added.size()); + } + + /* "Random" remove */ + num_iteration = fuzzed_data.ConsumeIntegral(); + for (i = 0; i < num_iteration; i++) { + data_len = fuzzed_data.ConsumeIntegralInRange(0, 127); + std::vectordata = fuzzed_data.ConsumeBytes(data_len); + + cache_remove(c, data.data(), data.size()); + } + /* Remove of an added entry */ + if (is_added) { + cache_remove(c, value_added.data(), value_added.size()); + } + + cache_free(c); + + return 0; +} -- cgit v1.2.3