From 26cc1f131f2576a49a3b9c43cd4b787b067b3f5a Mon Sep 17 00:00:00 2001 From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> Date: Mon, 17 Jun 2024 13:45:47 +0200 Subject: fuzz: improve fuzzing coverage (#2474) Remove some code never triggered AFP: the removed check is included in the following one MQTT: fix flags extraction --- fuzz/fuzz_serialization.cpp | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) (limited to 'fuzz/fuzz_serialization.cpp') diff --git a/fuzz/fuzz_serialization.cpp b/fuzz/fuzz_serialization.cpp index d097c683c..5b5de9fe0 100644 --- a/fuzz/fuzz_serialization.cpp +++ b/fuzz/fuzz_serialization.cpp @@ -14,7 +14,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { int rc; std::vectord; char kbuf[32]; - u_int32_t buffer_len; + u_int32_t buffer_len, kbuf_len; /* To allow memory allocation failures */ fuzz_set_alloc_callbacks_and_seed(size); @@ -66,19 +66,23 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { ndpi_serialize_string_raw(&serializer, kbuf, d.data(), d.size()); ndpi_serialize_string_boolean(&serializer, kbuf, fuzzed_data.ConsumeIntegral()); - if (fuzzed_data.ConsumeBool()) + if (fuzzed_data.ConsumeBool()) { snprintf(kbuf, sizeof(kbuf), "%d", i); /* To trigger OPTIMIZE_NUMERIC_KEYS */ - ndpi_serialize_binary_uint32(&serializer, kbuf, sizeof(kbuf), fuzzed_data.ConsumeIntegral()); - ndpi_serialize_binary_int32(&serializer, kbuf, sizeof(kbuf), fuzzed_data.ConsumeIntegral()); - ndpi_serialize_binary_uint64(&serializer, kbuf, sizeof(kbuf), fuzzed_data.ConsumeIntegral()); - ndpi_serialize_binary_int64(&serializer, kbuf, sizeof(kbuf), fuzzed_data.ConsumeIntegral()); - ndpi_serialize_binary_float(&serializer, kbuf, sizeof(kbuf), fuzzed_data.ConsumeFloatingPoint(), "%f"); + kbuf_len = strlen(kbuf); + } else { + kbuf_len = sizeof(kbuf); + } + ndpi_serialize_binary_uint32(&serializer, kbuf, kbuf_len, fuzzed_data.ConsumeIntegral()); + ndpi_serialize_binary_int32(&serializer, kbuf, kbuf_len, fuzzed_data.ConsumeIntegral()); + ndpi_serialize_binary_uint64(&serializer, kbuf, kbuf_len, fuzzed_data.ConsumeIntegral()); + ndpi_serialize_binary_int64(&serializer, kbuf, kbuf_len, fuzzed_data.ConsumeIntegral()); + ndpi_serialize_binary_float(&serializer, kbuf, kbuf_len, fuzzed_data.ConsumeFloatingPoint(), "%f"); if (fmt != ndpi_serialization_format_tlv) - ndpi_serialize_binary_double(&serializer, kbuf, sizeof(kbuf), fuzzed_data.ConsumeFloatingPoint(), "%lf"); - ndpi_serialize_binary_boolean(&serializer, kbuf, sizeof(kbuf), fuzzed_data.ConsumeIntegral()); + ndpi_serialize_binary_double(&serializer, kbuf, kbuf_len, fuzzed_data.ConsumeFloatingPoint(), "%lf"); + ndpi_serialize_binary_boolean(&serializer, kbuf, kbuf_len, fuzzed_data.ConsumeIntegral()); d = fuzzed_data.ConsumeBytes(16); if (d.size()) - ndpi_serialize_binary_binary(&serializer, kbuf, sizeof(kbuf), d.data(), d.size()); + ndpi_serialize_binary_binary(&serializer, kbuf, kbuf_len, d.data(), d.size()); if ((i & 0x3) == 0x3) ndpi_serialize_end_of_record(&serializer); -- cgit v1.2.3