/work/toxcore/DHT_fuzz_test.cc

Source
#include "DHT.h"

#include <cassert>
#include <cstdlib>
#include <cstring>
#include <vector>

#include "../testing/fuzzing/fuzz_support.h"

namespace {

void TestHandleRequest(Fuzz_Data &input)
{
    CONSUME_OR_RETURN(const uint8_t *self_public_key, input, CRYPTO_PUBLIC_KEY_SIZE);
    CONSUME_OR_RETURN(const uint8_t *self_secret_key, input, CRYPTO_SECRET_KEY_SIZE);

    uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE];
    uint8_t request[MAX_CRYPTO_REQUEST_SIZE];
    uint8_t request_id;
    handle_request(self_public_key, self_secret_key, public_key, request, &request_id, input.data(),
        input.size());
}

void TestUnpackNodes(Fuzz_Data &input)
{
    CONSUME1_OR_RETURN(const bool, tcp_enabled, input);

    const uint16_t node_count = 5;
    Node_format nodes[node_count];
    uint16_t processed_data_len;
    const int packed_count = unpack_nodes(
        nodes, node_count, &processed_data_len, input.data(), input.size(), tcp_enabled);
    if (packed_count > 0) {
        Logger *logger = logger_new();
        std::vector<uint8_t> packed(packed_count * PACKED_NODE_SIZE_IP6);
        const int packed_size
            = pack_nodes(logger, packed.data(), packed.size(), nodes, packed_count);
        LOGGER_ASSERT(logger, packed_size == processed_data_len,
            "packed size (%d) != unpacked size (%d)", packed_size, processed_data_len);
        logger_kill(logger);

        // Check that packed nodes can be unpacked again and result in the
        // original unpacked nodes.
        Node_format nodes2[node_count];
        uint16_t processed_data_len2;
        const int packed_count2 = unpack_nodes(
            nodes2, node_count, &processed_data_len2, packed.data(), packed.size(), tcp_enabled);
        (void)packed_count2;
#if 0
        assert(processed_data_len2 == processed_data_len);
        assert(packed_count2 == packed_count);
#endif
        assert(memcmp(nodes, nodes2, sizeof(Node_format) * packed_count) == 0);
    }
}

}  // namespace

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
    fuzz_select_target<TestHandleRequest, TestUnpackNodes>(data, size);
    return 0;
}

Line	Count	Source
1		#include "DHT.h"
2
3		#include <cassert>
4		#include <cstdlib>
5		#include <cstring>
6		#include <vector>
7
8		#include "../testing/fuzzing/fuzz_support.h"
9
10		namespace {
11
12		void TestHandleRequest(Fuzz_Data &input)
13	6	{
14	6	CONSUME_OR_RETURN(const uint8_t *self_public_key, input, CRYPTO_PUBLIC_KEY_SIZE);
15	5	CONSUME_OR_RETURN(const uint8_t *self_secret_key, input, CRYPTO_SECRET_KEY_SIZE);
16
17	4	uint8_t public_key[CRYPTO_PUBLIC_KEY_SIZE];
18	4	uint8_t request[MAX_CRYPTO_REQUEST_SIZE];
19	4	uint8_t request_id;
20	4	handle_request(self_public_key, self_secret_key, public_key, request, &request_id, input.data(),
21	4	input.size());
22	4	}
23
24		void TestUnpackNodes(Fuzz_Data &input)
25	34	{
26	34	CONSUME1_OR_RETURN(const bool, tcp_enabled, input);
27
28	33	const uint16_t node_count = 5;
29	33	Node_format nodes[node_count];
30	33	uint16_t processed_data_len;
31	33	const int packed_count = unpack_nodes(
32	33	nodes, node_count, &processed_data_len, input.data(), input.size(), tcp_enabled);
33	33	if (packed_count > 0) {
34	14	Logger *logger = logger_new();
35	14	std::vector<uint8_t> packed(packed_count * PACKED_NODE_SIZE_IP6);
36	14	const int packed_size
37	14	= pack_nodes(logger, packed.data(), packed.size(), nodes, packed_count);
38	14	LOGGER_ASSERT(logger, packed_size == processed_data_len,
39	14	"packed size (%d) != unpacked size (%d)", packed_size, processed_data_len);
40	14	logger_kill(logger);
41
42		// Check that packed nodes can be unpacked again and result in the
43		// original unpacked nodes.
44	14	Node_format nodes2[node_count];
45	14	uint16_t processed_data_len2;
46	14	const int packed_count2 = unpack_nodes(
47	14	nodes2, node_count, &processed_data_len2, packed.data(), packed.size(), tcp_enabled);
48	14	(void)packed_count2;
49		#if 0
50		assert(processed_data_len2 == processed_data_len);
51		assert(packed_count2 == packed_count);
52		#endif
53	14	assert(memcmp(nodes, nodes2, sizeof(Node_format) * packed_count) == 0);
54	14	}
55	33	}
56
57		} // namespace
58
59		extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
60		extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
61	2.99k	{
62	2.99k	fuzz_select_target<TestHandleRequest, TestUnpackNodes>(data, size);
63	2.99k	return 0;
64	2.99k	}

Coverage Report

Created: 2024-01-26 01:52