From 812f931d5f082f1dd58d4ced54ac088dd5da40cf Mon Sep 17 00:00:00 2001 From: iphydf Date: Fri, 12 Jan 2024 14:52:02 +0000 Subject: [PATCH] fix: Make sure there's enough space for CONSUME1 in fuzzers. --- testing/fuzzing/bootstrap_harness.cc | 4 ++-- testing/fuzzing/fuzz_support.cc | 2 +- testing/fuzzing/fuzz_support.h | 24 ++++++++++++------------ toxcore/DHT_fuzz_test.cc | 2 +- toxcore/forwarding_fuzz_test.cc | 4 ++-- toxcore/group_announce_fuzz_test.cc | 14 +++++++------- toxcore/group_moderation_fuzz_test.cc | 2 +- 7 files changed, 26 insertions(+), 26 deletions(-) diff --git a/testing/fuzzing/bootstrap_harness.cc b/testing/fuzzing/bootstrap_harness.cc index 2e9639e2..9c178f21 100644 --- a/testing/fuzzing/bootstrap_harness.cc +++ b/testing/fuzzing/bootstrap_harness.cc @@ -126,7 +126,7 @@ void TestBootstrap(Fuzz_Data &input) } }); - CONSUME1_OR_RETURN(const uint8_t proxy_type, input); + CONSUME1_OR_RETURN(const uint8_t, proxy_type, input); if (proxy_type == 0) { tox_options_set_proxy_type(opts.get(), TOX_PROXY_TYPE_NONE); } else if (proxy_type == 1) { @@ -139,7 +139,7 @@ void TestBootstrap(Fuzz_Data &input) tox_options_set_proxy_port(opts.get(), 8080); } - CONSUME1_OR_RETURN(const uint8_t tcp_relay_enabled, input); + CONSUME1_OR_RETURN(const uint8_t, tcp_relay_enabled, input); if (tcp_relay_enabled >= (UINT8_MAX / 2)) { tox_options_set_tcp_port(opts.get(), 33445); } diff --git a/testing/fuzzing/fuzz_support.cc b/testing/fuzzing/fuzz_support.cc index aaf6b18a..59b027c7 100644 --- a/testing/fuzzing/fuzz_support.cc +++ b/testing/fuzzing/fuzz_support.cc @@ -77,7 +77,7 @@ static int recv_common(Fuzz_Data &input, uint8_t *buf, size_t buf_len) template static void *alloc_common(Fuzz_Data &data, F func) { - CONSUME1_OR_RETURN_VAL(const uint8_t want_alloc, data, func()); + CONSUME1_OR_RETURN_VAL(const uint8_t, want_alloc, data, func()); if (!want_alloc) { return nullptr; } diff --git a/testing/fuzzing/fuzz_support.h b/testing/fuzzing/fuzz_support.h index b08c9ead..1735d6b1 100644 --- a/testing/fuzzing/fuzz_support.h +++ b/testing/fuzzing/fuzz_support.h @@ -60,14 +60,14 @@ struct Fuzz_Data { * * @example * @code - * CONSUME1_OR_RETURN(const uint8_t one_byte, input); + * CONSUME1_OR_RETURN(const uint8_t, one_byte, input); * @endcode */ -#define CONSUME1_OR_RETURN(DECL, INPUT) \ - if (INPUT.size < 1) { \ - return; \ - } \ - DECL = INPUT.consume1() +#define CONSUME1_OR_RETURN(TYPE, NAME, INPUT) \ + if (INPUT.size < sizeof(TYPE)) { \ + return; \ + } \ + TYPE NAME = INPUT.consume1() /** @brief Consumes 1 byte of the fuzzer input or returns a value if no data * available. @@ -80,11 +80,11 @@ struct Fuzz_Data { * CONSUME1_OR_RETURN_VAL(const uint8_t one_byte, input, nullptr); * @endcode */ -#define CONSUME1_OR_RETURN_VAL(DECL, INPUT, VAL) \ - if (INPUT.size < 1) { \ - return VAL; \ - } \ - DECL = INPUT.consume1() +#define CONSUME1_OR_RETURN_VAL(TYPE, NAME, INPUT, VAL) \ + if (INPUT.size < sizeof(TYPE)) { \ + return VAL; \ + } \ + TYPE NAME = INPUT.consume1() /** @brief Consumes SIZE bytes of the fuzzer input or returns if not enough data available. * @@ -129,7 +129,7 @@ void fuzz_select_target(const uint8_t *data, std::size_t size, Args &&...args) { Fuzz_Data input{data, size}; - CONSUME1_OR_RETURN(uint8_t selector, input); + CONSUME1_OR_RETURN(const uint8_t, selector, input); return fuzz_select_target(selector, input, std::forward(args)...); } diff --git a/toxcore/DHT_fuzz_test.cc b/toxcore/DHT_fuzz_test.cc index a978fddd..7a9c7191 100644 --- a/toxcore/DHT_fuzz_test.cc +++ b/toxcore/DHT_fuzz_test.cc @@ -23,7 +23,7 @@ void TestHandleRequest(Fuzz_Data &input) void TestUnpackNodes(Fuzz_Data &input) { - CONSUME1_OR_RETURN(const bool tcp_enabled, input); + CONSUME1_OR_RETURN(const bool, tcp_enabled, input); const uint16_t node_count = 5; Node_format nodes[node_count]; diff --git a/toxcore/forwarding_fuzz_test.cc b/toxcore/forwarding_fuzz_test.cc index 03fed474..c4fc8a2f 100644 --- a/toxcore/forwarding_fuzz_test.cc +++ b/toxcore/forwarding_fuzz_test.cc @@ -33,7 +33,7 @@ std::optional> prepare(Fuz void TestSendForwardRequest(Fuzz_Data &input) { - CONSUME1_OR_RETURN(const uint16_t chain_length, input); + CONSUME1_OR_RETURN(const uint16_t, chain_length, input); const uint16_t chain_keys_size = chain_length * CRYPTO_PUBLIC_KEY_SIZE; CONSUME_OR_RETURN(const uint8_t *chain_keys, input, chain_keys_size); @@ -60,7 +60,7 @@ void TestSendForwardRequest(Fuzz_Data &input) void TestForwardReply(Fuzz_Data &input) { - CONSUME1_OR_RETURN(const uint16_t sendback_length, input); + CONSUME1_OR_RETURN(const uint16_t, sendback_length, input); CONSUME_OR_RETURN(const uint8_t *sendback, input, sendback_length); auto prep = prepare(input); diff --git a/toxcore/group_announce_fuzz_test.cc b/toxcore/group_announce_fuzz_test.cc index dab7c144..be9d06ec 100644 --- a/toxcore/group_announce_fuzz_test.cc +++ b/toxcore/group_announce_fuzz_test.cc @@ -11,12 +11,12 @@ namespace { void TestUnpackAnnouncesList(Fuzz_Data &input) { - CONSUME1_OR_RETURN(const uint8_t max_count, input); + CONSUME1_OR_RETURN(const uint8_t, max_count, input); // Always allocate at least something to avoid passing nullptr to functions below. std::vector announces(max_count + 1); // TODO(iphydf): How do we know the packed size? - CONSUME1_OR_RETURN(const uint16_t packed_size, input); + CONSUME1_OR_RETURN(const uint16_t, packed_size, input); Logger *logger = logger_new(); if (gca_unpack_announces_list(logger, input.data, input.size, announces.data(), max_count) @@ -35,7 +35,7 @@ void TestUnpackPublicAnnounce(Fuzz_Data &input) GC_Public_Announce public_announce; // TODO(iphydf): How do we know the packed size? - CONSUME1_OR_RETURN(const uint16_t packed_size, input); + CONSUME1_OR_RETURN(const uint16_t, packed_size, input); Logger *logger = logger_new(); if (gca_unpack_public_announce(logger, input.data, input.size, &public_announce) != -1) { @@ -61,11 +61,11 @@ void TestDoGca(Fuzz_Data &input) assert(gca != nullptr); while (input.size > 0) { - CONSUME1_OR_RETURN(const uint8_t choice, input); + CONSUME1_OR_RETURN(const uint8_t, choice, input); switch (choice) { case 0: { // Add an announce. - CONSUME1_OR_RETURN(const uint16_t length, input); + CONSUME1_OR_RETURN(const uint16_t, length, input); CONSUME_OR_RETURN(const uint8_t *data, input, length); GC_Public_Announce public_announce; if (gca_unpack_public_announce(logger.get(), data, length, &public_announce) != -1) { @@ -75,7 +75,7 @@ void TestDoGca(Fuzz_Data &input) } case 1: { // Advance the time by a number of tox_iteration_intervals. - CONSUME1_OR_RETURN(const uint8_t iterations, input); + CONSUME1_OR_RETURN(const uint8_t, iterations, input); clock += iterations * 20; // Do an iteration. do_gca(mono_time.get(), gca.get()); @@ -83,7 +83,7 @@ void TestDoGca(Fuzz_Data &input) } case 2: { // Get announces. - CONSUME1_OR_RETURN(const uint8_t max_nodes, input); + CONSUME1_OR_RETURN(const uint8_t, max_nodes, input); std::vector gc_announces(max_nodes); CONSUME_OR_RETURN(const uint8_t *chat_id, input, CHAT_ID_SIZE); CONSUME_OR_RETURN(const uint8_t *except_public_key, input, ENC_PUBLIC_KEY_SIZE); diff --git a/toxcore/group_moderation_fuzz_test.cc b/toxcore/group_moderation_fuzz_test.cc index c5f46f34..6adfd9ab 100644 --- a/toxcore/group_moderation_fuzz_test.cc +++ b/toxcore/group_moderation_fuzz_test.cc @@ -6,7 +6,7 @@ namespace { void TestModListUnpack(Fuzz_Data &input) { - CONSUME1_OR_RETURN(const uint16_t num_mods, input); + CONSUME1_OR_RETURN(const uint16_t, num_mods, input); Moderation mods{system_memory()}; mod_list_unpack(&mods, input.data, input.size, num_mods); mod_list_cleanup(&mods);