StarMirror/toxcore
1
0
Fork 0
mirror of https://github.com/irungentoo/toxcore.git synced 2024-03-22 13:30:51 +08:00
Code Issues Projects Releases Wiki Activity

fix: Make sure there's enough space for CONSUME1 in fuzzers.

Browse Source
This commit is contained in:
iphydf 2024-01-12 14:52:02 +00:00
parent 50f1b30fa9
commit 812f931d5f
No known key found for this signature in database
GPG Key ID: 3855DBA2D74403C9
7 changed files with 26 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
testing/fuzzing/bootstrap_harness.cc
View File

@ -126,7 +126,7 @@ void TestBootstrap(Fuzz_Data &input)
} }
}); });
CONSUME1_OR_RETURN(const uint8_t proxy_type, input); CONSUME1_OR_RETURN(const uint8_t, proxy_type, input);
if (proxy_type == 0) { if (proxy_type == 0) {
tox_options_set_proxy_type(opts.get(), TOX_PROXY_TYPE_NONE); tox_options_set_proxy_type(opts.get(), TOX_PROXY_TYPE_NONE);
} else if (proxy_type == 1) { } else if (proxy_type == 1) {
@ -139,7 +139,7 @@ void TestBootstrap(Fuzz_Data &input)
tox_options_set_proxy_port(opts.get(), 8080); tox_options_set_proxy_port(opts.get(), 8080);
} }
CONSUME1_OR_RETURN(const uint8_t tcp_relay_enabled, input); CONSUME1_OR_RETURN(const uint8_t, tcp_relay_enabled, input);
if (tcp_relay_enabled >= (UINT8_MAX / 2)) { if (tcp_relay_enabled >= (UINT8_MAX / 2)) {
tox_options_set_tcp_port(opts.get(), 33445); tox_options_set_tcp_port(opts.get(), 33445);
} }

2
testing/fuzzing/fuzz_support.cc
View File

@ -77,7 +77,7 @@ static int recv_common(Fuzz_Data &input, uint8_t *buf, size_t buf_len)
template <typename F> template <typename F>
static void *alloc_common(Fuzz_Data &data, F func) static void *alloc_common(Fuzz_Data &data, F func)
{ {
CONSUME1_OR_RETURN_VAL(const uint8_t want_alloc, data, func()); CONSUME1_OR_RETURN_VAL(const uint8_t, want_alloc, data, func());
if (!want_alloc) { if (!want_alloc) {
return nullptr; return nullptr;
} }

24
testing/fuzzing/fuzz_support.h
View File

@ -60,14 +60,14 @@ struct Fuzz_Data {
* *
* @example * @example
* @code * @code
* CONSUME1_OR_RETURN(const uint8_t one_byte, input); * CONSUME1_OR_RETURN(const uint8_t, one_byte, input);
* @endcode * @endcode
*/ */
#define CONSUME1_OR_RETURN(DECL, INPUT) \ #define CONSUME1_OR_RETURN(TYPE, NAME, INPUT) \
if (INPUT.size < 1) { \ if (INPUT.size < sizeof(TYPE)) { \
return; \ return; \
} \ } \
DECL = INPUT.consume1() TYPE NAME = INPUT.consume1()
/** @brief Consumes 1 byte of the fuzzer input or returns a value if no data /** @brief Consumes 1 byte of the fuzzer input or returns a value if no data
* available. * available.
@ -80,11 +80,11 @@ struct Fuzz_Data {
* CONSUME1_OR_RETURN_VAL(const uint8_t one_byte, input, nullptr); * CONSUME1_OR_RETURN_VAL(const uint8_t one_byte, input, nullptr);
* @endcode * @endcode
*/ */
#define CONSUME1_OR_RETURN_VAL(DECL, INPUT, VAL) \ #define CONSUME1_OR_RETURN_VAL(TYPE, NAME, INPUT, VAL) \
if (INPUT.size < 1) { \ if (INPUT.size < sizeof(TYPE)) { \
return VAL; \ return VAL; \
} \ } \
DECL = INPUT.consume1() TYPE NAME = INPUT.consume1()
/** @brief Consumes SIZE bytes of the fuzzer input or returns if not enough data available. /** @brief Consumes SIZE bytes of the fuzzer input or returns if not enough data available.
* *
@ -129,7 +129,7 @@ void fuzz_select_target(const uint8_t *data, std::size_t size, Args &&...args)
{ {
Fuzz_Data input{data, size}; Fuzz_Data input{data, size};
CONSUME1_OR_RETURN(uint8_t selector, input); CONSUME1_OR_RETURN(const uint8_t, selector, input);
return fuzz_select_target(selector, input, std::forward<Args>(args)...); return fuzz_select_target(selector, input, std::forward<Args>(args)...);
} }

2
toxcore/DHT_fuzz_test.cc
View File

@ -23,7 +23,7 @@ void TestHandleRequest(Fuzz_Data &input)
void TestUnpackNodes(Fuzz_Data &input) void TestUnpackNodes(Fuzz_Data &input)
{ {
CONSUME1_OR_RETURN(const bool tcp_enabled, input); CONSUME1_OR_RETURN(const bool, tcp_enabled, input);
const uint16_t node_count = 5; const uint16_t node_count = 5;
Node_format nodes[node_count]; Node_format nodes[node_count];

4
toxcore/forwarding_fuzz_test.cc
View File

@ -33,7 +33,7 @@ std::optional<std::tuple<IP_Port, IP_Port, const uint8_t *, size_t>> prepare(Fuz
void TestSendForwardRequest(Fuzz_Data &input) void TestSendForwardRequest(Fuzz_Data &input)
{ {
CONSUME1_OR_RETURN(const uint16_t chain_length, input); CONSUME1_OR_RETURN(const uint16_t, chain_length, input);
const uint16_t chain_keys_size = chain_length * CRYPTO_PUBLIC_KEY_SIZE; const uint16_t chain_keys_size = chain_length * CRYPTO_PUBLIC_KEY_SIZE;
CONSUME_OR_RETURN(const uint8_t *chain_keys, input, chain_keys_size); CONSUME_OR_RETURN(const uint8_t *chain_keys, input, chain_keys_size);
@ -60,7 +60,7 @@ void TestSendForwardRequest(Fuzz_Data &input)
void TestForwardReply(Fuzz_Data &input) void TestForwardReply(Fuzz_Data &input)
{ {
CONSUME1_OR_RETURN(const uint16_t sendback_length, input); CONSUME1_OR_RETURN(const uint16_t, sendback_length, input);
CONSUME_OR_RETURN(const uint8_t *sendback, input, sendback_length); CONSUME_OR_RETURN(const uint8_t *sendback, input, sendback_length);
auto prep = prepare(input); auto prep = prepare(input);

14
toxcore/group_announce_fuzz_test.cc
View File

@ -11,12 +11,12 @@ namespace {
void TestUnpackAnnouncesList(Fuzz_Data &input) void TestUnpackAnnouncesList(Fuzz_Data &input)
{ {
CONSUME1_OR_RETURN(const uint8_t max_count, input); CONSUME1_OR_RETURN(const uint8_t, max_count, input);
// Always allocate at least something to avoid passing nullptr to functions below. // Always allocate at least something to avoid passing nullptr to functions below.
std::vector<GC_Announce> announces(max_count + 1); std::vector<GC_Announce> announces(max_count + 1);
// TODO(iphydf): How do we know the packed size? // TODO(iphydf): How do we know the packed size?
CONSUME1_OR_RETURN(const uint16_t packed_size, input); CONSUME1_OR_RETURN(const uint16_t, packed_size, input);
Logger *logger = logger_new(); Logger *logger = logger_new();
if (gca_unpack_announces_list(logger, input.data, input.size, announces.data(), max_count) if (gca_unpack_announces_list(logger, input.data, input.size, announces.data(), max_count)
@ -35,7 +35,7 @@ void TestUnpackPublicAnnounce(Fuzz_Data &input)
GC_Public_Announce public_announce; GC_Public_Announce public_announce;
// TODO(iphydf): How do we know the packed size? // TODO(iphydf): How do we know the packed size?
CONSUME1_OR_RETURN(const uint16_t packed_size, input); CONSUME1_OR_RETURN(const uint16_t, packed_size, input);
Logger *logger = logger_new(); Logger *logger = logger_new();
if (gca_unpack_public_announce(logger, input.data, input.size, &public_announce) != -1) { if (gca_unpack_public_announce(logger, input.data, input.size, &public_announce) != -1) {
@ -61,11 +61,11 @@ void TestDoGca(Fuzz_Data &input)
assert(gca != nullptr); assert(gca != nullptr);
while (input.size > 0) { while (input.size > 0) {
CONSUME1_OR_RETURN(const uint8_t choice, input); CONSUME1_OR_RETURN(const uint8_t, choice, input);
switch (choice) { switch (choice) {
case 0: { case 0: {
// Add an announce. // Add an announce.
CONSUME1_OR_RETURN(const uint16_t length, input); CONSUME1_OR_RETURN(const uint16_t, length, input);
CONSUME_OR_RETURN(const uint8_t *data, input, length); CONSUME_OR_RETURN(const uint8_t *data, input, length);
GC_Public_Announce public_announce; GC_Public_Announce public_announce;
if (gca_unpack_public_announce(logger.get(), data, length, &public_announce) != -1) { if (gca_unpack_public_announce(logger.get(), data, length, &public_announce) != -1) {
@ -75,7 +75,7 @@ void TestDoGca(Fuzz_Data &input)
} }
case 1: { case 1: {
// Advance the time by a number of tox_iteration_intervals. // Advance the time by a number of tox_iteration_intervals.
CONSUME1_OR_RETURN(const uint8_t iterations, input); CONSUME1_OR_RETURN(const uint8_t, iterations, input);
clock += iterations * 20; clock += iterations * 20;
// Do an iteration. // Do an iteration.
do_gca(mono_time.get(), gca.get()); do_gca(mono_time.get(), gca.get());
@ -83,7 +83,7 @@ void TestDoGca(Fuzz_Data &input)
} }
case 2: { case 2: {
// Get announces. // Get announces.
CONSUME1_OR_RETURN(const uint8_t max_nodes, input); CONSUME1_OR_RETURN(const uint8_t, max_nodes, input);
std::vector<GC_Announce> gc_announces(max_nodes); std::vector<GC_Announce> gc_announces(max_nodes);
CONSUME_OR_RETURN(const uint8_t *chat_id, input, CHAT_ID_SIZE); CONSUME_OR_RETURN(const uint8_t *chat_id, input, CHAT_ID_SIZE);
CONSUME_OR_RETURN(const uint8_t *except_public_key, input, ENC_PUBLIC_KEY_SIZE); CONSUME_OR_RETURN(const uint8_t *except_public_key, input, ENC_PUBLIC_KEY_SIZE);

2
toxcore/group_moderation_fuzz_test.cc
View File

@ -6,7 +6,7 @@ namespace {
void TestModListUnpack(Fuzz_Data &input) void TestModListUnpack(Fuzz_Data &input)
{ {
CONSUME1_OR_RETURN(const uint16_t num_mods, input); CONSUME1_OR_RETURN(const uint16_t, num_mods, input);
Moderation mods{system_memory()}; Moderation mods{system_memory()};
mod_list_unpack(&mods, input.data, input.size, num_mods); mod_list_unpack(&mods, input.data, input.size, num_mods);
mod_list_cleanup(&mods); mod_list_cleanup(&mods);