fix: Make sure there's enough space for CONSUME1 in fuzzers.

2024-03-22 13:30:51 +08:00 · 2024-01-12 14:52:02 +00:00 · 2024-01-12 14:52:02 +00:00 · 812f931d5f
commit 812f931d5f
parent 50f1b30fa9
7 changed files with 26 additions and 26 deletions
--- a/testing/fuzzing/bootstrap_harness.cc
+++ b/testing/fuzzing/bootstrap_harness.cc
@ -126,7 +126,7 @@ void TestBootstrap(Fuzz_Data &input)
            }
        });

-    CONSUME1_OR_RETURN(const uint8_t proxy_type, input);
+    CONSUME1_OR_RETURN(const uint8_t, proxy_type, input);
    if (proxy_type == 0) {
        tox_options_set_proxy_type(opts.get(), TOX_PROXY_TYPE_NONE);
    } else if (proxy_type == 1) {
@ -139,7 +139,7 @@ void TestBootstrap(Fuzz_Data &input)
        tox_options_set_proxy_port(opts.get(), 8080);
    }

-    CONSUME1_OR_RETURN(const uint8_t tcp_relay_enabled, input);
+    CONSUME1_OR_RETURN(const uint8_t, tcp_relay_enabled, input);
    if (tcp_relay_enabled >= (UINT8_MAX / 2)) {
        tox_options_set_tcp_port(opts.get(), 33445);
    }
--- a/testing/fuzzing/fuzz_support.cc
+++ b/testing/fuzzing/fuzz_support.cc
@ -77,7 +77,7 @@ static int recv_common(Fuzz_Data &input, uint8_t *buf, size_t buf_len)
 template <typename F>
 static void *alloc_common(Fuzz_Data &data, F func)
 {
-    CONSUME1_OR_RETURN_VAL(const uint8_t want_alloc, data, func());
+    CONSUME1_OR_RETURN_VAL(const uint8_t, want_alloc, data, func());
    if (!want_alloc) {
        return nullptr;
    }
--- a/testing/fuzzing/fuzz_support.h
+++ b/testing/fuzzing/fuzz_support.h
@ -60,14 +60,14 @@ struct Fuzz_Data {
 *
 * @example
 * @code
- * CONSUME1_OR_RETURN(const uint8_t one_byte, input);
+ * CONSUME1_OR_RETURN(const uint8_t, one_byte, input);
 * @endcode
 */
-#define CONSUME1_OR_RETURN(DECL, INPUT) \
-    if (INPUT.size < 1) {               \
+#define CONSUME1_OR_RETURN(TYPE, NAME, INPUT) \
+    if (INPUT.size < sizeof(TYPE)) {          \
        return;                               \
    }                                         \
-    DECL = INPUT.consume1()
+    TYPE NAME = INPUT.consume1()

 /** @brief Consumes 1 byte of the fuzzer input or returns a value if no data
 * available.
@ -80,11 +80,11 @@ struct Fuzz_Data {
 * CONSUME1_OR_RETURN_VAL(const uint8_t one_byte, input, nullptr);
 * @endcode
 */
-#define CONSUME1_OR_RETURN_VAL(DECL, INPUT, VAL) \
-    if (INPUT.size < 1) {                        \
+#define CONSUME1_OR_RETURN_VAL(TYPE, NAME, INPUT, VAL) \
+    if (INPUT.size < sizeof(TYPE)) {                   \
        return VAL;                                    \
    }                                                  \
-    DECL = INPUT.consume1()
+    TYPE NAME = INPUT.consume1()

 /** @brief Consumes SIZE bytes of the fuzzer input or returns if not enough data available.
 *
@ -129,7 +129,7 @@ void fuzz_select_target(const uint8_t *data, std::size_t size, Args &&...args)
 {
    Fuzz_Data input{data, size};

-    CONSUME1_OR_RETURN(uint8_t selector, input);
+    CONSUME1_OR_RETURN(const uint8_t, selector, input);
    return fuzz_select_target(selector, input, std::forward<Args>(args)...);
 }

--- a/toxcore/DHT_fuzz_test.cc
+++ b/toxcore/DHT_fuzz_test.cc
@ -23,7 +23,7 @@ void TestHandleRequest(Fuzz_Data &input)

 void TestUnpackNodes(Fuzz_Data &input)
 {
-    CONSUME1_OR_RETURN(const bool tcp_enabled, input);
+    CONSUME1_OR_RETURN(const bool, tcp_enabled, input);

    const uint16_t node_count = 5;
    Node_format nodes[node_count];
--- a/toxcore/forwarding_fuzz_test.cc
+++ b/toxcore/forwarding_fuzz_test.cc
@ -33,7 +33,7 @@ std::optional<std::tuple<IP_Port, IP_Port, const uint8_t *, size_t>> prepare(Fuz

 void TestSendForwardRequest(Fuzz_Data &input)
 {
-    CONSUME1_OR_RETURN(const uint16_t chain_length, input);
+    CONSUME1_OR_RETURN(const uint16_t, chain_length, input);
    const uint16_t chain_keys_size = chain_length * CRYPTO_PUBLIC_KEY_SIZE;
    CONSUME_OR_RETURN(const uint8_t *chain_keys, input, chain_keys_size);

@ -60,7 +60,7 @@ void TestSendForwardRequest(Fuzz_Data &input)

 void TestForwardReply(Fuzz_Data &input)
 {
-    CONSUME1_OR_RETURN(const uint16_t sendback_length, input);
+    CONSUME1_OR_RETURN(const uint16_t, sendback_length, input);
    CONSUME_OR_RETURN(const uint8_t *sendback, input, sendback_length);

    auto prep = prepare(input);
--- a/toxcore/group_announce_fuzz_test.cc
+++ b/toxcore/group_announce_fuzz_test.cc
@ -11,12 +11,12 @@ namespace {

 void TestUnpackAnnouncesList(Fuzz_Data &input)
 {
-    CONSUME1_OR_RETURN(const uint8_t max_count, input);
+    CONSUME1_OR_RETURN(const uint8_t, max_count, input);
    // Always allocate at least something to avoid passing nullptr to functions below.
    std::vector<GC_Announce> announces(max_count + 1);

    // TODO(iphydf): How do we know the packed size?
-    CONSUME1_OR_RETURN(const uint16_t packed_size, input);
+    CONSUME1_OR_RETURN(const uint16_t, packed_size, input);

    Logger *logger = logger_new();
    if (gca_unpack_announces_list(logger, input.data, input.size, announces.data(), max_count)
@ -35,7 +35,7 @@ void TestUnpackPublicAnnounce(Fuzz_Data &input)
    GC_Public_Announce public_announce;

    // TODO(iphydf): How do we know the packed size?
-    CONSUME1_OR_RETURN(const uint16_t packed_size, input);
+    CONSUME1_OR_RETURN(const uint16_t, packed_size, input);

    Logger *logger = logger_new();
    if (gca_unpack_public_announce(logger, input.data, input.size, &public_announce) != -1) {
@ -61,11 +61,11 @@ void TestDoGca(Fuzz_Data &input)
    assert(gca != nullptr);

    while (input.size > 0) {
-        CONSUME1_OR_RETURN(const uint8_t choice, input);
+        CONSUME1_OR_RETURN(const uint8_t, choice, input);
        switch (choice) {
        case 0: {
            // Add an announce.
-            CONSUME1_OR_RETURN(const uint16_t length, input);
+            CONSUME1_OR_RETURN(const uint16_t, length, input);
            CONSUME_OR_RETURN(const uint8_t *data, input, length);
            GC_Public_Announce public_announce;
            if (gca_unpack_public_announce(logger.get(), data, length, &public_announce) != -1) {
@ -75,7 +75,7 @@ void TestDoGca(Fuzz_Data &input)
        }
        case 1: {
            // Advance the time by a number of tox_iteration_intervals.
-            CONSUME1_OR_RETURN(const uint8_t iterations, input);
+            CONSUME1_OR_RETURN(const uint8_t, iterations, input);
            clock += iterations * 20;
            // Do an iteration.
            do_gca(mono_time.get(), gca.get());
@ -83,7 +83,7 @@ void TestDoGca(Fuzz_Data &input)
        }
        case 2: {
            // Get announces.
-            CONSUME1_OR_RETURN(const uint8_t max_nodes, input);
+            CONSUME1_OR_RETURN(const uint8_t, max_nodes, input);
            std::vector<GC_Announce> gc_announces(max_nodes);
            CONSUME_OR_RETURN(const uint8_t *chat_id, input, CHAT_ID_SIZE);
            CONSUME_OR_RETURN(const uint8_t *except_public_key, input, ENC_PUBLIC_KEY_SIZE);
--- a/toxcore/group_moderation_fuzz_test.cc
+++ b/toxcore/group_moderation_fuzz_test.cc
@ -6,7 +6,7 @@ namespace {

 void TestModListUnpack(Fuzz_Data &input)
 {
-    CONSUME1_OR_RETURN(const uint16_t num_mods, input);
+    CONSUME1_OR_RETURN(const uint16_t, num_mods, input);
    Moderation mods{system_memory()};
    mod_list_unpack(&mods, input.data, input.size, num_mods);
    mod_list_cleanup(&mods);