Coverage Report

Created: 2023-06-07 06:23

/src/bind9/fuzz/dns_qp.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3
 *
4
 * SPDX-License-Identifier: MPL-2.0
5
 *
6
 * This Source Code Form is subject to the terms of the Mozilla Public
7
 * License, v. 2.0. If a copy of the MPL was not distributed with this
8
 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
9
 *
10
 * See the COPYRIGHT file distributed with this work for additional
11
 * information regarding copyright ownership.
12
 */
13
14
#include <assert.h>
15
#include <err.h>
16
#include <stdbool.h>
17
#include <stdint.h>
18
19
#include <isc/random.h>
20
#include <isc/refcount.h>
21
#include <isc/rwlock.h>
22
#include <isc/urcu.h>
23
#include <isc/util.h>
24
25
#include <dns/qp.h>
26
#include <dns/types.h>
27
28
#include "fuzz.h"
29
#include "qp_p.h"
30
31
#include <tests/qp.h>
32
33
bool debug = false;
34
35
#if 0
36
#define TRACE(...) warnx(__VA_ARGS__)
37
#else
38
#define TRACE(...)
39
#endif
40
41
#if 0
42
#define ASSERT(p)                                               \
43
  do {                                                    \
44
    warnx("%s:%d: %s (%s)", __func__, __LINE__, #p, \
45
          (p) ? "OK" : "FAIL");                     \
46
    ok = ok && (p);                                 \
47
  } while (0)
48
#else
49
88.2M
#define ASSERT(p) assert(p)
50
#endif
51
52
static struct {
53
  uint32_t refcount;
54
  bool exists;
55
  uint8_t len;
56
  dns_qpkey_t key;
57
  dns_qpkey_t ascii;
58
} item[256 * 256 / 4];
59
60
static void
61
8.32M
fuzz_attach(void *ctx, void *pval, uint32_t ival) {
62
8.32M
  assert(ctx == NULL);
63
8.32M
  assert(pval == &item[ival]);
64
8.32M
  item[ival].refcount++;
65
8.32M
}
66
67
static void
68
8.32M
fuzz_detach(void *ctx, void *pval, uint32_t ival) {
69
8.32M
  assert(ctx == NULL);
70
8.32M
  assert(pval == &item[ival]);
71
8.32M
  item[ival].refcount--;
72
8.32M
}
73
74
static size_t
75
23.9M
fuzz_makekey(dns_qpkey_t key, void *ctx, void *pval, uint32_t ival) {
76
23.9M
  assert(ctx == NULL);
77
23.9M
  assert(pval == &item[ival]);
78
23.9M
  memmove(key, item[ival].key, item[ival].len);
79
23.9M
  return (item[ival].len);
80
23.9M
}
81
82
static void
83
0
fuzz_triename(void *ctx, char *buf, size_t size) {
84
0
  assert(ctx == NULL);
85
0
  strlcpy(buf, "fuzz", size);
86
0
}
87
88
const dns_qpmethods_t fuzz_methods = {
89
  fuzz_attach,
90
  fuzz_detach,
91
  fuzz_makekey,
92
  fuzz_triename,
93
};
94
95
static uint8_t
96
2.14M
random_byte(void) {
97
2.14M
  return (isc_random_uniform(SHIFT_OFFSET - SHIFT_NOBYTE) + SHIFT_NOBYTE);
98
2.14M
}
99
100
int
101
2
LLVMFuzzerInitialize(int *argc, char ***argv) {
102
2
  UNUSED(argc);
103
2
  UNUSED(argv);
104
105
32.7k
  for (size_t i = 0; i < ARRAY_SIZE(item); i++) {
106
32.7k
    size_t len = isc_random_uniform(100) + 16;
107
32.7k
    item[i].len = len;
108
2.17M
    for (size_t off = 0; off < len; off++) {
109
2.14M
      item[i].key[off] = random_byte();
110
2.14M
    }
111
32.7k
    memmove(item[i].ascii, item[i].key, len);
112
32.7k
    qp_test_keytoascii(item[i].ascii, len);
113
32.7k
  }
114
115
2
  return (0);
116
2
}
117
118
int
119
1.11k
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
120
1.11k
  isc_result_t result;
121
122
1.11k
  TRACE("------------------------------------------------");
123
124
1.11k
  isc_mem_t *mctx = NULL;
125
1.11k
  isc_mem_create(&mctx);
126
1.11k
  isc_mem_setdestroycheck(mctx, true);
127
128
1.11k
  dns_qp_t *qp = NULL;
129
1.11k
  dns_qp_create(mctx, &fuzz_methods, NULL, &qp);
130
131
  /* avoid overrun */
132
1.11k
  size = size & ~1;
133
134
1.11k
  size_t count = 0;
135
136
22.0M
  for (size_t in = 0; in < size; in += 2) {
137
22.0M
    size_t what = data[in] + data[in + 1] * 256;
138
22.0M
    size_t i = (what / 4) % (count * 2 + 2);
139
22.0M
    bool exists = item[i].exists;
140
22.0M
    uint32_t refcount = item[i].refcount;
141
22.0M
    bool ok = true;
142
22.0M
    if (what & 2) {
143
1.27M
      void *pval = NULL;
144
1.27M
      uint32_t ival = ~0U;
145
1.27M
      result = dns_qp_getkey(qp, item[i].key, item[i].len,
146
1.27M
                 &pval, &ival);
147
1.27M
      TRACE("count %zu get %s %zu >%s<", count,
148
1.27M
            isc_result_toid(result), i, item[i].ascii);
149
1.27M
      if (result == ISC_R_SUCCESS) {
150
987k
        ASSERT(pval == &item[i]);
151
987k
        ASSERT(ival == i);
152
987k
        ASSERT(item[i].refcount == 1);
153
987k
        ASSERT(item[i].exists == true);
154
987k
      } else if (result == ISC_R_NOTFOUND) {
155
288k
        ASSERT(pval == NULL);
156
288k
        ASSERT(ival == ~0U);
157
288k
        ASSERT(item[i].refcount == 0);
158
288k
        ASSERT(item[i].exists == false);
159
288k
      } else {
160
0
        UNREACHABLE();
161
0
      }
162
20.7M
    } else if (what & 1) {
163
11.0M
      result = dns_qp_insert(qp, &item[i], i);
164
11.0M
      TRACE("count %zu ins %s %zu >%s<", count,
165
11.0M
            isc_result_toid(result), i, item[i].ascii);
166
11.0M
      if (result == ISC_R_SUCCESS) {
167
8.32M
        item[i].exists = true;
168
8.32M
        ASSERT(exists == false);
169
8.32M
        ASSERT(refcount == 0);
170
8.32M
        ASSERT(item[i].refcount == 1);
171
8.32M
        count += 1;
172
8.32M
        ASSERT(qp->leaf_count == count);
173
8.32M
      } else if (result == ISC_R_EXISTS) {
174
2.75M
        ASSERT(exists == true);
175
2.75M
        ASSERT(refcount == 1);
176
2.75M
        ASSERT(item[i].refcount == 1);
177
2.75M
        ASSERT(qp->leaf_count == count);
178
2.75M
      } else {
179
0
        UNREACHABLE();
180
0
      }
181
11.0M
    } else {
182
9.71M
      result = dns_qp_deletekey(qp, item[i].key, item[i].len);
183
9.71M
      TRACE("count %zu del %s %zu >%s<", count,
184
9.71M
            isc_result_toid(result), i, item[i].ascii);
185
9.71M
      if (result == ISC_R_SUCCESS) {
186
7.21M
        item[i].exists = false;
187
7.21M
        ASSERT(exists == true);
188
7.21M
        ASSERT(refcount == 1);
189
7.21M
        ASSERT(item[i].refcount == 0);
190
7.21M
        count -= 1;
191
7.21M
        ASSERT(qp->leaf_count == count);
192
7.21M
      } else if (result == ISC_R_NOTFOUND) {
193
2.50M
        ASSERT(exists == false);
194
2.50M
        ASSERT(refcount == 0);
195
2.50M
        ASSERT(item[i].refcount == 0);
196
2.50M
        ASSERT(qp->leaf_count == count);
197
2.50M
      } else {
198
0
        UNREACHABLE();
199
0
      }
200
9.71M
    }
201
22.0M
    if (!ok) {
202
0
      qp_test_dumpqp(qp);
203
0
      qp_test_dumptrie(qp);
204
0
    }
205
22.0M
    assert(ok);
206
22.0M
  }
207
208
18.3M
  for (size_t i = 0; i < ARRAY_SIZE(item); i++) {
209
18.3M
    assert(item[i].exists == (item[i].refcount != 0));
210
18.3M
  }
211
212
1.11k
  dns_qp_destroy(&qp);
213
1.11k
  isc_mem_destroy(&mctx);
214
1.11k
  isc_mem_checkdestroyed(stderr);
215
216
18.3M
  for (size_t i = 0; i < ARRAY_SIZE(item); i++) {
217
18.3M
    item[i].exists = false;
218
18.3M
    assert(item[i].refcount == 0);
219
18.3M
  }
220
221
1.11k
  return (0);
222
1.11k
}