/src/haproxy/fuzz_hpack_decode.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * # Copyright 2020 Google Inc. |
3 | | * # |
4 | | * # Licensed under the Apache License, Version 2.0 (the "License"); |
5 | | * # you may not use this file except in compliance with the License. |
6 | | * # You may obtain a copy of the License at |
7 | | * # |
8 | | * # http://www.apache.org/licenses/LICENSE-2.0 |
9 | | * # |
10 | | * # Unless required by applicable law or agreed to in writing, software |
11 | | * # distributed under the License is distributed on an "AS IS" BASIS, |
12 | | * # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
13 | | * # See the License for the specific language governing permissions and |
14 | | * # limitations under the License. |
15 | | * # |
16 | | * ################################################################################ |
17 | | * */ |
18 | | #define HPACK_STANDALONE |
19 | | |
20 | | #include <stdint.h> |
21 | | #include <string.h> |
22 | | #include <stdlib.h> |
23 | | #include <ctype.h> |
24 | | #include <inttypes.h> |
25 | | #include <stdio.h> |
26 | | #include <stdlib.h> |
27 | | #include <unistd.h> |
28 | | |
29 | | #include <haproxy/chunk.h> |
30 | | #include <haproxy/hpack-dec.h> |
31 | | |
32 | | #define MAX_RQ_SIZE 65536 |
33 | | #define MAX_HDR_NUM 1000 |
34 | | |
35 | | char hex[MAX_RQ_SIZE*3+3]; // enough for "[ XX]* <CR> <LF> \0" |
36 | | uint8_t buf[MAX_RQ_SIZE]; |
37 | | |
38 | | char trash_buf[MAX_RQ_SIZE]; |
39 | | char tmp_buf[MAX_RQ_SIZE]; |
40 | | |
41 | | struct buffer tmp = { .area = tmp_buf, .data = 0, .size = sizeof(tmp_buf) }; |
42 | | |
43 | | /* Empty function we dont need - we just need a callback */ |
44 | | void debug_hexdump(FILE *out, const char *pfx, const char *buf, |
45 | | unsigned int baseaddr, int len) |
46 | 0 | { } |
47 | | |
48 | | // These must be included here |
49 | | #include "../src/hpack-huff.c" |
50 | | #include "../src/hpack-tbl.c" |
51 | | #include "../src/hpack-dec.c" |
52 | | |
53 | | |
54 | 2.06k | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size){ |
55 | 2.06k | char *new_str = (char *)malloc(size+1); |
56 | 2.06k | struct hpack_dht *dht; |
57 | 2.06k | struct pool_head pool; |
58 | 2.06k | int dht_size = 4096; |
59 | 2.06k | if (new_str == NULL){ |
60 | 0 | return 0; |
61 | 0 | } |
62 | 2.06k | memcpy(new_str, data, size); |
63 | 2.06k | new_str[size] = '\0'; |
64 | 2.06k | struct http_hdr list[MAX_HDR_NUM]; |
65 | | |
66 | 2.06k | pool.size = dht_size; |
67 | 2.06k | pool_head_hpack_tbl = &pool; |
68 | 2.06k | dht = hpack_dht_alloc(); |
69 | | |
70 | 2.06k | if (dht != NULL) |
71 | 2.06k | { |
72 | 2.06k | hpack_decode_frame(dht, new_str, size, list,sizeof(list)/sizeof(list[0]), &tmp); |
73 | 2.06k | if (dht != NULL) |
74 | 2.06k | { |
75 | 2.06k | free(dht); |
76 | 2.06k | } |
77 | 2.06k | } |
78 | 2.06k | free(new_str); |
79 | 2.06k | return 0; |
80 | 2.06k | } |