/src/kea-fuzzer/fuzz_eval4.cc

Source
// Copyright (C) 2025 Ada Logcis Ltd.
//
// This Source Code Form is subject to the terms of the Mozilla Public
// License, v. 2.0. If a copy of the MPL was not distributed with this
// file, You can obtain one at http://mozilla.org/MPL/2.0/.
////////////////////////////////////////////////////////////////////////////////
#include "config.h"
#include <fuzzer/FuzzedDataProvider.h>

#include <eval/eval_context.h>
#include <eval/evaluate.h>
#include <eval/dependency.h>

#include <dhcp/pkt4.h>
#include <dhcp/dhcp4.h>

#include <cstdlib>
#include <string>

using namespace isc;
using namespace isc::eval;
using namespace isc::dhcp;

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) {
    FuzzedDataProvider fdp(Data, Size);
    EvalContext ctx(Option::V4);
    auto idx = fdp.ConsumeIntegralInRange<uint8_t>(1, 18);
    const std::string payload = fdp.ConsumeRemainingBytesAsString();

    try {
        Pkt4 pkt(idx, 0);
        // Fuzz boolean parsing
        if (ctx.parseString(payload, EvalContext::PARSER_BOOL)) {
            ValueStack vs;
            Expression& exp_bool = ctx.expression_;
            ExpressionPtr exp_bool_ptr(new Expression(exp_bool));

            evaluateRaw(exp_bool, pkt, vs);
            evaluateBool(exp_bool, pkt);
            evaluateString(exp_bool, pkt);
            dependOnClass(exp_bool_ptr, payload);
        }
    } catch(const isc::Exception&){}

    // Fuzz string parsing
    try {
        Pkt4 pkt(idx, 0);
        if (ctx.parseString(payload, EvalContext::PARSER_STRING)) {
            ValueStack vs;
            Expression& exp_str = ctx.expression_;
            ExpressionPtr exp_str_ptr(new Expression(exp_str));

            evaluateRaw(exp_str, pkt, vs);
            evaluateBool(exp_str, pkt);
            evaluateString(exp_str, pkt);
            dependOnClass(exp_str_ptr, payload);
        }
    } catch(const isc::Exception&){}

    location loc;
    try {
        // Fuzz converter
        ctx.convertOptionCode(payload, loc);
    } catch(const isc::Exception&) {}

    try {
        ctx.convertOptionName(payload, loc);
    } catch(const isc::Exception&) {}

    try {
        ctx.convertNestLevelNumber(payload, loc);
    } catch(const isc::Exception&) {
        // Slient exceptions
    }

    return 0;
}

Line	Count	Source
1		// Copyright (C) 2025 Ada Logcis Ltd.
2		//
3		// This Source Code Form is subject to the terms of the Mozilla Public
4		// License, v. 2.0. If a copy of the MPL was not distributed with this
5		// file, You can obtain one at http://mozilla.org/MPL/2.0/.
6		////////////////////////////////////////////////////////////////////////////////
7		#include "config.h"
8		#include <fuzzer/FuzzedDataProvider.h>
9
10		#include <eval/eval_context.h>
11		#include <eval/evaluate.h>
12		#include <eval/dependency.h>
13
14		#include <dhcp/pkt4.h>
15		#include <dhcp/dhcp4.h>
16
17		#include <cstdlib>
18		#include <string>
19
20		using namespace isc;
21		using namespace isc::eval;
22		using namespace isc::dhcp;
23
24	5.35k	extern "C" int LLVMFuzzerTestOneInput(const uint8_t* Data, size_t Size) {
25	5.35k	FuzzedDataProvider fdp(Data, Size);
26	5.35k	EvalContext ctx(Option::V4);
27	5.35k	auto idx = fdp.ConsumeIntegralInRange<uint8_t>(1, 18);
28	5.35k	const std::string payload = fdp.ConsumeRemainingBytesAsString();
29
30	5.35k	try {
31	5.35k	Pkt4 pkt(idx, 0);
32		// Fuzz boolean parsing
33	5.35k	if (ctx.parseString(payload, EvalContext::PARSER_BOOL)) {
34	212	ValueStack vs;
35	212	Expression& exp_bool = ctx.expression_;
36	212	ExpressionPtr exp_bool_ptr(new Expression(exp_bool));
37
38	212	evaluateRaw(exp_bool, pkt, vs);
39	212	evaluateBool(exp_bool, pkt);
40	212	evaluateString(exp_bool, pkt);
41	212	dependOnClass(exp_bool_ptr, payload);
42	212	}
43	5.35k	} catch(const isc::Exception&){}
44
45		// Fuzz string parsing
46	5.35k	try {
47	5.35k	Pkt4 pkt(idx, 0);
48	5.35k	if (ctx.parseString(payload, EvalContext::PARSER_STRING)) {
49	1.03k	ValueStack vs;
50	1.03k	Expression& exp_str = ctx.expression_;
51	1.03k	ExpressionPtr exp_str_ptr(new Expression(exp_str));
52
53	1.03k	evaluateRaw(exp_str, pkt, vs);
54	1.03k	evaluateBool(exp_str, pkt);
55	1.03k	evaluateString(exp_str, pkt);
56	1.03k	dependOnClass(exp_str_ptr, payload);
57	1.03k	}
58	5.35k	} catch(const isc::Exception&){}
59
60	5.35k	location loc;
61	5.35k	try {
62		// Fuzz converter
63	5.35k	ctx.convertOptionCode(payload, loc);
64	5.35k	} catch(const isc::Exception&) {}
65
66	5.35k	try {
67	5.35k	ctx.convertOptionName(payload, loc);
68	5.35k	} catch(const isc::Exception&) {}
69
70	5.35k	try {
71	5.35k	ctx.convertNestLevelNumber(payload, loc);
72	5.35k	} catch(const isc::Exception&) {
73		// Slient exceptions
74	5.32k	}
75
76	5.35k	return 0;
77	5.35k	}

Coverage Report

Created: 2025-11-16 07:29