/src/mosquitto/fuzzing/broker/broker_fuzz_queue_msg.cpp

Source
/*
Copyright (c) 2024 Roger Light <roger@atchoo.org>

All rights reserved. This program and the accompanying materials
are made available under the terms of the Eclipse Public License 2.0
and Eclipse Distribution License v1.0 which accompany this distribution.

The Eclipse Public License is available at
   https://www.eclipse.org/legal/epl-2.0/
and the Eclipse Distribution License is available at
  http://www.eclipse.org/org/documents/edl-v10.php.

SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause

Contributors:
   Roger Light - initial implementation and documentation.
*/

#include <cstdio>
#include <cstdint>
#include <cstdlib>
#include <cstring>
#include <unistd.h>
#include <sys/stat.h>

/*
 * Broker check of acl file
 */
extern "C" {
#include "mosquitto_broker_internal.h"
}

//int sub__messages_queue(const char *source_id, const char *topic, uint8_t qos, int retain, struct mosquitto__base_msg **stored)

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
  struct mosquitto__config config = {0};
  struct mosquitto__base_msg basemsg, *pbasemsg;

  if(mosquitto_pub_topic_check2((const char *)data, size)){
    /* sub__messages_queue only receives topics that have already been
     * checked with mosquitto_pub_topic_check2(), so we give it that benefit
     * here. */
    return 0;
  }

  memset(&basemsg, 0, sizeof(basemsg));
  basemsg.ref_count = 1;
  pbasemsg = &basemsg;

  db.config = &config;
  config.log_type = 0;
  config.log_dest = 0;
  log__init(&config);
  db__open(&config);

  char *data0 = (char *)calloc(1, size+1);
  memcpy(data0, data, size);
  sub__messages_queue("fuzzer", data0, 0, 1, &pbasemsg);
  free(data0);

  db__close();

  return 0;
}

Line	Count	Source
1		/*
2		Copyright (c) 2024 Roger Light <roger@atchoo.org>
3
4		All rights reserved. This program and the accompanying materials
5		are made available under the terms of the Eclipse Public License 2.0
6		and Eclipse Distribution License v1.0 which accompany this distribution.
7
8		The Eclipse Public License is available at
9		https://www.eclipse.org/legal/epl-2.0/
10		and the Eclipse Distribution License is available at
11		http://www.eclipse.org/org/documents/edl-v10.php.
12
13		SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
14
15		Contributors:
16		Roger Light - initial implementation and documentation.
17		*/
18
19		#include <cstdio>
20		#include <cstdint>
21		#include <cstdlib>
22		#include <cstring>
23		#include <unistd.h>
24		#include <sys/stat.h>
25
26		/*
27		* Broker check of acl file
28		*/
29		extern "C" {
30		#include "mosquitto_broker_internal.h"
31		}
32
33		//int sub__messages_queue(const char source_id, const char topic, uint8_t qos, int retain, struct mosquitto__base_msg **stored)
34
35		extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
36	449	{
37	449	struct mosquitto__config config = {0};
38	449	struct mosquitto__base_msg basemsg, *pbasemsg;
39
40	449	if(mosquitto_pub_topic_check2((const char *)data, size)){
41		/* sub__messages_queue only receives topics that have already been
42		* checked with mosquitto_pub_topic_check2(), so we give it that benefit
43		* here. */
44	28	return 0;
45	28	}
46
47	421	memset(&basemsg, 0, sizeof(basemsg));
48	421	basemsg.ref_count = 1;
49	421	pbasemsg = &basemsg;
50
51	421	db.config = &config;
52	421	config.log_type = 0;
53	421	config.log_dest = 0;
54	421	log__init(&config);
55	421	db__open(&config);
56
57	421	char data0 = (char )calloc(1, size+1);
58	421	memcpy(data0, data, size);
59	421	sub__messages_queue("fuzzer", data0, 0, 1, &pbasemsg);
60	421	free(data0);
61
62	421	db__close();
63
64	421	return 0;
65	449	}

Coverage Report

Created: 2025-08-26 06:48