/src/ndpi/fuzz/fuzz_ds_libcache.cpp

Source
#include "ndpi_api.h"
#include "../src/lib/third_party/include/libcache.h"
#include "fuzz_common_code.h"

#include <stdint.h>
#include <stdio.h>
#include <assert.h>
#include "fuzzer/FuzzedDataProvider.h"

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  FuzzedDataProvider fuzzed_data(data, size);
  u_int16_t i, rc, num_iteration, data_len, is_added = 0;
  std::vector<u_int8_t>value_added;
  cache_t c;

  /* Just to have some data */
  if (fuzzed_data.remaining_bytes() < 2048)
    return -1;

  /* To allow memory allocation failures */
  fuzz_set_alloc_callbacks_and_seed(size);

  c = cache_new(fuzzed_data.ConsumeIntegral<u_int8_t>());

  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
  for (i = 0; i < num_iteration; i++) {

    data_len = fuzzed_data.ConsumeIntegralInRange(0, 127);
    std::vector<u_int8_t>data = fuzzed_data.ConsumeBytes<u_int8_t>(data_len);

    rc = cache_add(c, data.data(), data.size());
    /* Keep one random entry really added */
    if (rc == CACHE_NO_ERROR && is_added == 0 && fuzzed_data.ConsumeBool()) {
      value_added = data;
      is_added = 1;
    }
  }

  /* "Random" search */
  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
  for (i = 0; i < num_iteration; i++) {
    data_len = fuzzed_data.ConsumeIntegralInRange(0, 127);
    std::vector<u_int8_t>data = fuzzed_data.ConsumeBytes<u_int8_t>(data_len);

    cache_contains(c, data.data(), data.size());
  }
  /* Search of an added entry */
  if (is_added) {
    cache_contains(c, value_added.data(), value_added.size());
  }

  /* "Random" remove */
  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
  for (i = 0; i < num_iteration; i++) {
    data_len = fuzzed_data.ConsumeIntegralInRange(0, 127);
    std::vector<u_int8_t>data = fuzzed_data.ConsumeBytes<u_int8_t>(data_len);

    cache_remove(c, data.data(), data.size());
  }
  /* Remove of an added entry */
  if (is_added) {
    cache_remove(c, value_added.data(), value_added.size());
  }

  cache_free(c);

  return 0;
}

Line	Count	Source
1		#include "ndpi_api.h"
2		#include "../src/lib/third_party/include/libcache.h"
3		#include "fuzz_common_code.h"
4
5		#include <stdint.h>
6		#include <stdio.h>
7		#include <assert.h>
8		#include "fuzzer/FuzzedDataProvider.h"
9
10	396	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
11	396	FuzzedDataProvider fuzzed_data(data, size);
12	396	u_int16_t i, rc, num_iteration, data_len, is_added = 0;
13	396	std::vector<u_int8_t>value_added;
14	396	cache_t c;
15
16		/* Just to have some data */
17	396	if (fuzzed_data.remaining_bytes() < 2048)
18	20	return -1;
19
20		/* To allow memory allocation failures */
21	376	fuzz_set_alloc_callbacks_and_seed(size);
22
23	376	c = cache_new(fuzzed_data.ConsumeIntegral<u_int8_t>());
24
25	376	num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
26	39.4k	for (i = 0; i < num_iteration; i++) {
27
28	39.1k	data_len = fuzzed_data.ConsumeIntegralInRange(0, 127);
29	39.1k	std::vector<u_int8_t>data = fuzzed_data.ConsumeBytes<u_int8_t>(data_len);
30
31	39.1k	rc = cache_add(c, data.data(), data.size());
32		/* Keep one random entry really added */
33	39.1k	if (rc == CACHE_NO_ERROR && is_added == 0 && fuzzed_data.ConsumeBool()) {
34	212	value_added = data;
35	212	is_added = 1;
36	212	}
37	39.1k	}
38
39		/* "Random" search */
40	376	num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
41	24.8k	for (i = 0; i < num_iteration; i++) {
42	24.4k	data_len = fuzzed_data.ConsumeIntegralInRange(0, 127);
43	24.4k	std::vector<u_int8_t>data = fuzzed_data.ConsumeBytes<u_int8_t>(data_len);
44
45	24.4k	cache_contains(c, data.data(), data.size());
46	24.4k	}
47		/* Search of an added entry */
48	376	if (is_added) {
49	212	cache_contains(c, value_added.data(), value_added.size());
50	212	}
51
52		/* "Random" remove */
53	376	num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
54	24.3k	for (i = 0; i < num_iteration; i++) {
55	23.9k	data_len = fuzzed_data.ConsumeIntegralInRange(0, 127);
56	23.9k	std::vector<u_int8_t>data = fuzzed_data.ConsumeBytes<u_int8_t>(data_len);
57
58	23.9k	cache_remove(c, data.data(), data.size());
59	23.9k	}
60		/* Remove of an added entry */
61	376	if (is_added) {
62	212	cache_remove(c, value_added.data(), value_added.size());
63	212	}
64
65	376	cache_free(c);
66
67	376	return 0;
68	396	}

Coverage Report

Created: 2025-08-03 06:32