/src/ndpi/fuzz/fuzz_ds_ptree.cpp

Source
#include "ndpi_api.h"
#include "fuzz_common_code.h"

#include <stdint.h>
#include <stdio.h>
#include <assert.h>
#include "fuzzer/FuzzedDataProvider.h"


extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  FuzzedDataProvider fuzzed_data(data, size);
  u_int16_t i, num_iteration;
  ndpi_ptree_t *t;
  ndpi_ip_addr_t addr, addr2, addr_added;
  u_int8_t bits;
  int rc, is_added = 0;
  u_int64_t user_data;
  char buf_ip[256];

  /* To allow memory allocation failures */
  fuzz_set_alloc_callbacks_and_seed(size);

  t = ndpi_ptree_create();

  /* Random insert */
  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
  for (i = 0; i < num_iteration; i++) {
    if (fuzzed_data.ConsumeBool()) {
      if(fuzzed_data.remaining_bytes() > 16) {
  memcpy(&addr.ipv6, fuzzed_data.ConsumeBytes<u_int8_t>(16).data(), 16);
        bits = fuzzed_data.ConsumeIntegralInRange(0, 128);
      } else {
        continue;
      }
    } else {
      memset(&addr, '\0', sizeof(addr));
      addr.ipv4 = fuzzed_data.ConsumeIntegral<u_int32_t>();
      bits = fuzzed_data.ConsumeIntegralInRange(0, 32);
    };

    /* Not really ptree stuff, but this seem the right place to fuzz these `ndpi_ip_addr_t` functions */
    ndpi_parse_ip_string(ndpi_get_ip_string(&addr, buf_ip, sizeof(buf_ip)), &addr2);

    rc = ndpi_ptree_insert(t, &addr, bits, 0);
    /* Keep one random node really added */
    if (rc == 0 && is_added == 0 && fuzzed_data.ConsumeBool()) {
      is_added = 1;
      addr_added = addr;
    }
  }

  /* Some higher level functions */
  ndpi_load_ptree_file(t, "ipv4_addresses.txt", NDPI_PROTOCOL_TLS);
  ndpi_load_ptree_file(t, "invalid_filename", NDPI_PROTOCOL_TLS);
  ndpi_load_ptree_file(t, "ipv6_addresses.txt", NDPI_PROTOCOL_TLS);

  /* Random search */
  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
  for (i = 0; i < num_iteration; i++) {
    if (fuzzed_data.ConsumeBool()) {
      if(fuzzed_data.remaining_bytes() > 16) {
  memcpy(&addr.ipv6, fuzzed_data.ConsumeBytes<u_int8_t>(16).data(), 16);
      } else {
        continue;
      }
    } else {
      memset(&addr, '\0', sizeof(addr));
      addr.ipv4 = fuzzed_data.ConsumeIntegral<u_int32_t>();
    };

    ndpi_ptree_match_addr(t, &addr, &user_data);
  }
  /* Search of an added node */
  if (is_added)
    ndpi_ptree_match_addr(t, &addr_added, &user_data);

  ndpi_ptree_destroy(t);

  return 0;
}

Line	Count	Source
1		#include "ndpi_api.h"
2		#include "fuzz_common_code.h"
3
4		#include <stdint.h>
5		#include <stdio.h>
6		#include <assert.h>
7		#include "fuzzer/FuzzedDataProvider.h"
8
9
10	1.02k	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
11	1.02k	FuzzedDataProvider fuzzed_data(data, size);
12	1.02k	u_int16_t i, num_iteration;
13	1.02k	ndpi_ptree_t *t;
14	1.02k	ndpi_ip_addr_t addr, addr2, addr_added;
15	1.02k	u_int8_t bits;
16	1.02k	int rc, is_added = 0;
17	1.02k	u_int64_t user_data;
18	1.02k	char buf_ip[256];
19
20		/* To allow memory allocation failures */
21	1.02k	fuzz_set_alloc_callbacks_and_seed(size);
22
23	1.02k	t = ndpi_ptree_create();
24
25		/* Random insert */
26	1.02k	num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
27	132k	for (i = 0; i < num_iteration; i++) {
28	131k	if (fuzzed_data.ConsumeBool()) {
29	14.3k	if(fuzzed_data.remaining_bytes() > 16) {
30	13.8k	memcpy(&addr.ipv6, fuzzed_data.ConsumeBytes<u_int8_t>(16).data(), 16);
31	13.8k	bits = fuzzed_data.ConsumeIntegralInRange(0, 128);
32	13.8k	} else {
33	493	continue;
34	493	}
35	117k	} else {
36	117k	memset(&addr, '\0', sizeof(addr));
37	117k	addr.ipv4 = fuzzed_data.ConsumeIntegral<u_int32_t>();
38	117k	bits = fuzzed_data.ConsumeIntegralInRange(0, 32);
39	131k	};
40
41		/* Not really ptree stuff, but this seem the right place to fuzz these `ndpi_ip_addr_t` functions */
42	131k	ndpi_parse_ip_string(ndpi_get_ip_string(&addr, buf_ip, sizeof(buf_ip)), &addr2);
43
44	131k	rc = ndpi_ptree_insert(t, &addr, bits, 0);
45		/* Keep one random node really added */
46	131k	if (rc == 0 && is_added == 0 && fuzzed_data.ConsumeBool()) {
47	585	is_added = 1;
48	585	addr_added = addr;
49	585	}
50	131k	}
51
52		/* Some higher level functions */
53	1.02k	ndpi_load_ptree_file(t, "ipv4_addresses.txt", NDPI_PROTOCOL_TLS);
54	1.02k	ndpi_load_ptree_file(t, "invalid_filename", NDPI_PROTOCOL_TLS);
55	1.02k	ndpi_load_ptree_file(t, "ipv6_addresses.txt", NDPI_PROTOCOL_TLS);
56
57		/* Random search */
58	1.02k	num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
59	36.1k	for (i = 0; i < num_iteration; i++) {
60	35.1k	if (fuzzed_data.ConsumeBool()) {
61	10.4k	if(fuzzed_data.remaining_bytes() > 16) {
62	10.1k	memcpy(&addr.ipv6, fuzzed_data.ConsumeBytes<u_int8_t>(16).data(), 16);
63	10.1k	} else {
64	244	continue;
65	244	}
66	24.6k	} else {
67	24.6k	memset(&addr, '\0', sizeof(addr));
68	24.6k	addr.ipv4 = fuzzed_data.ConsumeIntegral<u_int32_t>();
69	34.8k	};
70
71	34.8k	ndpi_ptree_match_addr(t, &addr, &user_data);
72	34.8k	}
73		/* Search of an added node */
74	1.02k	if (is_added)
75	585	ndpi_ptree_match_addr(t, &addr_added, &user_data);
76
77	1.02k	ndpi_ptree_destroy(t);
78
79	1.02k	return 0;
80	1.02k	}

Coverage Report

Created: 2025-08-26 07:06