/src/ndpi/fuzz/fuzz_ds_ptree.cpp

Source
#include "ndpi_api.h"
#include "fuzz_common_code.h"

#include <stdint.h>
#include <stdio.h>
#include <assert.h>
#include "fuzzer/FuzzedDataProvider.h"


extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  FuzzedDataProvider fuzzed_data(data, size);
  u_int16_t i, num_iteration;
  ndpi_ptree_t *t;
  ndpi_ip_addr_t addr, addr2, addr_added;
  u_int8_t bits;
  int rc, is_added = 0;
  u_int64_t user_data;
  char buf_ip[256];

  /* To allow memory allocation failures */
  fuzz_set_alloc_callbacks_and_seed(size);

  t = ndpi_ptree_create();

  /* Random insert */
  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
  for (i = 0; i < num_iteration; i++) {
    if (fuzzed_data.ConsumeBool()) {
      if(fuzzed_data.remaining_bytes() > 16) {
  memcpy(&addr.ipv6, fuzzed_data.ConsumeBytes<u_int8_t>(16).data(), 16);
        bits = fuzzed_data.ConsumeIntegralInRange(0, 128);
      } else {
        continue;
      }
    } else {
      memset(&addr, '\0', sizeof(addr));
      addr.ipv4 = fuzzed_data.ConsumeIntegral<u_int32_t>();
      bits = fuzzed_data.ConsumeIntegralInRange(0, 32);
    };

    /* Not really ptree stuff, but this seem the right place to fuzz these `ndpi_ip_addr_t` functions */
    ndpi_parse_ip_string(ndpi_get_ip_string(&addr, buf_ip, sizeof(buf_ip)), &addr2);

    rc = ndpi_ptree_insert(t, &addr, bits, 0);
    /* Keep one random node really added */
    if (rc == 0 && is_added == 0 && fuzzed_data.ConsumeBool()) {
      is_added = 1;
      addr_added = addr;
    }
  }

  /* Some higher level functions */
  ndpi_load_ptree_file(t, "ipv4_addresses.txt", NDPI_PROTOCOL_TLS);
  ndpi_load_ptree_file(t, "invalid_filename", NDPI_PROTOCOL_TLS);
  ndpi_load_ptree_file(t, "ipv6_addresses.txt", NDPI_PROTOCOL_TLS);

  /* Random search */
  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
  for (i = 0; i < num_iteration; i++) {
    if (fuzzed_data.ConsumeBool()) {
      if(fuzzed_data.remaining_bytes() > 16) {
  memcpy(&addr.ipv6, fuzzed_data.ConsumeBytes<u_int8_t>(16).data(), 16);
      } else {
        continue;
      }
    } else {
      memset(&addr, '\0', sizeof(addr));
      addr.ipv4 = fuzzed_data.ConsumeIntegral<u_int32_t>();
    };

    ndpi_ptree_match_addr(t, &addr, &user_data);
  }
  /* Search of an added node */
  if (is_added)
    ndpi_ptree_match_addr(t, &addr_added, &user_data);

  ndpi_ptree_destroy(t);

  return 0;
}

Line	Count	Source
1		#include "ndpi_api.h"
2		#include "fuzz_common_code.h"
3
4		#include <stdint.h>
5		#include <stdio.h>
6		#include <assert.h>
7		#include "fuzzer/FuzzedDataProvider.h"
8
9
10	948	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
11	948	FuzzedDataProvider fuzzed_data(data, size);
12	948	u_int16_t i, num_iteration;
13	948	ndpi_ptree_t *t;
14	948	ndpi_ip_addr_t addr, addr2, addr_added;
15	948	u_int8_t bits;
16	948	int rc, is_added = 0;
17	948	u_int64_t user_data;
18	948	char buf_ip[256];
19
20		/* To allow memory allocation failures */
21	948	fuzz_set_alloc_callbacks_and_seed(size);
22
23	948	t = ndpi_ptree_create();
24
25		/* Random insert */
26	948	num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
27	123k	for (i = 0; i < num_iteration; i++) {
28	122k	if (fuzzed_data.ConsumeBool()) {
29	13.4k	if(fuzzed_data.remaining_bytes() > 16) {
30	12.9k	memcpy(&addr.ipv6, fuzzed_data.ConsumeBytes<u_int8_t>(16).data(), 16);
31	12.9k	bits = fuzzed_data.ConsumeIntegralInRange(0, 128);
32	12.9k	} else {
33	463	continue;
34	463	}
35	108k	} else {
36	108k	memset(&addr, '\0', sizeof(addr));
37	108k	addr.ipv4 = fuzzed_data.ConsumeIntegral<u_int32_t>();
38	108k	bits = fuzzed_data.ConsumeIntegralInRange(0, 32);
39	121k	};
40
41		/* Not really ptree stuff, but this seem the right place to fuzz these `ndpi_ip_addr_t` functions */
42	121k	ndpi_parse_ip_string(ndpi_get_ip_string(&addr, buf_ip, sizeof(buf_ip)), &addr2);
43
44	121k	rc = ndpi_ptree_insert(t, &addr, bits, 0);
45		/* Keep one random node really added */
46	121k	if (rc == 0 && is_added == 0 && fuzzed_data.ConsumeBool()) {
47	548	is_added = 1;
48	548	addr_added = addr;
49	548	}
50	121k	}
51
52		/* Some higher level functions */
53	948	ndpi_load_ptree_file(t, "ipv4_addresses.txt", NDPI_PROTOCOL_TLS);
54	948	ndpi_load_ptree_file(t, "invalid_filename", NDPI_PROTOCOL_TLS);
55	948	ndpi_load_ptree_file(t, "ipv6_addresses.txt", NDPI_PROTOCOL_TLS);
56
57		/* Random search */
58	948	num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
59	28.7k	for (i = 0; i < num_iteration; i++) {
60	27.7k	if (fuzzed_data.ConsumeBool()) {
61	8.80k	if(fuzzed_data.remaining_bytes() > 16) {
62	8.57k	memcpy(&addr.ipv6, fuzzed_data.ConsumeBytes<u_int8_t>(16).data(), 16);
63	8.57k	} else {
64	236	continue;
65	236	}
66	18.9k	} else {
67	18.9k	memset(&addr, '\0', sizeof(addr));
68	18.9k	addr.ipv4 = fuzzed_data.ConsumeIntegral<u_int32_t>();
69	27.5k	};
70
71	27.5k	ndpi_ptree_match_addr(t, &addr, &user_data);
72	27.5k	}
73		/* Search of an added node */
74	948	if (is_added)
75	548	ndpi_ptree_match_addr(t, &addr_added, &user_data);
76
77	948	ndpi_ptree_destroy(t);
78
79	948	return 0;
80	948	}

Coverage Report

Created: 2025-10-10 06:51