/src/ndpi/fuzz/fuzz_ds_tree.cpp

Source
#include "ndpi_api.h"
#include "fuzz_common_code.h"

#include <stdint.h>
#include <stdio.h>
#include <assert.h>
#include "fuzzer/FuzzedDataProvider.h"

static int __compare(const void *a, const void *b)
{
  u_int32_t *entry_a, *entry_b;

  entry_a = (u_int32_t *)a;
  entry_b = (u_int32_t *)b;

  return *entry_a == *entry_b ? 0 : (*entry_a < *entry_b ? -1 : +1);
}
static void __free(void * const node)
{
  u_int32_t *entry = (u_int32_t *)node;
  ndpi_free(entry);
}
static void __walk(const void *a, ndpi_VISIT which, int depth, void *user_data)
{
  (void)which;
  (void)depth;

  assert(user_data == NULL && a);
}

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  FuzzedDataProvider fuzzed_data(data, size);
  u_int16_t i, num_iteration, is_added = 0;
  void *root = NULL;
  u_int32_t *entry, value_added, e, *e2;

  /* Just to have some data */
  if (fuzzed_data.remaining_bytes() < 1024)
    return -1;

  /* To allow memory allocation failures */
  fuzz_set_alloc_callbacks_and_seed(size);

  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
  for (i = 0; i < num_iteration; i++) {
    entry = (u_int32_t *)ndpi_malloc(sizeof(u_int32_t));
    if (!entry)
      continue;
    *entry = fuzzed_data.ConsumeIntegral<u_int32_t>();
    
    if(ndpi_tfind(entry, &root, __compare) == NULL) {
      if(ndpi_tsearch(entry, fuzzed_data.ConsumeBool() ? &root : NULL, __compare) == NULL) {
        ndpi_free(entry);
      } else {
        /* Keep one random entry really added */
        if (is_added == 0 && fuzzed_data.ConsumeBool()) {
          value_added = *entry;
          is_added = 1;
        }
      }
    } else {
      ndpi_free(entry);
    }
  }

  /* "Random" search */
  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
  for (i = 0; i < num_iteration; i++) {
    e = fuzzed_data.ConsumeIntegral<u_int32_t>();

    ndpi_tfind(&e, fuzzed_data.ConsumeBool() ? &root : NULL, __compare);
  }
  /* Search of an added node */
  if (is_added) {
    ndpi_tfind(&value_added, &root, __compare);
  }

  ndpi_twalk(root, __walk, NULL);

  /* "Random" delete */
  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
  for (i = 0; i < num_iteration; i++) {
    e = fuzzed_data.ConsumeIntegral<u_int32_t>();

    e2 = (u_int32_t *)ndpi_tdelete(&e, &root, __compare);
    ndpi_free(e2);
  }
  /* Delete of an added node */
  if (is_added) {
    e2 = (u_int32_t *)ndpi_tdelete(&value_added, &root, __compare);
    ndpi_free(e2);
  }

  ndpi_twalk(root, __walk, NULL);

  ndpi_tdestroy(root, __free);

  return 0;
}

Line	Count	Source
1		#include "ndpi_api.h"
2		#include "fuzz_common_code.h"
3
4		#include <stdint.h>
5		#include <stdio.h>
6		#include <assert.h>
7		#include "fuzzer/FuzzedDataProvider.h"
8
9		static int __compare(const void a, const void b)
10	392k	{
11	392k	u_int32_t entry_a, entry_b;
12
13	392k	entry_a = (u_int32_t *)a;
14	392k	entry_b = (u_int32_t *)b;
15
16	392k	return entry_a == entry_b ? 0 : (entry_a < entry_b ? -1 : +1);
17	392k	}
18		static void __free(void * const node)
19	8.74k	{
20	8.74k	u_int32_t entry = (u_int32_t )node;
21	8.74k	ndpi_free(entry);
22	8.74k	}
23		static void __walk(const void a, ndpi_VISIT which, int depth, void user_data)
24	44.0k	{
25	44.0k	(void)which;
26	44.0k	(void)depth;
27
28	44.0k	assert(user_data == NULL && a);
29	44.0k	}
30
31	218	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
32	218	FuzzedDataProvider fuzzed_data(data, size);
33	218	u_int16_t i, num_iteration, is_added = 0;
34	218	void *root = NULL;
35	218	u_int32_t entry, value_added, e, e2;
36
37		/* Just to have some data */
38	218	if (fuzzed_data.remaining_bytes() < 1024)
39	18	return -1;
40
41		/* To allow memory allocation failures */
42	200	fuzz_set_alloc_callbacks_and_seed(size);
43
44	200	num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
45	23.2k	for (i = 0; i < num_iteration; i++) {
46	23.0k	entry = (u_int32_t *)ndpi_malloc(sizeof(u_int32_t));
47	23.0k	if (!entry)
48	1.68k	continue;
49	21.3k	*entry = fuzzed_data.ConsumeIntegral<u_int32_t>();
50
51	21.3k	if(ndpi_tfind(entry, &root, __compare) == NULL) {
52	16.9k	if(ndpi_tsearch(entry, fuzzed_data.ConsumeBool() ? &root : NULL, __compare) == NULL) {
53	7.22k	ndpi_free(entry);
54	9.71k	} else {
55		/* Keep one random entry really added */
56	9.71k	if (is_added == 0 && fuzzed_data.ConsumeBool()) {
57	135	value_added = *entry;
58	135	is_added = 1;
59	135	}
60	9.71k	}
61	16.9k	} else {
62	4.45k	ndpi_free(entry);
63	4.45k	}
64	21.3k	}
65
66		/* "Random" search */
67	200	num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
68	8.75k	for (i = 0; i < num_iteration; i++) {
69	8.55k	e = fuzzed_data.ConsumeIntegral<u_int32_t>();
70
71	8.55k	ndpi_tfind(&e, fuzzed_data.ConsumeBool() ? &root : NULL, __compare);
72	8.55k	}
73		/* Search of an added node */
74	200	if (is_added) {
75	135	ndpi_tfind(&value_added, &root, __compare);
76	135	}
77
78	200	ndpi_twalk(root, __walk, NULL);
79
80		/* "Random" delete */
81	200	num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
82	12.6k	for (i = 0; i < num_iteration; i++) {
83	12.4k	e = fuzzed_data.ConsumeIntegral<u_int32_t>();
84
85	12.4k	e2 = (u_int32_t *)ndpi_tdelete(&e, &root, __compare);
86	12.4k	ndpi_free(e2);
87	12.4k	}
88		/* Delete of an added node */
89	200	if (is_added) {
90	135	e2 = (u_int32_t *)ndpi_tdelete(&value_added, &root, __compare);
91	135	ndpi_free(e2);
92	135	}
93
94	200	ndpi_twalk(root, __walk, NULL);
95
96	200	ndpi_tdestroy(root, __free);
97
98	200	return 0;
99	218	}

Coverage Report

Created: 2025-11-06 06:43