/src/ndpi/fuzz/fuzz_ds_libcache.cpp

Source
#include "ndpi_api.h"
#include "../src/lib/third_party/include/libcache.h"
#include "fuzz_common_code.h"

#include <stdint.h>
#include <stdio.h>
#include <assert.h>
#include "fuzzer/FuzzedDataProvider.h"

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  FuzzedDataProvider fuzzed_data(data, size);
  u_int16_t i, rc, num_iteration, data_len, is_added = 0;
  std::vector<u_int8_t>value_added;
  cache_t c;

  /* Just to have some data */
  if (fuzzed_data.remaining_bytes() < 2048)
    return -1;

  /* To allow memory allocation failures */
  fuzz_set_alloc_callbacks_and_seed(size);

  c = cache_new(fuzzed_data.ConsumeIntegral<u_int8_t>());

  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
  for (i = 0; i < num_iteration; i++) {

    data_len = fuzzed_data.ConsumeIntegralInRange(0, 127);
    std::vector<u_int8_t>data = fuzzed_data.ConsumeBytes<u_int8_t>(data_len);

    rc = cache_add(c, data.data(), data.size());
    /* Keep one random entry really added */
    if (rc == CACHE_NO_ERROR && is_added == 0 && fuzzed_data.ConsumeBool()) {
      value_added = data;
      is_added = 1;
    }
  }

  /* "Random" search */
  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
  for (i = 0; i < num_iteration; i++) {
    data_len = fuzzed_data.ConsumeIntegralInRange(0, 127);
    std::vector<u_int8_t>data = fuzzed_data.ConsumeBytes<u_int8_t>(data_len);

    cache_contains(c, data.data(), data.size());
  }
  /* Search of an added entry */
  if (is_added) {
    cache_contains(c, value_added.data(), value_added.size());
  }

  /* "Random" remove */
  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
  for (i = 0; i < num_iteration; i++) {
    data_len = fuzzed_data.ConsumeIntegralInRange(0, 127);
    std::vector<u_int8_t>data = fuzzed_data.ConsumeBytes<u_int8_t>(data_len);

    cache_remove(c, data.data(), data.size());
  }
  /* Remove of an added entry */
  if (is_added) {
    cache_remove(c, value_added.data(), value_added.size());
  }

  cache_free(c);

  return 0;
}

Line	Count	Source
1		#include "ndpi_api.h"
2		#include "../src/lib/third_party/include/libcache.h"
3		#include "fuzz_common_code.h"
4
5		#include <stdint.h>
6		#include <stdio.h>
7		#include <assert.h>
8		#include "fuzzer/FuzzedDataProvider.h"
9
10	373	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
11	373	FuzzedDataProvider fuzzed_data(data, size);
12	373	u_int16_t i, rc, num_iteration, data_len, is_added = 0;
13	373	std::vector<u_int8_t>value_added;
14	373	cache_t c;
15
16		/* Just to have some data */
17	373	if (fuzzed_data.remaining_bytes() < 2048)
18	20	return -1;
19
20		/* To allow memory allocation failures */
21	353	fuzz_set_alloc_callbacks_and_seed(size);
22
23	353	c = cache_new(fuzzed_data.ConsumeIntegral<u_int8_t>());
24
25	353	num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
26	42.7k	for (i = 0; i < num_iteration; i++) {
27
28	42.3k	data_len = fuzzed_data.ConsumeIntegralInRange(0, 127);
29	42.3k	std::vector<u_int8_t>data = fuzzed_data.ConsumeBytes<u_int8_t>(data_len);
30
31	42.3k	rc = cache_add(c, data.data(), data.size());
32		/* Keep one random entry really added */
33	42.3k	if (rc == CACHE_NO_ERROR && is_added == 0 && fuzzed_data.ConsumeBool()) {
34	225	value_added = data;
35	225	is_added = 1;
36	225	}
37	42.3k	}
38
39		/* "Random" search */
40	353	num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
41	24.9k	for (i = 0; i < num_iteration; i++) {
42	24.6k	data_len = fuzzed_data.ConsumeIntegralInRange(0, 127);
43	24.6k	std::vector<u_int8_t>data = fuzzed_data.ConsumeBytes<u_int8_t>(data_len);
44
45	24.6k	cache_contains(c, data.data(), data.size());
46	24.6k	}
47		/* Search of an added entry */
48	353	if (is_added) {
49	225	cache_contains(c, value_added.data(), value_added.size());
50	225	}
51
52		/* "Random" remove */
53	353	num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
54	20.9k	for (i = 0; i < num_iteration; i++) {
55	20.5k	data_len = fuzzed_data.ConsumeIntegralInRange(0, 127);
56	20.5k	std::vector<u_int8_t>data = fuzzed_data.ConsumeBytes<u_int8_t>(data_len);
57
58	20.5k	cache_remove(c, data.data(), data.size());
59	20.5k	}
60		/* Remove of an added entry */
61	353	if (is_added) {
62	225	cache_remove(c, value_added.data(), value_added.size());
63	225	}
64
65	353	cache_free(c);
66
67	353	return 0;
68	373	}

Coverage Report

Created: 2025-12-10 06:39