/src/ndpi/fuzz/fuzz_ds_tree.cpp

Source
#include "ndpi_api.h"
#include "fuzz_common_code.h"

#include <stdint.h>
#include <stdio.h>
#include <assert.h>
#include "fuzzer/FuzzedDataProvider.h"

static int __compare(const void *a, const void *b)
{
  u_int32_t *entry_a, *entry_b;

  entry_a = (u_int32_t *)a;
  entry_b = (u_int32_t *)b;

  return *entry_a == *entry_b ? 0 : (*entry_a < *entry_b ? -1 : +1);
}
static void __free(void * const node)
{
  u_int32_t *entry = (u_int32_t *)node;
  ndpi_free(entry);
}
static void __walk(const void *a, ndpi_VISIT which, int depth, void *user_data)
{
  (void)which;
  (void)depth;

  assert(user_data == NULL && a);
}

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  FuzzedDataProvider fuzzed_data(data, size);
  u_int16_t i, num_iteration, is_added = 0;
  void *root = NULL;
  u_int32_t *entry, value_added, e, *e2;

  /* Just to have some data */
  if (fuzzed_data.remaining_bytes() < 1024)
    return -1;

  /* To allow memory allocation failures */
  fuzz_set_alloc_callbacks_and_seed(size);

  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
  for (i = 0; i < num_iteration; i++) {
    entry = (u_int32_t *)ndpi_malloc(sizeof(u_int32_t));
    if (!entry)
      continue;
    *entry = fuzzed_data.ConsumeIntegral<u_int32_t>();
    
    if(ndpi_tfind(entry, &root, __compare) == NULL) {
      if(ndpi_tsearch(entry, fuzzed_data.ConsumeBool() ? &root : NULL, __compare) == NULL) {
        ndpi_free(entry);
      } else {
        /* Keep one random entry really added */
        if (is_added == 0 && fuzzed_data.ConsumeBool()) {
          value_added = *entry;
          is_added = 1;
        }
      }
    } else {
      ndpi_free(entry);
    }
  }

  /* "Random" search */
  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
  for (i = 0; i < num_iteration; i++) {
    e = fuzzed_data.ConsumeIntegral<u_int32_t>();

    ndpi_tfind(&e, fuzzed_data.ConsumeBool() ? &root : NULL, __compare);
  }
  /* Search of an added node */
  if (is_added) {
    ndpi_tfind(&value_added, &root, __compare);
  }

  ndpi_twalk(root, __walk, NULL);

  /* "Random" delete */
  num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
  for (i = 0; i < num_iteration; i++) {
    e = fuzzed_data.ConsumeIntegral<u_int32_t>();

    e2 = (u_int32_t *)ndpi_tdelete(&e, &root, __compare);
    ndpi_free(e2);
  }
  /* Delete of an added node */
  if (is_added) {
    e2 = (u_int32_t *)ndpi_tdelete(&value_added, &root, __compare);
    ndpi_free(e2);
  }

  ndpi_twalk(root, __walk, NULL);

  ndpi_tdestroy(root, __free);

  return 0;
}

Line	Count	Source
1		#include "ndpi_api.h"
2		#include "fuzz_common_code.h"
3
4		#include <stdint.h>
5		#include <stdio.h>
6		#include <assert.h>
7		#include "fuzzer/FuzzedDataProvider.h"
8
9		static int __compare(const void a, const void b)
10	464k	{
11	464k	u_int32_t entry_a, entry_b;
12
13	464k	entry_a = (u_int32_t *)a;
14	464k	entry_b = (u_int32_t *)b;
15
16	464k	return entry_a == entry_b ? 0 : (entry_a < entry_b ? -1 : +1);
17	464k	}
18		static void __free(void * const node)
19	9.37k	{
20	9.37k	u_int32_t entry = (u_int32_t )node;
21	9.37k	ndpi_free(entry);
22	9.37k	}
23		static void __walk(const void a, ndpi_VISIT which, int depth, void user_data)
24	47.5k	{
25	47.5k	(void)which;
26	47.5k	(void)depth;
27
28	47.5k	assert(user_data == NULL && a);
29	47.5k	}
30
31	226	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
32	226	FuzzedDataProvider fuzzed_data(data, size);
33	226	u_int16_t i, num_iteration, is_added = 0;
34	226	void *root = NULL;
35	226	u_int32_t entry, value_added, e, e2;
36
37		/* Just to have some data */
38	226	if (fuzzed_data.remaining_bytes() < 1024)
39	18	return -1;
40
41		/* To allow memory allocation failures */
42	208	fuzz_set_alloc_callbacks_and_seed(size);
43
44	208	num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
45	23.2k	for (i = 0; i < num_iteration; i++) {
46	23.0k	entry = (u_int32_t *)ndpi_malloc(sizeof(u_int32_t));
47	23.0k	if (!entry)
48	1.70k	continue;
49	21.3k	*entry = fuzzed_data.ConsumeIntegral<u_int32_t>();
50
51	21.3k	if(ndpi_tfind(entry, &root, __compare) == NULL) {
52	18.0k	if(ndpi_tsearch(entry, fuzzed_data.ConsumeBool() ? &root : NULL, __compare) == NULL) {
53	7.76k	ndpi_free(entry);
54	10.2k	} else {
55		/* Keep one random entry really added */
56	10.2k	if (is_added == 0 && fuzzed_data.ConsumeBool()) {
57	132	value_added = *entry;
58	132	is_added = 1;
59	132	}
60	10.2k	}
61	18.0k	} else {
62	3.28k	ndpi_free(entry);
63	3.28k	}
64	21.3k	}
65
66		/* "Random" search */
67	208	num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
68	10.2k	for (i = 0; i < num_iteration; i++) {
69	10.0k	e = fuzzed_data.ConsumeIntegral<u_int32_t>();
70
71	10.0k	ndpi_tfind(&e, fuzzed_data.ConsumeBool() ? &root : NULL, __compare);
72	10.0k	}
73		/* Search of an added node */
74	208	if (is_added) {
75	132	ndpi_tfind(&value_added, &root, __compare);
76	132	}
77
78	208	ndpi_twalk(root, __walk, NULL);
79
80		/* "Random" delete */
81	208	num_iteration = fuzzed_data.ConsumeIntegral<u_int8_t>();
82	14.5k	for (i = 0; i < num_iteration; i++) {
83	14.3k	e = fuzzed_data.ConsumeIntegral<u_int32_t>();
84
85	14.3k	e2 = (u_int32_t *)ndpi_tdelete(&e, &root, __compare);
86	14.3k	ndpi_free(e2);
87	14.3k	}
88		/* Delete of an added node */
89	208	if (is_added) {
90	132	e2 = (u_int32_t *)ndpi_tdelete(&value_added, &root, __compare);
91	132	ndpi_free(e2);
92	132	}
93
94	208	ndpi_twalk(root, __walk, NULL);
95
96	208	ndpi_tdestroy(root, __free);
97
98	208	return 0;
99	226	}

Coverage Report

Created: 2026-01-05 06:49