/src/net-snmp/testing/fuzzing/ada_fuzz_header.h

Source
/*
  * Copyright (c) 2021, Net-snmp authors
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  * * Redistributions of source code must retain the above copyright notice, this
  *   list of conditions and the following disclaimer.
  *
  * * Redistributions in binary form must reproduce the above copyright notice,
  *   this list of conditions and the following disclaimer in the documentation
  *   and/or other materials provided with the distribution.
  *
  * * Neither the name of the copyright holder nor the names of its
  *   contributors may be used to endorse or promote products derived from
  *   this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/

/*
 * Declare functions.
 */
void af_gb_init(void);
void af_gb_cleanup(void);

// Simple garbage collector 
#define GB_SIZE 100

void *pointer_arr[GB_SIZE];
int pointer_idx;

// If the garbage collector is used then this must be called as first thing
// during a fuzz run.
void af_gb_init() {
  pointer_idx = 0;

   for (int i = 0; i < GB_SIZE; i++) {
     pointer_arr[i] = NULL;
   }
}

void af_gb_cleanup() {
  for(int i = 0; i < GB_SIZE; i++) {
    if (pointer_arr[i] != NULL) {
      free(pointer_arr[i]);
    }
  }
}

void *af_get_null_terminated(const uint8_t **data, size_t *size) {
#define STR_SIZE 75
  if (*size < STR_SIZE || (int)*size < 0) {
    return NULL;
  }

  void *new_s = malloc(STR_SIZE + 1);
  memcpy(new_s, *data, STR_SIZE);
  ((uint8_t *)new_s)[STR_SIZE] = '\0';

  *data = *data+STR_SIZE;
  *size -= STR_SIZE;
  return new_s;
}

void *af_gb_get_random_data(const uint8_t **data, size_t *size, size_t to_get) {
  if (*size < to_get || (int)*size < 0) {
    return NULL;
  }

  void *new_s = malloc(to_get);
  memcpy(new_s, *data, to_get);

  pointer_arr[pointer_idx++] = new_s;
  
  *data = *data + to_get;
  *size -= to_get;

  return new_s;
}

void *af_gb_get_null_terminated(const uint8_t **data, size_t *size) {

  void *nstr = af_get_null_terminated(data, size);
  if (nstr == NULL) {
    return NULL;
  }
  pointer_arr[pointer_idx++] = nstr;
  return nstr;
}

void *af_gb_alloc_data(size_t len) {
  void *ptr = calloc(1, len);
  pointer_arr[pointer_idx++] = ptr;
  
  return ptr;
}

short af_get_short(const uint8_t **data, size_t *size) {
  if (*size <= 0) return 0;
  short c = (short)(*data)[0];
  *data += 1;
  *size -= 1;
  return c;
}

int af_get_int(const uint8_t **data, size_t *size) {
  if (*size <= 4) return 0;
  const uint8_t *ptr = *data;
  int val = *((const int*)ptr);
  *data += 4;
  *size -= 4;
  return val;
}
// end simple garbage collector.

Line	Count	Source
1		/*
2		* Copyright (c) 2021, Net-snmp authors
3		* All rights reserved.
4		*
5		* Redistribution and use in source and binary forms, with or without
6		* modification, are permitted provided that the following conditions are met:
7		*
8		* * Redistributions of source code must retain the above copyright notice, this
9		* list of conditions and the following disclaimer.
10		*
11		* * Redistributions in binary form must reproduce the above copyright notice,
12		* this list of conditions and the following disclaimer in the documentation
13		* and/or other materials provided with the distribution.
14		*
15		* * Neither the name of the copyright holder nor the names of its
16		* contributors may be used to endorse or promote products derived from
17		* this software without specific prior written permission.
18		*
19		* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20		* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
22		* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
23		* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24		* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
25		* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
26		* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
27		* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28		* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29		*/
30
31		/*
32		* Declare functions.
33		*/
34		void af_gb_init(void);
35		void af_gb_cleanup(void);
36
37		// Simple garbage collector
38	3.31M	#define GB_SIZE 100
39
40		void *pointer_arr[GB_SIZE];
41		int pointer_idx;
42
43		// If the garbage collector is used then this must be called as first thing
44		// during a fuzz run.
45	16.4k	void af_gb_init() {
46	16.4k	pointer_idx = 0;
47
48	1.65M	for (int i = 0; i < GB_SIZE; i++) {
49	1.64M	pointer_arr[i] = NULL;
50	1.64M	}
51	16.4k	}
52
53	16.4k	void af_gb_cleanup() {
54	1.65M	for(int i = 0; i < GB_SIZE; i++) {
55	1.64M	if (pointer_arr[i] != NULL) {
56	75.0k	free(pointer_arr[i]);
57	75.0k	}
58	1.64M	}
59	16.4k	}
60
61	76.2k	void af_get_null_terminated(const uint8_t data, size_t size) {
62	484k	#define STR_SIZE 75
63	76.2k	if (size < STR_SIZE \|\| (int)size < 0) {
64	9.84k	return NULL;
65	9.84k	}
66
67	66.4k	void *new_s = malloc(STR_SIZE + 1);
68	66.4k	memcpy(new_s, *data, STR_SIZE);
69	66.4k	((uint8_t *)new_s)[STR_SIZE] = '\0';
70
71	66.4k	data = data+STR_SIZE;
72	66.4k	*size -= STR_SIZE;
73	66.4k	return new_s;
74	76.2k	}
75
76	10.4k	void af_gb_get_random_data(const uint8_t data, size_t size, size_t to_get) {
77	10.4k	if (size < to_get \|\| (int)size < 0) {
78	1.44k	return NULL;
79	1.44k	}
80
81	8.96k	void *new_s = malloc(to_get);
82	8.96k	memcpy(new_s, *data, to_get);
83
84	8.96k	pointer_arr[pointer_idx++] = new_s;
85
86	8.96k	data = data + to_get;
87	8.96k	*size -= to_get;
88
89	8.96k	return new_s;
90	10.4k	}
91
92	72.6k	void af_gb_get_null_terminated(const uint8_t data, size_t size) {
93
94	72.6k	void *nstr = af_get_null_terminated(data, size);
95	72.6k	if (nstr == NULL) {
96	6.57k	return NULL;
97	6.57k	}
98	66.0k	pointer_arr[pointer_idx++] = nstr;
99	66.0k	return nstr;
100	72.6k	}
101
102	0	void *af_gb_alloc_data(size_t len) {
103	0	void *ptr = calloc(1, len);
104	0	pointer_arr[pointer_idx++] = ptr;
105
106	0	return ptr;
107	0	}
108
109	21.6k	short af_get_short(const uint8_t *data, size_t size) {
110	21.6k	if (*size <= 0) return 0;
111	21.1k	short c = (short)(*data)[0];
112	21.1k	*data += 1;
113	21.1k	*size -= 1;
114	21.1k	return c;
115	21.6k	}
116
117	32.3k	int af_get_int(const uint8_t *data, size_t size) {
118	32.3k	if (*size <= 4) return 0;
119	20.6k	const uint8_t ptr = data;
120	20.6k	int val = ((const int)ptr);
121	20.6k	*data += 4;
122	20.6k	*size -= 4;
123	20.6k	return val;
124	32.3k	}
125		// end simple garbage collector.

Coverage Report

Created: 2026-04-12 06:59