Line | Count | Source (jump to first uncovered line) |
1 | | /* Copyright 2021 Google LLC |
2 | | Licensed under the Apache License, Version 2.0 (the "License"); |
3 | | you may not use this file except in compliance with the License. |
4 | | You may obtain a copy of the License at |
5 | | http://www.apache.org/licenses/LICENSE-2.0 |
6 | | Unless required by applicable law or agreed to in writing, software |
7 | | distributed under the License is distributed on an "AS IS" BASIS, |
8 | | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
9 | | See the License for the specific language governing permissions and |
10 | | limitations under the License. |
11 | | */ |
12 | | |
13 | | #include "config.h" |
14 | | #include "syshead.h" |
15 | | #include "init.h" |
16 | | #include "packet_id.h" |
17 | | |
18 | | #include "fuzz_randomizer.h" |
19 | | |
20 | 842 | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { |
21 | 842 | fuzz_random_init(data, size); |
22 | | |
23 | 842 | struct packet_id pid; |
24 | 842 | struct packet_id_net pin; |
25 | 842 | const int seq_backtrack = 10; |
26 | 842 | const int time_backtrack = 10; |
27 | | |
28 | 842 | packet_id_init(&pid, seq_backtrack, time_backtrack, "name", 0); |
29 | | |
30 | 842 | int total_sends = fuzz_randomizer_get_int(0, 10); |
31 | 4.12k | for (int i = 0; i < total_sends; i++) { |
32 | 3.28k | update_time(); |
33 | 3.28k | pin.time = fuzz_randomizer_get_int(0, 0xfffffff); |
34 | 3.28k | pin.id = fuzz_randomizer_get_int(0, 0xfffffff); |
35 | | |
36 | 3.28k | packet_id_reap_test(&pid.rec); |
37 | 3.28k | bool test = packet_id_test(&pid.rec, &pin); |
38 | 3.28k | if (test) { |
39 | 829 | packet_id_add(&pid.rec, &pin); |
40 | 829 | } |
41 | 3.28k | } |
42 | 842 | packet_id_free(&pid); |
43 | | |
44 | | // packet id send |
45 | 842 | char *tmp2 = get_random_string(); |
46 | 842 | if (strlen(tmp2) > sizeof(struct packet_id_send)) { |
47 | 173 | struct packet_id_send pidsend; |
48 | 173 | memcmp(&pidsend, tmp2, sizeof(struct packet_id_send)); |
49 | | |
50 | 173 | struct timeval tv; |
51 | 173 | tv.tv_sec = pidsend.time; |
52 | 173 | tv.tv_usec = 0; |
53 | 173 | if (localtime(&tv)) { |
54 | 173 | struct buffer iv_buffer; |
55 | 173 | buf_set_write(&iv_buffer, tmp2, strlen(tmp2)); |
56 | 173 | packet_id_write(&pidsend, &iv_buffer, false, false); |
57 | 173 | packet_id_write(&pidsend, &iv_buffer, false, true); |
58 | 173 | packet_id_write(&pidsend, &iv_buffer, true, true); |
59 | 173 | packet_id_write(&pidsend, &iv_buffer, true, false); |
60 | 173 | } |
61 | 173 | } |
62 | 842 | free(tmp2); |
63 | | |
64 | 842 | struct gc_arena gc; |
65 | 842 | gc = gc_new(); |
66 | 842 | struct buffer buf; |
67 | 842 | char *tmp = get_random_string(); |
68 | 842 | buf = string_alloc_buf(tmp, &gc); |
69 | 842 | free(tmp); |
70 | 842 | packet_id_read(&pid, &buf, false); |
71 | 842 | packet_id_read(&pid, &buf, true); |
72 | 842 | gc_free(&gc); |
73 | | |
74 | 842 | char filename[256]; |
75 | 842 | sprintf(filename, "/tmp/libfuzzer.%d", getpid()); |
76 | | |
77 | 842 | FILE *fp = fopen(filename, "wb"); |
78 | 842 | if (!fp) { |
79 | 0 | return 0; |
80 | 0 | } |
81 | 842 | fwrite(data, size, 1, fp); |
82 | 842 | fclose(fp); |
83 | | |
84 | 842 | struct packet_id_persist p; |
85 | 842 | memset(&p, 0, sizeof(struct packet_id_persist)); |
86 | 842 | packet_id_persist_init(&p); |
87 | 842 | packet_id_persist_load(&p, filename); |
88 | | //p.time = NULL; |
89 | 842 | struct timeval tv; |
90 | 842 | tv.tv_sec = p.time; |
91 | 842 | tv.tv_usec = 0; |
92 | 842 | if (localtime(&tv) != NULL) { |
93 | 608 | gc = gc_new(); |
94 | 608 | p.id_last_written = fuzz_randomizer_get_int(0, 0xfffffff); |
95 | | //packet_id_persist_print(&p, &gc); |
96 | 608 | packet_id_persist_save(&p); |
97 | 608 | gc_free(&gc); |
98 | 608 | } |
99 | | |
100 | 842 | packet_id_persist_close(&p); |
101 | | |
102 | 842 | fuzz_random_destroy(); |
103 | 842 | return 0; |
104 | 842 | } |