/src/librabbitmq/fuzz/fuzz_handle_input.c
Line | Count | Source |
1 | | // Copyright 2007 - 2026, Arthur Chan and the rabbitmq-c contributors. |
2 | | // SPDX-License-Identifier: mit |
3 | | |
4 | | #include <errno.h> |
5 | | #include <inttypes.h> |
6 | | #include <stdio.h> |
7 | | #include <stdlib.h> |
8 | | #include <string.h> |
9 | | |
10 | | #include <rabbitmq-c/amqp.h> |
11 | | #include <rabbitmq-c/framing.h> |
12 | | |
13 | | // Drives amqp_handle_input(), the byte->frame wire parser, feeding the input one |
14 | | // frame at a time and advancing by the number of bytes it reports consuming. |
15 | 0 | extern int LLVMFuzzerTestOneInput(const char *data, size_t size) { |
16 | |
|
17 | 0 | amqp_connection_state_t conn; |
18 | 0 | amqp_bytes_t buffer; |
19 | 0 | size_t iterations = 0; |
20 | |
|
21 | 0 | if (size == 0) { |
22 | 0 | return 0; |
23 | 0 | } |
24 | | |
25 | 0 | conn = amqp_new_connection(); |
26 | 0 | if (conn == NULL) { |
27 | 0 | return 0; |
28 | 0 | } |
29 | | |
30 | 0 | buffer.bytes = (void *)data; |
31 | 0 | buffer.len = size; |
32 | |
|
33 | 0 | while (buffer.len > 0 && iterations < 4096) { |
34 | 0 | amqp_frame_t frame; |
35 | 0 | int res; |
36 | |
|
37 | 0 | memset(&frame, 0, sizeof(frame)); |
38 | 0 | res = amqp_handle_input(conn, buffer, &frame); |
39 | 0 | if (res <= 0) { |
40 | 0 | break; |
41 | 0 | } |
42 | | |
43 | 0 | buffer.bytes = (void *)((const char *)buffer.bytes + (size_t)res); |
44 | 0 | buffer.len -= (size_t)res; |
45 | |
|
46 | 0 | if (frame.frame_type != 0) { |
47 | 0 | amqp_maybe_release_buffers_on_channel(conn, frame.channel); |
48 | 0 | } |
49 | |
|
50 | 0 | iterations++; |
51 | 0 | } |
52 | |
|
53 | 0 | amqp_destroy_connection(conn); |
54 | 0 | return 0; |
55 | 0 | } |