/src/unit/fuzzing/nxt_http_controller_fuzz.c

Source (jump to first uncovered line)
/*
 * Copyright (C) NGINX, Inc.
 */

#include <nxt_main.h>

/* DO NOT TRY THIS AT HOME! */
#include "nxt_controller.c"


#define KMININPUTLENGTH 2
#define KMAXINPUTLENGTH 1024


extern int LLVMFuzzerInitialize(int *argc, char ***argv);
extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);


extern char  **environ;


int
LLVMFuzzerInitialize(int *argc, char ***argv)
{
    nxt_int_t  ret;

    if (nxt_lib_start("fuzzing", NULL, &environ) != NXT_OK) {
        return NXT_ERROR;
    }

    ret = nxt_http_fields_hash(&nxt_controller_fields_hash,
                               nxt_controller_request_fields,
                               nxt_nitems(nxt_controller_request_fields));
    if (ret != NXT_OK) {
        return NXT_ERROR;
    }

    return 0;
}


int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
    nxt_mp_t                  *mp;
    nxt_int_t                 rc;
    nxt_buf_mem_t             buf;
    nxt_controller_request_t  *req;
    nxt_http_request_parse_t  rp;

    if (size < KMININPUTLENGTH || size > KMAXINPUTLENGTH) {
        return 0;
    }

    mp = nxt_mp_create(1024, 128, 256, 32);
    if (mp == NULL) {
        return 0;
    }

    req = nxt_mp_zget(mp, sizeof(nxt_controller_request_t));
    if (req == NULL) {
        goto failed;
    }

    req->conn = nxt_mp_zget(mp, sizeof(nxt_conn_t));
    if (req->conn == NULL) {
        goto failed;
    }

    buf.start = (u_char *)data;
    buf.end = (u_char *)data + size;
    buf.pos = buf.start;
    buf.free = buf.end;

    nxt_main_log.level = NXT_LOG_ALERT;
    req->conn->log = nxt_main_log;

    nxt_memzero(&rp, sizeof(nxt_http_request_parse_t));

    rc = nxt_http_parse_request_init(&rp, mp);
    if (rc != NXT_OK) {
        goto failed;
    }

    rc = nxt_http_parse_request(&rp, &buf);
    if (rc != NXT_DONE) {
        goto failed;
    }

    nxt_http_fields_process(rp.fields, &nxt_controller_fields_hash,
                            req);

failed:

    nxt_mp_destroy(mp);

    return 0;
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright (C) NGINX, Inc.
3		*/
4
5		#include <nxt_main.h>
6
7		/* DO NOT TRY THIS AT HOME! */
8		#include "nxt_controller.c"
9
10
11	5.02k	#define KMININPUTLENGTH 2
12	2.51k	#define KMAXINPUTLENGTH 1024
13
14
15		extern int LLVMFuzzerInitialize(int argc, char **argv);
16		extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
17
18
19		extern char **environ;
20
21
22		int
23		LLVMFuzzerInitialize(int argc, char **argv)
24	6	{
25	6	nxt_int_t ret;
26
27	6	if (nxt_lib_start("fuzzing", NULL, &environ) != NXT_OK) {
28	0	return NXT_ERROR;
29	0	}
30
31	6	ret = nxt_http_fields_hash(&nxt_controller_fields_hash,
32	6	nxt_controller_request_fields,
33	6	nxt_nitems(nxt_controller_request_fields));
34	6	if (ret != NXT_OK) {
35	0	return NXT_ERROR;
36	0	}
37
38	6	return 0;
39	6	}
40
41
42		int
43		LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
44	2.51k	{
45	2.51k	nxt_mp_t *mp;
46	2.51k	nxt_int_t rc;
47	2.51k	nxt_buf_mem_t buf;
48	2.51k	nxt_controller_request_t *req;
49	2.51k	nxt_http_request_parse_t rp;
50
51	2.51k	if (size < KMININPUTLENGTH \|\| size > KMAXINPUTLENGTH) {
52	24	return 0;
53	24	}
54
55	2.49k	mp = nxt_mp_create(1024, 128, 256, 32);
56	2.49k	if (mp == NULL) {
57	0	return 0;
58	0	}
59
60	2.49k	req = nxt_mp_zget(mp, sizeof(nxt_controller_request_t));
61	2.49k	if (req == NULL) {
62	0	goto failed;
63	0	}
64
65	2.49k	req->conn = nxt_mp_zget(mp, sizeof(nxt_conn_t));
66	2.49k	if (req->conn == NULL) {
67	0	goto failed;
68	0	}
69
70	2.49k	buf.start = (u_char *)data;
71	2.49k	buf.end = (u_char *)data + size;
72	2.49k	buf.pos = buf.start;
73	2.49k	buf.free = buf.end;
74
75	2.49k	nxt_main_log.level = NXT_LOG_ALERT;
76	2.49k	req->conn->log = nxt_main_log;
77
78	2.49k	nxt_memzero(&rp, sizeof(nxt_http_request_parse_t));
79
80	2.49k	rc = nxt_http_parse_request_init(&rp, mp);
81	2.49k	if (rc != NXT_OK) {
82	0	goto failed;
83	0	}
84
85	2.49k	rc = nxt_http_parse_request(&rp, &buf);
86	2.49k	if (rc != NXT_DONE) {
87	2.08k	goto failed;
88	2.08k	}
89
90	403	nxt_http_fields_process(rp.fields, &nxt_controller_fields_hash,
91	403	req);
92
93	2.49k	failed:
94
95	2.49k	nxt_mp_destroy(mp);
96
97	2.49k	return 0;
98	403	}

Coverage Report

Created: 2025-08-29 06:30