[netty] Add more fuzz targets (#9224)

2022-12-17 07:45:43 +09:00 · 2022-12-17 07:45:43 +09:00 · 41e629718d
parent 40ed51071e
commit 41e629718d
5 changed files with 168 additions and 63 deletions
--- a/projects/netty/pom.xml
+++ b/projects/netty/pom.xml
@ -11,8 +11,8 @@
 		<maven.compiler.source>15</maven.compiler.source>
 		<maven.compiler.target>15</maven.compiler.target>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<fuzzedLibaryVersion>4.0.0-SNAPSHOT</fuzzedLibaryVersion>
+		<fuzzedLibaryVersion>4.1.85.Final</fuzzedLibaryVersion>
-		<exec.mainClass>ServerCookieDecoderFuzzer</exec.mainClass>
+		<exec.mainClass>io.netty.handler.codec.http.cookie.ServerCookieDecoderFuzzer</exec.mainClass>
 	</properties>
 	<!-- This repositories list is copy pasted from the projects' main BOM -->
--- a/projects/netty/src/main/java/io/netty/buffer/ByteBufUtilFuzzer.java
+++ b/projects/netty/src/main/java/io/netty/buffer/ByteBufUtilFuzzer.java
@ -0,0 +1,122 @@
 // Copyright 2022 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ////////////////////////////////////////////////////////////////////////////////
 package io.netty.buffer;
 import java.nio.charset.Charset;
 import java.nio.CharBuffer;
 import com.code_intelligence.jazzer.api.FuzzedDataProvider;
 public class ByteBufUtilFuzzer {
 	private FuzzedDataProvider fuzzedDataProvider;
 	public ByteBufUtilFuzzer(FuzzedDataProvider fuzzedDataProvider) {
 		this.fuzzedDataProvider = fuzzedDataProvider;
 	}
 	byte[] getByteArray() {
 		int length = fuzzedDataProvider.consumeInt(0, fuzzedDataProvider.remainingBytes());
 		return fuzzedDataProvider.consumeBytes(length);
 	}
 	CharBuffer getCharBuffer() {
 		CharSequence charSequence = getCharSequence();
 		CharBuffer charBuffer = CharBuffer.allocate(charSequence.length());
 		charBuffer.put(charSequence.toString());
 		return charBuffer;
 	}
 	CharSequence getCharSequence() {
 		int length = fuzzedDataProvider.consumeInt(0, fuzzedDataProvider.remainingBytes());
 		return fuzzedDataProvider.consumeString(length);
 	}
 	int validIndex(ByteBuf buffer) {
 		int max = buffer.capacity();
 		if (max != 0) {
 			max -= 1; // zero index is first element
 		}
 		return fuzzedDataProvider.consumeInt(0, max);
 	}
 	int validLength(ByteBuf buffer, int start) {
 		int length = validIndex(buffer);
 		if (start + length > buffer.capacity()) {
 			length = buffer.capacity() - start;
 			length -= 1; // zero index is first element
 		}
 		return length;
 	}
 	void test() {
 		try {
 			int fromIndex = fuzzedDataProvider.consumeInt();
 			int toIndex = fuzzedDataProvider.consumeInt();
 			byte value = fuzzedDataProvider.consumeByte();
 			ByteBuf buffer = Unpooled.copiedBuffer(getByteArray());
 			ByteBuf secondBuffer = Unpooled.copiedBuffer(getByteArray());
 			if (buffer.capacity() != 0) {
 				// fromIndex and toIndex need to be valid indices, or indexOf
 				// will throw an out of bounds exception, which is not
 				// documented
 				ByteBufUtil.indexOf(buffer, Math.abs(fromIndex % buffer.capacity()), Math.abs(toIndex % buffer.capacity()), value);
 			}
 			ByteBufUtil.indexOf(secondBuffer, buffer);
 			ByteBufUtil.hexDump(buffer);
 			ByteBufUtil.hashCode(buffer);
 			CharSequence charSequence = getCharSequence();
 			if (buffer.capacity() >= buffer.writerIndex() + charSequence.length()) {
 				ByteBufUtil.writeUtf8(buffer, charSequence);
 			}
 			ByteBufUtil.writeUtf8(buffer.alloc(), charSequence);
 			ByteBufUtil.encodeString(buffer.alloc(), getCharBuffer(), Charset.forName("UTF-8"));
 			if(buffer.capacity() != 0) {
 				// again, out of bounds exceptions if the input array is empty
 				int index = validIndex(buffer);
 				int length = validLength(buffer, index);
 				ByteBufUtil.decodeString(buffer, index, length, Charset.forName("US-ASCII"));
 				CompositeByteBuf compositeByteBuf = Unpooled.compositeBuffer().addComponent(buffer);
 				ByteBufUtil.firstIndexOf(compositeByteBuf, index, length, value);
 			}
 			ByteBufUtil.equals(buffer, secondBuffer);
 			ByteBufUtil.compare(buffer, secondBuffer);
 			ByteBufUtil.appendPrettyHexDump(new StringBuilder(charSequence), secondBuffer);
 			int index = validIndex(buffer);
 			int length = validLength(buffer, index);
 			ByteBufUtil.isText(buffer, Charset.forName("UTF-8"));
 			ByteBufUtil.isText(buffer,index, length, Charset.forName("UTF-8"));
 			ByteBufUtil.prettyHexDump(buffer);
 			ByteBufUtil.swapInt(fuzzedDataProvider.consumeInt());
 			ByteBufUtil.swapLong(fuzzedDataProvider.consumeLong());
 			ByteBufUtil.swapMedium(fuzzedDataProvider.consumeInt());
 			ByteBufUtil.swapShort(fuzzedDataProvider.consumeShort());
 		} catch (IllegalArgumentException e) {
 		} catch (IllegalStateException e) {
 		}
 	}
 	public static void fuzzerTestOneInput(FuzzedDataProvider fuzzedDataProvider) {
 		ByteBufUtilFuzzer fixture = new ByteBufUtilFuzzer(fuzzedDataProvider);
 		fixture.test();
 	}
 }
--- a/projects/netty/src/main/java/io/netty/buffer/LongLongHashMapFuzzer.java
+++ b/projects/netty/src/main/java/io/netty/buffer/LongLongHashMapFuzzer.java
@ -0,0 +1,43 @@
 package io.netty.buffer;
 import com.code_intelligence.jazzer.api.FuzzedDataProvider;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 public class LongLongHashMapFuzzer {
    private FuzzedDataProvider fuzzedDataProvider;
    public LongLongHashMapFuzzer(FuzzedDataProvider fuzzedDataProvider) {
        this.fuzzedDataProvider = fuzzedDataProvider;
    }
    void test() {
        Map<Long, Long> expected = new HashMap<Long, Long>();
        LongLongHashMap actual = new LongLongHashMap(-1);
        while (fuzzedDataProvider.remainingBytes() >= 9 /* sizeof(long) + sizeof(byte) */) {
            long value = fuzzedDataProvider.consumeLong();
            if (expected.containsKey(value)) {
                if (fuzzedDataProvider.consumeBoolean()) {
                    actual.remove(value);
                    expected.remove(value);
                } else {
                    long v = expected.get(value);
                    actual.put(value, -v);
                    expected.put(value, -v);
                }
            } else {
                actual.put(value, value);
                expected.put(value, value);
            }
        }
    }
    public static void fuzzerTestOneInput(FuzzedDataProvider fuzzedDataProvider) {
        LongLongHashMapFuzzer fixture = new LongLongHashMapFuzzer(fuzzedDataProvider);
        fixture.test();
    }
 }
--- a/projects/netty/src/main/java/io/netty/handler/codec/http/cookie/ServerCookieDecoderFuzzer.java
+++ b/projects/netty/src/main/java/io/netty/handler/codec/http/cookie/ServerCookieDecoderFuzzer.java
@ -14,10 +14,9 @@
 //
 ////////////////////////////////////////////////////////////////////////////////
-package ossfuzz;
+package io.netty.handler.codec.http.cookie;
 import com.code_intelligence.jazzer.api.FuzzedDataProvider;
 import io.netty.handler.codec.http.cookie.ServerCookieDecoder;
 public class ServerCookieDecoderFuzzer {
--- a/projects/netty/src/main/java/ossfuzz/ByteBufUtilFuzzer.java
+++ b/projects/netty/src/main/java/ossfuzz/ByteBufUtilFuzzer.java
@ -1,59 +0,0 @@
 // Copyright 2022 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 //
 ////////////////////////////////////////////////////////////////////////////////
 package ossfuzz;
 import com.code_intelligence.jazzer.api.FuzzedDataProvider;
 import io.netty.buffer.ByteBufUtil;
 import io.netty.buffer.Unpooled;
 public class ByteBufUtilFuzzer {
    private FuzzedDataProvider fuzzedDataProvider;
 	public ByteBufUtilFuzzer(FuzzedDataProvider fuzzedDataProvider) {
 		this.fuzzedDataProvider = fuzzedDataProvider;
 	}
 	void test() {
 		try {
 			var fromIndex = fuzzedDataProvider.consumeInt();
 			var toIndex = fuzzedDataProvider.consumeInt();
 			var value = fuzzedDataProvider.consumeByte();
 			byte[] bytes = fuzzedDataProvider.consumeRemainingAsBytes();
 			var buf = Unpooled.copiedBuffer(bytes);
 			if (bytes.length != 0) {
 				// fromIndex and toIndex need to be valid indices, or indexOf
 				// will throw an out of bounds exception, which is not
 				// documented
 				ByteBufUtil.indexOf(buf, Math.abs(fromIndex % bytes.length), Math.abs(toIndex % bytes.length), value);
 			}
 		} catch (IllegalArgumentException e) {
 		}
 	}
 	public static void fuzzerTestOneInput(FuzzedDataProvider fuzzedDataProvider) {
 		ByteBufUtilFuzzer fixture = new ByteBufUtilFuzzer(fuzzedDataProvider);
 		fixture.test();
 	}
 }