diff --git a/test/fuzz/build.sh b/test/fuzz/build.sh new file mode 100755 index 000000000..dec34796a --- /dev/null +++ b/test/fuzz/build.sh @@ -0,0 +1,31 @@ +#!/bin/bash -eu + +mkdir _build && cd _build +cmake -DHAVE_TEST=OFF \ + -DTARGET_SLIMRDS=OFF \ + -DHAVE_ASSERT_PANIC=OFF \ + -DTARGET_SLIMCACHE=OFF \ + -DTARGET_RDS=OFF \ + -DTARGET_TWEMCACHE=OFF \ + -DTARGET_PINGSERVER=OFF \ + .. +make -j4 + +cd $SRC/pelikan/test/fuzz + +$CC $CFLAGS -DOS_LINUX -DUSE_EVENT_FD \ + -D_FiILE_OFFSET_BITS=64 -D_GNU_SOURCE \ + -I../../deps/ccommon/include \ + -I../../deps/ccommon/include/buffer \ + -I../../src/protocol/data/resp \ + -I../../_build \ + -O2 -std=c11 -ggdb3 \ + -fno-strict-aliasing -O2 \ + -std=c11 -ggdb3 \ + -fstrict-aliasing -O3 -fPIC \ + -o compiled.o -c fuzzer.c + +$CC $CFLAGS $LIB_FUZZING_ENGINE compiled.o -o $OUT/fuzzer \ + ../../_build/protocol/data/resp/libprotocol_resp.a \ + ../../_build/core/libcore.a \ + ../../_build/ccommon/lib/libccommon-2.1.0.a diff --git a/test/fuzz/fuzzer.c b/test/fuzz/fuzzer.c new file mode 100644 index 000000000..7a849e12b --- /dev/null +++ b/test/fuzz/fuzzer.c @@ -0,0 +1,39 @@ +#include "request.h" + +int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size){ + + // Null-terminate our string + char *new_str = (char *)malloc(size+1); + if (new_str == NULL){ + return 0; + } + memcpy(new_str, data, size); + new_str[size] = '\0'; + + // Create a constant + char str[(int)size+1]; + snprintf(str, (int)size+1, "%s", new_str); + int len = sizeof(str); + + // Create necessary structs + struct request *req; + struct buf *buf; + + buf = buf_create(); + buf_write(buf, str, len); + req = request_create(); + + if(req==NULL){ + printf("req is null\n"); + buf_destroy(&buf); + free(new_str); + return 0; + } + + parse_req(req, buf); + + request_destroy(&req); + buf_destroy(&buf); + free(new_str); + return 0; +}