From 196c09cf9aaf4ffc9d44063c62794994e46392c5 Mon Sep 17 00:00:00 2001 From: Victor Dyachenko Date: Thu, 27 Jun 2024 16:57:14 -0400 Subject: [PATCH] Fuzz test bug (DRQS 175594554) (#4808) --- groups/bal/balber/balber_berdecoder.cpp | 9 ++++++- groups/bal/balber/balber_berdecoder.t.cpp | 31 +++++++++++++++++++++-- 2 files changed, 37 insertions(+), 3 deletions(-) diff --git a/groups/bal/balber/balber_berdecoder.cpp b/groups/bal/balber/balber_berdecoder.cpp index aef384ee0a..503b71ce8c 100644 --- a/groups/bal/balber/balber_berdecoder.cpp +++ b/groups/bal/balber/balber_berdecoder.cpp @@ -198,6 +198,7 @@ int BerDecoder_Node::logError(const char *msg) int BerDecoder_Node::decode(bsl::vector *variable, bdlat_TypeCategory::Array ) { + typedef bdlat_FormattingMode FMode; switch (d_tagType) { case BerConstants::e_PRIMITIVE: // 'BerEncoder' will encode 'vector' this way if and only if @@ -206,7 +207,13 @@ int BerDecoder_Node::decode(bsl::vector *variable, // or 'e_TEXT' return this->readVectorChar(variable); // RETURN case BerConstants::e_CONSTRUCTED: - return this->decodeArray(variable); // RETURN + switch (d_formattingMode & FMode::e_TYPE_MASK) { + case FMode::e_DEFAULT: + case FMode::e_DEC: + return this->decodeArray(variable); // RETURN + default: + return logError("Unexpected CONSTRUCTED encoding"); // RETURN + } default: return logError("Expected PRIMITIVE or CONSTRUCTED tag class" " for vector"); // RETURN diff --git a/groups/bal/balber/balber_berdecoder.t.cpp b/groups/bal/balber/balber_berdecoder.t.cpp index b0c3a41ffd..7c97f731eb 100644 --- a/groups/bal/balber/balber_berdecoder.t.cpp +++ b/groups/bal/balber/balber_berdecoder.t.cpp @@ -115,7 +115,8 @@ namespace test = BloombergLP::s_baltst; // [20] DECODE SEQUENCES OF MAXIMUM SIZE // [21] DECODE INTS AS ENUMS AND VICE VERSA // [22] DECODE DATE/TIME WITH LENGTH ANOMALIES -// [23] USAGE EXAMPLE +// [23] FUZZ TEST BUG (DRQS 175594554) +// [24] USAGE EXAMPLE // // [-1] PERFORMANCE TEST @@ -2306,6 +2307,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *bytes, size_t size) return 0; } +void reproduceFuzzTest(const char *hexDump) +{ + bsl::vector testData = loadFromHex(hexDump); + LLVMFuzzerTestOneInput(reinterpret_cast(testData.data()), + testData.size()); +} + // ============================================================================ // MAIN PROGRAM // ---------------------------------------------------------------------------- @@ -2334,7 +2342,7 @@ int main(int argc, char *argv[]) bsl::cout << "TEST " << __FILE__ << " CASE " << test << bsl::endl;; switch (test) { case 0: // Zero is always the leading case. - case 23: { + case 24: { // -------------------------------------------------------------------- // USAGE EXAMPLE // Extracted from component header file. @@ -2358,6 +2366,25 @@ int main(int argc, char *argv[]) if (verbose) cout << "\nEnd of test.\n"; } break; + case 23: { + // -------------------------------------------------------------------- + // FUZZ TEST BUG (DRQS 175594554) + // + // Concerns: + //: 1 The input sample mustn't cause a crash. + // + // Plan: + //: 1 Reproduce the failing fuzz test. + // + // Testing: + // FUZZ TEST BUG (DRQS 175594554) + // -------------------------------------------------------------------- + + if (verbose) cout << "\nFUZZ TEST BUG (DRQS 175594554)" + "\n==============================\n"; + + reproduceFuzzTest("2a0a353d ff87ff30 5da05da1 00a024a1 10000031 00"); + } break; case 22: { // -------------------------------------------------------------------- // DECODE DATE/TIME WITH LENGTH ANOMALIES