Skip to content

Commit

Permalink
fuzz: Provide correct length to assist fuzzer for v2 transport
Browse files Browse the repository at this point in the history
before commit:
131072 pulse  cov: 1714 ft: 2476 corp: 35/1337b lim: 1040 exec/s: 956 rss: 481Mb

after commit:
131072 pulse  cov: 1734 ft: 1993 corp: 19/107b lim: 1260 exec/s: 757 rss: 465Mb
  • Loading branch information
dhruv committed Feb 22, 2022
1 parent 39880a0 commit 8e55558
Showing 1 changed file with 16 additions and 2 deletions.
18 changes: 16 additions & 2 deletions src/test/fuzz/p2p_v2_transport_serialization.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,12 @@
// Distributed under the MIT software license, see the accompanying
// file COPYING or http://www.opensource.org/licenses/mit-license.php.

#include <compat/endian.h>
#include <crypto/chacha_poly_aead.h>
#include <key.h>
#include <net.h>
#include <netmessagemaker.h>
#include <test/fuzz/FuzzedDataProvider.h>
#include <test/fuzz/fuzz.h>

#include <cassert>
Expand All @@ -18,9 +20,21 @@ FUZZ_TARGET(p2p_v2_transport_serialization)
// Construct deserializer, with a dummy NodeId
V2TransportDeserializer deserializer{(NodeId)0, k1, k2};
V2TransportSerializer serializer{k1, k2};
FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};

while (buffer.size() > 0) {
const int handled = deserializer.Read(buffer);
bool length_assist = fuzzed_data_provider.ConsumeBool();
auto payload_bytes = fuzzed_data_provider.ConsumeRemainingBytes<uint8_t>();

if (length_assist && payload_bytes.size() >= CHACHA20_POLY1305_AEAD_AAD_LEN + CHACHA20_POLY1305_AEAD_TAG_LEN) {
uint32_t packet_length = payload_bytes.size() - CHACHA20_POLY1305_AEAD_AAD_LEN - CHACHA20_POLY1305_AEAD_TAG_LEN;
payload_bytes[0] = packet_length & 0xff;
payload_bytes[1] = (packet_length >> 8) & 0xff;
payload_bytes[2] = (packet_length >> 16) & 0xff;
}

Span<const uint8_t> msg_bytes{payload_bytes};
while (msg_bytes.size() > 0) {
const int handled = deserializer.Read(msg_bytes);
if (handled < 0) {
break;
}
Expand Down

0 comments on commit 8e55558

Please sign in to comment.