From a3d0fb712a681cf99ca1614d3b85e1ec6ea76169 Mon Sep 17 00:00:00 2001 From: Alami-Amine Date: Wed, 18 Sep 2024 12:57:03 +0200 Subject: [PATCH] 1. replacing magic number when fuzzing the number of transport types 2. using different parts of the fuzzed input data for TransportType and for Payload --- examples/all-clusters-app/linux/fuzzing-main.cpp | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/examples/all-clusters-app/linux/fuzzing-main.cpp b/examples/all-clusters-app/linux/fuzzing-main.cpp index 44b58786b71bd0..ba7f792a098907 100644 --- a/examples/all-clusters-app/linux/fuzzing-main.cpp +++ b/examples/all-clusters-app/linux/fuzzing-main.cpp @@ -74,12 +74,18 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t * aData, size_t aSize) // But maybe we should try to separately extract a PeerAddress and data from // the incoming data? - // dumping payload with random transport types - Transport::Type fuzzedTransportType = static_cast(*aData % 5); + // dumping payload with fuzzed transport types + constexpr uint8_t numberOfTypes = static_cast(Transport::Type::kLast) + 1; + Transport::Type fuzzedTransportType = static_cast(aData[0] % numberOfTypes); Transport::PeerAddress peerAddr(fuzzedTransportType); + if (aSize < 1) + { + return 0; + } + System::PacketBufferHandle buf = - System::PacketBufferHandle::NewWithData(aData, aSize, /* aAdditionalSize = */ 0, /* aReservedSize = */ 0); + System::PacketBufferHandle::NewWithData(&aData[1], aSize - 1, /* aAdditionalSize = */ 0, /* aReservedSize = */ 0); if (buf.IsNull()) { // Too big; we couldn't represent this as a packetbuffer to start with.