From 35534617bf9f6338e2aa57817747b58bf2f5e0cf Mon Sep 17 00:00:00 2001
From: htuch <htuch@users.noreply.github.com>
Date: Fri, 31 Aug 2018 16:38:26 -0400
Subject: [PATCH] fuzz: fix H2 codec fuzzer post #4262. (#4311)

In #4262, an ASSERT was added to guarantee that we wouldn't violate the
codec response contract regarding :status. This needed a corresponding
change in the H2 codec fuzzer.

Risk level: Low
Testing: Corpus entry added.

Signed-off-by: Harvey Tuch <htuch@google.com>
---
 ...case-codec_impl_fuzz_test-5750359880892416 | 23 +++++++++++++++++++
 .../common/http/http2/codec_impl_fuzz_test.cc |  7 +++++-
 2 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 test/common/http/http2/codec_impl_corpus/clusterfuzz-testcase-codec_impl_fuzz_test-5750359880892416

diff --git a/test/common/http/http2/codec_impl_corpus/clusterfuzz-testcase-codec_impl_fuzz_test-5750359880892416 b/test/common/http/http2/codec_impl_corpus/clusterfuzz-testcase-codec_impl_fuzz_test-5750359880892416
new file mode 100644
index 000000000000..b9035dc8ee20
--- /dev/null
+++ b/test/common/http/http2/codec_impl_corpus/clusterfuzz-testcase-codec_impl_fuzz_test-5750359880892416
@@ -0,0 +1,23 @@
+actions {
+  new_stream {
+  }
+}
+actions {
+  mutate {
+    buffer: 2
+    offset: 2
+    value: 2
+  }
+}
+actions {
+  client_drain {
+  }
+}
+actions {
+  stream_action {
+    response {
+      headers {
+      }
+    }
+  }
+}
diff --git a/test/common/http/http2/codec_impl_fuzz_test.cc b/test/common/http/http2/codec_impl_fuzz_test.cc
index 52e4b113e714..aed93e5141b8 100644
--- a/test/common/http/http2/codec_impl_fuzz_test.cc
+++ b/test/common/http/http2/codec_impl_fuzz_test.cc
@@ -116,6 +116,7 @@ class Stream : public LinkedObject<Stream> {
   void directionalAction(DirectionalState& state,
                          const test::common::http::http2::DirectionalAction& directional_action) {
     const bool end_stream = directional_action.end_stream();
+    const bool response = &state == &response_;
     switch (directional_action.directional_action_selector_case()) {
     case test::common::http::http2::DirectionalAction::kContinueHeaders: {
       if (state.stream_state_ == StreamState::PendingHeaders) {
@@ -127,7 +128,11 @@ class Stream : public LinkedObject<Stream> {
     }
     case test::common::http::http2::DirectionalAction::kHeaders: {
       if (state.stream_state_ == StreamState::PendingHeaders) {
-        state.encoder_->encodeHeaders(Fuzz::fromHeaders(directional_action.headers()), end_stream);
+        auto headers = Fuzz::fromHeaders(directional_action.headers());
+        if (response && headers.Status() == nullptr) {
+          headers.setReferenceKey(Headers::get().Status, "200");
+        }
+        state.encoder_->encodeHeaders(headers, end_stream);
         state.stream_state_ = end_stream ? StreamState::Closed : StreamState::PendingDataOrTrailers;
       }
       break;