Google Git
Sign in
quiche/quiche.git/31bbf1dd490d131870e2435a660b4d3b4f6d51bb^!/.
commit
31bbf1dd490d131870e2435a660b4d3b4f6d51bb
[log] [tgz]
author
birenroy <birenroy@google.com>
Tue May 30 09:07:42 2023 -0700
committer
Copybara-Service <copybara-worker@google.com>
Tue May 30 09:08:48 2023 -0700
tree
5615342c7f4ee8bf21ab6622ddc51dd14bc03630
parent
8294639c8d09a3754d5ff214a69614848bd6e1e7 [diff]
Adds a basic fuzzer for Http2DecoderAdapter.

Future improvements could include a dictionary or corpus.

PiperOrigin-RevId: 536418050

diff --git a/build/source_list.bzl b/build/source_list.bzl
index 8122118..70cd31f 100644
--- a/build/source_list.bzl
+++ b/build/source_list.bzl

@@ -1328,6 +1328,7 @@
     "quic/core/qpack/fuzzer/qpack_round_trip_fuzzer.cc",
     "quic/test_tools/fuzzing/quic_framer_fuzzer.cc",
     "quic/test_tools/fuzzing/quic_framer_process_data_packet_fuzzer.cc",
+    "spdy/core/http2_frame_decoder_adapter_fuzzer.cc",
 ]
 cli_tools_hdrs = [
     "quic/tools/quic_server_factory.h",

diff --git a/build/source_list.gni b/build/source_list.gni
index 2510ffa..2cf1a78 100644
--- a/build/source_list.gni
+++ b/build/source_list.gni

@@ -1328,6 +1328,7 @@
     "src/quiche/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer.cc",
     "src/quiche/quic/test_tools/fuzzing/quic_framer_fuzzer.cc",
     "src/quiche/quic/test_tools/fuzzing/quic_framer_process_data_packet_fuzzer.cc",
+    "src/quiche/spdy/core/http2_frame_decoder_adapter_fuzzer.cc",
 ]
 cli_tools_hdrs = [
     "src/quiche/quic/tools/quic_server_factory.h",

diff --git a/build/source_list.json b/build/source_list.json
index ecfe4e2..c501c60 100644
--- a/build/source_list.json
+++ b/build/source_list.json

@@ -1326,7 +1326,8 @@
     "quiche/quic/core/qpack/fuzzer/qpack_encoder_stream_sender_fuzzer.cc",
     "quiche/quic/core/qpack/fuzzer/qpack_round_trip_fuzzer.cc",
     "quiche/quic/test_tools/fuzzing/quic_framer_fuzzer.cc",
-    "quiche/quic/test_tools/fuzzing/quic_framer_process_data_packet_fuzzer.cc"
+    "quiche/quic/test_tools/fuzzing/quic_framer_process_data_packet_fuzzer.cc",
+    "quiche/spdy/core/http2_frame_decoder_adapter_fuzzer.cc"
   ],
   "cli_tools_hdrs": [
     "quiche/quic/tools/quic_server_factory.h",

diff --git a/quiche/spdy/core/http2_frame_decoder_adapter_fuzzer.cc b/quiche/spdy/core/http2_frame_decoder_adapter_fuzzer.cc
new file mode 100644
index 0000000..260d6c4
--- /dev/null
+++ b/quiche/spdy/core/http2_frame_decoder_adapter_fuzzer.cc

@@ -0,0 +1,13 @@
+#include <cstddef>
+#include <cstdint>
+
+#include "quiche/spdy/core/http2_frame_decoder_adapter.h"
+#include "quiche/spdy/core/spdy_no_op_visitor.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  spdy::SpdyNoOpVisitor visitor;
+  http2::Http2DecoderAdapter decoder;
+  decoder.set_visitor(&visitor);
+  decoder.ProcessInput(reinterpret_cast<const char *>(data), size);
+  return 0;  // Always return 0; other values are reserved for future uses.
+}