diff options
| author | Arjun <pkillarjun@protonmail.com> | 2024-07-10 10:35:36 +0530 |
|---|---|---|
| committer | Andrew Clayton <a.clayton@nginx.com> | 2024-07-15 14:37:46 +0100 |
| commit | fcbaf8f3162e8b589628a8bbe10690a9759f56bb (patch) | |
| tree | 6a0b9ff9a3f9c3711a549b5a2a9e6cd921a1804d | |
| parent | 58fdff542b176dc7a78c96bff5c401bcda4723f6 (diff) | |
| download | unit-fcbaf8f3162e8b589628a8bbe10690a9759f56bb.tar.gz unit-fcbaf8f3162e8b589628a8bbe10690a9759f56bb.tar.bz2 | |
fuzzing: fix harness bugs
There are multiple false positive bugs in harness due to improper
use of the internal API.
Fixes: a93d878e ("fuzzing: add fuzzing targets")
Signed-off-by: Arjun <pkillarjun@protonmail.com>
[ Removed private links - Andrew ]
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
| -rw-r--r-- | fuzzing/nxt_http_controller_fuzz.c | 8 | ||||
| -rw-r--r-- | fuzzing/nxt_http_h1p_fuzz.c | 2 | ||||
| -rw-r--r-- | fuzzing/nxt_json_fuzz.c | 19 |
3 files changed, 28 insertions, 1 deletions
diff --git a/fuzzing/nxt_http_controller_fuzz.c b/fuzzing/nxt_http_controller_fuzz.c index b7c6c272..eac54d7b 100644 --- a/fuzzing/nxt_http_controller_fuzz.c +++ b/fuzzing/nxt_http_controller_fuzz.c @@ -76,6 +76,14 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) goto failed; } + r_controller->conn = nxt_mp_zget(mp, sizeof(nxt_conn_t)); + if (r_controller->conn == NULL) { + goto failed; + } + + nxt_main_log.level = NXT_LOG_ALERT; + r_controller->conn->log = nxt_main_log; + nxt_http_fields_process(rp.fields, &nxt_controller_fields_hash, r_controller); diff --git a/fuzzing/nxt_http_h1p_fuzz.c b/fuzzing/nxt_http_h1p_fuzz.c index 471e87a4..a170463a 100644 --- a/fuzzing/nxt_http_h1p_fuzz.c +++ b/fuzzing/nxt_http_h1p_fuzz.c @@ -75,6 +75,8 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) goto failed; } + r_h1p->mem_pool = mp; + nxt_http_fields_process(rp.fields, &nxt_h1p_fields_hash, r_h1p); failed: diff --git a/fuzzing/nxt_json_fuzz.c b/fuzzing/nxt_json_fuzz.c index 532babb1..cfeb395d 100644 --- a/fuzzing/nxt_json_fuzz.c +++ b/fuzzing/nxt_json_fuzz.c @@ -4,7 +4,7 @@ #include <nxt_main.h> #include <nxt_conf.h> - +#include <nxt_router.h> #define KMININPUTLENGTH 2 #define KMAXINPUTLENGTH 1024 @@ -33,6 +33,8 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { nxt_mp_t *mp; nxt_str_t input; + nxt_thread_t *thr; + nxt_runtime_t *rt; nxt_conf_value_t *conf; nxt_conf_validation_t vldt; @@ -40,11 +42,21 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) return 0; } + thr = nxt_thread(); + mp = nxt_mp_create(1024, 128, 256, 32); if (mp == NULL) { return 0; } + rt = nxt_mp_zget(mp, sizeof(nxt_runtime_t)); + if (rt == NULL) { + goto failed; + } + + thr->runtime = rt; + rt->mem_pool = mp; + input.start = (u_char *)data; input.length = size; @@ -64,6 +76,11 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) vldt.conf_pool = mp; vldt.ver = NXT_VERNUM; + rt->languages = nxt_array_create(mp, 1, sizeof(nxt_app_lang_module_t)); + if (rt->languages == NULL) { + goto failed; + } + nxt_conf_validate(&vldt); nxt_mp_destroy(vldt.pool); |