fuzzing: fix harness bugs

There are multiple false positive bugs in harness due to improper
use of the internal API.

Fixes: a93d878e ("fuzzing: add fuzzing targets")
Signed-off-by: Arjun <pkillarjun@protonmail.com>
[ Removed private links - Andrew ]
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>

3 files changed, 28 insertions, 1 deletions

diff --git a/fuzzing/nxt_http_controller_fuzz.c b/fuzzing/nxt_http_controller_fuzz.c
index b7c6c272..eac54d7b 100644
--- a/fuzzing/nxt_http_controller_fuzz.c
+++ b/fuzzing/nxt_http_controller_fuzz.c
@@ -76,6 +76,14 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         goto failed;
     }
 
+    r_controller->conn = nxt_mp_zget(mp, sizeof(nxt_conn_t));
+    if (r_controller->conn == NULL) {
+        goto failed;
+    }
+
+    nxt_main_log.level = NXT_LOG_ALERT;
+    r_controller->conn->log = nxt_main_log;
+
     nxt_http_fields_process(rp.fields, &nxt_controller_fields_hash,
                             r_controller);
 
diff --git a/fuzzing/nxt_http_h1p_fuzz.c b/fuzzing/nxt_http_h1p_fuzz.c
index 471e87a4..a170463a 100644
--- a/fuzzing/nxt_http_h1p_fuzz.c
+++ b/fuzzing/nxt_http_h1p_fuzz.c
@@ -75,6 +75,8 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         goto failed;
     }
 
+    r_h1p->mem_pool = mp;
+
     nxt_http_fields_process(rp.fields, &nxt_h1p_fields_hash, r_h1p);
 
 failed:
diff --git a/fuzzing/nxt_json_fuzz.c b/fuzzing/nxt_json_fuzz.c
index 532babb1..cfeb395d 100644
--- a/fuzzing/nxt_json_fuzz.c
+++ b/fuzzing/nxt_json_fuzz.c
@@ -4,7 +4,7 @@
 
 #include <nxt_main.h>
 #include <nxt_conf.h>
-
+#include <nxt_router.h>
 
 #define KMININPUTLENGTH 2
 #define KMAXINPUTLENGTH 1024
@@ -33,6 +33,8 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     nxt_mp_t               *mp;
     nxt_str_t              input;
+    nxt_thread_t           *thr;
+    nxt_runtime_t          *rt;
     nxt_conf_value_t       *conf;
     nxt_conf_validation_t  vldt;
 
@@ -40,11 +42,21 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         return 0;
     }
 
+    thr = nxt_thread();
+
     mp = nxt_mp_create(1024, 128, 256, 32);
     if (mp == NULL) {
         return 0;
     }
 
+    rt = nxt_mp_zget(mp, sizeof(nxt_runtime_t));
+    if (rt == NULL) {
+        goto failed;
+    }
+
+    thr->runtime = rt;
+    rt->mem_pool = mp;
+
     input.start = (u_char *)data;
     input.length = size;
 
@@ -64,6 +76,11 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     vldt.conf_pool = mp;
     vldt.ver = NXT_VERNUM;
 
+    rt->languages = nxt_array_create(mp, 1, sizeof(nxt_app_lang_module_t));
+    if (rt->languages == NULL) {
+        goto failed;
+    }
+
     nxt_conf_validate(&vldt);
 
     nxt_mp_destroy(vldt.pool);