diff options
-rw-r--r-- | fuzzing/nxt_http_controller_fuzz.c | 31 | ||||
-rw-r--r-- | fuzzing/nxt_http_h1p_fuzz.c | 23 | ||||
-rw-r--r-- | fuzzing/nxt_http_h1p_peer_fuzz.c | 19 | ||||
-rw-r--r-- | fuzzing/nxt_json_fuzz.c | 19 |
4 files changed, 50 insertions, 42 deletions
diff --git a/fuzzing/nxt_http_controller_fuzz.c b/fuzzing/nxt_http_controller_fuzz.c index eac54d7b..25527ae1 100644 --- a/fuzzing/nxt_http_controller_fuzz.c +++ b/fuzzing/nxt_http_controller_fuzz.c @@ -43,8 +43,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { nxt_mp_t *mp; + nxt_int_t rc; nxt_buf_mem_t buf; - nxt_controller_request_t *r_controller; + nxt_controller_request_t *req; nxt_http_request_parse_t rp; if (size < KMININPUTLENGTH || size > KMAXINPUTLENGTH) { @@ -56,8 +57,13 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) return 0; } - nxt_memzero(&rp, sizeof(nxt_http_request_parse_t)); - if (nxt_http_parse_request_init(&rp, mp) != NXT_OK) { + req = nxt_mp_zget(mp, sizeof(nxt_controller_request_t)); + if (req == NULL) { + goto failed; + } + + req->conn = nxt_mp_zget(mp, sizeof(nxt_conn_t)); + if (req->conn == NULL) { goto failed; } @@ -66,26 +72,23 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) buf.pos = buf.start; buf.free = buf.end; - if (nxt_http_parse_request(&rp, &buf) != NXT_DONE) { - goto failed; - } + nxt_main_log.level = NXT_LOG_ALERT; + req->conn->log = nxt_main_log; - r_controller = nxt_mp_zget(mp, sizeof(nxt_controller_request_t)); + nxt_memzero(&rp, sizeof(nxt_http_request_parse_t)); - if (r_controller == NULL) { + rc = nxt_http_parse_request_init(&rp, mp); + if (rc != NXT_OK) { goto failed; } - r_controller->conn = nxt_mp_zget(mp, sizeof(nxt_conn_t)); - if (r_controller->conn == NULL) { + rc = nxt_http_parse_request(&rp, &buf); + if (rc != NXT_DONE) { goto failed; } - nxt_main_log.level = NXT_LOG_ALERT; - r_controller->conn->log = nxt_main_log; - nxt_http_fields_process(rp.fields, &nxt_controller_fields_hash, - r_controller); + req); failed: diff --git a/fuzzing/nxt_http_h1p_fuzz.c b/fuzzing/nxt_http_h1p_fuzz.c index a170463a..6b54431c 100644 --- a/fuzzing/nxt_http_h1p_fuzz.c +++ b/fuzzing/nxt_http_h1p_fuzz.c @@ -42,8 +42,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { nxt_mp_t *mp; + nxt_int_t rc; nxt_buf_mem_t buf; - nxt_http_request_t *r_h1p; + nxt_http_request_t *req; nxt_http_request_parse_t rp; if (size < KMININPUTLENGTH || size > KMAXINPUTLENGTH) { @@ -55,8 +56,8 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) return 0; } - nxt_memzero(&rp, sizeof(nxt_http_request_parse_t)); - if (nxt_http_parse_request_init(&rp, mp) != NXT_OK) { + req = nxt_mp_zget(mp, sizeof(nxt_http_request_t)); + if (req == NULL) { goto failed; } @@ -65,19 +66,21 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) buf.pos = buf.start; buf.free = buf.end; - if (nxt_http_parse_request(&rp, &buf) != NXT_DONE) { - goto failed; - } + req->mem_pool = mp; - r_h1p = nxt_mp_zget(mp, sizeof(nxt_http_request_t)); + nxt_memzero(&rp, sizeof(nxt_http_request_parse_t)); - if (r_h1p == NULL) { + rc = nxt_http_parse_request_init(&rp, mp); + if (rc != NXT_OK) { goto failed; } - r_h1p->mem_pool = mp; + rc = nxt_http_parse_request(&rp, &buf); + if (rc != NXT_DONE) { + goto failed; + } - nxt_http_fields_process(rp.fields, &nxt_h1p_fields_hash, r_h1p); + nxt_http_fields_process(rp.fields, &nxt_h1p_fields_hash, req); failed: diff --git a/fuzzing/nxt_http_h1p_peer_fuzz.c b/fuzzing/nxt_http_h1p_peer_fuzz.c index 7b722248..54876658 100644 --- a/fuzzing/nxt_http_h1p_peer_fuzz.c +++ b/fuzzing/nxt_http_h1p_peer_fuzz.c @@ -43,8 +43,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { nxt_mp_t *mp; + nxt_int_t rc; nxt_buf_mem_t buf; - nxt_http_request_t *r_h1p_peer; + nxt_http_request_t *req; nxt_http_request_parse_t rp; if (size < KMININPUTLENGTH || size > KMAXINPUTLENGTH) { @@ -56,8 +57,8 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) return 0; } - nxt_memzero(&rp, sizeof(nxt_http_request_parse_t)); - if (nxt_http_parse_request_init(&rp, mp) != NXT_OK) { + req = nxt_mp_zget(mp, sizeof(nxt_http_request_t)); + if (req == NULL) { goto failed; } @@ -66,17 +67,19 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) buf.pos = buf.start; buf.free = buf.end; - if (nxt_http_parse_request(&rp, &buf) != NXT_DONE) { + nxt_memzero(&rp, sizeof(nxt_http_request_parse_t)); + + rc = nxt_http_parse_request_init(&rp, mp); + if (rc != NXT_OK) { goto failed; } - r_h1p_peer = nxt_mp_zget(mp, sizeof(nxt_http_request_t)); - - if (r_h1p_peer == NULL) { + rc = nxt_http_parse_request(&rp, &buf); + if (rc != NXT_DONE) { goto failed; } - nxt_http_fields_process(rp.fields, &nxt_h1p_peer_fields_hash, r_h1p_peer); + nxt_http_fields_process(rp.fields, &nxt_h1p_peer_fields_hash, req); failed: diff --git a/fuzzing/nxt_json_fuzz.c b/fuzzing/nxt_json_fuzz.c index cfeb395d..3a9201d8 100644 --- a/fuzzing/nxt_json_fuzz.c +++ b/fuzzing/nxt_json_fuzz.c @@ -54,19 +54,24 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) goto failed; } - thr->runtime = rt; - rt->mem_pool = mp; + rt->languages = nxt_array_create(mp, 1, sizeof(nxt_app_lang_module_t)); + if (rt->languages == NULL) { + goto failed; + } input.start = (u_char *)data; input.length = size; + thr->runtime = rt; + rt->mem_pool = mp; + + nxt_memzero(&vldt, sizeof(nxt_conf_validation_t)); + conf = nxt_conf_json_parse_str(mp, &input); if (conf == NULL) { goto failed; } - nxt_memzero(&vldt, sizeof(nxt_conf_validation_t)); - vldt.pool = nxt_mp_create(1024, 128, 256, 32); if (vldt.pool == NULL) { goto failed; @@ -76,13 +81,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) vldt.conf_pool = mp; vldt.ver = NXT_VERNUM; - rt->languages = nxt_array_create(mp, 1, sizeof(nxt_app_lang_module_t)); - if (rt->languages == NULL) { - goto failed; - } - nxt_conf_validate(&vldt); - nxt_mp_destroy(vldt.pool); failed: |