summaryrefslogtreecommitdiffhomepage
path: root/fuzzing
diff options
context:
space:
mode:
Diffstat (limited to 'fuzzing')
-rw-r--r--fuzzing/nxt_http_controller_fuzz.c31
-rw-r--r--fuzzing/nxt_http_h1p_fuzz.c23
-rw-r--r--fuzzing/nxt_http_h1p_peer_fuzz.c19
-rw-r--r--fuzzing/nxt_json_fuzz.c19
4 files changed, 50 insertions, 42 deletions
diff --git a/fuzzing/nxt_http_controller_fuzz.c b/fuzzing/nxt_http_controller_fuzz.c
index eac54d7b..25527ae1 100644
--- a/fuzzing/nxt_http_controller_fuzz.c
+++ b/fuzzing/nxt_http_controller_fuzz.c
@@ -43,8 +43,9 @@ int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
nxt_mp_t *mp;
+ nxt_int_t rc;
nxt_buf_mem_t buf;
- nxt_controller_request_t *r_controller;
+ nxt_controller_request_t *req;
nxt_http_request_parse_t rp;
if (size < KMININPUTLENGTH || size > KMAXINPUTLENGTH) {
@@ -56,8 +57,13 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
return 0;
}
- nxt_memzero(&rp, sizeof(nxt_http_request_parse_t));
- if (nxt_http_parse_request_init(&rp, mp) != NXT_OK) {
+ req = nxt_mp_zget(mp, sizeof(nxt_controller_request_t));
+ if (req == NULL) {
+ goto failed;
+ }
+
+ req->conn = nxt_mp_zget(mp, sizeof(nxt_conn_t));
+ if (req->conn == NULL) {
goto failed;
}
@@ -66,26 +72,23 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
buf.pos = buf.start;
buf.free = buf.end;
- if (nxt_http_parse_request(&rp, &buf) != NXT_DONE) {
- goto failed;
- }
+ nxt_main_log.level = NXT_LOG_ALERT;
+ req->conn->log = nxt_main_log;
- r_controller = nxt_mp_zget(mp, sizeof(nxt_controller_request_t));
+ nxt_memzero(&rp, sizeof(nxt_http_request_parse_t));
- if (r_controller == NULL) {
+ rc = nxt_http_parse_request_init(&rp, mp);
+ if (rc != NXT_OK) {
goto failed;
}
- r_controller->conn = nxt_mp_zget(mp, sizeof(nxt_conn_t));
- if (r_controller->conn == NULL) {
+ rc = nxt_http_parse_request(&rp, &buf);
+ if (rc != NXT_DONE) {
goto failed;
}
- nxt_main_log.level = NXT_LOG_ALERT;
- r_controller->conn->log = nxt_main_log;
-
nxt_http_fields_process(rp.fields, &nxt_controller_fields_hash,
- r_controller);
+ req);
failed:
diff --git a/fuzzing/nxt_http_h1p_fuzz.c b/fuzzing/nxt_http_h1p_fuzz.c
index a170463a..6b54431c 100644
--- a/fuzzing/nxt_http_h1p_fuzz.c
+++ b/fuzzing/nxt_http_h1p_fuzz.c
@@ -42,8 +42,9 @@ int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
nxt_mp_t *mp;
+ nxt_int_t rc;
nxt_buf_mem_t buf;
- nxt_http_request_t *r_h1p;
+ nxt_http_request_t *req;
nxt_http_request_parse_t rp;
if (size < KMININPUTLENGTH || size > KMAXINPUTLENGTH) {
@@ -55,8 +56,8 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
return 0;
}
- nxt_memzero(&rp, sizeof(nxt_http_request_parse_t));
- if (nxt_http_parse_request_init(&rp, mp) != NXT_OK) {
+ req = nxt_mp_zget(mp, sizeof(nxt_http_request_t));
+ if (req == NULL) {
goto failed;
}
@@ -65,19 +66,21 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
buf.pos = buf.start;
buf.free = buf.end;
- if (nxt_http_parse_request(&rp, &buf) != NXT_DONE) {
- goto failed;
- }
+ req->mem_pool = mp;
- r_h1p = nxt_mp_zget(mp, sizeof(nxt_http_request_t));
+ nxt_memzero(&rp, sizeof(nxt_http_request_parse_t));
- if (r_h1p == NULL) {
+ rc = nxt_http_parse_request_init(&rp, mp);
+ if (rc != NXT_OK) {
goto failed;
}
- r_h1p->mem_pool = mp;
+ rc = nxt_http_parse_request(&rp, &buf);
+ if (rc != NXT_DONE) {
+ goto failed;
+ }
- nxt_http_fields_process(rp.fields, &nxt_h1p_fields_hash, r_h1p);
+ nxt_http_fields_process(rp.fields, &nxt_h1p_fields_hash, req);
failed:
diff --git a/fuzzing/nxt_http_h1p_peer_fuzz.c b/fuzzing/nxt_http_h1p_peer_fuzz.c
index 7b722248..54876658 100644
--- a/fuzzing/nxt_http_h1p_peer_fuzz.c
+++ b/fuzzing/nxt_http_h1p_peer_fuzz.c
@@ -43,8 +43,9 @@ int
LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
nxt_mp_t *mp;
+ nxt_int_t rc;
nxt_buf_mem_t buf;
- nxt_http_request_t *r_h1p_peer;
+ nxt_http_request_t *req;
nxt_http_request_parse_t rp;
if (size < KMININPUTLENGTH || size > KMAXINPUTLENGTH) {
@@ -56,8 +57,8 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
return 0;
}
- nxt_memzero(&rp, sizeof(nxt_http_request_parse_t));
- if (nxt_http_parse_request_init(&rp, mp) != NXT_OK) {
+ req = nxt_mp_zget(mp, sizeof(nxt_http_request_t));
+ if (req == NULL) {
goto failed;
}
@@ -66,17 +67,19 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
buf.pos = buf.start;
buf.free = buf.end;
- if (nxt_http_parse_request(&rp, &buf) != NXT_DONE) {
+ nxt_memzero(&rp, sizeof(nxt_http_request_parse_t));
+
+ rc = nxt_http_parse_request_init(&rp, mp);
+ if (rc != NXT_OK) {
goto failed;
}
- r_h1p_peer = nxt_mp_zget(mp, sizeof(nxt_http_request_t));
-
- if (r_h1p_peer == NULL) {
+ rc = nxt_http_parse_request(&rp, &buf);
+ if (rc != NXT_DONE) {
goto failed;
}
- nxt_http_fields_process(rp.fields, &nxt_h1p_peer_fields_hash, r_h1p_peer);
+ nxt_http_fields_process(rp.fields, &nxt_h1p_peer_fields_hash, req);
failed:
diff --git a/fuzzing/nxt_json_fuzz.c b/fuzzing/nxt_json_fuzz.c
index cfeb395d..3a9201d8 100644
--- a/fuzzing/nxt_json_fuzz.c
+++ b/fuzzing/nxt_json_fuzz.c
@@ -54,19 +54,24 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
goto failed;
}
- thr->runtime = rt;
- rt->mem_pool = mp;
+ rt->languages = nxt_array_create(mp, 1, sizeof(nxt_app_lang_module_t));
+ if (rt->languages == NULL) {
+ goto failed;
+ }
input.start = (u_char *)data;
input.length = size;
+ thr->runtime = rt;
+ rt->mem_pool = mp;
+
+ nxt_memzero(&vldt, sizeof(nxt_conf_validation_t));
+
conf = nxt_conf_json_parse_str(mp, &input);
if (conf == NULL) {
goto failed;
}
- nxt_memzero(&vldt, sizeof(nxt_conf_validation_t));
-
vldt.pool = nxt_mp_create(1024, 128, 256, 32);
if (vldt.pool == NULL) {
goto failed;
@@ -76,13 +81,7 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
vldt.conf_pool = mp;
vldt.ver = NXT_VERNUM;
- rt->languages = nxt_array_create(mp, 1, sizeof(nxt_app_lang_module_t));
- if (rt->languages == NULL) {
- goto failed;
- }
-
nxt_conf_validate(&vldt);
-
nxt_mp_destroy(vldt.pool);
failed: