diff options
author | Romain Forlot <romain.forlot@iot.bzh> | 2017-05-02 17:51:53 +0200 |
---|---|---|
committer | Romain Forlot <romain.forlot@iot.bzh> | 2017-05-02 17:51:53 +0200 |
commit | 3102ec9ce009d0f28355c5b7df9c5bd5013e6e75 (patch) | |
tree | 80a1ea19ff06cc9308b236a0d8d6358d21dd0381 /CAN-binder/libs/nanopb/tests/fuzztest/generate_message.c | |
parent | 12e680a3c97a2750c657a8c561a79706f3689149 (diff) | |
parent | 278ffb890e3d8722e4c7d824baaf221a1e375fc4 (diff) |
Add 'CAN-binder/libs/nanopb/' from commit '278ffb890e3d8722e4c7d824baaf221a1e375fc4'
git-subtree-dir: CAN-binder/libs/nanopb
git-subtree-mainline: 12e680a3c97a2750c657a8c561a79706f3689149
git-subtree-split: 278ffb890e3d8722e4c7d824baaf221a1e375fc4
Diffstat (limited to 'CAN-binder/libs/nanopb/tests/fuzztest/generate_message.c')
-rw-r--r-- | CAN-binder/libs/nanopb/tests/fuzztest/generate_message.c | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/CAN-binder/libs/nanopb/tests/fuzztest/generate_message.c b/CAN-binder/libs/nanopb/tests/fuzztest/generate_message.c new file mode 100644 index 00000000..6e492990 --- /dev/null +++ b/CAN-binder/libs/nanopb/tests/fuzztest/generate_message.c @@ -0,0 +1,101 @@ +/* Generates a random, valid protobuf message. Useful to seed + * external fuzzers such as afl-fuzz. + */ + +#include <pb_encode.h> +#include <pb_common.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <assert.h> +#include <time.h> +#include "alltypes_static.pb.h" + +static uint64_t random_seed; + +/* Uses xorshift64 here instead of rand() for both speed and + * reproducibility across platforms. */ +static uint32_t rand_word() +{ + random_seed ^= random_seed >> 12; + random_seed ^= random_seed << 25; + random_seed ^= random_seed >> 27; + return random_seed * 2685821657736338717ULL; +} + +/* Fills a buffer with random data. */ +static void rand_fill(uint8_t *buf, size_t count) +{ + while (count--) + { + *buf++ = rand_word() & 0xff; + } +} + +/* Check that size/count fields do not exceed their max size. + * Otherwise we would have to loop pretty long in generate_message(). + * Note that there may still be a few encoding errors from submessages. + */ +static void limit_sizes(alltypes_static_AllTypes *msg) +{ + pb_field_iter_t iter; + pb_field_iter_begin(&iter, alltypes_static_AllTypes_fields, msg); + while (pb_field_iter_next(&iter)) + { + if (PB_LTYPE(iter.pos->type) == PB_LTYPE_BYTES) + { + ((pb_bytes_array_t*)iter.pData)->size %= iter.pos->data_size - PB_BYTES_ARRAY_T_ALLOCSIZE(0); + } + + if (PB_HTYPE(iter.pos->type) == PB_HTYPE_REPEATED) + { + *((pb_size_t*)iter.pSize) %= iter.pos->array_size; + } + + if (PB_HTYPE(iter.pos->type) == PB_HTYPE_ONEOF) + { + /* Set the oneof to this message type with 50% chance. */ + if (rand_word() & 1) + { + *((pb_size_t*)iter.pSize) = iter.pos->tag; + } + } + } +} + +static void generate_message() +{ + alltypes_static_AllTypes msg; + uint8_t buf[8192]; + pb_ostream_t stream = {0}; + + do { + if (stream.errmsg) + fprintf(stderr, "Encoder error: %s\n", stream.errmsg); + + stream = pb_ostream_from_buffer(buf, sizeof(buf)); + rand_fill((void*)&msg, sizeof(msg)); + limit_sizes(&msg); + } while (!pb_encode(&stream, alltypes_static_AllTypes_fields, &msg)); + + fwrite(buf, 1, stream.bytes_written, stdout); +} + +int main(int argc, char **argv) +{ + if (argc > 1) + { + random_seed = atol(argv[1]); + } + else + { + random_seed = time(NULL); + } + + fprintf(stderr, "Random seed: %llu\n", (long long unsigned)random_seed); + + generate_message(); + + return 0; +} + |