diff options
author | Romain Forlot <romain.forlot@iot.bzh> | 2017-06-20 10:24:05 +0000 |
---|---|---|
committer | Romain Forlot <romain.forlot@iot.bzh> | 2017-06-20 10:24:05 +0000 |
commit | 32e25cbca210a359b09768537b6f443fe90a3070 (patch) | |
tree | 3309794c15d8a8f8e9c1c08cad072ee1378813ba /CAN-binder/libs/nanopb/tests/fuzztest | |
parent | 76c43dec62b2e21cd6446360c00d4fe6b437533f (diff) |
Separation Generator to a dedicated repo
Change-Id: Id94831651c3266861435272a6e36c7884bef2c45
Signed-off-by: Romain Forlot <romain.forlot@iot.bzh>
Diffstat (limited to 'CAN-binder/libs/nanopb/tests/fuzztest')
-rw-r--r-- | CAN-binder/libs/nanopb/tests/fuzztest/SConscript | 43 | ||||
-rw-r--r-- | CAN-binder/libs/nanopb/tests/fuzztest/alltypes_pointer.options | 3 | ||||
-rw-r--r-- | CAN-binder/libs/nanopb/tests/fuzztest/alltypes_static.options | 4 | ||||
-rw-r--r-- | CAN-binder/libs/nanopb/tests/fuzztest/fuzzstub.c | 189 | ||||
-rw-r--r-- | CAN-binder/libs/nanopb/tests/fuzztest/fuzztest.c | 432 | ||||
-rw-r--r-- | CAN-binder/libs/nanopb/tests/fuzztest/generate_message.c | 101 | ||||
-rwxr-xr-x | CAN-binder/libs/nanopb/tests/fuzztest/run_radamsa.sh | 12 | ||||
-rw-r--r-- | CAN-binder/libs/nanopb/tests/fuzztest/sample_data/sample1.pb | bin | 573 -> 0 bytes | |||
-rw-r--r-- | CAN-binder/libs/nanopb/tests/fuzztest/sample_data/sample2.pb | bin | 466 -> 0 bytes |
9 files changed, 0 insertions, 784 deletions
diff --git a/CAN-binder/libs/nanopb/tests/fuzztest/SConscript b/CAN-binder/libs/nanopb/tests/fuzztest/SConscript deleted file mode 100644 index d2fb689..0000000 --- a/CAN-binder/libs/nanopb/tests/fuzztest/SConscript +++ /dev/null @@ -1,43 +0,0 @@ -# Run a fuzz test to verify robustness against corrupted/malicious data. - -Import("env", "malloc_env") - -def set_pkgname(src, dst, pkgname): - data = open(str(src)).read() - placeholder = '// package name placeholder' - assert placeholder in data - data = data.replace(placeholder, 'package %s;' % pkgname) - open(str(dst), 'w').write(data) - -# We want both pointer and static versions of the AllTypes message -# Prefix them with package name. -env.Command("alltypes_static.proto", "#alltypes/alltypes.proto", - lambda target, source, env: set_pkgname(source[0], target[0], 'alltypes_static')) -env.Command("alltypes_pointer.proto", "#alltypes/alltypes.proto", - lambda target, source, env: set_pkgname(source[0], target[0], 'alltypes_pointer')) - -p1 = env.NanopbProto(["alltypes_pointer", "alltypes_pointer.options"]) -p2 = env.NanopbProto(["alltypes_static", "alltypes_static.options"]) -fuzz = malloc_env.Program(["fuzztest.c", - "alltypes_pointer.pb.c", - "alltypes_static.pb.c", - "$COMMON/pb_encode_with_malloc.o", - "$COMMON/pb_decode_with_malloc.o", - "$COMMON/pb_common_with_malloc.o", - "$COMMON/malloc_wrappers.o"]) - -env.RunTest(fuzz) - -fuzzstub = malloc_env.Program(["fuzzstub.c", - "alltypes_pointer.pb.c", - "alltypes_static.pb.c", - "$COMMON/pb_encode_with_malloc.o", - "$COMMON/pb_decode_with_malloc.o", - "$COMMON/pb_common_with_malloc.o", - "$COMMON/malloc_wrappers.o"]) - -generate_message = malloc_env.Program(["generate_message.c", - "alltypes_static.pb.c", - "$COMMON/pb_encode.o", - "$COMMON/pb_common.o"]) - diff --git a/CAN-binder/libs/nanopb/tests/fuzztest/alltypes_pointer.options b/CAN-binder/libs/nanopb/tests/fuzztest/alltypes_pointer.options deleted file mode 100644 index 7e3ad1e..0000000 --- a/CAN-binder/libs/nanopb/tests/fuzztest/alltypes_pointer.options +++ /dev/null @@ -1,3 +0,0 @@ -# Generate all fields as pointers. -* type:FT_POINTER -*.*fbytes fixed_length:true max_size:4 diff --git a/CAN-binder/libs/nanopb/tests/fuzztest/alltypes_static.options b/CAN-binder/libs/nanopb/tests/fuzztest/alltypes_static.options deleted file mode 100644 index e197e1d..0000000 --- a/CAN-binder/libs/nanopb/tests/fuzztest/alltypes_static.options +++ /dev/null @@ -1,4 +0,0 @@ -* max_size:32 -* max_count:8 -*.extensions type:FT_IGNORE -*.*fbytes fixed_length:true max_size:4 diff --git a/CAN-binder/libs/nanopb/tests/fuzztest/fuzzstub.c b/CAN-binder/libs/nanopb/tests/fuzztest/fuzzstub.c deleted file mode 100644 index ec9e2af..0000000 --- a/CAN-binder/libs/nanopb/tests/fuzztest/fuzzstub.c +++ /dev/null @@ -1,189 +0,0 @@ -/* Fuzz testing for the nanopb core. - * This can be used with external fuzzers, e.g. radamsa. - * It performs most of the same checks as fuzztest, but does not feature data generation. - */ - -#include <pb_decode.h> -#include <pb_encode.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <assert.h> -#include <time.h> -#include <malloc_wrappers.h> -#include "alltypes_static.pb.h" -#include "alltypes_pointer.pb.h" - -#define BUFSIZE 4096 - -static bool do_static_decode(uint8_t *buffer, size_t msglen, bool assert_success) -{ - pb_istream_t stream; - bool status; - - alltypes_static_AllTypes *msg = malloc_with_check(sizeof(alltypes_static_AllTypes)); - stream = pb_istream_from_buffer(buffer, msglen); - status = pb_decode(&stream, alltypes_static_AllTypes_fields, msg); - - if (!status && assert_success) - { - /* Anything that was successfully encoded, should be decodeable. - * One exception: strings without null terminator are encoded up - * to end of buffer, but refused on decode because the terminator - * would not fit. */ - if (strcmp(stream.errmsg, "string overflow") != 0) - assert(status); - } - - free_with_check(msg); - return status; -} - -static bool do_pointer_decode(uint8_t *buffer, size_t msglen, bool assert_success) -{ - pb_istream_t stream; - bool status; - alltypes_pointer_AllTypes *msg; - - msg = malloc_with_check(sizeof(alltypes_pointer_AllTypes)); - memset(msg, 0, sizeof(alltypes_pointer_AllTypes)); - stream = pb_istream_from_buffer(buffer, msglen); - - assert(get_alloc_count() == 0); - status = pb_decode(&stream, alltypes_pointer_AllTypes_fields, msg); - - if (assert_success) - assert(status); - - pb_release(alltypes_pointer_AllTypes_fields, msg); - assert(get_alloc_count() == 0); - - free_with_check(msg); - - return status; -} - -/* Do a decode -> encode -> decode -> encode roundtrip */ -static void do_static_roundtrip(uint8_t *buffer, size_t msglen) -{ - bool status; - uint8_t *buf2 = malloc_with_check(BUFSIZE); - uint8_t *buf3 = malloc_with_check(BUFSIZE); - size_t msglen2, msglen3; - alltypes_static_AllTypes *msg1 = malloc_with_check(sizeof(alltypes_static_AllTypes)); - alltypes_static_AllTypes *msg2 = malloc_with_check(sizeof(alltypes_static_AllTypes)); - memset(msg1, 0, sizeof(alltypes_static_AllTypes)); - memset(msg2, 0, sizeof(alltypes_static_AllTypes)); - - { - pb_istream_t stream = pb_istream_from_buffer(buffer, msglen); - status = pb_decode(&stream, alltypes_static_AllTypes_fields, msg1); - assert(status); - } - - { - pb_ostream_t stream = pb_ostream_from_buffer(buf2, BUFSIZE); - status = pb_encode(&stream, alltypes_static_AllTypes_fields, msg1); - assert(status); - msglen2 = stream.bytes_written; - } - - { - pb_istream_t stream = pb_istream_from_buffer(buf2, msglen2); - status = pb_decode(&stream, alltypes_static_AllTypes_fields, msg2); - assert(status); - } - - { - pb_ostream_t stream = pb_ostream_from_buffer(buf3, BUFSIZE); - status = pb_encode(&stream, alltypes_static_AllTypes_fields, msg2); - assert(status); - msglen3 = stream.bytes_written; - } - - assert(msglen2 == msglen3); - assert(memcmp(buf2, buf3, msglen2) == 0); - - free_with_check(msg1); - free_with_check(msg2); - free_with_check(buf2); - free_with_check(buf3); -} - -/* Do decode -> encode -> decode -> encode roundtrip */ -static void do_pointer_roundtrip(uint8_t *buffer, size_t msglen) -{ - bool status; - uint8_t *buf2 = malloc_with_check(BUFSIZE); - uint8_t *buf3 = malloc_with_check(BUFSIZE); - size_t msglen2, msglen3; - alltypes_pointer_AllTypes *msg1 = malloc_with_check(sizeof(alltypes_pointer_AllTypes)); - alltypes_pointer_AllTypes *msg2 = malloc_with_check(sizeof(alltypes_pointer_AllTypes)); - memset(msg1, 0, sizeof(alltypes_pointer_AllTypes)); - memset(msg2, 0, sizeof(alltypes_pointer_AllTypes)); - - { - pb_istream_t stream = pb_istream_from_buffer(buffer, msglen); - status = pb_decode(&stream, alltypes_pointer_AllTypes_fields, msg1); - assert(status); - } - - { - pb_ostream_t stream = pb_ostream_from_buffer(buf2, BUFSIZE); - status = pb_encode(&stream, alltypes_pointer_AllTypes_fields, msg1); - assert(status); - msglen2 = stream.bytes_written; - } - - { - pb_istream_t stream = pb_istream_from_buffer(buf2, msglen2); - status = pb_decode(&stream, alltypes_pointer_AllTypes_fields, msg2); - assert(status); - } - - { - pb_ostream_t stream = pb_ostream_from_buffer(buf3, BUFSIZE); - status = pb_encode(&stream, alltypes_pointer_AllTypes_fields, msg2); - assert(status); - msglen3 = stream.bytes_written; - } - - assert(msglen2 == msglen3); - assert(memcmp(buf2, buf3, msglen2) == 0); - - pb_release(alltypes_pointer_AllTypes_fields, msg1); - pb_release(alltypes_pointer_AllTypes_fields, msg2); - free_with_check(msg1); - free_with_check(msg2); - free_with_check(buf2); - free_with_check(buf3); -} - -static void run_iteration() -{ - uint8_t *buffer = malloc_with_check(BUFSIZE); - size_t msglen; - bool status; - - msglen = fread(buffer, 1, BUFSIZE, stdin); - - status = do_static_decode(buffer, msglen, false); - - if (status) - do_static_roundtrip(buffer, msglen); - - status = do_pointer_decode(buffer, msglen, false); - - if (status) - do_pointer_roundtrip(buffer, msglen); - - free_with_check(buffer); -} - -int main(int argc, char **argv) -{ - run_iteration(); - - return 0; -} - diff --git a/CAN-binder/libs/nanopb/tests/fuzztest/fuzztest.c b/CAN-binder/libs/nanopb/tests/fuzztest/fuzztest.c deleted file mode 100644 index ee851ec..0000000 --- a/CAN-binder/libs/nanopb/tests/fuzztest/fuzztest.c +++ /dev/null @@ -1,432 +0,0 @@ -/* Fuzz testing for the nanopb core. - * Attempts to verify all the properties defined in the security model document. - */ - -#include <pb_decode.h> -#include <pb_encode.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <assert.h> -#include <time.h> -#include <malloc_wrappers.h> -#include "alltypes_static.pb.h" -#include "alltypes_pointer.pb.h" - -static uint64_t random_seed; - -/* Uses xorshift64 here instead of rand() for both speed and - * reproducibility across platforms. */ -static uint32_t rand_word() -{ - random_seed ^= random_seed >> 12; - random_seed ^= random_seed << 25; - random_seed ^= random_seed >> 27; - return random_seed * 2685821657736338717ULL; -} - -/* Get a random integer in range, with approximately flat distribution. */ -static int rand_int(int min, int max) -{ - return rand_word() % (max + 1 - min) + min; -} - -static bool rand_bool() -{ - return rand_word() & 1; -} - -/* Get a random byte, with skewed distribution. - * Important corner cases like 0xFF, 0x00 and 0xFE occur more - * often than other values. */ -static uint8_t rand_byte() -{ - uint32_t w = rand_word(); - uint8_t b = w & 0xFF; - if (w & 0x100000) - b >>= (w >> 8) & 7; - if (w & 0x200000) - b <<= (w >> 12) & 7; - if (w & 0x400000) - b ^= 0xFF; - return b; -} - -/* Get a random length, with skewed distribution. - * Favors the shorter lengths, but always atleast 1. */ -static size_t rand_len(size_t max) -{ - uint32_t w = rand_word(); - size_t s; - if (w & 0x800000) - w &= 3; - else if (w & 0x400000) - w &= 15; - else if (w & 0x200000) - w &= 255; - - s = (w % max); - if (s == 0) - s = 1; - - return s; -} - -/* Fills a buffer with random data with skewed distribution. */ -static void rand_fill(uint8_t *buf, size_t count) -{ - while (count--) - *buf++ = rand_byte(); -} - -/* Fill with random protobuf-like data */ -static size_t rand_fill_protobuf(uint8_t *buf, size_t min_bytes, size_t max_bytes, int min_tag) -{ - pb_ostream_t stream = pb_ostream_from_buffer(buf, max_bytes); - - while(stream.bytes_written < min_bytes) - { - pb_wire_type_t wt = rand_int(0, 3); - if (wt == 3) wt = 5; /* Gap in values */ - - if (!pb_encode_tag(&stream, wt, rand_int(min_tag, min_tag + 512))) - break; - - if (wt == PB_WT_VARINT) - { - uint64_t value; - rand_fill((uint8_t*)&value, sizeof(value)); - pb_encode_varint(&stream, value); - } - else if (wt == PB_WT_64BIT) - { - uint64_t value; - rand_fill((uint8_t*)&value, sizeof(value)); - pb_encode_fixed64(&stream, &value); - } - else if (wt == PB_WT_32BIT) - { - uint32_t value; - rand_fill((uint8_t*)&value, sizeof(value)); - pb_encode_fixed32(&stream, &value); - } - else if (wt == PB_WT_STRING) - { - size_t len; - uint8_t *buf; - - if (min_bytes > stream.bytes_written) - len = rand_len(min_bytes - stream.bytes_written); - else - len = 0; - - buf = malloc(len); - pb_encode_varint(&stream, len); - rand_fill(buf, len); - pb_write(&stream, buf, len); - free(buf); - } - } - - return stream.bytes_written; -} - -/* Given a buffer of data, mess it up a bit */ -static void rand_mess(uint8_t *buf, size_t count) -{ - int m = rand_int(0, 3); - - if (m == 0) - { - /* Replace random substring */ - int s = rand_int(0, count - 1); - int l = rand_len(count - s); - rand_fill(buf + s, l); - } - else if (m == 1) - { - /* Swap random bytes */ - int a = rand_int(0, count - 1); - int b = rand_int(0, count - 1); - int x = buf[a]; - buf[a] = buf[b]; - buf[b] = x; - } - else if (m == 2) - { - /* Duplicate substring */ - int s = rand_int(0, count - 2); - int l = rand_len((count - s) / 2); - memcpy(buf + s + l, buf + s, l); - } - else if (m == 3) - { - /* Add random protobuf noise */ - int s = rand_int(0, count - 1); - int l = rand_len(count - s); - rand_fill_protobuf(buf + s, l, count - s, 1); - } -} - -/* Some default data to put in the message */ -static const alltypes_static_AllTypes initval = alltypes_static_AllTypes_init_default; - -#define BUFSIZE 4096 - -static bool do_static_encode(uint8_t *buffer, size_t *msglen) -{ - pb_ostream_t stream; - bool status; - - /* Allocate a message and fill it with defaults */ - alltypes_static_AllTypes *msg = malloc_with_check(sizeof(alltypes_static_AllTypes)); - memcpy(msg, &initval, sizeof(initval)); - - /* Apply randomness to the data before encoding */ - while (rand_int(0, 7)) - rand_mess((uint8_t*)msg, sizeof(alltypes_static_AllTypes)); - - stream = pb_ostream_from_buffer(buffer, BUFSIZE); - status = pb_encode(&stream, alltypes_static_AllTypes_fields, msg); - assert(stream.bytes_written <= BUFSIZE); - assert(stream.bytes_written <= alltypes_static_AllTypes_size); - - *msglen = stream.bytes_written; - pb_release(alltypes_static_AllTypes_fields, msg); - free_with_check(msg); - - return status; -} - -/* Append or prepend protobuf noise */ -static void do_protobuf_noise(uint8_t *buffer, size_t *msglen) -{ - int m = rand_int(0, 2); - size_t max_size = BUFSIZE - 32 - *msglen; - if (m == 1) - { - /* Prepend */ - uint8_t *tmp = malloc_with_check(BUFSIZE); - size_t s = rand_fill_protobuf(tmp, rand_len(max_size), BUFSIZE - *msglen, 512); - memmove(buffer + s, buffer, *msglen); - memcpy(buffer, tmp, s); - free_with_check(tmp); - *msglen += s; - } - else if (m == 2) - { - /* Append */ - size_t s = rand_fill_protobuf(buffer + *msglen, rand_len(max_size), BUFSIZE - *msglen, 512); - *msglen += s; - } -} - -static bool do_static_decode(uint8_t *buffer, size_t msglen, bool assert_success) -{ - pb_istream_t stream; - bool status; - - alltypes_static_AllTypes *msg = malloc_with_check(sizeof(alltypes_static_AllTypes)); - rand_fill((uint8_t*)msg, sizeof(alltypes_static_AllTypes)); - stream = pb_istream_from_buffer(buffer, msglen); - status = pb_decode(&stream, alltypes_static_AllTypes_fields, msg); - - if (!status && assert_success) - { - /* Anything that was successfully encoded, should be decodeable. - * One exception: strings without null terminator are encoded up - * to end of buffer, but refused on decode because the terminator - * would not fit. */ - if (strcmp(stream.errmsg, "string overflow") != 0) - assert(status); - } - - free_with_check(msg); - return status; -} - -static bool do_pointer_decode(uint8_t *buffer, size_t msglen, bool assert_success) -{ - pb_istream_t stream; - bool status; - alltypes_pointer_AllTypes *msg; - - msg = malloc_with_check(sizeof(alltypes_pointer_AllTypes)); - memset(msg, 0, sizeof(alltypes_pointer_AllTypes)); - stream = pb_istream_from_buffer(buffer, msglen); - - assert(get_alloc_count() == 0); - status = pb_decode(&stream, alltypes_pointer_AllTypes_fields, msg); - - if (assert_success) - assert(status); - - pb_release(alltypes_pointer_AllTypes_fields, msg); - assert(get_alloc_count() == 0); - - free_with_check(msg); - - return status; -} - -/* Do a decode -> encode -> decode -> encode roundtrip */ -static void do_static_roundtrip(uint8_t *buffer, size_t msglen) -{ - bool status; - uint8_t *buf2 = malloc_with_check(BUFSIZE); - uint8_t *buf3 = malloc_with_check(BUFSIZE); - size_t msglen2, msglen3; - alltypes_static_AllTypes *msg1 = malloc_with_check(sizeof(alltypes_static_AllTypes)); - alltypes_static_AllTypes *msg2 = malloc_with_check(sizeof(alltypes_static_AllTypes)); - memset(msg1, 0, sizeof(alltypes_static_AllTypes)); - memset(msg2, 0, sizeof(alltypes_static_AllTypes)); - - { - pb_istream_t stream = pb_istream_from_buffer(buffer, msglen); - status = pb_decode(&stream, alltypes_static_AllTypes_fields, msg1); - assert(status); - } - - { - pb_ostream_t stream = pb_ostream_from_buffer(buf2, BUFSIZE); - status = pb_encode(&stream, alltypes_static_AllTypes_fields, msg1); - assert(status); - msglen2 = stream.bytes_written; - } - - { - pb_istream_t stream = pb_istream_from_buffer(buf2, msglen2); - status = pb_decode(&stream, alltypes_static_AllTypes_fields, msg2); - assert(status); - } - - { - pb_ostream_t stream = pb_ostream_from_buffer(buf3, BUFSIZE); - status = pb_encode(&stream, alltypes_static_AllTypes_fields, msg2); - assert(status); - msglen3 = stream.bytes_written; - } - - assert(msglen2 == msglen3); - assert(memcmp(buf2, buf3, msglen2) == 0); - - free_with_check(msg1); - free_with_check(msg2); - free_with_check(buf2); - free_with_check(buf3); -} - -/* Do decode -> encode -> decode -> encode roundtrip */ -static void do_pointer_roundtrip(uint8_t *buffer, size_t msglen) -{ - bool status; - uint8_t *buf2 = malloc_with_check(BUFSIZE); - uint8_t *buf3 = malloc_with_check(BUFSIZE); - size_t msglen2, msglen3; - alltypes_pointer_AllTypes *msg1 = malloc_with_check(sizeof(alltypes_pointer_AllTypes)); - alltypes_pointer_AllTypes *msg2 = malloc_with_check(sizeof(alltypes_pointer_AllTypes)); - memset(msg1, 0, sizeof(alltypes_pointer_AllTypes)); - memset(msg2, 0, sizeof(alltypes_pointer_AllTypes)); - - { - pb_istream_t stream = pb_istream_from_buffer(buffer, msglen); - status = pb_decode(&stream, alltypes_pointer_AllTypes_fields, msg1); - assert(status); - } - - { - pb_ostream_t stream = pb_ostream_from_buffer(buf2, BUFSIZE); - status = pb_encode(&stream, alltypes_pointer_AllTypes_fields, msg1); - assert(status); - msglen2 = stream.bytes_written; - } - - { - pb_istream_t stream = pb_istream_from_buffer(buf2, msglen2); - status = pb_decode(&stream, alltypes_pointer_AllTypes_fields, msg2); - assert(status); - } - - { - pb_ostream_t stream = pb_ostream_from_buffer(buf3, BUFSIZE); - status = pb_encode(&stream, alltypes_pointer_AllTypes_fields, msg2); - assert(status); - msglen3 = stream.bytes_written; - } - - assert(msglen2 == msglen3); - assert(memcmp(buf2, buf3, msglen2) == 0); - - pb_release(alltypes_pointer_AllTypes_fields, msg1); - pb_release(alltypes_pointer_AllTypes_fields, msg2); - free_with_check(msg1); - free_with_check(msg2); - free_with_check(buf2); - free_with_check(buf3); -} - -static void run_iteration() -{ - uint8_t *buffer = malloc_with_check(BUFSIZE); - size_t msglen; - bool status; - - rand_fill(buffer, BUFSIZE); - - if (do_static_encode(buffer, &msglen)) - { - do_protobuf_noise(buffer, &msglen); - - status = do_static_decode(buffer, msglen, true); - - if (status) - do_static_roundtrip(buffer, msglen); - - status = do_pointer_decode(buffer, msglen, true); - - if (status) - do_pointer_roundtrip(buffer, msglen); - - /* Apply randomness to the encoded data */ - while (rand_bool()) - rand_mess(buffer, BUFSIZE); - - /* Apply randomness to encoded data length */ - if (rand_bool()) - msglen = rand_int(0, BUFSIZE); - - status = do_static_decode(buffer, msglen, false); - do_pointer_decode(buffer, msglen, status); - - if (status) - { - do_static_roundtrip(buffer, msglen); - do_pointer_roundtrip(buffer, msglen); - } - } - - free_with_check(buffer); -} - -int main(int argc, char **argv) -{ - int i; - if (argc > 1) - { - random_seed = atol(argv[1]); - } - else - { - random_seed = time(NULL); - } - - fprintf(stderr, "Random seed: %llu\n", (long long unsigned)random_seed); - - for (i = 0; i < 10000; i++) - { - run_iteration(); - } - - return 0; -} - diff --git a/CAN-binder/libs/nanopb/tests/fuzztest/generate_message.c b/CAN-binder/libs/nanopb/tests/fuzztest/generate_message.c deleted file mode 100644 index 6e49299..0000000 --- a/CAN-binder/libs/nanopb/tests/fuzztest/generate_message.c +++ /dev/null @@ -1,101 +0,0 @@ -/* Generates a random, valid protobuf message. Useful to seed - * external fuzzers such as afl-fuzz. - */ - -#include <pb_encode.h> -#include <pb_common.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <assert.h> -#include <time.h> -#include "alltypes_static.pb.h" - -static uint64_t random_seed; - -/* Uses xorshift64 here instead of rand() for both speed and - * reproducibility across platforms. */ -static uint32_t rand_word() -{ - random_seed ^= random_seed >> 12; - random_seed ^= random_seed << 25; - random_seed ^= random_seed >> 27; - return random_seed * 2685821657736338717ULL; -} - -/* Fills a buffer with random data. */ -static void rand_fill(uint8_t *buf, size_t count) -{ - while (count--) - { - *buf++ = rand_word() & 0xff; - } -} - -/* Check that size/count fields do not exceed their max size. - * Otherwise we would have to loop pretty long in generate_message(). - * Note that there may still be a few encoding errors from submessages. - */ -static void limit_sizes(alltypes_static_AllTypes *msg) -{ - pb_field_iter_t iter; - pb_field_iter_begin(&iter, alltypes_static_AllTypes_fields, msg); - while (pb_field_iter_next(&iter)) - { - if (PB_LTYPE(iter.pos->type) == PB_LTYPE_BYTES) - { - ((pb_bytes_array_t*)iter.pData)->size %= iter.pos->data_size - PB_BYTES_ARRAY_T_ALLOCSIZE(0); - } - - if (PB_HTYPE(iter.pos->type) == PB_HTYPE_REPEATED) - { - *((pb_size_t*)iter.pSize) %= iter.pos->array_size; - } - - if (PB_HTYPE(iter.pos->type) == PB_HTYPE_ONEOF) - { - /* Set the oneof to this message type with 50% chance. */ - if (rand_word() & 1) - { - *((pb_size_t*)iter.pSize) = iter.pos->tag; - } - } - } -} - -static void generate_message() -{ - alltypes_static_AllTypes msg; - uint8_t buf[8192]; - pb_ostream_t stream = {0}; - - do { - if (stream.errmsg) - fprintf(stderr, "Encoder error: %s\n", stream.errmsg); - - stream = pb_ostream_from_buffer(buf, sizeof(buf)); - rand_fill((void*)&msg, sizeof(msg)); - limit_sizes(&msg); - } while (!pb_encode(&stream, alltypes_static_AllTypes_fields, &msg)); - - fwrite(buf, 1, stream.bytes_written, stdout); -} - -int main(int argc, char **argv) -{ - if (argc > 1) - { - random_seed = atol(argv[1]); - } - else - { - random_seed = time(NULL); - } - - fprintf(stderr, "Random seed: %llu\n", (long long unsigned)random_seed); - - generate_message(); - - return 0; -} - diff --git a/CAN-binder/libs/nanopb/tests/fuzztest/run_radamsa.sh b/CAN-binder/libs/nanopb/tests/fuzztest/run_radamsa.sh deleted file mode 100755 index 52cd40a..0000000 --- a/CAN-binder/libs/nanopb/tests/fuzztest/run_radamsa.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -TMP=`tempfile` - -echo $TMP -while true -do - radamsa sample_data/* > $TMP - $1 < $TMP - test $? -gt 127 && break -done - diff --git a/CAN-binder/libs/nanopb/tests/fuzztest/sample_data/sample1.pb b/CAN-binder/libs/nanopb/tests/fuzztest/sample_data/sample1.pb Binary files differdeleted file mode 100644 index 0752788..0000000 --- a/CAN-binder/libs/nanopb/tests/fuzztest/sample_data/sample1.pb +++ /dev/null diff --git a/CAN-binder/libs/nanopb/tests/fuzztest/sample_data/sample2.pb b/CAN-binder/libs/nanopb/tests/fuzztest/sample_data/sample2.pb Binary files differdeleted file mode 100644 index cc89f91..0000000 --- a/CAN-binder/libs/nanopb/tests/fuzztest/sample_data/sample2.pb +++ /dev/null |