From 1695c8ab5bd3ea2dd0a065bcb8162a973dede7fe Mon Sep 17 00:00:00 2001 From: Antoine Poinsot Date: Wed, 12 Feb 2025 11:17:55 -0500 Subject: [PATCH] fuzz: in FuzzedSock::GetSockName(), return a random-length name ConsumeData() will always try to return a name as long as the requested size. It is more useful, and closer to how `getsockname` would actually behave in reality, to return a random length name instead. This was hindering coverage in the PCP fuzz target as the addr len was set to the size of the sockaddr_in struct and would exhaust all the provided data from the fuzzer. Thanks to Marco Fleon for suggesting this. Co-Authored-by: marcofleon --- src/test/fuzz/util/net.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/test/fuzz/util/net.cpp b/src/test/fuzz/util/net.cpp index 669f4438717..8cbf6bdffec 100644 --- a/src/test/fuzz/util/net.cpp +++ b/src/test/fuzz/util/net.cpp @@ -358,8 +358,10 @@ int FuzzedSock::GetSockName(sockaddr* name, socklen_t* name_len) const return -1; } assert(name_len); - *name_len = m_fuzzed_data_provider.ConsumeData(name, *name_len); - if (*name_len < (int)sizeof(sockaddr)) return -1; + const auto bytes{ConsumeRandomLengthByteVector(m_fuzzed_data_provider, *name_len)}; + if (bytes.size() < (int)sizeof(sockaddr)) return -1; + std::memcpy(name, bytes.data(), bytes.size()); + *name_len = bytes.size(); return 0; }