phantom/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-01-27 03:33:27 -03:00
Code Issues Projects Releases Packages Wiki Activity Actions

fuzz: extend FuzzedSock::Recv() to support MSG_PEEK

Browse source 
A conforming `recv(2)` call is supposed to return the same data on a
call following `recv(..., MSG_PEEK)`. Extend `FuzzedSock::Recv()` to do
that.

For simplicity we only return 1 byte when `MSG_PEEK` is used. If we
would return a buffer of N bytes, then we would have to keep track how
many of them were consumed on subsequent non-`MSG_PEEK` calls.
This commit is contained in:
Vasil Dimov 2021-03-05 14:50:49 +01:00
parent 9b05c49ade
commit 3088f83d01
No known key found for this signature in database
GPG key ID: 54DF06F64B55CBBF
1 changed files with 28 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
src/test/fuzz/util.h
View file

@ -555,6 +555,13 @@ class FuzzedSock : public Sock
{ {
FuzzedDataProvider& m_fuzzed_data_provider; FuzzedDataProvider& m_fuzzed_data_provider;
/**
* Data to return when `MSG_PEEK` is used as a `Recv()` flag.
* If `MSG_PEEK` is used, then our `Recv()` returns some random data as usual, but on the next
* `Recv()` call we must return the same data, thus we remember it here.
*/
mutable std::optional<uint8_t> m_peek_data;
public: public:
explicit FuzzedSock(FuzzedDataProvider& fuzzed_data_provider) : m_fuzzed_data_provider{fuzzed_data_provider} explicit FuzzedSock(FuzzedDataProvider& fuzzed_data_provider) : m_fuzzed_data_provider{fuzzed_data_provider}
{ {
@ -635,8 +642,26 @@ public:
} }
return r; return r;
} }
const std::vector<uint8_t> random_bytes = m_fuzzed_data_provider.ConsumeBytes<uint8_t>( std::vector<uint8_t> random_bytes;
bool pad_to_len_bytes{m_fuzzed_data_provider.ConsumeBool()};
if (m_peek_data.has_value()) {
// `MSG_PEEK` was used in the preceding `Recv()` call, return `m_peek_data`.
random_bytes.assign({m_peek_data.value()});
if ((flags & MSG_PEEK) == 0) {
m_peek_data.reset();
}
pad_to_len_bytes = false;
} else if ((flags & MSG_PEEK) != 0) {
// New call with `MSG_PEEK`.
random_bytes = m_fuzzed_data_provider.ConsumeBytes<uint8_t>(1);
if (!random_bytes.empty()) {
m_peek_data = random_bytes[0];
pad_to_len_bytes = false;
}
} else {
random_bytes = m_fuzzed_data_provider.ConsumeBytes<uint8_t>(
m_fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, len)); m_fuzzed_data_provider.ConsumeIntegralInRange<size_t>(0, len));
}
if (random_bytes.empty()) { if (random_bytes.empty()) {
const ssize_t r = m_fuzzed_data_provider.ConsumeBool() ? 0 : -1; const ssize_t r = m_fuzzed_data_provider.ConsumeBool() ? 0 : -1;
if (r == -1) { if (r == -1) {
@ -645,7 +670,7 @@ public:
return r; return r;
} }
std::memcpy(buf, random_bytes.data(), random_bytes.size()); std::memcpy(buf, random_bytes.data(), random_bytes.size());
if (m_fuzzed_data_provider.ConsumeBool()) { if (pad_to_len_bytes) {
if (len > random_bytes.size()) { if (len > random_bytes.size()) {
std::memset((char*)buf + random_bytes.size(), 0, len - random_bytes.size()); std::memset((char*)buf + random_bytes.size(), 0, len - random_bytes.size());
} }