mirror of
https://github.com/bitcoin/bitcoin.git
synced 2025-01-10 03:47:29 -03:00
[fuzz] Make peeking through FuzzedSock::Recv fuzzer friendly
FuzzedSock only supports peeking at one byte at a time, which is not fuzzer friendly when trying to receive long data. Fix this by supporting peek data of arbitrary length instead of only one byte.
This commit is contained in:
dergoegge
parent
865cdf3692
commit
a7fceda68b
2 changed files with 10 additions and 6 deletions
|
|
@ -193,16 +193,16 @@ ssize_t FuzzedSock::Recv(void* buf, size_t len, int flags) const
|
|||
bool pad_to_len_bytes{m_fuzzed_data_provider.ConsumeBool()};
|
||||
if (m_peek_data.has_value()) {
|
||||
// `MSG_PEEK` was used in the preceding `Recv()` call, return `m_peek_data`.
|
||||
random_bytes.assign({m_peek_data.value()});
|
||||
random_bytes = m_peek_data.value();
|
||||
if ((flags & MSG_PEEK) == 0) {
|
||||
m_peek_data.reset();
|
||||
}
|
||||
pad_to_len_bytes = false;
|
||||
} else if ((flags & MSG_PEEK) != 0) {
|
||||
// New call with `MSG_PEEK`.
|
||||
random_bytes = m_fuzzed_data_provider.ConsumeBytes<uint8_t>(1);
|
||||
random_bytes = ConsumeRandomLengthByteVector(m_fuzzed_data_provider, len);
|
||||
if (!random_bytes.empty()) {
|
||||
m_peek_data = random_bytes[0];
|
||||
m_peek_data = random_bytes;
|
||||
pad_to_len_bytes = false;
|
||||
}
|
||||
} else {
|
||||
|
|
@ -215,7 +215,11 @@ ssize_t FuzzedSock::Recv(void* buf, size_t len, int flags) const
|
|||
}
|
||||
return r;
|
||||
}
|
||||
std::memcpy(buf, random_bytes.data(), random_bytes.size());
|
||||
// `random_bytes` might exceed the size of `buf` if e.g. Recv is called with
|
||||
// len=N and MSG_PEEK first and afterwards called with len=M (M < N) and
|
||||
// without MSG_PEEK.
|
||||
size_t recv_len{std::min(random_bytes.size(), len)};
|
||||
std::memcpy(buf, random_bytes.data(), recv_len);
|
||||
if (pad_to_len_bytes) {
|
||||
if (len > random_bytes.size()) {
|
||||
std::memset((char*)buf + random_bytes.size(), 0, len - random_bytes.size());
|
||||
|
|
@ -225,7 +229,7 @@ ssize_t FuzzedSock::Recv(void* buf, size_t len, int flags) const
|
|||
if (m_fuzzed_data_provider.ConsumeBool() && std::getenv("FUZZED_SOCKET_FAKE_LATENCY") != nullptr) {
|
||||
std::this_thread::sleep_for(std::chrono::milliseconds{2});
|
||||
}
|
||||
return random_bytes.size();
|
||||
return recv_len;
|
||||
}
|
||||
|
||||
int FuzzedSock::Connect(const sockaddr*, socklen_t) const
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ class FuzzedSock : public Sock
|
|||
* If `MSG_PEEK` is used, then our `Recv()` returns some random data as usual, but on the next
|
||||
* `Recv()` call we must return the same data, thus we remember it here.
|
||||
*/
|
||||
mutable std::optional<uint8_t> m_peek_data;
|
||||
mutable std::optional<std::vector<uint8_t>> m_peek_data;
|
||||
|
||||
/**
|
||||
* Whether to pretend that the socket is select(2)-able. This is randomly set in the
|
||||
|
|
|
|||
Loading…
Reference in a new issue