Browse code

misc/fuzz: add checks on input size

- test with larger messages than core accepts

Daniel-Constantin Mierla authored on 05/10/2022 08:34:43
Showing 2 changed files
... ...
@@ -1,3 +1,4 @@
1
+#include "../config.h"
1 2
 #include "../parser/sdp/sdp.h"
2 3
 #include "../parser/parse_uri.c"
3 4
 #include "../parser/parse_hname2.h"
... ...
@@ -23,6 +24,11 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
23 24
     orig_inv.buf = (char*)data;
24 25
     orig_inv.len = size;
25 26
 
27
+    if(size >= 4*BUF_SIZE) {
28
+        /* test with larger message than core accepts, but not indefinitely large */
29
+        return 0;
30
+    }
31
+
26 32
     if (parse_msg(orig_inv.buf, orig_inv.len, &orig_inv) < 0) {
27 33
         goto cleanup;
28 34
     }
... ...
@@ -1,8 +1,14 @@
1
+
2
+#include "../config.h"
1 3
 #include "../parser/parse_uri.c"
2 4
 
3 5
 int
4 6
 LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
5 7
     struct sip_uri uri;
8
+    if(size >= BUF_SIZE) {
9
+        /* test with larger message than core accepts, but not indefinitely large */
10
+        return 0;
11
+    }
6 12
     parse_uri(data, size, &uri);
7 13
     return 0;
8 14
 }