diff --git a/projects/libevent/buffer_fuzzer.cc b/projects/libevent/buffer_fuzzer.cc new file mode 100644 index 000000000000..1dbdea69430a --- /dev/null +++ b/projects/libevent/buffer_fuzzer.cc @@ -0,0 +1,60 @@ +/* Copyright 2023 Google LLC +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +#include +#include +#include +#include +#include + +#include + +extern "C" { +#include "libevent/include/event2/event.h" +#include "libevent/include/event2/buffer.h" +#include "libevent/include/event2/buffer_compat.h" +#include "libevent/include/event2/util.h" +#include "util-internal.h" +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { + FuzzedDataProvider data_provider(data, size); + + std::string s1 = data_provider.ConsumeRandomLengthString(); + std::string s2 = data_provider.ConsumeRandomLengthString(); + std::string s3 = data_provider.ConsumeRandomLengthString(); + std::string s4 = data_provider.ConsumeRandomLengthString(); + + struct evbuffer *buf = evbuffer_new(); + size_t sz; + evbuffer_add(buf, s1.c_str(), s1.size()); + char *cp = NULL; + cp = evbuffer_readln(buf, &sz, EVBUFFER_EOL_ANY); + if (cp != NULL) { + free(cp); + cp = NULL; + } + struct evbuffer *buf2 = evbuffer_new(); + evbuffer_add(buf2, s1.c_str(), s1.size()); + evbuffer_add_reference(buf2, s2.c_str(), s2.size(), NULL, NULL); + evbuffer_add_buffer(buf, buf2); + evbuffer_expand(buf, 2000); + evbuffer_pullup(buf, 2); + evbuffer_prepend(buf, s3.c_str(), s3.size()); + evbuffer_prepend_buffer(buf, buf2); + evbuffer_find(buf2, (const unsigned char *)s4.c_str(), s4.size()); + + evbuffer_free(buf); + evbuffer_free(buf2); + + return 0; +} diff --git a/projects/libevent/utils_fuzzer.cc b/projects/libevent/utils_fuzzer.cc index d64ce0bbcf5a..08feabca2c27 100644 --- a/projects/libevent/utils_fuzzer.cc +++ b/projects/libevent/utils_fuzzer.cc @@ -16,6 +16,8 @@ limitations under the License. #include #include +#include + #include "libevent/include/event2/event.h" #include "libevent/include/event2/util.h" #include "util-internal.h" @@ -25,8 +27,10 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { int len; char out_buf[128]; struct sockaddr_storage ss; - std::string fuzz_string(reinterpret_cast(data), size); + FuzzedDataProvider data_provider(data, size); + std::string fuzz_string = data_provider.ConsumeRandomLengthString(); + len = sizeof(out_buf); r = evutil_parse_sockaddr_port( fuzz_string.c_str(), (struct sockaddr*)&ss, &len); if (r == 0) { @@ -35,5 +39,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { sizeof(out_buf)); } + struct evutil_addrinfo *addr_info = NULL; + std::string s1 = data_provider.ConsumeRandomLengthString(); + evutil_getaddrinfo(s1.c_str(), NULL, NULL, &addr_info); + return 0; }