commit 45eef962011f5a2f2fa944f537a7d628fd8e26cd
Author: Dridi Boukelmoune <dridi.boukelmoune@gmail.com>
Date: Mon Sep 6 09:23:42 2021 +0200
fuzz: Set up a workspace emulator in esi_parse_fuzzer
While at it, try to better formalize all the setup steps.
diff --git a/bin/varnishd/Makefile.am b/bin/varnishd/Makefile.am
index 7ca48c873..27d931ab3 100644
--- a/bin/varnishd/Makefile.am
+++ b/bin/varnishd/Makefile.am
@@ -202,10 +202,12 @@ vhp_decode_test_LDADD = $(top_builddir)/lib/libvarnish/libvarnish.la
noinst_PROGRAMS += esi_parse_fuzzer
esi_parse_fuzzer_SOURCES = \
+ cache/cache_ws_emu.c \
+ cache/cache_ws_common.c \
cache/cache_esi_parse.c \
fuzzers/esi_parse_fuzzer.c
esi_parse_fuzzer_CFLAGS = \
- -DNOT_IN_A_VMOD
+ -DNOT_IN_A_VMOD -DENABLE_WORKSPACE_EMULATOR
esi_parse_fuzzer_LDADD = \
$(top_builddir)/lib/libvarnish/libvarnish.la \
$(top_builddir)/lib/libvgz/libvgz.la
diff --git a/bin/varnishd/fuzzers/esi_parse_fuzzer.c b/bin/varnishd/fuzzers/esi_parse_fuzzer.c
index 246e9180a..fb1e5ecb5 100644
--- a/bin/varnishd/fuzzers/esi_parse_fuzzer.c
+++ b/bin/varnishd/fuzzers/esi_parse_fuzzer.c
@@ -36,22 +36,39 @@
#include <stdlib.h>
#include <stdio.h>
-#include "cache/cache.h"
+#include "cache/cache_varnishd.h"
#include "cache/cache_vgz.h" /* enum vgz_flag */
#include "cache/cache_esi.h"
#include "cache/cache_filter.h" /* struct vfp_ctx */
-#include "common/common_param.h" /* struct params */
-#include "VSC_main.h"
#include "vfil.h"
-#include "vsb.h"
int LLVMFuzzerTestOneInput(const uint8_t *, size_t);
-extern struct VSC_main *VSC_C_main;
struct VSC_main *VSC_C_main;
-extern struct params *cache_param;
-struct params *cache_param;
+volatile struct params *cache_param;
+
+int
+PAN__DumpStruct(struct vsb *vsb, int block, int track, const void *ptr,
+ const char *smagic, unsigned magic, const char *fmt, ...)
+{
+ (void)vsb;
+ (void)block;
+ (void)track;
+ (void)ptr;
+ (void)smagic;
+ (void)magic;
+ (void)fmt;
+ return (0);
+}
+
+void
+VSL(enum VSL_tag_e tag, uint32_t vxid, const char *fmt, ...)
+{
+ (void)tag;
+ (void)vxid;
+ (void)fmt;
+}
void
VSLb(struct vsl_log *vsl, enum VSL_tag_e tag, const char *fmt, ...)
@@ -72,38 +89,20 @@ VSLb_ts(struct vsl_log *l, const char *event, vtim_real first, vtim_real *pprev,
(void)now;
}
-void
-WS_Assert(const struct ws *ws)
-{
- (void)ws;
-}
-
-void *
-WS_Alloc(struct ws *ws, unsigned bytes)
-{
- (void)ws;
- return (calloc(1, bytes));
-}
-
-unsigned
-WS_ReserveAll(struct ws *ws)
-{
- (void)ws;
- WRONG("Should not be called");
-}
-
int
LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
struct VSC_main __VSC_C_main;
struct params __cache_param;
- struct http req = { .magic = HTTP_MAGIC };
- struct http resp = { .magic = HTTP_MAGIC };
- struct vfp_ctx vc = { .magic = VFP_CTX_MAGIC };
+ struct http req[1];
+ struct http resp[1];
+ struct vfp_ctx vc[1];
+ struct worker wrk[1];
+ struct ws ws[1];
struct vep_state *vep;
struct vsb *vsb;
- struct worker wrk;
txt hd[HTTP_HDR_URL + 1];
+ char ws_buf[1024];
if (size < 1)
return (0);
@@ -125,21 +124,34 @@ LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
BSET(__cache_param.feature_bits, FEATURE_ESI_REMOVE_BOM);
#undef BSET
+ /* Setup ws */
+ WS_Init(ws, "req", ws_buf, sizeof ws_buf);
+
/* Setup req */
- req.hd = hd;
- req.hd[HTTP_HDR_URL].b = "/";
+ INIT_OBJ(req, HTTP_MAGIC);
+ req->hd = hd;
+ req->hd[HTTP_HDR_URL].b = "/";
+ req->ws = ws;
+
+ /* Setup resp */
+ INIT_OBJ(resp, HTTP_MAGIC);
+ resp->ws = ws;
+
+ /* Setup wrk */
+ INIT_OBJ(wrk, WORKER_MAGIC);
/* Setup vc */
- vc.wrk = &wrk;
- vc.resp = &resp;
+ INIT_OBJ(vc, VFP_CTX_MAGIC);
+ vc->wrk = wrk;
+ vc->resp = resp;
- vep = VEP_Init(&vc, &req, NULL, NULL);
+ vep = VEP_Init(vc, req, NULL, NULL);
AN(vep);
VEP_Parse(vep, (const char *)data, size);
vsb = VEP_Finish(vep);
if (vsb != NULL)
VSB_destroy(&vsb);
- free(vep);
+ WS_Rollback(ws, 0);
return (0);
}
@@ -155,6 +167,7 @@ main(int argc, char **argv)
for (i = 1; i < argc; i++) {
len = 0;
buf = VFIL_readfile(NULL, argv[i], &len);
+ AN(buf);
LLVMFuzzerTestOneInput((uint8_t *)buf, len);
free(buf);
}
_______________________________________________
varnish-commit mailing list
varnish-commit@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit
Author: Dridi Boukelmoune <dridi.boukelmoune@gmail.com>
Date: Mon Sep 6 09:23:42 2021 +0200
fuzz: Set up a workspace emulator in esi_parse_fuzzer
While at it, try to better formalize all the setup steps.
diff --git a/bin/varnishd/Makefile.am b/bin/varnishd/Makefile.am
index 7ca48c873..27d931ab3 100644
--- a/bin/varnishd/Makefile.am
+++ b/bin/varnishd/Makefile.am
@@ -202,10 +202,12 @@ vhp_decode_test_LDADD = $(top_builddir)/lib/libvarnish/libvarnish.la
noinst_PROGRAMS += esi_parse_fuzzer
esi_parse_fuzzer_SOURCES = \
+ cache/cache_ws_emu.c \
+ cache/cache_ws_common.c \
cache/cache_esi_parse.c \
fuzzers/esi_parse_fuzzer.c
esi_parse_fuzzer_CFLAGS = \
- -DNOT_IN_A_VMOD
+ -DNOT_IN_A_VMOD -DENABLE_WORKSPACE_EMULATOR
esi_parse_fuzzer_LDADD = \
$(top_builddir)/lib/libvarnish/libvarnish.la \
$(top_builddir)/lib/libvgz/libvgz.la
diff --git a/bin/varnishd/fuzzers/esi_parse_fuzzer.c b/bin/varnishd/fuzzers/esi_parse_fuzzer.c
index 246e9180a..fb1e5ecb5 100644
--- a/bin/varnishd/fuzzers/esi_parse_fuzzer.c
+++ b/bin/varnishd/fuzzers/esi_parse_fuzzer.c
@@ -36,22 +36,39 @@
#include <stdlib.h>
#include <stdio.h>
-#include "cache/cache.h"
+#include "cache/cache_varnishd.h"
#include "cache/cache_vgz.h" /* enum vgz_flag */
#include "cache/cache_esi.h"
#include "cache/cache_filter.h" /* struct vfp_ctx */
-#include "common/common_param.h" /* struct params */
-#include "VSC_main.h"
#include "vfil.h"
-#include "vsb.h"
int LLVMFuzzerTestOneInput(const uint8_t *, size_t);
-extern struct VSC_main *VSC_C_main;
struct VSC_main *VSC_C_main;
-extern struct params *cache_param;
-struct params *cache_param;
+volatile struct params *cache_param;
+
+int
+PAN__DumpStruct(struct vsb *vsb, int block, int track, const void *ptr,
+ const char *smagic, unsigned magic, const char *fmt, ...)
+{
+ (void)vsb;
+ (void)block;
+ (void)track;
+ (void)ptr;
+ (void)smagic;
+ (void)magic;
+ (void)fmt;
+ return (0);
+}
+
+void
+VSL(enum VSL_tag_e tag, uint32_t vxid, const char *fmt, ...)
+{
+ (void)tag;
+ (void)vxid;
+ (void)fmt;
+}
void
VSLb(struct vsl_log *vsl, enum VSL_tag_e tag, const char *fmt, ...)
@@ -72,38 +89,20 @@ VSLb_ts(struct vsl_log *l, const char *event, vtim_real first, vtim_real *pprev,
(void)now;
}
-void
-WS_Assert(const struct ws *ws)
-{
- (void)ws;
-}
-
-void *
-WS_Alloc(struct ws *ws, unsigned bytes)
-{
- (void)ws;
- return (calloc(1, bytes));
-}
-
-unsigned
-WS_ReserveAll(struct ws *ws)
-{
- (void)ws;
- WRONG("Should not be called");
-}
-
int
LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
{
struct VSC_main __VSC_C_main;
struct params __cache_param;
- struct http req = { .magic = HTTP_MAGIC };
- struct http resp = { .magic = HTTP_MAGIC };
- struct vfp_ctx vc = { .magic = VFP_CTX_MAGIC };
+ struct http req[1];
+ struct http resp[1];
+ struct vfp_ctx vc[1];
+ struct worker wrk[1];
+ struct ws ws[1];
struct vep_state *vep;
struct vsb *vsb;
- struct worker wrk;
txt hd[HTTP_HDR_URL + 1];
+ char ws_buf[1024];
if (size < 1)
return (0);
@@ -125,21 +124,34 @@ LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
BSET(__cache_param.feature_bits, FEATURE_ESI_REMOVE_BOM);
#undef BSET
+ /* Setup ws */
+ WS_Init(ws, "req", ws_buf, sizeof ws_buf);
+
/* Setup req */
- req.hd = hd;
- req.hd[HTTP_HDR_URL].b = "/";
+ INIT_OBJ(req, HTTP_MAGIC);
+ req->hd = hd;
+ req->hd[HTTP_HDR_URL].b = "/";
+ req->ws = ws;
+
+ /* Setup resp */
+ INIT_OBJ(resp, HTTP_MAGIC);
+ resp->ws = ws;
+
+ /* Setup wrk */
+ INIT_OBJ(wrk, WORKER_MAGIC);
/* Setup vc */
- vc.wrk = &wrk;
- vc.resp = &resp;
+ INIT_OBJ(vc, VFP_CTX_MAGIC);
+ vc->wrk = wrk;
+ vc->resp = resp;
- vep = VEP_Init(&vc, &req, NULL, NULL);
+ vep = VEP_Init(vc, req, NULL, NULL);
AN(vep);
VEP_Parse(vep, (const char *)data, size);
vsb = VEP_Finish(vep);
if (vsb != NULL)
VSB_destroy(&vsb);
- free(vep);
+ WS_Rollback(ws, 0);
return (0);
}
@@ -155,6 +167,7 @@ main(int argc, char **argv)
for (i = 1; i < argc; i++) {
len = 0;
buf = VFIL_readfile(NULL, argv[i], &len);
+ AN(buf);
LLVMFuzzerTestOneInput((uint8_t *)buf, len);
free(buf);
}
_______________________________________________
varnish-commit mailing list
varnish-commit@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit