commit b52481bf39a65d478c4d38057a7dae7f1a0e7248
from: Sergey Bronnikov <sergeyb@tarantool.org>
date: Wed Sep 06 12:54:27 2023 UTC

test/fuzz: add fuzzing test for xrow_header_decode

The patch adds a fuzzing test for IPROTO decoding function
xrow_header_decode().

NO_DOC=testing
NO_CHANGELOG=testing

commit - a5d7f34294cb80b14090e6004b8077630f554e23
commit + b52481bf39a65d478c4d38057a7dae7f1a0e7248
blob - afb839f086cfd01174ae54dd132929095a4ce91e
blob + b8a68dcf334c575242055dcd2b9e035e518946a7
--- test/fuzz/CMakeLists.txt
+++ test/fuzz/CMakeLists.txt
@@ -131,6 +131,10 @@ if (NOT ENABLE_UB_SANITIZER)
   create_fuzz_test(PREFIX xrow_decode_watch
                    SOURCES xrow_decode_watch_fuzzer.c
                    LIBRARIES xrow fuzzer_config)
+
+  create_fuzz_test(PREFIX xrow_header_decode
+                   SOURCES xrow_header_decode_fuzzer.c
+                   LIBRARIES xrow fuzzer_config)
 endif ()
 
 # Blocked by https://github.com/tarantool/tarantool/issues/8948.
blob - /dev/null
blob + d5282d4ea9c7527142cbe97a9e7e19972677e440 (mode 644)
--- /dev/null
+++ test/fuzz/xrow_header_decode_fuzzer.c
@@ -0,0 +1,34 @@
+#include "box/iproto_constants.h"
+#include "box/xrow.h"
+#include "memory.h"
+
+void
+cord_on_yield(void) {}
+
+__attribute__((constructor))
+static void
+setup(void)
+{
+	memory_init();
+}
+
+__attribute__((destructor))
+static void
+teardown(void)
+{
+	memory_free();
+}
+
+int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	const char *p = (const char *)data;
+	const char *pe = (const char *)data + size;
+	if (mp_check(&p, pe) != 0)
+		return -1;
+
+	struct xrow_header header;
+	xrow_header_decode(&header, &p, pe, false);
+
+	return 0;
+}