fuzz_binary_decode.cc 1.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263
  1. /* This Source Code Form is subject to the terms of the Mozilla Public
  2. * License, v. 2.0. If a copy of the MPL was not distributed with this
  3. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
  4. #include <ua_types.h>
  5. #include "ua_server_internal.h"
  6. #include "ua_config_default.h"
  7. #include "ua_log_stdout.h"
  8. #include "ua_types_encoding_binary.h"
  9. /*
  10. ** Main entry point. The fuzzer invokes this function with each
  11. ** fuzzed input.
  12. */
  13. extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  14. if (size == 0)
  15. return 0;
  16. const uint8_t *ptr = data;
  17. size_t ptrSize = size;
  18. // get some random type
  19. uint16_t typeIndex = ptr[0];
  20. ptr++;
  21. ptrSize--;
  22. if (typeIndex >= UA_TYPES_COUNT)
  23. return 0;
  24. size_t offset = 0;
  25. if (ptrSize >= sizeof(size_t)) {
  26. offset = (*ptr);
  27. ptr += sizeof(size_t);
  28. ptrSize -= sizeof(size_t);
  29. }
  30. void *dst = UA_new(&UA_TYPES[typeIndex]);
  31. const UA_ByteString binary = {
  32. ptrSize, //length
  33. (UA_Byte *)(void *)ptr //data
  34. };
  35. UA_StatusCode ret = UA_decodeBinary(&binary, &offset, dst, &UA_TYPES[typeIndex], 0, nullptr);
  36. if (ret == UA_STATUSCODE_GOOD) {
  37. // now also test encoding
  38. UA_ByteString encoded;
  39. UA_ByteString_allocBuffer(&encoded, binary.length);
  40. const UA_Byte *end = &encoded.data[binary.length];
  41. UA_Byte *pos = encoded.data;
  42. ret = UA_encodeBinary(dst, &UA_TYPES[typeIndex], &pos, &end, NULL, NULL);
  43. if (ret == UA_STATUSCODE_GOOD) {
  44. // do nothing
  45. }
  46. UA_ByteString_deleteMembers(&encoded);
  47. }
  48. UA_delete(dst, &UA_TYPES[typeIndex]);
  49. return 0;
  50. }