123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 |
- /* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
- #include <ua_types.h>
- #include "ua_server_internal.h"
- #include "ua_config_default.h"
- #include "ua_log_stdout.h"
- #include "ua_types_encoding_binary.h"
- /*
- ** Main entry point. The fuzzer invokes this function with each
- ** fuzzed input.
- */
- extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
- if (size == 0)
- return 0;
- const uint8_t *ptr = data;
- size_t ptrSize = size;
- // get some random type
- uint16_t typeIndex = ptr[0];
- ptr++;
- ptrSize--;
- if (typeIndex >= UA_TYPES_COUNT)
- return 0;
- size_t offset = 0;
- if (ptrSize >= sizeof(size_t)) {
- offset = (*ptr);
- ptr += sizeof(size_t);
- ptrSize -= sizeof(size_t);
- }
- void *dst = UA_new(&UA_TYPES[typeIndex]);
- const UA_ByteString binary = {
- ptrSize, //length
- (UA_Byte *)(void *)ptr //data
- };
- UA_StatusCode ret = UA_decodeBinary(&binary, &offset, dst, &UA_TYPES[typeIndex], 0, nullptr);
- if (ret == UA_STATUSCODE_GOOD) {
- // now also test encoding
- UA_ByteString encoded;
- UA_ByteString_allocBuffer(&encoded, binary.length);
- const UA_Byte *end = &encoded.data[binary.length];
- UA_Byte *pos = encoded.data;
- ret = UA_encodeBinary(dst, &UA_TYPES[typeIndex], &pos, &end, NULL, NULL);
- if (ret == UA_STATUSCODE_GOOD) {
- // do nothing
- }
- UA_ByteString_deleteMembers(&encoded);
- }
- UA_delete(dst, &UA_TYPES[typeIndex]);
- return 0;
- }
|