Google Git
Sign in
pigweed / third_party / github / nanopb / nanopb / f057f61f71268f3e8f4a311136b844825cf188ee^! / .
commitf057f61f71268f3e8f4a311136b844825cf188ee[log] [tgz]
authorPetteri Aimonen <jpa@git.mail.kapsi.fi>Sat Mar 14 11:35:11 2020 +0200
committerPetteri Aimonen <jpa@git.mail.kapsi.fi>Sat Mar 14 11:35:11 2020 +0200
treeed20ceff91c0ac962e2c92bd2ec7f0f2c9836b8a
parentf8a530de2cbbc111ac7834823912955c79300bb3 [diff]
Fuzztest: don't assert when re-encoding fills up the buffer.

Turns out the special case for 0-length input for fixed length bytes
field can cause a quite large message expansion on re-encode. The
assertion is not very useful for finding actual bugs, so this silences
it to avoid it disturbing fuzzing.

diff --git a/tests/fuzztest/fuzztest.c b/tests/fuzztest/fuzztest.c
index 9bca8c9..12e20e1 100644
--- a/tests/fuzztest/fuzztest.c
+++ b/tests/fuzztest/fuzztest.c

@@ -215,8 +215,15 @@
     {
         pb_ostream_t stream = pb_ostream_from_buffer(buf2, g_bufsize);
         status = pb_encode(&stream, msgtype, msg);
-        if (!status) fprintf(stderr, "pb_encode: %s\n", PB_GET_ERROR(&stream));
-        assert(status);
+
+        /* Some messages expand when re-encoding and might no longer fit
+         * in the buffer. */
+        if (!status && strcmp(PB_GET_ERROR(&stream), "stream full") != 0)
+        {
+            fprintf(stderr, "pb_encode: %s\n", PB_GET_ERROR(&stream));
+            assert(status);
+        }
+
         msglen2 = stream.bytes_written;
         checksum2 = xor32_checksum(buf2, msglen2);
     }
@@ -224,6 +231,7 @@
     pb_release(msgtype, msg);
 
     /* Then decode from canonical format and re-encode. Result should remain the same. */
+    if (status)
     {
         pb_istream_t stream = pb_istream_from_buffer(buf2, msglen2);
         memset(msg, 0, structsize);
@@ -235,6 +243,7 @@
         validate_message(msg, structsize, msgtype);
     }
     
+    if (status)
     {
         pb_ostream_t stream = pb_ostream_from_buffer(buf2, g_bufsize);
         status = pb_encode(&stream, msgtype, msg);
@@ -242,11 +251,11 @@
         assert(status);
         msglen3 = stream.bytes_written;
         checksum3 = xor32_checksum(buf2, msglen3);
+
+        assert(msglen2 == msglen3);
+        assert(checksum2 == checksum3);
     }
     
-    assert(msglen2 == msglen3);
-    assert(checksum2 == checksum3);
-    
     pb_release(msgtype, msg);
     free_with_check(msg);
     free_with_check(buf2);
@@ -317,12 +326,7 @@
 /* Fuzzer stub for Google OSSFuzz integration */
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
-    /* In some cases, when we re-encode input it can expand close to 2x.
-     * This is because 0xFFFFFFFF in int32 is decoded as -1, but the
-     * canonical encoding for it is 0xFFFFFFFFFFFFFFFF.
-     * Thus we reserve double the space for intermediate buffers.
-     */
-    if (size > g_bufsize / 2)
+    if (size > g_bufsize)
         return 0;
 
     do_roundtrips(data, size, false);