From 63e04b4c90285ce85ddba1dbae890bab6a3e7751 Mon Sep 17 00:00:00 2001
From: mdimado <mdimad005@gmail.com>
Date: Thu, 29 May 2025 13:52:54 +0530
Subject: [PATCH 1/2] Add FuzzCollections and update corpus structure + build
 script

---
 projects/goipp/fuzzer/fuzz_collections.go     |  32 ++++++++++++++++++
 projects/goipp/oss_fuzz_build.sh              |  30 ++++++++--------
 .../goodMessage1.ipp                          | Bin 398 -> 0 bytes
 .../goodMessage2.ipp                          | Bin 63 -> 0 bytes
 .../badmessage1.ipp                           | Bin
 .../goodMessage1.ipp                          | Bin
 .../goodMessage2.ipp                          | Bin
 .../goodMessage1.ipp                          | Bin
 .../goodMessage2.ipp                          | Bin
 9 files changed, 46 insertions(+), 16 deletions(-)
 create mode 100644 projects/goipp/fuzzer/fuzz_collections.go
 delete mode 100644 projects/goipp/seeds/fuzz_round_trip_seed_corpus/goodMessage1.ipp
 delete mode 100644 projects/goipp/seeds/fuzz_round_trip_seed_corpus/goodMessage2.ipp
 rename projects/goipp/seeds/{fuzz_decode_bytes_ex_seed_corpus => good_and_bad_ipp_messages_seed_corpus}/badmessage1.ipp (100%)
 rename projects/goipp/seeds/{fuzz_decode_bytes_ex_seed_corpus => good_and_bad_ipp_messages_seed_corpus}/goodMessage1.ipp (100%)
 rename projects/goipp/seeds/{fuzz_decode_bytes_ex_seed_corpus => good_and_bad_ipp_messages_seed_corpus}/goodMessage2.ipp (100%)
 rename projects/goipp/seeds/{fuzz_decode_bytes_seed_corpus => good_ipp_messages_seed_corpus}/goodMessage1.ipp (100%)
 rename projects/goipp/seeds/{fuzz_decode_bytes_seed_corpus => good_ipp_messages_seed_corpus}/goodMessage2.ipp (100%)

diff --git a/projects/goipp/fuzzer/fuzz_collections.go b/projects/goipp/fuzzer/fuzz_collections.go
new file mode 100644
index 0000000..2530b74
--- /dev/null
+++ b/projects/goipp/fuzzer/fuzz_collections.go
@@ -0,0 +1,32 @@
+/*
+ * Fuzz target for goipp's handling of Collection attributes.
+ */
+
+
+package fuzzer
+
+import (
+	"testing"
+	"github.com/OpenPrinting/goipp"
+)
+
+
+func FuzzCollections(f *testing.F) {  
+    f.Fuzz(func(t *testing.T, data []byte) {  
+        var m goipp.Message  
+        if err := m.DecodeBytes(data); err != nil {  
+            t.Skip()  
+        }  
+          
+        // Test that collections can be accessed without panics  
+        for _, group := range m.AttrGroups() {  
+            for _, attr := range group.Attrs {  
+                for _, val := range attr.Values {  
+                    if collection, ok := val.V.(goipp.Collection); ok {  
+                        _ = collection.String()   
+                    }  
+                }  
+            }  
+        }  
+    })  
+} 
\ No newline at end of file
diff --git a/projects/goipp/oss_fuzz_build.sh b/projects/goipp/oss_fuzz_build.sh
index 694309a..9118318 100644
--- a/projects/goipp/oss_fuzz_build.sh
+++ b/projects/goipp/oss_fuzz_build.sh
@@ -4,25 +4,22 @@ mkdir -p $SRC/goipp/fuzzer
 cp $SRC/fuzzing/projects/goipp/fuzzer/fuzz_decode_bytes.go $SRC/goipp/fuzzer/
 cp $SRC/fuzzing/projects/goipp/fuzzer/fuzz_decode_bytes_ex.go $SRC/goipp/fuzzer/
 cp $SRC/fuzzing/projects/goipp/fuzzer/fuzz_round_trip.go $SRC/goipp/fuzzer/
+cp $SRC/fuzzing/projects/goipp/fuzzer/fuzz_collections.go $SRC/goipp/fuzzer/
 
-# seed corpus for FuzzDecodeBytes
-mkdir -p $WORK/fuzz_decode_bytes_corpus
-cp $SRC/fuzzing/projects/goipp/seeds/fuzz_decode_bytes_seed_corpus/* $WORK/fuzz_decode_bytes_corpus/
+# Corpus for fuzzers that accept good AND bad messages
+mkdir -p $WORK/good_and_bad_ipp_messages_seed_corpus
+cp $SRC/fuzzing/projects/goipp/seeds/good_and_bad_ipp_messages_seed_corpus/* $WORK/good_and_bad_ipp_messages_seed_corpus/
 cd $WORK
-zip -r $OUT/fuzz_decode_bytes_seed_corpus.zip fuzz_decode_bytes_corpus/
+zip -r $OUT/fuzz_decode_bytes_seed_corpus.zip good_and_bad_ipp_messages_seed_corpus/
+zip -r $OUT/fuzz_decode_bytes_ex_seed_corpus.zip good_and_bad_ipp_messages_seed_corpus/
 
-# seed corpus for FuzzDecodeBytesEx
-mkdir -p $WORK/fuzz_decode_bytes_ex_corpus
-cp $SRC/fuzzing/projects/goipp/seeds/fuzz_decode_bytes_ex_seed_corpus/* $WORK/fuzz_decode_bytes_ex_corpus/
-zip -r $OUT/fuzz_decode_bytes_ex_seed_corpus.zip fuzz_decode_bytes_ex_corpus/
+# Corpus for fuzzers that expect only valid (good) IPP messages
+mkdir -p $WORK/good_ipp_messages_seed_corpus
+cp $SRC/fuzzing/projects/goipp/seeds/good_ipp_messages_seed_corpus/* $WORK/good_ipp_messages_seed_corpus/
+zip -r $OUT/fuzz_round_trip_seed_corpus.zip good_ipp_messages_seed_corpus/
+zip -r $OUT/fuzz_collections_seed_corpus.zip good_ipp_messages_seed_corpus/
 
-# seed corpus for FuzzRoundTrip
-mkdir -p $WORK/fuzz_round_trip_corpus
-cp $SRC/fuzzing/projects/goipp/seeds/fuzz_round_trip_seed_corpus/* $WORK/fuzz_round_trip_corpus/
-zip -r $OUT/fuzz_round_trip_seed_corpus.zip fuzz_round_trip_corpus/
-
-
-# build dependencies and fiuzzers
+# Build goipp fuzzers
 cd $SRC/goipp
 go mod tidy
 go install github.com/AdamKorcz/go-118-fuzz-build@latest
@@ -30,4 +27,5 @@ go get github.com/AdamKorcz/go-118-fuzz-build/testing
 
 compile_native_go_fuzzer github.com/OpenPrinting/goipp/fuzzer FuzzDecodeBytes fuzz_decode_bytes
 compile_native_go_fuzzer github.com/OpenPrinting/goipp/fuzzer FuzzDecodeBytesEx fuzz_decode_bytes_ex
-compile_native_go_fuzzer github.com/OpenPrinting/goipp/fuzzer FuzzRoundTrip fuzz_round_trip
\ No newline at end of file
+compile_native_go_fuzzer github.com/OpenPrinting/goipp/fuzzer FuzzRoundTrip fuzz_round_trip
+compile_native_go_fuzzer github.com/OpenPrinting/goipp/fuzzer FuzzCollections fuzz_collections
diff --git a/projects/goipp/seeds/fuzz_round_trip_seed_corpus/goodMessage1.ipp b/projects/goipp/seeds/fuzz_round_trip_seed_corpus/goodMessage1.ipp
deleted file mode 100644
index adbff08cae3c111c3df2ff3d577fd441f9a07908..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 398
zcma)$L2JT55QQgEi<+C)_EPY=<RU1Zm5RqwdLNT94s3Rp-B~dG^(JWvLM!z6-kUe?
zOA<%{AW7a}fg+wyQ7EY5f<BPIB+6NB4)A=J8I<TzD~+a#SP`UT_K-QxM#!t^8D7}A
zZJujepuX53`A-<~v$g38W;K<Js<0a1*v`+tb>J^rwX*lJt17uB6WE&9)*AzSe0IlK
z^DC&A>!CKhwtm;uPCC-vhBS^kf8sQ<>1)H}KQZ2?4=`l>5Tl<f|KND4v<;!@i=!Kd
C)ML&7

diff --git a/projects/goipp/seeds/fuzz_round_trip_seed_corpus/goodMessage2.ipp b/projects/goipp/seeds/fuzz_round_trip_seed_corpus/goodMessage2.ipp
deleted file mode 100644
index f07cc15c4a4c0bea53e2d74018c558a6c5474d98..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 63
zcmZQ%WME=oU|?iaWRTCxFUd@+)XhmvEKb!;DJ@DY$;{8wEiNr6$S*2MO<`aGDKrKW
L96&4p#0ty+(X|aQ

diff --git a/projects/goipp/seeds/fuzz_decode_bytes_ex_seed_corpus/badmessage1.ipp b/projects/goipp/seeds/good_and_bad_ipp_messages_seed_corpus/badmessage1.ipp
similarity index 100%
rename from projects/goipp/seeds/fuzz_decode_bytes_ex_seed_corpus/badmessage1.ipp
rename to projects/goipp/seeds/good_and_bad_ipp_messages_seed_corpus/badmessage1.ipp
diff --git a/projects/goipp/seeds/fuzz_decode_bytes_ex_seed_corpus/goodMessage1.ipp b/projects/goipp/seeds/good_and_bad_ipp_messages_seed_corpus/goodMessage1.ipp
similarity index 100%
rename from projects/goipp/seeds/fuzz_decode_bytes_ex_seed_corpus/goodMessage1.ipp
rename to projects/goipp/seeds/good_and_bad_ipp_messages_seed_corpus/goodMessage1.ipp
diff --git a/projects/goipp/seeds/fuzz_decode_bytes_ex_seed_corpus/goodMessage2.ipp b/projects/goipp/seeds/good_and_bad_ipp_messages_seed_corpus/goodMessage2.ipp
similarity index 100%
rename from projects/goipp/seeds/fuzz_decode_bytes_ex_seed_corpus/goodMessage2.ipp
rename to projects/goipp/seeds/good_and_bad_ipp_messages_seed_corpus/goodMessage2.ipp
diff --git a/projects/goipp/seeds/fuzz_decode_bytes_seed_corpus/goodMessage1.ipp b/projects/goipp/seeds/good_ipp_messages_seed_corpus/goodMessage1.ipp
similarity index 100%
rename from projects/goipp/seeds/fuzz_decode_bytes_seed_corpus/goodMessage1.ipp
rename to projects/goipp/seeds/good_ipp_messages_seed_corpus/goodMessage1.ipp
diff --git a/projects/goipp/seeds/fuzz_decode_bytes_seed_corpus/goodMessage2.ipp b/projects/goipp/seeds/good_ipp_messages_seed_corpus/goodMessage2.ipp
similarity index 100%
rename from projects/goipp/seeds/fuzz_decode_bytes_seed_corpus/goodMessage2.ipp
rename to projects/goipp/seeds/good_ipp_messages_seed_corpus/goodMessage2.ipp

From 49c4ffc52da33779ed98844d16cb6254e3131ac8 Mon Sep 17 00:00:00 2001
From: mdimado <mdimad005@gmail.com>
Date: Thu, 29 May 2025 14:02:04 +0530
Subject: [PATCH 2/2] update build script for FuzzCollections to use both good
 and bad messages

---
 projects/goipp/oss_fuzz_build.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/projects/goipp/oss_fuzz_build.sh b/projects/goipp/oss_fuzz_build.sh
index 9118318..7e066e8 100644
--- a/projects/goipp/oss_fuzz_build.sh
+++ b/projects/goipp/oss_fuzz_build.sh
@@ -12,14 +12,15 @@ cp $SRC/fuzzing/projects/goipp/seeds/good_and_bad_ipp_messages_seed_corpus/* $WO
 cd $WORK
 zip -r $OUT/fuzz_decode_bytes_seed_corpus.zip good_and_bad_ipp_messages_seed_corpus/
 zip -r $OUT/fuzz_decode_bytes_ex_seed_corpus.zip good_and_bad_ipp_messages_seed_corpus/
+zip -r $OUT/fuzz_collections_seed_corpus.zip good_and_bad_ipp_messages_seed_corpus/
+
 
 # Corpus for fuzzers that expect only valid (good) IPP messages
 mkdir -p $WORK/good_ipp_messages_seed_corpus
 cp $SRC/fuzzing/projects/goipp/seeds/good_ipp_messages_seed_corpus/* $WORK/good_ipp_messages_seed_corpus/
 zip -r $OUT/fuzz_round_trip_seed_corpus.zip good_ipp_messages_seed_corpus/
-zip -r $OUT/fuzz_collections_seed_corpus.zip good_ipp_messages_seed_corpus/
 
-# Build goipp fuzzers
+# build dependencies and fiuzzers
 cd $SRC/goipp
 go mod tidy
 go install github.com/AdamKorcz/go-118-fuzz-build@latest