fix: Make sure there's enough space for CONSUME1 in fuzzers.

Author: iphydf

testing/fuzzing/bootstrap_harness.cc

@@ -126,7 +126,7 @@ void TestBootstrap(Fuzz_Data &input)
             }
         });
 
-    CONSUME1_OR_RETURN(const uint8_t proxy_type, input);
+    CONSUME1_OR_RETURN(const uint8_t, proxy_type, input);
     if (proxy_type == 0) {
         tox_options_set_proxy_type(opts.get(), TOX_PROXY_TYPE_NONE);
     } else if (proxy_type == 1) {
@@ -139,7 +139,7 @@ void TestBootstrap(Fuzz_Data &input)
         tox_options_set_proxy_port(opts.get(), 8080);
     }
 
-    CONSUME1_OR_RETURN(const uint8_t tcp_relay_enabled, input);
+    CONSUME1_OR_RETURN(const uint8_t, tcp_relay_enabled, input);
     if (tcp_relay_enabled >= (UINT8_MAX / 2)) {
         tox_options_set_tcp_port(opts.get(), 33445);
     }

testing/fuzzing/fuzz_support.cc

@@ -77,7 +77,7 @@ static int recv_common(Fuzz_Data &input, uint8_t *buf, size_t buf_len)
 template <typename F>
 static void *alloc_common(Fuzz_Data &data, F func)
 {
-    CONSUME1_OR_RETURN_VAL(const uint8_t want_alloc, data, func());
+    CONSUME1_OR_RETURN_VAL(const uint8_t, want_alloc, data, func());
     if (!want_alloc) {
         return nullptr;
     }

testing/fuzzing/fuzz_support.h

@@ -60,14 +60,14 @@ struct Fuzz_Data {
  *
  * @example
  * @code
- * CONSUME1_OR_RETURN(const uint8_t one_byte, input);
+ * CONSUME1_OR_RETURN(const uint8_t, one_byte, input);
  * @endcode
  */
-#define CONSUME1_OR_RETURN(DECL, INPUT) \
-    if (INPUT.size < 1) {               \
-        return;                         \
-    }                                   \
-    DECL = INPUT.consume1()
+#define CONSUME1_OR_RETURN(TYPE, NAME, INPUT) \
+    if (INPUT.size < sizeof(TYPE)) {          \
+        return;                               \
+    }                                         \
+    TYPE NAME = INPUT.consume1()
 
 /** @brief Consumes 1 byte of the fuzzer input or returns a value if no data
  * available.
@@ -80,11 +80,11 @@ struct Fuzz_Data {
  * CONSUME1_OR_RETURN_VAL(const uint8_t one_byte, input, nullptr);
  * @endcode
  */
-#define CONSUME1_OR_RETURN_VAL(DECL, INPUT, VAL) \
-    if (INPUT.size < 1) {                        \
-        return VAL;                              \
-    }                                            \
-    DECL = INPUT.consume1()
+#define CONSUME1_OR_RETURN_VAL(TYPE, NAME, INPUT, VAL) \
+    if (INPUT.size < sizeof(TYPE)) {                   \
+        return VAL;                                    \
+    }                                                  \
+    TYPE NAME = INPUT.consume1()
 
 /** @brief Consumes SIZE bytes of the fuzzer input or returns if not enough data available.
  *
@@ -129,7 +129,7 @@ void fuzz_select_target(const uint8_t *data, std::size_t size, Args &&...args)
 {
     Fuzz_Data input{data, size};
 
-    CONSUME1_OR_RETURN(uint8_t selector, input);
+    CONSUME1_OR_RETURN(const uint8_t, selector, input);
     return fuzz_select_target(selector, input, std::forward<Args>(args)...);
 }
 

toxcore/DHT_fuzz_test.cc

@@ -23,7 +23,7 @@ void TestHandleRequest(Fuzz_Data &input)
 
 void TestUnpackNodes(Fuzz_Data &input)
 {
-    CONSUME1_OR_RETURN(const bool tcp_enabled, input);
+    CONSUME1_OR_RETURN(const bool, tcp_enabled, input);
 
     const uint16_t node_count = 5;
     Node_format nodes[node_count];

toxcore/forwarding_fuzz_test.cc

@@ -33,7 +33,7 @@ std::optional<std::tuple<IP_Port, IP_Port, const uint8_t *, size_t>> prepare(Fuz
 
 void TestSendForwardRequest(Fuzz_Data &input)
 {
-    CONSUME1_OR_RETURN(const uint16_t chain_length, input);
+    CONSUME1_OR_RETURN(const uint16_t, chain_length, input);
     const uint16_t chain_keys_size = chain_length * CRYPTO_PUBLIC_KEY_SIZE;
     CONSUME_OR_RETURN(const uint8_t *chain_keys, input, chain_keys_size);
 
@@ -60,7 +60,7 @@ void TestSendForwardRequest(Fuzz_Data &input)
 
 void TestForwardReply(Fuzz_Data &input)
 {
-    CONSUME1_OR_RETURN(const uint16_t sendback_length, input);
+    CONSUME1_OR_RETURN(const uint16_t, sendback_length, input);
     CONSUME_OR_RETURN(const uint8_t *sendback, input, sendback_length);
 
     auto prep = prepare(input);

toxcore/group_announce_fuzz_test.cc

@@ -11,12 +11,12 @@ namespace {
 
 void TestUnpackAnnouncesList(Fuzz_Data &input)
 {
-    CONSUME1_OR_RETURN(const uint8_t max_count, input);
+    CONSUME1_OR_RETURN(const uint8_t, max_count, input);
     // Always allocate at least something to avoid passing nullptr to functions below.
     std::vector<GC_Announce> announces(max_count + 1);
 
     // TODO(iphydf): How do we know the packed size?
-    CONSUME1_OR_RETURN(const uint16_t packed_size, input);
+    CONSUME1_OR_RETURN(const uint16_t, packed_size, input);
 
     Logger *logger = logger_new();
     if (gca_unpack_announces_list(logger, input.data, input.size, announces.data(), max_count)
@@ -35,7 +35,7 @@ void TestUnpackPublicAnnounce(Fuzz_Data &input)
     GC_Public_Announce public_announce;
 
     // TODO(iphydf): How do we know the packed size?
-    CONSUME1_OR_RETURN(const uint16_t packed_size, input);
+    CONSUME1_OR_RETURN(const uint16_t, packed_size, input);
 
     Logger *logger = logger_new();
     if (gca_unpack_public_announce(logger, input.data, input.size, &public_announce) != -1) {
@@ -61,11 +61,11 @@ void TestDoGca(Fuzz_Data &input)
     assert(gca != nullptr);
 
     while (input.size > 0) {
-        CONSUME1_OR_RETURN(const uint8_t choice, input);
+        CONSUME1_OR_RETURN(const uint8_t, choice, input);
         switch (choice) {
         case 0: {
             // Add an announce.
-            CONSUME1_OR_RETURN(const uint16_t length, input);
+            CONSUME1_OR_RETURN(const uint16_t, length, input);
             CONSUME_OR_RETURN(const uint8_t *data, input, length);
             GC_Public_Announce public_announce;
             if (gca_unpack_public_announce(logger.get(), data, length, &public_announce) != -1) {
@@ -75,15 +75,15 @@ void TestDoGca(Fuzz_Data &input)
         }
         case 1: {
             // Advance the time by a number of tox_iteration_intervals.
-            CONSUME1_OR_RETURN(const uint8_t iterations, input);
+            CONSUME1_OR_RETURN(const uint8_t, iterations, input);
             clock += iterations * 20;
             // Do an iteration.
             do_gca(mono_time.get(), gca.get());
             break;
         }
         case 2: {
             // Get announces.
-            CONSUME1_OR_RETURN(const uint8_t max_nodes, input);
+            CONSUME1_OR_RETURN(const uint8_t, max_nodes, input);
             std::vector<GC_Announce> gc_announces(max_nodes);
             CONSUME_OR_RETURN(const uint8_t *chat_id, input, CHAT_ID_SIZE);
             CONSUME_OR_RETURN(const uint8_t *except_public_key, input, ENC_PUBLIC_KEY_SIZE);

toxcore/group_moderation_fuzz_test.cc

@@ -6,7 +6,7 @@ namespace {
 
 void TestModListUnpack(Fuzz_Data &input)
 {
-    CONSUME1_OR_RETURN(const uint16_t num_mods, input);
+    CONSUME1_OR_RETURN(const uint16_t, num_mods, input);
     Moderation mods{system_memory()};
     mod_list_unpack(&mods, input.data, input.size, num_mods);
     mod_list_cleanup(&mods);