test/fuzz: add fuzzing test for xrow_decode_error

The patch adds a fuzzing test for IPROTO decoding function xrow_decode_error(). Follows up tarantool#8921 Follows up tarantool#9098 NO_DOC=testing NO_CHANGELOG=testing
ligurio · Sep 12, 2023 · 78549cf · 78549cf
1 parent 1efac25
commit 78549cf
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 0 deletions.
diff --git a/test/fuzz/CMakeLists.txt b/test/fuzz/CMakeLists.txt
@@ -135,6 +135,10 @@ if (NOT ENABLE_UB_SANITIZER)
   create_fuzz_test(PREFIX xrow_header_decode
                    SOURCES xrow_header_decode_fuzzer.c
                    LIBRARIES xrow fuzzer_config)
+
+  create_fuzz_test(PREFIX xrow_decode_error
+                   SOURCES xrow_decode_error_fuzzer.c
+                   LIBRARIES xrow fuzzer_config)
 endif ()
 
 # Blocked by https://github.com/tarantool/tarantool/issues/8948.

diff --git a/test/fuzz/xrow_decode_error_fuzzer.c b/test/fuzz/xrow_decode_error_fuzzer.c
@@ -0,0 +1,44 @@
+#include "box/xrow.h"
+#include "box/iproto_constants.h"
+#include "memory.h"
+
+void
+cord_on_yield(void) {}
+
+__attribute__((constructor))
+static void
+setup(void)
+{
+	memory_init();
+}
+
+__attribute__((destructor))
+static void
+teardown(void)
+{
+	memory_free();
+}
+
+int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	const char *d = (const char *)data;
+	const char *end = (const char *)data + size;
+	if (mp_check(&d, end) != 0)
+		return -1;
+
+	struct iovec body = {0};
+	body.iov_base = (void *)data;
+	body.iov_len = size;
+
+	struct xrow_header row = {0};
+	row.body[0] = body;
+	row.bodycnt = 1;
+
+	xrow_decode_error(&row);
+
+	diag_destroy(diag_get());
+	assert(diag_is_empty(diag_get()) == true);
+
+	return 0;
+}