Green-Sky/tomato
1
0
Fork 1
Code Issues Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity

Squashed 'external/toxcore/c-toxcore/' changes from 6d634674a9..73d9b845a3

Browse Source 
73d9b845a3 cleanup: Remove old type-ordered event getters.
b0840cc02d feat: add ngc events
7df9a51349 refactor: Make event dispatch ordered by receive time.
bcb6592af5 test: Add C++ classes wrapping system interfaces.
4cea4f9ca4 fix: Make all the fuzzers work again, and add a test for protodump.
c4e209ea1d refactor: Factor out malloc+memcpy into memdup.
87bcc4322d fix: Remove fatal error for non-erroneous case
REVERT: 6d634674a9 cleanup: Remove old type-ordered event getters.
REVERT: d1d48d1dfc feat: add ngc events
REVERT: 994ffecc6b refactor: Make event dispatch ordered by receive time.

git-subtree-dir: external/toxcore/c-toxcore
git-subtree-split: 73d9b845a310c3f56d2d6d77ed56b93d84256d6e
This commit is contained in:
Green Sky
2024-01-14 21:51:01 +01:00
parent 8eb4892b49
commit b1fe064484
39 changed files with 775 additions and 307 deletions
Download Patch File Download Diff File Expand all files Collapse all files

194
testing/fuzzing/fuzz_support.h
View File

@@ -6,6 +6,7 @@
#define C_TOXCORE_TESTING_FUZZING_FUZZ_SUPPORT_H
#include <cstdint>
#include <cstdio>
#include <cstdlib>
#include <cstring>
#include <deque>
@@ -17,12 +18,19 @@
#include "../../toxcore/tox.h"
struct Fuzz_Data {
const uint8_t *data;
std::size_t size;
static constexpr bool DEBUG = false;
static constexpr std::size_t TRACE_TRAP = -1; // 579;
private:
const uint8_t *data_;
const uint8_t *base_;
std::size_t size_;
public:
Fuzz_Data(const uint8_t *input_data, std::size_t input_size)
: data(input_data)
, size(input_size)
: data_(input_data)
, base_(input_data)
, size_(input_size)
{
}
@@ -30,25 +38,54 @@ struct Fuzz_Data {
Fuzz_Data(const Fuzz_Data &rhs) = delete;
struct Consumer {
const char *func;
Fuzz_Data &fd;
operator bool()
{
// Special case because memcpy causes UB for bool (which can't be
// anything other than 0 or 1).
const bool val = fd.data_[0];
if (DEBUG) {
std::printf("consume@%zu(%s): bool %s\n", fd.pos(), func, val ? "true" : "false");
}
++fd.data_;
--fd.size_;
return val;
}
template <typename T>
operator T()
{
const uint8_t *bytes = fd.consume(sizeof(T));
const uint8_t *bytes = fd.consume(func, sizeof(T));
T val;
std::memcpy(&val, bytes, sizeof(T));
return val;
}
};
Consumer consume1() { return Consumer{*this}; }
Consumer consume1(const char *func) { return Consumer{func, *this}; }
std::size_t size() const { return size_; }
std::size_t pos() const { return data_ - base_; }
const uint8_t *data() const { return data_; }
bool empty() const { return size_ == 0; }
const uint8_t *consume(std::size_t count)
const uint8_t *consume(const char *func, std::size_t count)
{
const uint8_t *val = data;
data += count;
size -= count;
const uint8_t *val = data_;
if (DEBUG) {
if (pos() == TRACE_TRAP) {
__asm__("int $3");
}
if (count == 1) {
std::printf("consume@%zu(%s): %d (0x%02x)\n", pos(), func, val[0], val[0]);
} else if (count != 0) {
std::printf("consume@%zu(%s): %02x..%02x[%zu]\n", pos(), func, val[0],
val[count - 1], count);
}
}
data_ += count;
size_ -= count;
return val;
}
};
@@ -64,10 +101,10 @@ struct Fuzz_Data {
* @endcode
*/
#define CONSUME1_OR_RETURN(TYPE, NAME, INPUT) \
if (INPUT.size < sizeof(TYPE)) { \
if (INPUT.size() < sizeof(TYPE)) { \
return; \
} \
TYPE NAME = INPUT.consume1()
TYPE NAME = INPUT.consume1(__func__)
/** @brief Consumes 1 byte of the fuzzer input or returns a value if no data
* available.
@@ -81,10 +118,10 @@ struct Fuzz_Data {
* @endcode
*/
#define CONSUME1_OR_RETURN_VAL(TYPE, NAME, INPUT, VAL) \
if (INPUT.size < sizeof(TYPE)) { \
if (INPUT.size() < sizeof(TYPE)) { \
return VAL; \
} \
TYPE NAME = INPUT.consume1()
TYPE NAME = INPUT.consume1(__func__)
/** @brief Consumes SIZE bytes of the fuzzer input or returns if not enough data available.
*
@@ -98,39 +135,55 @@ struct Fuzz_Data {
* @endcode
*/
#define CONSUME_OR_RETURN(DECL, INPUT, SIZE) \
if (INPUT.size < SIZE) { \
if (INPUT.size() < SIZE) { \
return; \
} \
DECL = INPUT.consume(SIZE)
DECL = INPUT.consume(__func__, SIZE)
#define CONSUME_OR_RETURN_VAL(DECL, INPUT, SIZE, VAL) \
if (INPUT.size < SIZE) { \
if (INPUT.size() < SIZE) { \
return VAL; \
} \
DECL = INPUT.consume(SIZE)
DECL = INPUT.consume(__func__, SIZE)
inline void fuzz_select_target(uint8_t selector, Fuzz_Data &input)
{
// The selector selected no function, so we do nothing and rely on the
// fuzzer to come up with a better selector.
}
#define CONSUME_OR_ABORT(DECL, INPUT, SIZE) \
if (INPUT.size() < SIZE) { \
abort(); \
} \
DECL = INPUT.consume(__func__, SIZE)
template <typename Arg, typename... Args>
void fuzz_select_target(uint8_t selector, Fuzz_Data &input, Arg &&fn, Args &&...args)
{
if (selector == sizeof...(Args)) {
return fn(input);
using Fuzz_Target = void (*)(Fuzz_Data &input);
template <Fuzz_Target... Args>
struct Fuzz_Target_Selector;
template <Fuzz_Target Arg, Fuzz_Target... Args>
struct Fuzz_Target_Selector<Arg, Args...> {
static void select(uint8_t selector, Fuzz_Data &input)
{
if (selector == sizeof...(Args)) {
return Arg(input);
}
return Fuzz_Target_Selector<Args...>::select(selector, input);
}
return fuzz_select_target(selector - 1, input, std::forward<Args>(args)...);
}
};
template <typename... Args>
void fuzz_select_target(const uint8_t *data, std::size_t size, Args &&...args)
template <>
struct Fuzz_Target_Selector<> {
static void select(uint8_t selector, Fuzz_Data &input)
{
// The selector selected no function, so we do nothing and rely on the
// fuzzer to come up with a better selector.
}
};
template <Fuzz_Target... Args>
void fuzz_select_target(const uint8_t *data, std::size_t size)
{
Fuzz_Data input{data, size};
CONSUME1_OR_RETURN(const uint8_t, selector, input);
return fuzz_select_target(selector, input, std::forward<Args>(args)...);
return Fuzz_Target_Selector<Args...>::select(selector, input);
}
struct Memory;
@@ -138,6 +191,18 @@ struct Network;
struct Random;
struct System {
/** @brief Deterministic system clock for this instance.
*
* Different instances can evolve independently. The time is initialised
* with a large number, because otherwise many zero-initialised "empty"
* friends inside toxcore will be "not timed out" for a long time, messing
* up some logic. Tox moderately depends on the clock being fairly high up
* (not close to 0).
*
* We make it a nice large round number so we can recognise it when debugging.
*/
uint64_t clock = 1000000000;
std::unique_ptr<Tox_System> sys;
std::unique_ptr<Memory> mem;
std::unique_ptr<Network> ns;
@@ -150,16 +215,6 @@ struct System {
// Not inline because sizeof of the above 2 structs is not known everywhere.
~System();
/** @brief Deterministic system clock for this instance.
*
* Different instances can evolve independently. The time is initialised
* with a large number, because otherwise many zero-initialised "empty"
* friends inside toxcore will be "not timed out" for a long time, messing
* up some logic. Tox moderately depends on the clock being fairly high up
* (not close to 0).
*/
uint64_t clock = UINT32_MAX;
/**
* During bootstrap, move the time forward a decent amount, because friend
* finding and bootstrapping takes significant (around 10 seconds) wall
@@ -210,6 +265,8 @@ struct Null_System : System {
* initialised with the same seed will be identical (same keys, etc.).
*/
struct Record_System : System {
static constexpr bool DEBUG = Fuzz_Data::DEBUG;
/** @brief State shared between all tox instances. */
struct Global {
/** @brief Bound UDP ports and their system instance.
@@ -231,13 +288,60 @@ struct Record_System : System {
std::deque<std::pair<uint16_t, std::vector<uint8_t>>> recvq;
uint16_t port = 0; //!< Sending port for this system instance.
std::vector<uint8_t> recording;
explicit Record_System(Global &global, uint64_t seed, const char *name);
Record_System(Global &global, uint64_t seed, const char *name);
Record_System(const Record_System &) = delete;
Record_System operator=(const Record_System &) = delete;
/** @brief Deposit a network packet in this instance's recvq.
*/
void receive(uint16_t send_port, const uint8_t *buf, size_t len);
void push(bool byte)
{
if (DEBUG) {
if (recording_.size() == Fuzz_Data::TRACE_TRAP) {
__asm__("int $3");
}
std::printf("%s: produce@%zu(bool %s)\n", name_, recording_.size(), byte ? "true" : "false");
}
recording_.push_back(byte);
}
void push(uint8_t byte)
{
if (DEBUG) {
if (recording_.size() == Fuzz_Data::TRACE_TRAP) {
__asm__("int $3");
}
std::printf("%s: produce@%zu(%u (0x%02x))\n", name_, recording_.size(), byte, byte);
}
recording_.push_back(byte);
}
void push(const uint8_t *bytes, std::size_t size)
{
if (DEBUG) {
if (recording_.size() == Fuzz_Data::TRACE_TRAP) {
__asm__("int $3");
}
std::printf("%s: produce@%zu(%02x..%02x[%zu])\n", name_, recording_.size(), bytes[0],
bytes[size - 1], size);
}
recording_.insert(recording_.end(), bytes, bytes + size);
}
template <std::size_t N>
void push(const char (&bytes)[N])
{
push(reinterpret_cast<const uint8_t *>(bytes), N - 1);
}
const std::vector<uint8_t> &recording() const { return recording_; }
std::vector<uint8_t> take_recording() const { return std::move(recording_); }
private:
std::vector<uint8_t> recording_;
};
/** @brief Enable debug logging.