Merge pull request #6106 from ctiller/server_fix

Expand corpus, fix crash
9 years ago · 4560356155
parent c236a213ee 1583d06955
commit 4560356155
7 changed files with 97 additions and 6 deletions
--- a/src/core/ext/transport/chttp2/transport/frame_data.c
+++ b/src/core/ext/transport/chttp2/transport/frame_data.c
@ -159,7 +159,10 @@ grpc_chttp2_parse_error grpc_chttp2_data_parser_parse(
  }

  switch (p->state) {
-  fh_0:
+    case GRPC_CHTTP2_DATA_ERROR:
+      p->state = GRPC_CHTTP2_DATA_ERROR;
+      return GRPC_CHTTP2_STREAM_ERROR;
+    fh_0:
    case GRPC_CHTTP2_DATA_FH_0:
      stream_parsing->stats.incoming.framing_bytes++;
      p->frame_type = *cur;
@ -172,6 +175,7 @@ grpc_chttp2_parse_error grpc_chttp2_data_parser_parse(
          break;
        default:
          gpr_log(GPR_ERROR, "Bad GRPC frame type 0x%02x", p->frame_type);
+          p->state = GRPC_CHTTP2_DATA_ERROR;
          return GRPC_CHTTP2_STREAM_ERROR;
      }
      if (++cur == end) {
@ -218,13 +222,11 @@ grpc_chttp2_parse_error grpc_chttp2_data_parser_parse(
              message_flags, &p->incoming_frames);
    /* fallthrough */
    case GRPC_CHTTP2_DATA_FRAME:
+      grpc_chttp2_list_add_parsing_seen_stream(transport_parsing,
+                                               stream_parsing);
      if (cur == end) {
-        grpc_chttp2_list_add_parsing_seen_stream(transport_parsing,
-                                                 stream_parsing);
        return GRPC_CHTTP2_PARSE_OK;
      }
-      grpc_chttp2_list_add_parsing_seen_stream(transport_parsing,
-                                               stream_parsing);
      uint32_t remaining = (uint32_t)(end - cur);
      if (remaining == p->frame_size) {
        stream_parsing->stats.incoming.data_bytes += p->frame_size;
--- a/src/core/ext/transport/chttp2/transport/frame_data.h
+++ b/src/core/ext/transport/chttp2/transport/frame_data.h
@ -49,7 +49,8 @@ typedef enum {
  GRPC_CHTTP2_DATA_FH_2,
  GRPC_CHTTP2_DATA_FH_3,
  GRPC_CHTTP2_DATA_FH_4,
-  GRPC_CHTTP2_DATA_FRAME
+  GRPC_CHTTP2_DATA_FRAME,
+  GRPC_CHTTP2_DATA_ERROR
 } grpc_chttp2_stream_state;

 typedef struct grpc_chttp2_incoming_byte_stream
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/9a6963b0d0fcb0e91a31748c47c6f0e1e842fea9
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/9a6963b0d0fcb0e91a31748c47c6f0e1e842fea9
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/a32be0653ccc65463445b4aaf24a7a1164d5c642
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/a32be0653ccc65463445b4aaf24a7a1164d5c642
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/crash-41ab0e868e84612275f77118f9e832bc94ff45c5
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/crash-41ab0e868e84612275f77118f9e832bc94ff45c5
--- a/test/core/end2end/fuzzers/server_fuzzer_corpus/fb84edfa9e8cbddba26a7184e7fdc219bde556c0
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/fb84edfa9e8cbddba26a7184e7fdc219bde556c0
--- a/tools/run_tests/tests.json
+++ b/tools/run_tests/tests.json
@ -50175,6 +50175,28 @@
      "posix"
    ]
  }, 
+  {
+    "args": [
+      "test/core/end2end/fuzzers/server_fuzzer_corpus/9a6963b0d0fcb0e91a31748c47c6f0e1e842fea9"
+    ], 
+    "ci_platforms": [
+      "linux", 
+      "mac", 
+      "windows", 
+      "posix"
+    ], 
+    "cpu_cost": 0.1, 
+    "exclude_configs": [], 
+    "flaky": false, 
+    "language": "c", 
+    "name": "server_fuzzer_one_entry", 
+    "platforms": [
+      "linux", 
+      "mac", 
+      "windows", 
+      "posix"
+    ]
+  }, 
  {
    "args": [
      "test/core/end2end/fuzzers/server_fuzzer_corpus/9bf7553a.bin"
@ -50263,6 +50285,28 @@
      "posix"
    ]
  }, 
+  {
+    "args": [
+      "test/core/end2end/fuzzers/server_fuzzer_corpus/a32be0653ccc65463445b4aaf24a7a1164d5c642"
+    ], 
+    "ci_platforms": [
+      "linux", 
+      "mac", 
+      "windows", 
+      "posix"
+    ], 
+    "cpu_cost": 0.1, 
+    "exclude_configs": [], 
+    "flaky": false, 
+    "language": "c", 
+    "name": "server_fuzzer_one_entry", 
+    "platforms": [
+      "linux", 
+      "mac", 
+      "windows", 
+      "posix"
+    ]
+  }, 
  {
    "args": [
      "test/core/end2end/fuzzers/server_fuzzer_corpus/a357658d.bin"
@ -51429,6 +51473,28 @@
      "posix"
    ]
  }, 
+  {
+    "args": [
+      "test/core/end2end/fuzzers/server_fuzzer_corpus/crash-41ab0e868e84612275f77118f9e832bc94ff45c5"
+    ], 
+    "ci_platforms": [
+      "linux", 
+      "mac", 
+      "windows", 
+      "posix"
+    ], 
+    "cpu_cost": 0.1, 
+    "exclude_configs": [], 
+    "flaky": false, 
+    "language": "c", 
+    "name": "server_fuzzer_one_entry", 
+    "platforms": [
+      "linux", 
+      "mac", 
+      "windows", 
+      "posix"
+    ]
+  }, 
  {
    "args": [
      "test/core/end2end/fuzzers/server_fuzzer_corpus/crash-7e121dd3be057176369bea160d873040b32a03dc"
@ -52199,6 +52265,28 @@
      "posix"
    ]
  }, 
+  {
+    "args": [
+      "test/core/end2end/fuzzers/server_fuzzer_corpus/fb84edfa9e8cbddba26a7184e7fdc219bde556c0"
+    ], 
+    "ci_platforms": [
+      "linux", 
+      "mac", 
+      "windows", 
+      "posix"
+    ], 
+    "cpu_cost": 0.1, 
+    "exclude_configs": [], 
+    "flaky": false, 
+    "language": "c", 
+    "name": "server_fuzzer_one_entry", 
+    "platforms": [
+      "linux", 
+      "mac", 
+      "windows", 
+      "posix"
+    ]
+  }, 
  {
    "args": [
      "test/core/end2end/fuzzers/server_fuzzer_corpus/fd14bea45ecaf13af0053900edb2f17b71a0bf09"