pull/37765/head
Craig Tiller 3 weeks ago
parent c365700b84
commit 919c175d2a
  1. 3
      src/core/ext/transport/chaotic_good/frame_header.cc
  2. 2
      test/core/transport/chaotic_good/BUILD
  3. 2
      test/core/transport/chaotic_good/frame_fuzzer.cc
  4. 19
      test/core/transport/chaotic_good/frame_header_fuzzer.cc

@ -53,6 +53,9 @@ void FrameHeader::Serialize(uint8_t* data) const {
absl::StatusOr<FrameHeader> FrameHeader::Parse(const uint8_t* data) { absl::StatusOr<FrameHeader> FrameHeader::Parse(const uint8_t* data) {
FrameHeader header; FrameHeader header;
const uint32_t type_and_conn_id = ReadLittleEndianUint32(data); const uint32_t type_and_conn_id = ReadLittleEndianUint32(data);
if (type_and_conn_id & 0xff000000u) {
return absl::InternalError("Non-zero reserved byte received");
}
header.type = static_cast<FrameType>(type_and_conn_id >> 16); header.type = static_cast<FrameType>(type_and_conn_id >> 16);
header.payload_connection_id = type_and_conn_id & 0xffff; header.payload_connection_id = type_and_conn_id & 0xffff;
header.stream_id = ReadLittleEndianUint32(data + 4); header.stream_id = ReadLittleEndianUint32(data + 4);

@ -52,7 +52,7 @@ grpc_fuzzer(
name = "frame_header_fuzzer", name = "frame_header_fuzzer",
srcs = ["frame_header_fuzzer.cc"], srcs = ["frame_header_fuzzer.cc"],
corpus = "frame_header_fuzzer_corpus", corpus = "frame_header_fuzzer_corpus",
external_deps = ["absl/status:statusor"], external_deps = ["absl/status:statusor", "absl/strings"],
language = "C++", language = "C++",
tags = ["no_windows"], tags = ["no_windows"],
deps = [ deps = [

@ -66,7 +66,6 @@ void FinishParseAndChecks(const FrameHeader& header, SliceBuffer payload) {
ExecCtx exec_ctx; // Initialized to get this_cpu() info in global_stat(). ExecCtx exec_ctx; // Initialized to get this_cpu() info in global_stat().
auto deser = parsed.Deserialize(header, std::move(payload)); auto deser = parsed.Deserialize(header, std::move(payload));
if (!deser.ok()) return; if (!deser.ok()) return;
LOG(INFO) << "Read frame: " << parsed.ToString();
AssertRoundTrips(parsed, header.type); AssertRoundTrips(parsed, header.type);
} }
@ -76,7 +75,6 @@ void Run(const frame_fuzzer::Test& test) {
reinterpret_cast<const uint8_t*>(test.header().data())); reinterpret_cast<const uint8_t*>(test.header().data()));
if (!r.ok()) return; if (!r.ok()) return;
if (test.payload().size() != r->payload_length) return; if (test.payload().size() != r->payload_length) return;
LOG(INFO) << "Read frame header: " << r->ToString();
auto arena = SimpleArenaAllocator()->MakeArena(); auto arena = SimpleArenaAllocator()->MakeArena();
TestContext<Arena> ctx(arena.get()); TestContext<Arena> ctx(arena.get());
SliceBuffer payload( SliceBuffer payload(

@ -17,17 +17,28 @@
#include <string.h> #include <string.h>
#include "absl/status/statusor.h" #include "absl/status/statusor.h"
#include "absl/strings/escaping.h"
#include "src/core/ext/transport/chaotic_good/frame_header.h" #include "src/core/ext/transport/chaotic_good/frame_header.h"
bool squelch = false; bool squelch = false;
using namespace grpc_core::chaotic_good;
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
if (size != 24) return 0; if (size != FrameHeader::kFrameHeaderSize) return 0;
auto r = grpc_core::chaotic_good::FrameHeader::Parse(data); auto r = FrameHeader::Parse(data);
if (!r.ok()) return 0; if (!r.ok()) return 0;
uint8_t reserialized[24]; uint8_t reserialized[FrameHeader::kFrameHeaderSize];
r->Serialize(reserialized); r->Serialize(reserialized);
// If it parses, we insist that the bytes reserialize to the same thing. // If it parses, we insist that the bytes reserialize to the same thing.
if (memcmp(data, reserialized, 24) != 0) abort(); if (memcmp(data, reserialized, FrameHeader::kFrameHeaderSize) != 0) {
auto esc = [](const void* s) {
return absl::CEscape(absl::string_view(static_cast<const char*>(s),
FrameHeader::kFrameHeaderSize));
};
fprintf(stderr, "Failed:\nin: %s\nout: %s\nser: %s\n", esc(data).c_str(),
esc(reserialized).c_str(), r->ToString().c_str());
abort();
}
return 0; return 0;
} }

Loading…
Cancel
Save