This is an automated email from the ASF dual-hosted git repository.
wwbmmm pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/brpc.git
The following commit(s) were added to refs/heads/master by this push:
new 38661fee [Fuzzing] move fuzz test in main repo add more fuzz test
(#2420)
38661fee is described below
commit 38661fee308d6327624765dcb6c7308545abfe4f
Author: Arjun Singh <36335769+0x...@users.noreply.github.com>
AuthorDate: Tue Jan 23 10:58:50 2024 +0530
[Fuzzing] move fuzz test in main repo add more fuzz test (#2420)
Signed-off-by: Arjun Singh <ajsinghyada...@gmail.com>
---
.licenserc.yaml | 3 ++
CMakeLists.txt | 10 ++++
test/CMakeLists.txt | 25 ++++++++++
test/fuzzing/fuzz_butil.cpp | 52 ++++++++++++++++++++
.../fuzz_butil_seed_corpus/base64_decoded.txt | 1 +
.../fuzz_butil_seed_corpus/base64_encoded.txt | 1 +
test/fuzzing/fuzz_butil_seed_corpus/crc32c.data | Bin 0 -> 48 bytes
test/fuzzing/fuzz_esp.cpp | 38 +++++++++++++++
test/fuzzing/fuzz_hpack.cpp | 43 +++++++++++++++++
.../header_never_indexed.hpack | 1 +
.../header_with_indexing.hpack | 2 +
.../header_without_indexing.hpack | 1 +
.../requests_without_huffman.hpack | 2 +
.../responses_without_huffman.hpack | 1 +
test/fuzzing/fuzz_http.cpp | 45 +++++++++++++++++
.../fuzz_http_seed_corpus/http_request.http | 9 ++++
.../fuzz_http_seed_corpus/http_request_v2.http | 23 +++++++++
test/fuzzing/fuzz_hulu.cpp | 38 +++++++++++++++
test/fuzzing/fuzz_json.cpp | 37 ++++++++++++++
test/fuzzing/fuzz_json_seed_corpus/info1.json | 1 +
test/fuzzing/fuzz_json_seed_corpus/info2.json | 1 +
test/fuzzing/fuzz_json_seed_corpus/info3.json | 1 +
test/fuzzing/fuzz_redis.cpp | 48 +++++++++++++++++++
.../fuzz_redis_seed_corpus/command_parser.redis | 7 +++
test/fuzzing/fuzz_redis_seed_corpus/request.redis | 1 +
test/fuzzing/fuzz_shead.cpp | 38 +++++++++++++++
test/fuzzing/fuzz_sofa.cpp | 39 +++++++++++++++
test/fuzzing/fuzz_uri.cpp | 52 ++++++++++++++++++++
test/fuzzing/fuzz_uri_seed_corpus/data_1.rtmp | 1 +
test/fuzzing/fuzz_uri_seed_corpus/data_1.uri | 1 +
test/fuzzing/fuzz_uri_seed_corpus/data_2.uri | 1 +
test/fuzzing/oss-fuzz.sh | 53 +++++++++++++++++++++
32 files changed, 576 insertions(+)
diff --git a/.licenserc.yaml b/.licenserc.yaml
index a189f6bc..525adf72 100644
--- a/.licenserc.yaml
+++ b/.licenserc.yaml
@@ -215,4 +215,7 @@ header:
# NGINX
- 'src/brpc/details/http_parser.*'
+ # Fuzzing seed
+ - 'test/fuzzing/fuzz_*_seed_corpus/*'
+
comment: on-failure
diff --git a/CMakeLists.txt b/CMakeLists.txt
index b912dc8e..bf407192 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -27,6 +27,7 @@ option(WITH_THRIFT "With thrift framed protocol supported"
OFF)
option(WITH_SNAPPY "With snappy" OFF)
option(WITH_RDMA "With RDMA" OFF)
option(BUILD_UNIT_TESTS "Whether to build unit tests" OFF)
+option(BUILD_FUZZ_TESTS "Whether to build fuzz tests" OFF)
option(BUILD_BRPC_TOOLS "Whether to build brpc tools" ON)
option(DOWNLOAD_GTEST "Download and build a fresh copy of googletest. Requires
Internet access." ON)
@@ -492,6 +493,15 @@ if(BUILD_UNIT_TESTS)
add_subdirectory(test)
endif()
+if(BUILD_FUZZ_TESTS)
+ if(NOT CMAKE_CXX_COMPILER_ID MATCHES "Clang")
+ message(FATAL_ERROR "Fuzzing is only supported with clang")
+ endif()
+ if(NOT BUILD_UNIT_TESTS)
+ message(FATAL_ERROR "BUILD_UNIT_TESTS must be enabled to build fuzz
tests")
+ endif()
+endif()
+
if(BUILD_BRPC_TOOLS)
add_subdirectory(tools)
endif()
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index a6227318..2eb690d1 100644
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -255,3 +255,28 @@ foreach(BRPC_UT ${BRPC_UNITTESTS})
${GPERFTOOLS_LIBRARIES})
add_test(NAME ${BRPC_UT_WE} COMMAND ${BRPC_UT_WE})
endforeach()
+
+if(BUILD_FUZZ_TESTS)
+ add_library(brpc-static-debug STATIC $<TARGET_OBJECTS:BUTIL_DEBUG_LIB>
+ $<TARGET_OBJECTS:SOURCES_DEBUG_LIB>
+ $<TARGET_OBJECTS:PROTO_LIB>)
+ # change the debug lib output dir to be different from the release output
+ set_target_properties(brpc-static-debug PROPERTIES
+ LIBRARY_OUTPUT_DIRECTORY ${PROJECT_BINARY_DIR}/test)
+
+ target_link_libraries(brpc-static-debug ${DYNAMIC_LIB})
+ if(BRPC_WITH_GLOG)
+ target_link_libraries(brpc-static-debug ${GLOG_LIB})
+ endif()
+
+ set(FUZZ_TARGETS fuzz_butil fuzz_esp fuzz_hpack fuzz_http
+ fuzz_hulu fuzz_json fuzz_redis fuzz_shead fuzz_sofa fuzz_uri)
+
+ foreach(target ${FUZZ_TARGETS})
+ add_executable(${target} fuzzing/${target}.cpp
$<TARGET_OBJECTS:TEST_PROTO_LIB>)
+ target_link_libraries(${target} brpc-static-debug
${LIB_FUZZING_ENGINE})
+ set_target_properties(${target} PROPERTIES
+ BUILD_WITH_INSTALL_RPATH TRUE
+ INSTALL_RPATH "$ORIGIN/lib")
+ endforeach()
+endif()
diff --git a/test/fuzzing/fuzz_butil.cpp b/test/fuzzing/fuzz_butil.cpp
new file mode 100644
index 00000000..470d1e99
--- /dev/null
+++ b/test/fuzzing/fuzz_butil.cpp
@@ -0,0 +1,52 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#include "butil/base64.h"
+#include "butil/crc32c.h"
+#include "butil/hash.h"
+#include "butil/sha1.h"
+
+#define kMinInputLength 5
+#define kMaxInputLength 1024
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ if (size < kMinInputLength || size > kMaxInputLength){
+ return 1;
+ }
+
+ std::string input(reinterpret_cast<const char*>(data), size);
+
+ {
+ std::string encoded;
+ std::string decoded;
+ butil::Base64Encode(input, &encoded);
+ butil::Base64Decode(input, &decoded);
+ }
+ {
+ butil::crc32c::Value(reinterpret_cast<const char*>(data), size);
+ }
+ {
+ butil::Hash(input);
+ }
+ {
+ butil::SHA1HashString(input);
+ }
+
+ return 0;
+}
diff --git a/test/fuzzing/fuzz_butil_seed_corpus/base64_decoded.txt
b/test/fuzzing/fuzz_butil_seed_corpus/base64_decoded.txt
new file mode 100644
index 00000000..771f0755
--- /dev/null
+++ b/test/fuzzing/fuzz_butil_seed_corpus/base64_decoded.txt
@@ -0,0 +1 @@
+aGVsbG8gd29ybGQ=
diff --git a/test/fuzzing/fuzz_butil_seed_corpus/base64_encoded.txt
b/test/fuzzing/fuzz_butil_seed_corpus/base64_encoded.txt
new file mode 100644
index 00000000..3b18e512
--- /dev/null
+++ b/test/fuzzing/fuzz_butil_seed_corpus/base64_encoded.txt
@@ -0,0 +1 @@
+hello world
diff --git a/test/fuzzing/fuzz_butil_seed_corpus/crc32c.data
b/test/fuzzing/fuzz_butil_seed_corpus/crc32c.data
new file mode 100644
index 00000000..7e121195
Binary files /dev/null and b/test/fuzzing/fuzz_butil_seed_corpus/crc32c.data
differ
diff --git a/test/fuzzing/fuzz_esp.cpp b/test/fuzzing/fuzz_esp.cpp
new file mode 100644
index 00000000..462aaf8b
--- /dev/null
+++ b/test/fuzzing/fuzz_esp.cpp
@@ -0,0 +1,38 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#include "brpc/policy/esp_protocol.h"
+
+#define kMinInputLength 5
+#define kMaxInputLength 1024
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ if (size < kMinInputLength || size > kMaxInputLength){
+ return 1;
+ }
+
+ std::string input(reinterpret_cast<const char*>(data), size);
+
+ butil::IOBuf buf;
+ buf.append(input);
+
+ brpc::policy::ParseEspMessage(&buf, NULL, false, NULL);
+
+ return 0;
+}
diff --git a/test/fuzzing/fuzz_hpack.cpp b/test/fuzzing/fuzz_hpack.cpp
new file mode 100644
index 00000000..0ee8131a
--- /dev/null
+++ b/test/fuzzing/fuzz_hpack.cpp
@@ -0,0 +1,43 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#include "brpc/details/hpack.h"
+#include "butil/logging.h"
+
+#define kMinInputLength 5
+#define kMaxInputLength 1024
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ if (size < kMinInputLength || size > kMaxInputLength){
+ return 1;
+ }
+
+ std::string input(reinterpret_cast<const char*>(data), size);
+
+ butil::IOBuf buf;
+ brpc::HPacker p2;
+ brpc::HPacker::Header h2;
+
+ p2.Init(4096);
+ buf.append(input);
+
+ p2.Decode(&buf, &h2);
+
+ return 0;
+}
diff --git a/test/fuzzing/fuzz_hpack_seed_corpus/header_never_indexed.hpack
b/test/fuzzing/fuzz_hpack_seed_corpus/header_never_indexed.hpack
new file mode 100644
index 00000000..b8cfac03
--- /dev/null
+++ b/test/fuzzing/fuzz_hpack_seed_corpus/header_never_indexed.hpack
@@ -0,0 +1 @@
+��password�secret
\ No newline at end of file
diff --git a/test/fuzzing/fuzz_hpack_seed_corpus/header_with_indexing.hpack
b/test/fuzzing/fuzz_hpack_seed_corpus/header_with_indexing.hpack
new file mode 100644
index 00000000..3d994aa4
--- /dev/null
+++ b/test/fuzzing/fuzz_hpack_seed_corpus/header_with_indexing.hpack
@@ -0,0 +1,2 @@
+@
+custom-keycustom-header
\ No newline at end of file
diff --git a/test/fuzzing/fuzz_hpack_seed_corpus/header_without_indexing.hpack
b/test/fuzzing/fuzz_hpack_seed_corpus/header_without_indexing.hpack
new file mode 100644
index 00000000..0f91566f
--- /dev/null
+++ b/test/fuzzing/fuzz_hpack_seed_corpus/header_without_indexing.hpack
@@ -0,0 +1 @@
+��/sample/path
\ No newline at end of file
diff --git a/test/fuzzing/fuzz_hpack_seed_corpus/requests_without_huffman.hpack
b/test/fuzzing/fuzz_hpack_seed_corpus/requests_without_huffman.hpack
new file mode 100644
index 00000000..4a32d988
--- /dev/null
+++ b/test/fuzzing/fuzz_hpack_seed_corpus/requests_without_huffman.hpack
@@ -0,0 +1,2 @@
+����@
+custom-key�custom-value
\ No newline at end of file
diff --git
a/test/fuzzing/fuzz_hpack_seed_corpus/responses_without_huffman.hpack
b/test/fuzzing/fuzz_hpack_seed_corpus/responses_without_huffman.hpack
new file mode 100644
index 00000000..5bda49df
--- /dev/null
+++ b/test/fuzzing/fuzz_hpack_seed_corpus/responses_without_huffman.hpack
@@ -0,0 +1 @@
+H�302X�privatea�Mon, 21 Oct 2013 20:13:21 GMTn�https://www.example.com
\ No newline at end of file
diff --git a/test/fuzzing/fuzz_http.cpp b/test/fuzzing/fuzz_http.cpp
new file mode 100644
index 00000000..c621d504
--- /dev/null
+++ b/test/fuzzing/fuzz_http.cpp
@@ -0,0 +1,45 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#include "brpc/details/http_message.h"
+#include "brpc/policy/http_rpc_protocol.h"
+
+#define kMinInputLength 5
+#define kMaxInputLength 1024
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ if (size < kMinInputLength || size > kMaxInputLength){
+ return 1;
+ }
+
+ std::string input(reinterpret_cast<const char*>(data), size);
+
+ {
+ butil::IOBuf buf;
+ buf.append(input);
+ brpc::HttpMessage http_message;
+ http_message.ParseFromIOBuf(buf);
+ }
+ {
+ brpc::HttpMessage http_message;
+ http_message.ParseFromArray((char *)data, size);
+ }
+
+ return 0;
+}
diff --git a/test/fuzzing/fuzz_http_seed_corpus/http_request.http
b/test/fuzzing/fuzz_http_seed_corpus/http_request.http
new file mode 100644
index 00000000..1d056626
--- /dev/null
+++ b/test/fuzzing/fuzz_http_seed_corpus/http_request.http
@@ -0,0 +1,9 @@
+GET /path/file.html?sdfsdf=sdfs HTTP/1.0
+From: someu...@jmarshall.com
+User-Agent: HTTPTool/1.0
+Content-Type: json
+Content-Length: 19
+Host: sdlfjslfd
+Accept: */*
+
+Message Body sdfsdf
diff --git a/test/fuzzing/fuzz_http_seed_corpus/http_request_v2.http
b/test/fuzzing/fuzz_http_seed_corpus/http_request_v2.http
new file mode 100644
index 00000000..9923cd2d
--- /dev/null
+++ b/test/fuzzing/fuzz_http_seed_corpus/http_request_v2.http
@@ -0,0 +1,23 @@
+GET
/CloudApiControl/HttpServer/telematics/v3/weather?location=%E6%B5%B7%E5%8D%97%E7%9C%81%E7%9B%B4%E8%BE%96%E5%8E%BF%E7%BA%A7%E8%A1%8C%E6%94%BF%E5%8D%95%E4%BD%8D&output=json&ak=0l3FSP6qA0WbOzGRaafbmczS
HTTP/1.1
+X-Host: api.map.baidu.com
+X-Forwarded-Proto: http
+Host: api.map.baidu.com
+User-Agent:
IME/Android/4.4.2/N80.QHD.LT.X10.V3/N80.QHD.LT.X10.V3.20150812.031915
+Accept: application/json
+Accept-Charset: UTF-8,*;q=0.5
+Accept-Encoding: deflate,sdch
+Accept-Language: zh-CN,en-US;q=0.8,zh;q=0.6
+Bfe-Atk: NORMAL_BROWSER
+Bfe_logid: 8767802212038413243
+Bfeip: 10.26.124.40
+CLIENTIP: 119.29.102.26
+CLIENTPORT: 59863
+Cache-Control: max-age=0
+Content-Type: application/json;charset=utf8
+X-Forwarded-For: 119.29.102.26
+X-Forwarded-Port: 59863
+X-Ime-Imei: 35629601890905
+X_BD_LOGID: 3959476981
+X_BD_LOGID64: 16815814797661447369
+X_BD_PRODUCT: map
+X_BD_SUBSYS: apimap
diff --git a/test/fuzzing/fuzz_hulu.cpp b/test/fuzzing/fuzz_hulu.cpp
new file mode 100644
index 00000000..f90d7be8
--- /dev/null
+++ b/test/fuzzing/fuzz_hulu.cpp
@@ -0,0 +1,38 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#include "brpc/policy/hulu_pbrpc_protocol.h"
+
+#define kMinInputLength 5
+#define kMaxInputLength 1024
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ if (size < kMinInputLength || size > kMaxInputLength){
+ return 1;
+ }
+
+ std::string input(reinterpret_cast<const char*>(data), size);
+
+ butil::IOBuf buf;
+ buf.append(input);
+
+ brpc::policy::ParseHuluMessage(&buf, NULL, false, NULL);
+
+ return 0;
+}
diff --git a/test/fuzzing/fuzz_json.cpp b/test/fuzzing/fuzz_json.cpp
new file mode 100644
index 00000000..3a0335f5
--- /dev/null
+++ b/test/fuzzing/fuzz_json.cpp
@@ -0,0 +1,37 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#include "json2pb/json_to_pb.h"
+#include "addressbook1.pb.h"
+
+#define kMinInputLength 5
+#define kMaxInputLength 1024
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ if (size < kMinInputLength || size > kMaxInputLength){
+ return 1;
+ }
+
+ std::string error;
+ JsonContextBody jsondata;
+ std::string input_data((char *)data,size);
+ json2pb::JsonToProtoMessage(input_data, &jsondata, &error);
+
+ return 0;
+}
diff --git a/test/fuzzing/fuzz_json_seed_corpus/info1.json
b/test/fuzzing/fuzz_json_seed_corpus/info1.json
new file mode 100644
index 00000000..c708dc15
--- /dev/null
+++ b/test/fuzzing/fuzz_json_seed_corpus/info1.json
@@ -0,0 +1 @@
+{"judge":false, "spur":-2, "data":[], "info":[],"content":[]}
\ No newline at end of file
diff --git a/test/fuzzing/fuzz_json_seed_corpus/info2.json
b/test/fuzzing/fuzz_json_seed_corpus/info2.json
new file mode 100644
index 00000000..43aee79e
--- /dev/null
+++ b/test/fuzzing/fuzz_json_seed_corpus/info2.json
@@ -0,0 +1 @@
+[{"container": 1000, "host": 1000, "size": 2}]
\ No newline at end of file
diff --git a/test/fuzzing/fuzz_json_seed_corpus/info3.json
b/test/fuzzing/fuzz_json_seed_corpus/info3.json
new file mode 100644
index 00000000..db63ece2
--- /dev/null
+++ b/test/fuzzing/fuzz_json_seed_corpus/info3.json
@@ -0,0 +1 @@
+{"content":[{"distance":1,"unknown_member":2,"ext":{"age":1666666666,
"databyte":"d2VsY29tZQ==",
"enumtype":1},"uid":"someone"},{"distance":10,"unknown_member":20,"ext":{"age":1666666660,
"databyte":"d2VsY29tZQ==","enumtype":2},"uid":"someone0"}],
"judge":false,"spur":2, "data":[1,2,3,4,5,6,7,8,9,10]}
\ No newline at end of file
diff --git a/test/fuzzing/fuzz_redis.cpp b/test/fuzzing/fuzz_redis.cpp
new file mode 100644
index 00000000..6f4368dc
--- /dev/null
+++ b/test/fuzzing/fuzz_redis.cpp
@@ -0,0 +1,48 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#include <brpc/redis.h>
+#include <brpc/redis_command.h>
+
+#define kMinInputLength 5
+#define kMaxInputLength 1024
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ if (size < kMinInputLength || size > kMaxInputLength){
+ return 1;
+ }
+
+ std::string input(reinterpret_cast<const char*>(data), size);
+ butil::IOBuf buf;
+ buf.append(input);
+ {
+ butil::Arena arena;
+ brpc::RedisCommandParser parser;
+ std::vector<butil::StringPiece> command_out;
+ parser.Consume(buf, &command_out, &arena);
+ }
+ {
+ butil::Arena arena;
+ brpc::RedisReply r2(&arena);
+ r2.ConsumePartialIOBuf(buf);
+ }
+
+ return 0;
+}
+
diff --git a/test/fuzzing/fuzz_redis_seed_corpus/command_parser.redis
b/test/fuzzing/fuzz_redis_seed_corpus/command_parser.redis
new file mode 100644
index 00000000..7b013c67
--- /dev/null
+++ b/test/fuzzing/fuzz_redis_seed_corpus/command_parser.redis
@@ -0,0 +1,7 @@
+*3
+$3
+set
+$3
+abc
+$3
+def
diff --git a/test/fuzzing/fuzz_redis_seed_corpus/request.redis
b/test/fuzzing/fuzz_redis_seed_corpus/request.redis
new file mode 100644
index 00000000..382063d7
--- /dev/null
+++ b/test/fuzzing/fuzz_redis_seed_corpus/request.redis
@@ -0,0 +1 @@
+set a ''
\ No newline at end of file
diff --git a/test/fuzzing/fuzz_shead.cpp b/test/fuzzing/fuzz_shead.cpp
new file mode 100644
index 00000000..2abf517b
--- /dev/null
+++ b/test/fuzzing/fuzz_shead.cpp
@@ -0,0 +1,38 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+#include "brpc/policy/public_pbrpc_meta.pb.h"
+#include "brpc/policy/public_pbrpc_protocol.h"
+#include "brpc/policy/most_common_message.h"
+
+#define kMinInputLength 5
+#define kMaxInputLength 1024
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ if (size < kMinInputLength || size > kMaxInputLength){
+ return 1;
+ }
+
+ std::string input(reinterpret_cast<const char*>(data), size);
+ butil::IOBuf buf;
+ buf.append(input);
+
+ brpc::policy::ParseNsheadMessage(&buf, NULL, false, NULL);
+
+ return 0;
+}
diff --git a/test/fuzzing/fuzz_sofa.cpp b/test/fuzzing/fuzz_sofa.cpp
new file mode 100644
index 00000000..e26f6218
--- /dev/null
+++ b/test/fuzzing/fuzz_sofa.cpp
@@ -0,0 +1,39 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#include "brpc/policy/sofa_pbrpc_meta.pb.h"
+#include "brpc/policy/sofa_pbrpc_protocol.h"
+#include "brpc/policy/most_common_message.h"
+
+#define kMinInputLength 5
+#define kMaxInputLength 1024
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ if (size < kMinInputLength || size > kMaxInputLength){
+ return 1;
+ }
+
+ std::string input(reinterpret_cast<const char*>(data), size);
+
+ butil::IOBuf buf;
+ buf.append(input);
+
+ brpc::policy::ParseSofaMessage(&buf, NULL, false, NULL);
+ return 0;
+}
diff --git a/test/fuzzing/fuzz_uri.cpp b/test/fuzzing/fuzz_uri.cpp
new file mode 100644
index 00000000..3db1dec2
--- /dev/null
+++ b/test/fuzzing/fuzz_uri.cpp
@@ -0,0 +1,52 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+#include "brpc/uri.h"
+#include "brpc/rtmp.h"
+
+#define kMinInputLength 5
+#define kMaxInputLength 1024
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+ if (size < kMinInputLength || size > kMaxInputLength){
+ return 1;
+ }
+
+ char *data_in = (char *)malloc(size + 1);
+ memcpy(data_in, data, size);
+ data_in[size] = '\0';
+
+
+ std::string input(reinterpret_cast<const char*>(data), size);
+ {
+ brpc::URI uri;
+ uri.SetHttpURL(input);
+ }
+ {
+ butil::StringPiece host;
+ butil::StringPiece vhost;
+ butil::StringPiece port;
+ butil::StringPiece app;
+ butil::StringPiece stream_name;
+
+ brpc::ParseRtmpURL(input, &host, &vhost, &port, &app, &stream_name);
+ }
+
+ return 0;
+}
diff --git a/test/fuzzing/fuzz_uri_seed_corpus/data_1.rtmp
b/test/fuzzing/fuzz_uri_seed_corpus/data_1.rtmp
new file mode 100644
index 00000000..561683e5
--- /dev/null
+++ b/test/fuzzing/fuzz_uri_seed_corpus/data_1.rtmp
@@ -0,0 +1 @@
+rtmp://HOST:8765//APP?vhost=abc///STREAM?queries
diff --git a/test/fuzzing/fuzz_uri_seed_corpus/data_1.uri
b/test/fuzzing/fuzz_uri_seed_corpus/data_1.uri
new file mode 100644
index 00000000..b87dbc68
--- /dev/null
+++ b/test/fuzzing/fuzz_uri_seed_corpus/data_1.uri
@@ -0,0 +1 @@
+www.baidu2.com/s?wd=uri2&nonkey=22#frag
diff --git a/test/fuzzing/fuzz_uri_seed_corpus/data_2.uri
b/test/fuzzing/fuzz_uri_seed_corpus/data_2.uri
new file mode 100644
index 00000000..da343cbb
--- /dev/null
+++ b/test/fuzzing/fuzz_uri_seed_corpus/data_2.uri
@@ -0,0 +1 @@
+http://user:passwd@a.b.c/?d=c&a=b&e=f#frg1
diff --git a/test/fuzzing/oss-fuzz.sh b/test/fuzzing/oss-fuzz.sh
new file mode 100644
index 00000000..f959b70b
--- /dev/null
+++ b/test/fuzzing/oss-fuzz.sh
@@ -0,0 +1,53 @@
+#!/usr/bin/env sh
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+if [ "$SANITIZER" = "undefined" ]
+then
+ sed -i '/static void DoProfiling/i
__attribute__((no_sanitize("undefined")))'
src/brpc/builtin/hotspots_service.cpp
+ sed -i '/void PProfService::heap/i
__attribute__((no_sanitize("undefined")))' src/brpc/builtin/pprof_service.cpp
+ sed -i '/void PProfService::growth/i
__attribute__((no_sanitize("undefined")))' src/brpc/builtin/pprof_service.cpp
+fi
+
+mkdir -p build && cd build
+
+cmake \
+ -DCMAKE_C_COMPILER="$CC" -DCMAKE_CXX_COMPILER="$CXX" \
+ -DCMAKE_C_FLAGS="$CFLAGS" -DCMAKE_CXX_FLAGS="$CFLAGS"
-DCMAKE_CPP_FLAGS="$CFLAGS" \
+ -DCMAKE_EXE_LINKER_FLAGS="$CFLAGS"
-DLIB_FUZZING_ENGINE="$LIB_FUZZING_ENGINE" \
+ -DCMAKE_BUILD_TYPE=Debug -DBUILD_SHARED_LIBS=OFF -DWITH_SNAPPY=ON
-DBUILD_UNIT_TESTS=ON -DBUILD_FUZZ_TESTS=ON ../.
+
+# https://github.com/google/oss-fuzz/pull/10898
+make \
+ fuzz_butil fuzz_esp fuzz_hpack fuzz_http fuzz_hulu fuzz_json \
+ fuzz_redis fuzz_shead fuzz_sofa fuzz_uri --ignore-errors -j$(nproc)
+
+cp test/fuzz_* $OUT/
+
+pushd /lib/x86_64-linux-gnu/
+mkdir -p $OUT/lib/
+cp libgflags* libprotobuf* libleveldb* libprotoc* libsnappy* $OUT/lib/.
+popd
+
+pushd $SRC/brpc/test/fuzzing
+zip $OUT/fuzz_json_seed_corpus.zip fuzz_json_seed_corpus/*
+zip $OUT/fuzz_uri_seed_corpus.zip fuzz_uri_seed_corpus/*
+zip $OUT/fuzz_redis_seed_corpus.zip fuzz_redis_seed_corpus/*
+zip $OUT/fuzz_http_seed_corpus.zip fuzz_http_seed_corpus/*
+zip $OUT/fuzz_butil_seed_corpus.zip fuzz_butil_seed_corpus/*
+zip $OUT/fuzz_hpack_seed_corpus.zip fuzz_hpack_seed_corpus/*
+popd
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@brpc.apache.org
For additional commands, e-mail: dev-h...@brpc.apache.org
