tests: Add fuzzing harness for CBufferedFile::{SetPos,GetPos,GetType,GetVersion} (stream.h)

practicalswift · practicalswift · commit 614e0807a813 · 2020-07-15T11:41:21.000Z
diff --git a/src/test/fuzz/buffered_file.cpp b/src/test/fuzz/buffered_file.cpp
@@ -29,8 +29,9 @@ void test_one_input(const std::vector<uint8_t>& buffer)
         }
     }
     if (opt_buffered_file && fuzzed_file != nullptr) {
+        bool setpos_fail = false;
         while (fuzzed_data_provider.ConsumeBool()) {
-            switch (fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 4)) {
+            switch (fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 5)) {
             case 0: {
                 std::array<uint8_t, 4096> arr{};
                 try {
@@ -48,17 +49,30 @@ void test_one_input(const std::vector<uint8_t>& buffer)
                 break;
             }
             case 3: {
+                if (!opt_buffered_file->SetPos(fuzzed_data_provider.ConsumeIntegralInRange<uint64_t>(0, 4096))) {
+                    setpos_fail = true;
+                }
+                break;
+            }
+            case 4: {
+                if (setpos_fail) {
+                    // Calling FindByte(...) after a failed SetPos(...) call may result in an infinite loop.
+                    break;
+                }
                 try {
                     opt_buffered_file->FindByte(fuzzed_data_provider.ConsumeIntegral<char>());
                 } catch (const std::ios_base::failure&) {
                 }
                 break;
             }
-            case 4: {
+            case 5: {
                 ReadFromStream(fuzzed_data_provider, *opt_buffered_file);
                 break;
             }
             }
         }
+        opt_buffered_file->GetPos();
+        opt_buffered_file->GetType();
+        opt_buffered_file->GetVersion();
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -29,8 +29,9 @@ void test_one_input(const std::vector<uint8_t>& buffer)`
`29`	`29`	`}`
`30`	`30`	`}`
`31`	`31`	`if (opt_buffered_file && fuzzed_file != nullptr) {`
	`32`	`+ bool setpos_fail = false;`
`32`	`33`	`while (fuzzed_data_provider.ConsumeBool()) {`
`33`		`- switch (fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 4)) {`
	`34`	`+ switch (fuzzed_data_provider.ConsumeIntegralInRange<int>(0, 5)) {`
`34`	`35`	`case 0: {`
`35`	`36`	`std::array<uint8_t, 4096> arr{};`
`36`	`37`	`try {`
`@@ -48,17 +49,30 @@ void test_one_input(const std::vector<uint8_t>& buffer)`
`48`	`49`	`break;`
`49`	`50`	`}`
`50`	`51`	`case 3: {`
	`52`	`+ if (!opt_buffered_file->SetPos(fuzzed_data_provider.ConsumeIntegralInRange<uint64_t>(0, 4096))) {`
	`53`	`+ setpos_fail = true;`
	`54`	`+ }`
	`55`	`+ break;`
	`56`	`+ }`
	`57`	`+ case 4: {`
	`58`	`+ if (setpos_fail) {`
	`59`	`+ // Calling FindByte(...) after a failed SetPos(...) call may result in an infinite loop.`
	`60`	`+ break;`
	`61`	`+ }`
`51`	`62`	`try {`
`52`	`63`	`opt_buffered_file->FindByte(fuzzed_data_provider.ConsumeIntegral<char>());`
`53`	`64`	`} catch (const std::ios_base::failure&) {`
`54`	`65`	`}`
`55`	`66`	`break;`
`56`	`67`	`}`
`57`		`- case 4: {`
	`68`	`+ case 5: {`
`58`	`69`	`ReadFromStream(fuzzed_data_provider, *opt_buffered_file);`
`59`	`70`	`break;`
`60`	`71`	`}`
`61`	`72`	`}`
`62`	`73`	`}`
	`74`	`+ opt_buffered_file->GetPos();`
	`75`	`+ opt_buffered_file->GetType();`
	`76`	`+ opt_buffered_file->GetVersion();`
`63`	`77`	`}`
`64`	`78`	`}`