mem: add chance of failing flb_malloc when fuzzing (#4689)

* mem: add chance of failing flb_malloc when fuzzing

this will increase coverage of fluent-bit code when fuzzing and also
help us find places where there is no check on the value returned by
flb_malloc.

Signed-off-by: David Korczynski <[email protected]>

Author: DavidKorczynski

include/fluent-bit/flb_mem.h

@@ -46,8 +46,32 @@
     #define FLB_ALLOCSZ_ATTR(x,...)
 #endif
 
+#ifdef FLB_HAVE_TESTS_OSSFUZZ
+/*
+ * Return 1 or 0 based on a probability.
+ */
+int flb_malloc_p;
+
+static inline int flb_fuzz_get_probability(int val) {
+  flb_malloc_p += 1;
+  flb_malloc_p = flb_malloc_p % 100;
+  if (val > flb_malloc_p) {
+    return 1;
+  }
+  return 0;
+}
+#endif
+
 static inline FLB_ALLOCSZ_ATTR(1)
 void *flb_malloc(const size_t size) {
+
+#ifdef FLB_HAVE_TESTS_OSSFUZZ
+   // 1% chance of failure
+   if (flb_fuzz_get_probability(1)) {
+     return NULL;
+   }
+#endif
+
     if (size == 0) {
         return NULL;
     }

tests/internal/fuzzers/flb_fuzz_header.h

@@ -28,6 +28,9 @@ char *get_null_terminated(size_t size, const uint8_t **data,
                           size_t *total_data_size)
 {
   char *tmp = flb_malloc(size+1);
+  if (tmp == NULL) {
+    tmp = malloc(size+1);
+  }
   memcpy(tmp, *data, size);
   tmp[size] = '\0';
 

tests/internal/fuzzers/utils_fuzzer.c

@@ -38,6 +38,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         return 0;
     }
 
+    flb_malloc_p = 0;
+
     uint64_t ran_hash = *(uint64_t *)data;
     char *null_terminated1 = get_null_terminated(25, &data, &size);
     char *null_terminated2 = get_null_terminated(25, &data, &size);