libmicrohttpd2: Add new targets (#13851)

This PR adds new fuzzing targets from mhd_str and mhd_libinfo from
libmicrohttpd2 project.

Signed-off-by: Arthur Chan <[email protected]>

Author: arthurscchan

projects/libmicrohttpd2/build.sh

@@ -30,7 +30,7 @@ make -j$(nproc)
 make install
 
 # Compile fuzzer
-FUZZERS="fuzz_response fuzz_daemon fuzz_mhd2 fuzz_str fuzz_crypto_int"
+FUZZERS="fuzz_response fuzz_daemon fuzz_mhd2 fuzz_str fuzz_crypto_int fuzz_libinfo"
 
 for fuzzer in $FUZZERS; do
   extra_src=""

projects/libmicrohttpd2/fuzz_libinfo.cpp

@@ -0,0 +1,48 @@
+// Copyright 2025 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+#include <stdint.h>
+#include <stddef.h>
+#include <vector>
+#include <cstdlib>
+#include <algorithm>
+
+#include "microhttpd2.h"
+#include "fuzzer/FuzzedDataProvider.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  FuzzedDataProvider fdp(data, size);
+
+  // Generate random ids
+  int fixed_id   = fdp.ConsumeIntegral<int>();
+  int dynamic_id = fdp.ConsumeIntegral<int>();
+
+  // Generate random raw data
+  std::vector<uint8_t> raw_data = fdp.ConsumeRemainingBytes<uint8_t>();
+
+  // Fuzz MHD_lib_get_info_fixed_sz
+  MHD_lib_get_info_fixed_sz(
+      static_cast<MHD_LibInfoFixed>(fixed_id),
+      raw_data.size() > 0 ? reinterpret_cast<MHD_LibInfoFixedData*>(raw_data.data()) : nullptr,
+      raw_data.size());
+
+  // Fuzz MHD_lib_get_info_dynamic_sz
+  MHD_lib_get_info_dynamic_sz(
+      static_cast<MHD_LibInfoDynamic>(dynamic_id),
+      raw_data.size() > 0 ? reinterpret_cast<MHD_LibInfoDynamicData*>(raw_data.data()) : nullptr,
+      raw_data.size());
+
+  return 0;
+}

projects/libmicrohttpd2/fuzz_str.cpp

@@ -24,6 +24,7 @@
 #include <fuzzer/FuzzedDataProvider.h>
 extern "C" {
   #include "mhd_str.h"
+  #include "microhttpd2.h"
 }
 
 static void fuzz_tokens(FuzzedDataProvider& fdp) {
@@ -180,16 +181,30 @@ static void fuzz_base64(FuzzedDataProvider& fdp) {
   }
 }
 
+static void fuzz_transformation(FuzzedDataProvider& fdp) {
+  // Fuzz targets in multiple rounds
+  for (int i = 0; i < fdp.ConsumeIntegralInRange<unsigned>(1, 8); i++) {
+    // Generate random integer
+    int value = fdp.ConsumeIntegral<int>();
+
+    // Fuzz conversion functions
+    MHD_http_method_to_string(static_cast<MHD_HTTP_Method>(value));
+    MHD_predef_header_to_string(static_cast<MHD_PredefinedHeader>(value));
+    MHD_protocol_version_to_string(static_cast<MHD_HTTP_ProtocolVersion>(value));
+  }
+}
+
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
   FuzzedDataProvider fdp(data, size);
 
   for (int i = 0; i < fdp.ConsumeIntegralInRange<unsigned>(1, 6); i++) {
-    switch (fdp.ConsumeIntegralInRange<int>(0, 5)) {
+    switch (fdp.ConsumeIntegralInRange<int>(0, 6)) {
       case 0: fuzz_tokens(fdp); break;
       case 1: fuzz_conversion(fdp); break;
       case 2: fuzz_decode(fdp); break;
       case 3: fuzz_quoted(fdp); break;
       case 4: fuzz_base64(fdp); break;
+      case 5: fuzz_transformation(fdp); break;
     }
   }
   return 0;