diff --git a/projects/netty/pom.xml b/projects/netty/pom.xml
index bbb4749e32b1..ee5a18989497 100644
--- a/projects/netty/pom.xml
+++ b/projects/netty/pom.xml
@@ -11,7 +11,7 @@
15
15
UTF-8
- 4.1.85.Final
+ 4.1.115.Final
io.netty.handler.codec.http.cookie.ServerCookieDecoderFuzzer
@@ -32,7 +32,7 @@
com.code-intelligence
jazzer-api
- 0.12.0
+ 0.22.1
io.netty
diff --git a/projects/netty/project.yaml b/projects/netty/project.yaml
index abb6beba0969..e0d32373813e 100644
--- a/projects/netty/project.yaml
+++ b/projects/netty/project.yaml
@@ -5,6 +5,7 @@ primary_contact: "mr.chrisvest@gmail.com"
auto_ccs:
- "norman_maurer@apple.com"
- "t@motd.kr"
+ - "me@yawk.at"
fuzzing_engines:
- libfuzzer
sanitizers:
diff --git a/projects/netty/src/main/java/io/netty/handler/HandlerFuzzerBase.java b/projects/netty/src/main/java/io/netty/handler/HandlerFuzzerBase.java
new file mode 100644
index 000000000000..248bcb440cae
--- /dev/null
+++ b/projects/netty/src/main/java/io/netty/handler/HandlerFuzzerBase.java
@@ -0,0 +1,35 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+package io.netty.handler;
+
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+import io.netty.buffer.Unpooled;
+import io.netty.channel.embedded.EmbeddedChannel;
+
+/**
+ * Base class for fuzzing the input of an inbound handler. Will report exceptions thrown by the handler.
+ */
+public abstract class HandlerFuzzerBase {
+ protected final EmbeddedChannel channel = new EmbeddedChannel();
+
+ public void test(FuzzedDataProvider provider) {
+ byte[] bytes = provider.consumeRemainingAsBytes();
+ channel.writeInbound(Unpooled.wrappedBuffer(bytes));
+ channel.finishAndReleaseAll();
+ channel.checkException();
+ }
+}
diff --git a/projects/netty/src/main/java/io/netty/handler/codec/http/HttpRequestDecoderFuzzer.java b/projects/netty/src/main/java/io/netty/handler/codec/http/HttpRequestDecoderFuzzer.java
new file mode 100644
index 000000000000..fc2884448caf
--- /dev/null
+++ b/projects/netty/src/main/java/io/netty/handler/codec/http/HttpRequestDecoderFuzzer.java
@@ -0,0 +1,30 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+package io.netty.handler.codec.http;
+
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+import io.netty.handler.HandlerFuzzerBase;
+
+public class HttpRequestDecoderFuzzer extends HandlerFuzzerBase {
+ {
+ channel.pipeline().addLast(new HttpRequestDecoder());
+ }
+
+ public static void fuzzerTestOneInput(FuzzedDataProvider fuzzedDataProvider) {
+ new HttpRequestDecoderFuzzer().test(fuzzedDataProvider);
+ }
+}