From 4199c59912c2806be638cfb9ae8a42d823ffbf3a Mon Sep 17 00:00:00 2001
From: yawkat <jonas.konrad@oracle.com>
Date: Thu, 21 Nov 2024 11:28:51 +0100
Subject: [PATCH 1/3] netty: Add fuzz test for HttpRequestDecoder This is my
 initial PR to get my feet wet, sort out the CLA, so it's just a small change.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The main change is a fuzzer for HttpRequestDecoder. This fuzzer reproduces the bug fixed by https://github.com/netty/netty/pull/13735 .

I also added myself to the contact list of the netty project. This was approved by @normanmaurer in January: https://github.com/netty/netty/issues/13033#issuecomment-1911318993 – unfortunately it took me until now to get corp approval for the CLA.
---
 projects/netty/pom.xml                        |  4 ++--
 projects/netty/project.yaml                   |  1 +
 .../io/netty/handler/BaseHandlerFuzzer.java   | 19 +++++++++++++++++++
 .../codec/http/HttpRequestDecoderFuzzer.java  | 14 ++++++++++++++
 4 files changed, 36 insertions(+), 2 deletions(-)
 create mode 100644 projects/netty/src/main/java/io/netty/handler/BaseHandlerFuzzer.java
 create mode 100644 projects/netty/src/main/java/io/netty/handler/codec/http/HttpRequestDecoderFuzzer.java

diff --git a/projects/netty/pom.xml b/projects/netty/pom.xml
index bbb4749e32b1..ee5a18989497 100644
--- a/projects/netty/pom.xml
+++ b/projects/netty/pom.xml
@@ -11,7 +11,7 @@
 		<maven.compiler.source>15</maven.compiler.source>
 		<maven.compiler.target>15</maven.compiler.target>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-		<fuzzedLibaryVersion>4.1.85.Final</fuzzedLibaryVersion>
+		<fuzzedLibaryVersion>4.1.115.Final</fuzzedLibaryVersion>
 		<exec.mainClass>io.netty.handler.codec.http.cookie.ServerCookieDecoderFuzzer</exec.mainClass>
 	</properties>
 
@@ -32,7 +32,7 @@
 		<dependency>
 			<groupId>com.code-intelligence</groupId>
 			<artifactId>jazzer-api</artifactId>
-			<version>0.12.0</version>
+			<version>0.22.1</version>
 		</dependency>
 		<dependency>
 			<groupId>io.netty</groupId>
diff --git a/projects/netty/project.yaml b/projects/netty/project.yaml
index abb6beba0969..e0d32373813e 100644
--- a/projects/netty/project.yaml
+++ b/projects/netty/project.yaml
@@ -5,6 +5,7 @@ primary_contact: "mr.chrisvest@gmail.com"
 auto_ccs:
   - "norman_maurer@apple.com"
   - "t@motd.kr"
+  - "me@yawk.at"
 fuzzing_engines:
   - libfuzzer
 sanitizers:
diff --git a/projects/netty/src/main/java/io/netty/handler/BaseHandlerFuzzer.java b/projects/netty/src/main/java/io/netty/handler/BaseHandlerFuzzer.java
new file mode 100644
index 000000000000..d40e9b20c8c1
--- /dev/null
+++ b/projects/netty/src/main/java/io/netty/handler/BaseHandlerFuzzer.java
@@ -0,0 +1,19 @@
+package io.netty.handler;
+
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+import io.netty.buffer.Unpooled;
+import io.netty.channel.embedded.EmbeddedChannel;
+
+/**
+ * Base class for fuzzing the input of an inbound handler. Will report exceptions thrown by the handler.
+ */
+public abstract class BaseHandlerFuzzer {
+    protected final EmbeddedChannel channel = new EmbeddedChannel();
+
+    public void test(FuzzedDataProvider provider) {
+        byte[] bytes = provider.consumeRemainingAsBytes();
+        channel.writeInbound(Unpooled.wrappedBuffer(bytes));
+        channel.finishAndReleaseAll();
+        channel.checkException();
+    }
+}
diff --git a/projects/netty/src/main/java/io/netty/handler/codec/http/HttpRequestDecoderFuzzer.java b/projects/netty/src/main/java/io/netty/handler/codec/http/HttpRequestDecoderFuzzer.java
new file mode 100644
index 000000000000..b5e4907e1432
--- /dev/null
+++ b/projects/netty/src/main/java/io/netty/handler/codec/http/HttpRequestDecoderFuzzer.java
@@ -0,0 +1,14 @@
+package io.netty.handler.codec.http;
+
+import com.code_intelligence.jazzer.api.FuzzedDataProvider;
+import io.netty.handler.BaseHandlerFuzzer;
+
+public class HttpRequestDecoderFuzzer extends BaseHandlerFuzzer {
+    {
+        channel.pipeline().addLast(new HttpRequestDecoder());
+    }
+
+    public static void fuzzerTestOneInput(FuzzedDataProvider fuzzedDataProvider) {
+        new HttpRequestDecoderFuzzer().test(fuzzedDataProvider);
+    }
+}

From 56cafabc5b1a13e77e07fe8f7edf54ce136ff050 Mon Sep 17 00:00:00 2001
From: yawkat <jonas.konrad@oracle.com>
Date: Thu, 21 Nov 2024 11:31:17 +0100
Subject: [PATCH 2/3] license headers

---
 .../java/io/netty/handler/BaseHandlerFuzzer.java | 16 ++++++++++++++++
 .../codec/http/HttpRequestDecoderFuzzer.java     | 16 ++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/projects/netty/src/main/java/io/netty/handler/BaseHandlerFuzzer.java b/projects/netty/src/main/java/io/netty/handler/BaseHandlerFuzzer.java
index d40e9b20c8c1..5455aa365118 100644
--- a/projects/netty/src/main/java/io/netty/handler/BaseHandlerFuzzer.java
+++ b/projects/netty/src/main/java/io/netty/handler/BaseHandlerFuzzer.java
@@ -1,3 +1,19 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
 package io.netty.handler;
 
 import com.code_intelligence.jazzer.api.FuzzedDataProvider;
diff --git a/projects/netty/src/main/java/io/netty/handler/codec/http/HttpRequestDecoderFuzzer.java b/projects/netty/src/main/java/io/netty/handler/codec/http/HttpRequestDecoderFuzzer.java
index b5e4907e1432..59cf520e397e 100644
--- a/projects/netty/src/main/java/io/netty/handler/codec/http/HttpRequestDecoderFuzzer.java
+++ b/projects/netty/src/main/java/io/netty/handler/codec/http/HttpRequestDecoderFuzzer.java
@@ -1,3 +1,19 @@
+// Copyright 2024 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+////////////////////////////////////////////////////////////////////////////////
+
 package io.netty.handler.codec.http;
 
 import com.code_intelligence.jazzer.api.FuzzedDataProvider;

From 32337a16c8832a8cfff109ce3ccbb1684688768e Mon Sep 17 00:00:00 2001
From: yawkat <jonas.konrad@oracle.com>
Date: Fri, 22 Nov 2024 17:29:05 +0100
Subject: [PATCH 3/3] rename base class

---
 .../{BaseHandlerFuzzer.java => HandlerFuzzerBase.java}        | 2 +-
 .../io/netty/handler/codec/http/HttpRequestDecoderFuzzer.java | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)
 rename projects/netty/src/main/java/io/netty/handler/{BaseHandlerFuzzer.java => HandlerFuzzerBase.java} (96%)

diff --git a/projects/netty/src/main/java/io/netty/handler/BaseHandlerFuzzer.java b/projects/netty/src/main/java/io/netty/handler/HandlerFuzzerBase.java
similarity index 96%
rename from projects/netty/src/main/java/io/netty/handler/BaseHandlerFuzzer.java
rename to projects/netty/src/main/java/io/netty/handler/HandlerFuzzerBase.java
index 5455aa365118..248bcb440cae 100644
--- a/projects/netty/src/main/java/io/netty/handler/BaseHandlerFuzzer.java
+++ b/projects/netty/src/main/java/io/netty/handler/HandlerFuzzerBase.java
@@ -23,7 +23,7 @@
 /**
  * Base class for fuzzing the input of an inbound handler. Will report exceptions thrown by the handler.
  */
-public abstract class BaseHandlerFuzzer {
+public abstract class HandlerFuzzerBase {
     protected final EmbeddedChannel channel = new EmbeddedChannel();
 
     public void test(FuzzedDataProvider provider) {
diff --git a/projects/netty/src/main/java/io/netty/handler/codec/http/HttpRequestDecoderFuzzer.java b/projects/netty/src/main/java/io/netty/handler/codec/http/HttpRequestDecoderFuzzer.java
index 59cf520e397e..fc2884448caf 100644
--- a/projects/netty/src/main/java/io/netty/handler/codec/http/HttpRequestDecoderFuzzer.java
+++ b/projects/netty/src/main/java/io/netty/handler/codec/http/HttpRequestDecoderFuzzer.java
@@ -17,9 +17,9 @@
 package io.netty.handler.codec.http;
 
 import com.code_intelligence.jazzer.api.FuzzedDataProvider;
-import io.netty.handler.BaseHandlerFuzzer;
+import io.netty.handler.HandlerFuzzerBase;
 
-public class HttpRequestDecoderFuzzer extends BaseHandlerFuzzer {
+public class HttpRequestDecoderFuzzer extends HandlerFuzzerBase {
     {
         channel.pipeline().addLast(new HttpRequestDecoder());
     }