Try4 fuzz decode receive

CMakeLists.txt

@@ -128,3 +128,20 @@ IF (BUILD_FUZZER)
     ENDIF(OSS_FUZZ)
 ENDIF()
 
+IF (BUILD_FUZZER_DECODE_RECEIVE)
+    MESSAGE(STATUS "===== Making the decode receive fuzzer")
+    SET(FUZZER_EXE "quicly-fuzzer-decode_receive")
+    SET(FUZZER_CC "fuzz/decode_receive.cc")
+
+    IF(NOT CMAKE_CXX_COMPILER_ID STREQUAL "Clang")
+	MESSAGE(FATAL_ERROR "The fuzzer needs clang as a compiler")
+    ENDIF()
+    ADD_EXECUTABLE(${FUZZER_EXE} ${PICOTLS_OPENSSL_FILES} ${FUZZER_CC})
+    SET(CMAKE_EXE_LINKER_FLAGS "${CMAKE_C_FLAGS}")
+    SET(LIB_FUZZER "${CMAKE_CURRENT_BINARY_DIR}/libFuzzer.a")
+        SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-omit-frame-pointer -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link")
+        SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -fno-omit-frame-pointer -fsanitize=address -fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link")
+    ADD_CUSTOM_TARGET(libFuzzer ${CMAKE_CURRENT_SOURCE_DIR}/misc/build_libFuzzer.sh WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR})
+    ADD_DEPENDENCIES(${FUZZER_EXE} quicly libFuzzer)
+    TARGET_LINK_LIBRARIES(${FUZZER_EXE} quicly ${OPENSSL_LIBRARIES} ${CMAKE_DL_LIBS} ${LIB_FUZZER})
+ENDIF()

corpus_decode_receive/0ad052dd9f32405521e43c6ebdc52f5a025493b2

@@ -0,0 +1 @@
+�

corpus_decode_receive/0b024bbfe84ef597c3ee8cb9fc0ebf96b237f3eb

@@ -0,0 +1 @@
++

corpus_decode_receive/1d66ad2cbb93b41c9da7b3708a79904257c5b142

@@ -0,0 +1 @@
+er

corpus_decode_receive/27f57cb359a8f86acf4af811c47a6380b4bb4209

@@ -0,0 +1 @@
+

corpus_decode_receive/38b11ec3dbffa2d01a944e7dfc6b0e95e164d62b

@@ -0,0 +1 @@
+`�

corpus_decode_receive/3bc15c8aae3e4124dd409035f32ea2fd6835efc9

@@ -0,0 +1 @@
+-

corpus_decode_receive/3fa5bfd93317ad25772680071d5ac3259cd2384f

@@ -0,0 +1 @@
+�

corpus_decode_receive/42099b4af021e53fd8fd4e056c2568d7c2e3ffa8

@@ -0,0 +1 @@
+/

corpus_decode_receive/4ff447b8ef42ca51fa6fb287bed8d40f49be58f1

@@ -0,0 +1 @@
+]

corpus_decode_receive/52a2f9e3d54f987edab064dc41feef26aa84603d

@@ -0,0 +1 @@
+��

corpus_decode_receive/5fb9a0ba37519b7fd51909c778ee3b48502de7c1

@@ -0,0 +1 @@
+�

corpus_decode_receive/68f0f55b44dbd52da6634b03aabe8e9747aae89f

@@ -0,0 +1,2 @@
+,
+#

corpus_decode_receive/6e14a407faae939957b80e641a836735bbdcad5a

@@ -0,0 +1 @@
+

corpus_decode_receive/74ccbb04dcc4baa8479fac977743e9e68154a8a7

@@ -0,0 +1 @@
+,

corpus_decode_receive/769af93e7ee3d67675c531de9537eb764d660344

@@ -0,0 +1 @@
+

corpus_decode_receive/79096cff40bc5528d0dc2f33cb7b2ea50c407758

@@ -0,0 +1 @@
+�`�

corpus_decode_receive/85e53271e14006f0265921d02d4d736cdc580b0b

@@ -0,0 +1 @@
+�

corpus_decode_receive/8cd6fae79960594f25c7def64ae50590d5fcf225

@@ -0,0 +1 @@
+]=�

corpus_decode_receive/8de67263f0d5dedcec3e4ffbf70cc7a353f86e26

@@ -0,0 +1 @@
+]=

corpus_decode_receive/9a78211436f6d425ec38f5c4e02270801f3524f8

@@ -0,0 +1 @@
+@

corpus_decode_receive/a19f987b885f5a96069f4bc7f12b9e84ceba7dfa

@@ -0,0 +1 @@
+��

corpus_decode_receive/a467d318c7fec80c1cc45e020fcfc5298cc61612

@@ -0,0 +1 @@
+r

corpus_decode_receive/ab755c6af7ce12da999f530268e8e578037bfb7a

@@ -0,0 +1 @@
+��

corpus_decode_receive/b6589fc6ab0dc82cf12099d1c2d40ab994e8410c

@@ -0,0 +1 @@
+0

corpus_decode_receive/b830c46d24068069f0a43687826f355b21fdb941

@@ -0,0 +1 @@
+

corpus_decode_receive/b858cb282617fb0956d960215c8e84d1ccf909c6

@@ -0,0 +1 @@
+

corpus_decode_receive/c314f8c1fa13e1afa11c8716c7bce6dbf02d09aa

@@ -0,0 +1 @@
+�

corpus_decode_receive/c63c87822f50bdab607836bd4e2ee9a45b036c3e

@@ -0,0 +1 @@
+�`

corpus_decode_receive/de26b0844f7494eab88219f7b627e1d8a599b02c

@@ -0,0 +1 @@
+

corpus_decode_receive/dfec926c1e11575719960ca972a0834a44a5eef0

@@ -0,0 +1 @@
+/-

corpus_decode_receive/eaea1e07931b7fa49c19d5e9bd028fe78c1ca177

@@ -0,0 +1 @@
+��

corpus_decode_receive/eb6b0e7165a8118b4bd2de93fbe8182dc50fe8de

@@ -0,0 +1 @@
+�

corpus_decode_receive/ebdc2288a14298f5f7adf08e069b39fc42cbd909

@@ -0,0 +1 @@
+

corpus_decode_receive/fa138ae356d35c8d77083c406a5be73745643aae

@@ -0,0 +1 @@
+�

fuzz/decode_receive.cc

@@ -0,0 +1,91 @@
+#include <picotls.h>
+#include <stdio.h>
+#include <netdb.h>
+#include "quicly.h"
+#include "quicly/defaults.h"
+#include "quicly/frame.h"
+#include "../deps/picotls/include/picotls/openssl.h"
+
+void __sanitizer_cov_trace_pc(void)
+{
+}
+
+int save_session_ticket_cb(ptls_save_ticket_t *_self, ptls_t *tls, ptls_iovec_t src)
+{
+    return 0; 
+}
+
+static int on_client_hello_cb(ptls_on_client_hello_t *_self, ptls_t *tls, ptls_on_client_hello_parameters_t *params)
+{
+    return 0;
+}
+
+static ptls_key_exchange_algorithm_t *key_exchanges[128];
+static ptls_cipher_suite_t *cipher_suites[128];
+
+static ptls_save_ticket_t save_session_ticket = {save_session_ticket_cb};
+static ptls_on_client_hello_t on_client_hello = {on_client_hello_cb};
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
+{
+
+	ptls_context_t tlsctx = {.random_bytes = ptls_openssl_random_bytes,
+                                .get_time = &ptls_get_time,
+                                .key_exchanges = key_exchanges,
+                                .cipher_suites = ptls_openssl_cipher_suites,
+                                .require_dhe_on_psk = 1 , 
+                                .save_ticket = &save_session_ticket,
+                                .on_client_hello = &on_client_hello};
+
+
+	int ret;
+	quicly_context_t ctx;
+	ctx = quicly_spec_context;
+	ctx.tls = &tlsctx;
+
+	quicly_decoded_packet_t p;
+
+	struct sockaddr sa;
+	socklen_t salen;
+
+	quicly_conn_t *conn = NULL;
+	quicly_cid_plaintext_t next_cid;
+	const char* host = "127.0.0.1";
+	const char* port = "4422";
+	ptls_iovec_t *resumption_token = (ptls_iovec_t *)malloc(sizeof(ptls_iovec_t));
+	ptls_handshake_properties_t hs_properties = (ptls_handshake_properties_t){{{{NULL}}}};
+	quicly_transport_parameters_t resumed_transport_params;
+
+	struct addrinfo hint, *res;
+
+	memset(&hint, 0, sizeof(hint));
+	hint.ai_family = AF_INET;
+	hint.ai_socktype = SOCK_DGRAM;
+	hint.ai_protocol = IPPROTO_UDP;
+	hint.ai_flags = AI_ADDRCONFIG | AI_NUMERICSERV | AI_PASSIVE;
+	getaddrinfo(host, port, &hint, &res);
+
+	memcpy(&sa, res->ai_addr, res->ai_addrlen);
+
+	resumption_token->len = 0;
+
+	hs_properties.additional_extensions = NULL;
+	hs_properties.collect_extension = NULL;
+	hs_properties.collected_extensions = NULL;
+
+	ret = quicly_connect(&conn, &ctx, host, &sa, NULL, &next_cid, *resumption_token, &hs_properties, &resumed_transport_params);
+
+	ret = quicly_decode_packet(&ctx, &p, Data, Size);
+
+	if (ret != Size)
+		goto Exit;	
+
+	quicly_receive(conn, NULL, &sa, &p);
+
+Exit: 
+	freeaddrinfo(res); 
+	free(resumption_token);
+	quicly_free(conn);
+
+	return 0;
+}