libcommon property add fuzzer

Author: ralight

.gitignore

@@ -75,6 +75,9 @@ fuzzing/corpora/db_dump_seed_corpus.zip
 fuzzing/lib/lib_fuzz_pub_topic_check2
 fuzzing/lib/lib_fuzz_sub_topic_check2
 fuzzing/lib/lib_fuzz_utf8
+fuzzing/libcommon/libcommon_fuzz_property
+fuzzing/libcommon/libcommon_fuzz_property.pb.cc
+fuzzing/libcommon/libcommon_fuzz_property.pb.h
 fuzzing/libcommon/libcommon_fuzz_pub_topic_check2
 fuzzing/libcommon/libcommon_fuzz_sub_topic_check2
 fuzzing/libcommon/libcommon_fuzz_topic_matching

fuzzing/libcommon/Makefile

@@ -4,6 +4,7 @@ include ${R}/fuzzing/config.mk
 .PHONY: all clean
 
 FUZZERS:= \
+	libcommon_fuzz_property \
 	libcommon_fuzz_pub_topic_check2 \
 	libcommon_fuzz_sub_topic_check2 \
 	libcommon_fuzz_topic_matching \
@@ -19,6 +20,13 @@ PROTOC?=/src/libprotobuf-mutator/external.protobuf/bin/protoc
 
 all: $(FUZZERS)
 
+libcommon_fuzz_property.pb.cc : libcommon_fuzz_property.proto
+	$(PROTOC) --cpp_out=. $^
+
+libcommon_fuzz_property : libcommon_fuzz_property.cpp libcommon_fuzz_property.pb.cc
+	$(CXX) $(LOCAL_CXXFLAGS) $(LOCAL_CPPFLAGS) $(LOCAL_LDFLAGS) -o $@ $^ $(LOCAL_LIBADD) $(PROTOBUF_LIBS)
+	install $@ ${OUT}/$@
+
 libcommon_fuzz_pub_topic_check2 : libcommon_fuzz_pub_topic_check2.cpp
 	$(CXX) $(LOCAL_CXXFLAGS) $(LOCAL_CPPFLAGS) $(LOCAL_LDFLAGS) -o $@ $^ $(LOCAL_LIBADD)
 	install $@ ${OUT}/$@

fuzzing/libcommon/libcommon_fuzz_property.cpp

@@ -0,0 +1,47 @@
+#include "src/libfuzzer/libfuzzer_macro.h"
+
+#include "libcommon_fuzz_property.pb.h"
+#include "mosquitto.h"
+
+DEFINE_PROTO_FUZZER(const fuzz_property::FuzzerInput& fuzzer_input)
+{
+	mosquitto_property *prop_list = nullptr;
+	mosquitto_property *prop_copy = nullptr;
+
+	for(const fuzz_property::Property& property : fuzzer_input.properties()){
+		int identifier = property.identifier();
+		switch(property.data_case()){
+			case fuzz_property::Property::DataCase::kUint8Value:
+				mosquitto_property_add_byte(&prop_list, identifier, property.uint8_value() % 256);
+				break;
+			case fuzz_property::Property::DataCase::kUint16Value:
+				mosquitto_property_add_int16(&prop_list, identifier, property.uint16_value() % 65536);
+				break;
+			case fuzz_property::Property::DataCase::kUint32Value:
+				mosquitto_property_add_int32(&prop_list, identifier, property.uint32_value());
+				break;
+			case fuzz_property::Property::DataCase::kVarintValue:
+				mosquitto_property_add_varint(&prop_list, identifier, property.varint_value());
+				break;
+			case fuzz_property::Property::DataCase::kBinaryValue:
+				mosquitto_property_add_binary(&prop_list, identifier,
+						property.binary_value().c_str(),
+						property.binary_value().size());
+				break;
+			case fuzz_property::Property::DataCase::kStringValue:
+				mosquitto_property_add_string(&prop_list, identifier, property.string_value().c_str());
+				break;
+			case fuzz_property::Property::DataCase::kStringpairValue:
+				mosquitto_property_add_string_pair(&prop_list, identifier,
+						property.stringpair_value().name().c_str(),
+						property.stringpair_value().value().c_str());
+				break;
+			case fuzz_property::Property::DataCase::DATA_NOT_SET:
+				break;
+		}
+	}
+
+	mosquitto_property_copy_all(&prop_copy, prop_list);
+	mosquitto_property_free_all(&prop_list);
+	mosquitto_property_free_all(&prop_copy);
+}

fuzzing/libcommon/libcommon_fuzz_property.proto

@@ -0,0 +1,25 @@
+syntax = "proto2";
+
+package fuzz_property;
+
+message Property {
+	message StringPair {
+		required string name = 1;
+		required string value = 2;
+	}
+
+	required uint32 identifier = 1;
+	oneof data {
+		uint32 uint8_value = 2;
+		uint32 uint16_value = 3;
+		uint32 uint32_value = 4;
+		uint32 varint_value = 5;
+		bytes binary_value = 6;
+		string string_value = 7;
+		StringPair stringpair_value = 8;
+	}
+}
+
+message FuzzerInput {
+	repeated Property properties = 1;
+}