Merge commit 'aa4767626d5893bb1e931482aa99f7b6307cc9c2'

Author: yellowhatter

.github/workflows/ci.yml

@@ -342,6 +342,68 @@ jobs:
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
 
+  fuzz:
+    name: Fuzz target smoke tests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Clone this repository
+        uses: actions/checkout@v4
+
+      - name: Install latest Rust toolchain
+        run: rustup toolchain install ${{ env.NIGHTLY_TOOLCHAIN }}
+
+      - name: Install cargo-fuzz
+        run: cargo +stable install --locked cargo-fuzz
+
+      - name: Setup rust-cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          cache-bin: false
+          workspaces: |
+            . -> target
+            commons/zenoh-codec/fuzz -> commons/zenoh-codec/fuzz/target
+            commons/zenoh-protocol/fuzz -> commons/zenoh-protocol/fuzz/target
+
+      - name: Build zenoh-codec fuzz crate
+        run: cargo build --manifest-path commons/zenoh-codec/fuzz/Cargo.toml --bins
+
+      - name: Generate zenoh-codec seed corpora
+        run: cargo run --manifest-path commons/zenoh-codec/fuzz/Cargo.toml --bin gen_all_corpora
+
+      - name: Verify zenoh-codec seed corpora
+        run: cargo run --manifest-path commons/zenoh-codec/fuzz/Cargo.toml --bin verify_all_corpora
+
+      - name: Smoke fuzz zenoh-codec targets
+        working-directory: commons/zenoh-codec/fuzz
+        run: |
+          for target in transport_message network_message frame scouting_message; do
+            cargo +${{ env.NIGHTLY_TOOLCHAIN }} fuzz run "$target" -- -max_total_time=60
+          done
+
+      - name: Build endpoint_from_str fuzz target
+        run: cargo build --manifest-path commons/zenoh-protocol/fuzz/Cargo.toml --bin endpoint_from_str
+
+      - name: Generate endpoint_from_str seed corpus
+        run: cargo run --manifest-path commons/zenoh-protocol/fuzz/Cargo.toml --bin gen_endpoint_corpus
+
+      - name: Verify endpoint_from_str seed corpus
+        run: cargo run --manifest-path commons/zenoh-protocol/fuzz/Cargo.toml --bin verify_endpoint_corpus
+
+      - name: Smoke fuzz endpoint_from_str
+        working-directory: commons/zenoh-protocol/fuzz
+        run: cargo +${{ env.NIGHTLY_TOOLCHAIN }} fuzz run endpoint_from_str -- -max_total_time=60
+
+      - name: Upload fuzz artifacts
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: fuzz-artifacts-pr-smoke
+          path: |
+            commons/zenoh-codec/fuzz/artifacts
+            commons/zenoh-protocol/fuzz/artifacts
+          if-no-files-found: ignore
+          retention-days: 14
+
   valgrind:
     name: Memory leak checks
     runs-on: ubuntu-latest
@@ -491,6 +553,7 @@ jobs:
         test,
         test_unstable,
         test_shm,
+        fuzz,
         valgrind,
         typos,
         markdown_lint,

.github/workflows/fuzz-scheduled.yml

@@ -0,0 +1,159 @@
+#
+# Copyright (c) 2026 ZettaScale Technology
+#
+# This program and the accompanying materials are made available under the
+# terms of the Eclipse Public License 2.0 which is available at
+# http://www.eclipse.org/legal/epl-2.0, or the Apache License, Version 2.0
+# which is available at https://www.apache.org/licenses/LICENSE-2.0.
+#
+# SPDX-License-Identifier: EPL-2.0 OR Apache-2.0
+#
+# Contributors:
+#   ZettaScale Zenoh Team, <zenoh@zettascale.tech>
+#
+name: Scheduled Fuzzing
+
+on:
+  schedule:
+    # Run the 1-hour campaign every day except Sunday.
+    - cron: "0 0 * * 1-6"
+    # Run the 5-hour campaign on Sunday instead of the daily run.
+    - cron: "0 0 * * 0"
+  workflow_dispatch:
+    inputs:
+      profile:
+        type: choice
+        description: Fuzzing duration profile
+        required: true
+        default: daily
+        options:
+          - daily
+          - weekly
+
+env:
+  CARGO_REGISTRIES_CRATES_IO_PROTOCOL: sparse
+  NIGHTLY_TOOLCHAIN: nightly
+
+jobs:
+  determine-profile:
+    name: Determine fuzzing profile
+    runs-on: ubuntu-latest
+    outputs:
+      label: ${{ steps.profile.outputs.label }}
+      max_total_time: ${{ steps.profile.outputs.max_total_time }}
+    steps:
+      - name: Select duration profile
+        id: profile
+        shell: bash
+        run: |
+          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
+            profile="${{ inputs.profile }}"
+          elif [[ "${{ github.event.schedule }}" == "0 0 * * 0" ]]; then
+            profile="weekly"
+          else
+            profile="daily"
+          fi
+
+          if [[ "$profile" == "weekly" ]]; then
+            echo "label=weekly" >> "$GITHUB_OUTPUT"
+            echo "max_total_time=18000" >> "$GITHUB_OUTPUT"
+          else
+            echo "label=daily" >> "$GITHUB_OUTPUT"
+            echo "max_total_time=3600" >> "$GITHUB_OUTPUT"
+          fi
+
+  fuzz-codec:
+    name: Codec fuzz (${{ needs.determine-profile.outputs.label }}) - ${{ matrix.target }}
+    needs: determine-profile
+    runs-on: ubuntu-latest
+    timeout-minutes: 330
+    strategy:
+      fail-fast: false
+      matrix:
+        target:
+          - transport_message
+          - network_message
+          - frame
+          - scouting_message
+    steps:
+      - name: Clone this repository
+        uses: actions/checkout@v4
+
+      - name: Install latest Rust toolchain
+        run: rustup toolchain install ${{ env.NIGHTLY_TOOLCHAIN }}
+
+      - name: Install cargo-fuzz
+        run: cargo +stable install --locked cargo-fuzz
+
+      - name: Setup rust-cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          cache-bin: false
+          workspaces: |
+            . -> target
+            commons/zenoh-codec/fuzz -> commons/zenoh-codec/fuzz/target
+
+      - name: Generate zenoh-codec seed corpora
+        run: cargo run --bin gen_all_corpora
+        working-directory: commons/zenoh-codec/fuzz
+
+      - name: Verify zenoh-codec seed corpora
+        run: cargo run --bin verify_all_corpora
+        working-directory: commons/zenoh-codec/fuzz
+
+      - name: Run codec fuzz target
+        run: cargo +${{ env.NIGHTLY_TOOLCHAIN }} fuzz run ${{ matrix.target }} -- -max_total_time=${{ needs.determine-profile.outputs.max_total_time }}
+        working-directory: commons/zenoh-codec/fuzz
+
+      - name: Upload codec fuzz artifacts
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: fuzz-artifacts-codec-${{ needs.determine-profile.outputs.label }}-${{ matrix.target }}
+          path: commons/zenoh-codec/fuzz/artifacts/${{ matrix.target }}
+          if-no-files-found: ignore
+          retention-days: 14
+
+  fuzz-protocol:
+    name: Protocol fuzz (${{ needs.determine-profile.outputs.label }}) - endpoint_from_str
+    needs: determine-profile
+    runs-on: ubuntu-latest
+    timeout-minutes: 330
+    steps:
+      - name: Clone this repository
+        uses: actions/checkout@v4
+
+      - name: Install latest Rust toolchain
+        run: rustup toolchain install ${{ env.NIGHTLY_TOOLCHAIN }}
+
+      - name: Install cargo-fuzz
+        run: cargo +stable install --locked cargo-fuzz
+
+      - name: Setup rust-cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          cache-bin: false
+          workspaces: |
+            . -> target
+            commons/zenoh-protocol/fuzz -> commons/zenoh-protocol/fuzz/target
+
+      - name: Generate endpoint_from_str seed corpus
+        run: cargo run --bin gen_endpoint_corpus
+        working-directory: commons/zenoh-protocol/fuzz
+
+      - name: Verify endpoint_from_str seed corpus
+        run: cargo run --bin verify_endpoint_corpus
+        working-directory: commons/zenoh-protocol/fuzz
+
+      - name: Run endpoint_from_str fuzz target
+        run: cargo +${{ env.NIGHTLY_TOOLCHAIN }} fuzz run endpoint_from_str -- -max_total_time=${{ needs.determine-profile.outputs.max_total_time }}
+        working-directory: commons/zenoh-protocol/fuzz
+
+      - name: Upload protocol fuzz artifacts
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: fuzz-artifacts-protocol-${{ needs.determine-profile.outputs.label }}-endpoint_from_str
+          path: commons/zenoh-protocol/fuzz/artifacts/endpoint_from_str
+          if-no-files-found: ignore
+          retention-days: 14

.gitignore

@@ -29,3 +29,8 @@ ci/valgrind-check/*.log
 
 # Code coverage reports
 *.profraw
+
+# cargo-fuzz-related
+**/fuzz/artifacts
+**/fuzz/corpus
+**/fuzz/coverage

Cargo.lock

@@ -12,7 +12,13 @@
 #   ZettaScale Zenoh Team, <zenoh@zettascale.tech>
 #
 [workspace]
-exclude = ["ci/nostd-check", "ci/valgrind-check", "ci/zenoh-1-75"]
+exclude = [
+  "ci/nostd-check",
+  "ci/valgrind-check",
+  "ci/zenoh-1-75",
+  "commons/zenoh-codec/fuzz",
+  "commons/zenoh-protocol/fuzz",
+]
 members = [
   "commons/zenoh-buffers",
   "commons/zenoh-codec",

Cargo.toml

@@ -44,6 +44,13 @@
     /// Accepts a single list (e.g. endpoints: ["tcp/10.10.10.10:7447", "tcp/11.11.11.11:7447"])
     /// or different lists for router, peer and client (e.g. endpoints: { router: ["tcp/10.10.10.10:7447"], peer: ["tcp/11.11.11.11:7447"] }).
     ///
+    /// Note that every element in the list can also be a list:
+    /// E.g. endpoints: [{"strategy": "allOf", "locators": ["tcp/10.10.10.10:7447?rel=0", "tcp/10.10.10.10:7447?rel=1"]}, "tcp/11.11.11.11:7447"]
+    /// This can be used in the client mode.
+    /// Since the client mode only allows connecting to a single endpoint, this indicates that we want to build multiple links to the same endpoint.
+    /// It doesn't make any difference for the peer or router mode.
+    /// endpoints: [{"strategy": "allOf", "locators": ["tcp/10.10.10.10:7447?rel=0", "tcp/10.10.10.10:7447?rel=1"]}] is equivalent to endpoints: ["tcp/10.10.10.10:7447?rel=0", "tcp/10.10.10.10:7447?rel=1"].
+    ///
     /// See https://docs.rs/zenoh/latest/zenoh/config/struct.EndPoint.html
     endpoints: [
       // "<proto>/<address>"

DEFAULT_CONFIG.json5

@@ -6,3 +6,71 @@ It is highly recommended to depend solely on the zenoh and zenoh-ext crates and
 
 - [Click here for Zenoh's main repository](https://github.com/eclipse-zenoh/zenoh)
 - [Click here for Zenoh's documentation](https://zenoh.io)
+
+## Fuzzing
+
+The `zenoh-codec` crate includes `cargo-fuzz` targets for:
+
+- `transport_message`
+- `network_message`
+- `frame`
+- `scouting_message`
+
+From the `commons/zenoh-codec/fuzz` directory, run:
+
+```sh
+# Generate the deterministic seed corpus
+cargo run --bin gen_all_corpora
+
+# Optional: verify the generated corpus matches the current encoder
+cargo run --bin verify_all_corpora
+
+# Run the fuzz targets
+cargo +nightly fuzz run transport_message
+cargo +nightly fuzz run network_message
+cargo +nightly fuzz run frame
+cargo +nightly fuzz run scouting_message
+
+# Only rerun a certain input
+cargo +nightly fuzz run transport_message artifacts/transport_message/crash-xxxx
+cargo +nightly fuzz run network_message artifacts/network_message/crash-xxxx
+cargo +nightly fuzz run frame artifacts/frame/crash-xxxx
+cargo +nightly fuzz run scouting_message artifacts/scouting_message/crash-xxxx
+
+# Analyze one input without running the fuzz loop
+cargo run --bin analyze_transport_message -- "[2, 220, 11, 13, 0]"
+cargo run --bin analyze_network_message -- "[29, 0, 1, 2]"
+cargo run --bin analyze_frame -- "[37, 1]"
+cargo run --bin analyze_scouting_message -- "[1, 1, 10]"
+```
+
+To inspect corpus coverage for the fuzz target, run:
+
+```sh
+# Collect coverage data from the corpus
+# Use `-s none` to disable sanitizers during coverage collection.
+cargo +nightly fuzz coverage -s none transport_message corpus/transport_message
+
+# Resolve the LLVM tools shipped with the nightly toolchain
+LLVM_BIN="$(dirname "$(rustc +nightly --print target-libdir)")/bin"
+
+# Hide Rust stdlib and cargo-registry dependencies from the report.
+# Print a text summary
+"$LLVM_BIN/llvm-cov" report \
+  target/x86_64-unknown-linux-gnu/coverage/x86_64-unknown-linux-gnu/release/transport_message \
+  -instr-profile=coverage/transport_message/coverage.profdata \
+  --ignore-filename-regex='^/rustc/|^.*/.cargo/registry'
+
+# Hide Rust stdlib and cargo-registry dependencies from the report.
+# Only render HTML for the Zenoh source trees we want to inspect.
+# Generate an HTML report focused on Zenoh sources
+"$LLVM_BIN/llvm-cov" show \
+  target/x86_64-unknown-linux-gnu/coverage/x86_64-unknown-linux-gnu/release/transport_message \
+  -instr-profile=coverage/transport_message/coverage.profdata \
+  --format=html \
+  --output-dir=coverage/transport_message/html \
+  --ignore-filename-regex='^/rustc/|^.*/.cargo/registry' \
+  ../src \
+  ../../zenoh-protocol/src \
+  ../../zenoh-buffers/src
+```