LCOV - code coverage report
Current view: top level - disco/bundle - fuzz_bundle_client.c (source / functions) Hit Total Coverage
Test: cov.lcov Lines: 3 3 100.0 %
Date: 2025-08-05 05:04:49 Functions: 1 1 100.0 % 

          Line data    Source code
       1             : /* fuzz_bundle_client injects HTTP/2 frames into a bundle tile state. */
       2             : 
       3             : #include "test_bundle_common.c"
       4             : #include "fd_bundle_tile_private.h"
       5             : #include <errno.h>
       6             : #include <stdlib.h>
       7             : 
       8             : /* Override the clock source weak symbol.
       9             :    For now, this fuzzer does not support timeouts. */
      10             : 
      11             : long
      12         642 : fd_bundle_now( void ) {
      13         642 :   return 2UL;
      14         642 : }
      15             : 
      16             : static fd_wksp_t * g_wksp;
      17             : 
      18             : int
      19             : LLVMFuzzerInitialize( int *    pargc,
      20             :                       char *** pargv ) {
      21             :   putenv( "FD_LOG_BACKTRACE=0" );
      22             : 
      23             :   fd_boot( pargc, pargv );
      24             : 
      25             :   ulong cpu_idx = fd_tile_cpu_id( fd_tile_idx() );
      26             :   if( cpu_idx>fd_shmem_cpu_cnt() ) cpu_idx = 0UL;
      27             :   char const * _page_sz = fd_env_strip_cmdline_cstr ( pargc, pargv, "--page-sz",  NULL, "normal"                     );
      28             :   ulong        page_cnt = fd_env_strip_cmdline_ulong( pargc, pargv, "--page-cnt", NULL, 256UL                        );
      29             :   ulong        numa_idx = fd_env_strip_cmdline_ulong( pargc, pargv, "--numa-idx", NULL, fd_shmem_numa_idx( cpu_idx ) );
      30             :   fd_wksp_t * wksp = fd_wksp_new_anonymous( fd_cstr_to_shmem_page_sz( _page_sz ), page_cnt, fd_shmem_cpu_idx( numa_idx ), "wksp", 16UL );
      31             :   FD_TEST( wksp );
      32             :   g_wksp = wksp;
      33             : 
      34             :   atexit( fd_halt );
      35             : 
      36             :   fd_log_level_core_set( 4 );
      37             :   fd_log_level_stderr_set( 4 );
      38             :   fd_log_level_logfile_set( 4 );
      39             : 
      40             :   return 0;
      41             : }
      42             : 
      43             : int
      44             : LLVMFuzzerTestOneInput( uchar const * data,
      45             :                         ulong         size ) {
      46             :   fd_wksp_t * const wksp = g_wksp;
      47             :   if( size<8UL ) return -1;
      48             : 
      49             :   test_bundle_env_t env[1];
      50             :   test_bundle_env_create( env, wksp );
      51             :   test_bundle_env_mock_conn_empty( env );
      52             : 
      53             :   fd_bundle_tile_t * const ctx      = env->state;
      54             :   fd_h2_rbuf_t *     const frame_rx = ctx->grpc_client->frame_rx;
      55             :   fd_h2_rbuf_t *     const frame_tx = ctx->grpc_client->frame_tx;
      56             : 
      57             :   ctx->grpc_client->conn->ping_tx = 2; /* allow PING ACKs */
      58             : 
      59             :   ulong const seed = fd_ulong_hash( FD_LOAD( ulong, data+size-8 ) );
      60             :   if( seed &  1 ) test_bundle_env_mock_h2_hs( env->state );
      61             :   if( seed &  2 ) test_bundle_env_mock_builder_info( env->state );
      62             :   if( seed &  4 ) test_bundle_env_mock_bundle_stream( env->state );
      63             :   if( seed &  8 ) test_bundle_env_mock_packet_stream( env->state );
      64             :   if( seed & 16 ) test_bundle_env_mock_builder_info_req( env->state );
      65             : 
      66             :   while( size ) {
      67             :     // ulong chunk_sz = 1UL;
      68             :     ulong const chunk_sz = fd_ulong_min( size, fd_h2_rbuf_free_sz( frame_rx ) );
      69             :     fd_h2_rbuf_push( frame_rx, data, chunk_sz );
      70             :     data += chunk_sz;
      71             :     size -= chunk_sz;
      72             :     int charge_busy = 0;
      73             :     fd_bundle_client_step( ctx, &charge_busy );
      74             :     fd_h2_rbuf_skip( frame_tx, fd_h2_rbuf_used_sz( frame_tx ) );
      75             :     if( ctx->defer_reset ) break;
      76             :   }
      77             : 
      78             :   test_bundle_env_destroy( env );
      79             : 
      80             :   /* Check for memory leaks */
      81             :   fd_wksp_usage_t wksp_usage;
      82             :   FD_TEST( fd_wksp_usage( wksp, NULL, 0UL, &wksp_usage ) );
      83             :   FD_TEST( wksp_usage.free_cnt==wksp_usage.total_cnt );
      84             : 
      85             :   return 0;
      86             : }

Generated by: LCOV version 1.14