[ovs-dev] [PATCH v2 1/2] This patch adds a new oss-fuzz target for OVN

Ben Pfaff blp at ovn.org
Thu Sep 27 21:27:17 UTC 2018


On Thu, Sep 27, 2018 at 02:07:41PM +0200, bshastry at sect.tu-berlin.de wrote:
> From: Bhargava Shastry <bshastry at sect.tu-berlin.de>
> 
>  The fuzzer target, expr_parse_target.c, comprises test cases adapted
>  from test-ovn.c.
> 
>  In addition, this patch contains configuration files for oss-fuzz,
>  including a dictionary, expr.dict, to aid quick path discovery and a
>  fuzzer configuration file that customises fuzzing for this target.
> 
>  Prominently, the patch sets the maximum length of fuzzed input 
>  (the string accepted by lexer/expression parser) to be up to 100 
>  characters long not containing a newline character.
> 
> Signed-off-by: Bhargava Shastry <bshastry at sect.tu-berlin.de>

Thanks for the patch.

I applied this.  I folded in the following to simplify it slightly.

I am not sure why it disallows new-lines.

--8<--------------------------cut here-------------------------->8--

diff --git a/tests/oss-fuzz/expr_parse_target.c b/tests/oss-fuzz/expr_parse_target.c
index e7dee9415d04..d72ad40c40fc 100644
--- a/tests/oss-fuzz/expr_parse_target.c
+++ b/tests/oss-fuzz/expr_parse_target.c
@@ -62,14 +62,14 @@ compare_token(const struct lex_token *a, const struct lex_token *b)
 }
 
 static void
-test_lex(struct ds *input)
+test_lex(const char *input)
 {
     struct ds output;
 
     ds_init(&output);
     struct lexer lexer;
 
-    lexer_init(&lexer, ds_cstr(input));
+    lexer_init(&lexer, input);
     ds_clear(&output);
     while (lexer_get(&lexer) != LEX_T_END) {
         size_t len = output.length;
@@ -212,7 +212,7 @@ is_chassis_resident_cb(const void *ports_, const char *port_name)
 }
 
 static void
-test_parse_actions(struct ds *input)
+test_parse_actions(const char *input)
 {
     struct shash symtab;
     struct hmap dhcp_opts;
@@ -240,7 +240,7 @@ test_parse_actions(struct ds *input)
     struct expr *prereqs;
     char *error;
 
-    puts(ds_cstr(input));
+    puts(input);
 
     ofpbuf_init(&ovnacts, 0);
 
@@ -252,13 +252,13 @@ test_parse_actions(struct ds *input)
         .n_tables = 24,
         .cur_ltable = 10,
     };
-    error = ovnacts_parse_string(ds_cstr(input), &pp, &ovnacts, &prereqs);
+    error = ovnacts_parse_string(input, &pp, &ovnacts, &prereqs);
     if (!error) {
         /* Convert the parsed representation back to a string and print it,
          * if it's different from the input. */
         struct ds ovnacts_s = DS_EMPTY_INITIALIZER;
         ovnacts_format(ovnacts.data, ovnacts.size, &ovnacts_s);
-        if (strcmp(ds_cstr(input), ds_cstr(&ovnacts_s))) {
+        if (strcmp(input, ds_cstr(&ovnacts_s))) {
             printf("    formats as %s\n", ds_cstr(&ovnacts_s));
         }
 
@@ -336,7 +336,8 @@ test_parse_actions(struct ds *input)
     ovn_extend_table_destroy(&meter_table);
 }
 
-static void test_parse_expr(struct ds *input, int steps)
+static void
+test_parse_expr(const char *input)
 {
     struct shash symtab;
     struct shash addr_sets;
@@ -357,33 +358,22 @@ static void test_parse_expr(struct ds *input, int steps)
     simap_put(&ports, "lsp2", 0x12);
     simap_put(&ports, "lsp3", 0x13);
 
-    expr = expr_parse_string(ds_cstr(input), &symtab, &addr_sets,
+    expr = expr_parse_string(input, &symtab, &addr_sets,
                              &port_groups, &error);
-    if (!error && steps > 0) {
+    if (!error) {
         expr = expr_annotate(expr, &symtab, &error);
     }
     if (!error) {
-        if (steps > 1) {
-            expr = expr_simplify(expr, is_chassis_resident_cb, &ports);
-        }
-        if (steps > 2) {
-            expr = expr_normalize(expr);
-            ovs_assert(expr_is_normalized(expr));
-        }
+        expr = expr_simplify(expr, is_chassis_resident_cb, &ports);
+        expr = expr_normalize(expr);
+        ovs_assert(expr_is_normalized(expr));
     }
     if (!error) {
-        if (steps > 3) {
-            struct hmap matches;
+        struct hmap matches;
 
-            expr_to_matches(expr, lookup_port_cb, &ports, &matches);
-            expr_matches_print(&matches, stdout);
-            expr_matches_destroy(&matches);
-        } else {
-            struct ds output = DS_EMPTY_INITIALIZER;
-            expr_format(expr, &output);
-            puts(ds_cstr(&output));
-            ds_destroy(&output);
-        }
+        expr_to_matches(expr, lookup_port_cb, &ports, &matches);
+        expr_matches_print(&matches, stdout);
+        expr_matches_destroy(&matches);
     } else {
         puts(error);
         free(error);
@@ -407,13 +397,14 @@ lookup_atoi_cb(const void *aux OVS_UNUSED, const char *port_name,
 }
 
 static void
-test_expr_to_packets(struct ds *input)
+test_expr_to_packets(const char *input)
 {
     struct shash symtab;
     create_symtab(&symtab);
 
     struct flow uflow;
-    char *error = expr_parse_microflow(ds_cstr(input), &symtab, NULL, NULL, lookup_atoi_cb, NULL, &uflow);
+    char *error = expr_parse_microflow(input, &symtab, NULL, NULL,
+                                       lookup_atoi_cb, NULL, &uflow);
     if (error) {
         puts(error);
         free(error);
@@ -441,12 +432,11 @@ test_expr_to_packets(struct ds *input)
 }
 
 int
-LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+LLVMFuzzerTestOneInput(const uint8_t *input_, size_t size)
 {
-    struct ds input;
-
     /* Bail out if we cannot construct at least a 1 char string. */
-    if ((size < 2) || (data[size-1] != '\0')) {
+    const char *input = (const char *) input_;
+    if (size < 2 || input[size - 1] != '\0' || strchr(input, '\n')) {
         return 0;
     }
 
@@ -457,23 +447,17 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         isInit = true;
     }
 
-    ds_init(&input);
-    ds_put_cstr(&input, (const char *)data);
-
-    char *isNewLine = strpbrk(ds_cstr(&input), "\n");
-    if (isNewLine) {
-        ds_destroy(&input);
-        return 0;
-    }
-
     /* Parse, annotate, simplify, normalize expr and convert to flows. */
-    test_parse_expr(&input, 4);
+    test_parse_expr(input);
+
     /* Parse actions. */
-    test_parse_actions(&input);
+    test_parse_actions(input);
+
     /* Test OVN lexer. */
-    test_lex(&input);
+    test_lex(input);
+
     /* Expr to packets. */
-    test_expr_to_packets(&input);
-    ds_destroy(&input);
+    test_expr_to_packets(input);
+
     return 0;
 }


More information about the dev mailing list