aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/core/ext/transport/chttp2/transport/frame_data.c12
-rw-r--r--src/core/ext/transport/chttp2/transport/frame_data.h3
-rw-r--r--test/core/end2end/fuzzers/server_fuzzer_corpus/9a6963b0d0fcb0e91a31748c47c6f0e1e842fea9bin0 -> 605 bytes
-rw-r--r--test/core/end2end/fuzzers/server_fuzzer_corpus/a32be0653ccc65463445b4aaf24a7a1164d5c642bin0 -> 101 bytes
-rw-r--r--test/core/end2end/fuzzers/server_fuzzer_corpus/crash-41ab0e868e84612275f77118f9e832bc94ff45c5bin0 -> 605 bytes
-rw-r--r--test/core/end2end/fuzzers/server_fuzzer_corpus/fb84edfa9e8cbddba26a7184e7fdc219bde556c0bin0 -> 67 bytes
-rw-r--r--tools/run_tests/tests.json88
7 files changed, 97 insertions, 6 deletions
diff --git a/src/core/ext/transport/chttp2/transport/frame_data.c b/src/core/ext/transport/chttp2/transport/frame_data.c
index 9c301d1608..3a6d80e0a3 100644
--- a/src/core/ext/transport/chttp2/transport/frame_data.c
+++ b/src/core/ext/transport/chttp2/transport/frame_data.c
@@ -159,7 +159,10 @@ grpc_chttp2_parse_error grpc_chttp2_data_parser_parse(
}
switch (p->state) {
- fh_0:
+ case GRPC_CHTTP2_DATA_ERROR:
+ p->state = GRPC_CHTTP2_DATA_ERROR;
+ return GRPC_CHTTP2_STREAM_ERROR;
+ fh_0:
case GRPC_CHTTP2_DATA_FH_0:
stream_parsing->stats.incoming.framing_bytes++;
p->frame_type = *cur;
@@ -172,6 +175,7 @@ grpc_chttp2_parse_error grpc_chttp2_data_parser_parse(
break;
default:
gpr_log(GPR_ERROR, "Bad GRPC frame type 0x%02x", p->frame_type);
+ p->state = GRPC_CHTTP2_DATA_ERROR;
return GRPC_CHTTP2_STREAM_ERROR;
}
if (++cur == end) {
@@ -218,13 +222,11 @@ grpc_chttp2_parse_error grpc_chttp2_data_parser_parse(
message_flags, &p->incoming_frames);
/* fallthrough */
case GRPC_CHTTP2_DATA_FRAME:
+ grpc_chttp2_list_add_parsing_seen_stream(transport_parsing,
+ stream_parsing);
if (cur == end) {
- grpc_chttp2_list_add_parsing_seen_stream(transport_parsing,
- stream_parsing);
return GRPC_CHTTP2_PARSE_OK;
}
- grpc_chttp2_list_add_parsing_seen_stream(transport_parsing,
- stream_parsing);
uint32_t remaining = (uint32_t)(end - cur);
if (remaining == p->frame_size) {
stream_parsing->stats.incoming.data_bytes += p->frame_size;
diff --git a/src/core/ext/transport/chttp2/transport/frame_data.h b/src/core/ext/transport/chttp2/transport/frame_data.h
index 2ff32963d6..af71f483a2 100644
--- a/src/core/ext/transport/chttp2/transport/frame_data.h
+++ b/src/core/ext/transport/chttp2/transport/frame_data.h
@@ -49,7 +49,8 @@ typedef enum {
GRPC_CHTTP2_DATA_FH_2,
GRPC_CHTTP2_DATA_FH_3,
GRPC_CHTTP2_DATA_FH_4,
- GRPC_CHTTP2_DATA_FRAME
+ GRPC_CHTTP2_DATA_FRAME,
+ GRPC_CHTTP2_DATA_ERROR
} grpc_chttp2_stream_state;
typedef struct grpc_chttp2_incoming_byte_stream
diff --git a/test/core/end2end/fuzzers/server_fuzzer_corpus/9a6963b0d0fcb0e91a31748c47c6f0e1e842fea9 b/test/core/end2end/fuzzers/server_fuzzer_corpus/9a6963b0d0fcb0e91a31748c47c6f0e1e842fea9
new file mode 100644
index 0000000000..e8fef7f1cf
--- /dev/null
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/9a6963b0d0fcb0e91a31748c47c6f0e1e842fea9
Binary files differ
diff --git a/test/core/end2end/fuzzers/server_fuzzer_corpus/a32be0653ccc65463445b4aaf24a7a1164d5c642 b/test/core/end2end/fuzzers/server_fuzzer_corpus/a32be0653ccc65463445b4aaf24a7a1164d5c642
new file mode 100644
index 0000000000..a4c4bf3a44
--- /dev/null
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/a32be0653ccc65463445b4aaf24a7a1164d5c642
Binary files differ
diff --git a/test/core/end2end/fuzzers/server_fuzzer_corpus/crash-41ab0e868e84612275f77118f9e832bc94ff45c5 b/test/core/end2end/fuzzers/server_fuzzer_corpus/crash-41ab0e868e84612275f77118f9e832bc94ff45c5
new file mode 100644
index 0000000000..87bfefb849
--- /dev/null
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/crash-41ab0e868e84612275f77118f9e832bc94ff45c5
Binary files differ
diff --git a/test/core/end2end/fuzzers/server_fuzzer_corpus/fb84edfa9e8cbddba26a7184e7fdc219bde556c0 b/test/core/end2end/fuzzers/server_fuzzer_corpus/fb84edfa9e8cbddba26a7184e7fdc219bde556c0
new file mode 100644
index 0000000000..f5de9d4fc8
--- /dev/null
+++ b/test/core/end2end/fuzzers/server_fuzzer_corpus/fb84edfa9e8cbddba26a7184e7fdc219bde556c0
Binary files differ
diff --git a/tools/run_tests/tests.json b/tools/run_tests/tests.json
index ebf8218645..d6e40fe97a 100644
--- a/tools/run_tests/tests.json
+++ b/tools/run_tests/tests.json
@@ -50177,6 +50177,28 @@
},
{
"args": [
+ "test/core/end2end/fuzzers/server_fuzzer_corpus/9a6963b0d0fcb0e91a31748c47c6f0e1e842fea9"
+ ],
+ "ci_platforms": [
+ "linux",
+ "mac",
+ "windows",
+ "posix"
+ ],
+ "cpu_cost": 0.1,
+ "exclude_configs": [],
+ "flaky": false,
+ "language": "c",
+ "name": "server_fuzzer_one_entry",
+ "platforms": [
+ "linux",
+ "mac",
+ "windows",
+ "posix"
+ ]
+ },
+ {
+ "args": [
"test/core/end2end/fuzzers/server_fuzzer_corpus/9bf7553a.bin"
],
"ci_platforms": [
@@ -50265,6 +50287,28 @@
},
{
"args": [
+ "test/core/end2end/fuzzers/server_fuzzer_corpus/a32be0653ccc65463445b4aaf24a7a1164d5c642"
+ ],
+ "ci_platforms": [
+ "linux",
+ "mac",
+ "windows",
+ "posix"
+ ],
+ "cpu_cost": 0.1,
+ "exclude_configs": [],
+ "flaky": false,
+ "language": "c",
+ "name": "server_fuzzer_one_entry",
+ "platforms": [
+ "linux",
+ "mac",
+ "windows",
+ "posix"
+ ]
+ },
+ {
+ "args": [
"test/core/end2end/fuzzers/server_fuzzer_corpus/a357658d.bin"
],
"ci_platforms": [
@@ -51431,6 +51475,28 @@
},
{
"args": [
+ "test/core/end2end/fuzzers/server_fuzzer_corpus/crash-41ab0e868e84612275f77118f9e832bc94ff45c5"
+ ],
+ "ci_platforms": [
+ "linux",
+ "mac",
+ "windows",
+ "posix"
+ ],
+ "cpu_cost": 0.1,
+ "exclude_configs": [],
+ "flaky": false,
+ "language": "c",
+ "name": "server_fuzzer_one_entry",
+ "platforms": [
+ "linux",
+ "mac",
+ "windows",
+ "posix"
+ ]
+ },
+ {
+ "args": [
"test/core/end2end/fuzzers/server_fuzzer_corpus/crash-7e121dd3be057176369bea160d873040b32a03dc"
],
"ci_platforms": [
@@ -52201,6 +52267,28 @@
},
{
"args": [
+ "test/core/end2end/fuzzers/server_fuzzer_corpus/fb84edfa9e8cbddba26a7184e7fdc219bde556c0"
+ ],
+ "ci_platforms": [
+ "linux",
+ "mac",
+ "windows",
+ "posix"
+ ],
+ "cpu_cost": 0.1,
+ "exclude_configs": [],
+ "flaky": false,
+ "language": "c",
+ "name": "server_fuzzer_one_entry",
+ "platforms": [
+ "linux",
+ "mac",
+ "windows",
+ "posix"
+ ]
+ },
+ {
+ "args": [
"test/core/end2end/fuzzers/server_fuzzer_corpus/fd14bea45ecaf13af0053900edb2f17b71a0bf09"
],
"ci_platforms": [
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-10 07:00:55 +0000