aboutsummaryrefslogtreecommitdiffhomepage
path: root/test/core/end2end/fuzzers/api_fuzzer.c
diff options
context:
space:
mode:
Diffstat (limited to 'test/core/end2end/fuzzers/api_fuzzer.c')
-rw-r--r--test/core/end2end/fuzzers/api_fuzzer.c111
1 files changed, 28 insertions, 83 deletions
diff --git a/test/core/end2end/fuzzers/api_fuzzer.c b/test/core/end2end/fuzzers/api_fuzzer.c
index 30d814b01b..200a51858a 100644
--- a/test/core/end2end/fuzzers/api_fuzzer.c
+++ b/test/core/end2end/fuzzers/api_fuzzer.c
@@ -44,7 +44,6 @@
#include "src/core/lib/iomgr/resolve_address.h"
#include "src/core/lib/iomgr/tcp_client.h"
#include "src/core/lib/iomgr/timer.h"
-#include "src/core/lib/slice/slice_internal.h"
#include "src/core/lib/surface/server.h"
#include "src/core/lib/transport/metadata.h"
#include "test/core/end2end/data/ssl_test_data.h"
@@ -91,7 +90,7 @@ static uint8_t next_byte(input_stream *inp) {
static void end(input_stream *inp) { inp->cur = inp->end; }
-static char *read_string(input_stream *inp, bool *special) {
+static char *read_string(input_stream *inp) {
char *str = NULL;
size_t cap = 0;
size_t sz = 0;
@@ -103,56 +102,18 @@ static char *read_string(input_stream *inp, bool *special) {
}
c = (char)next_byte(inp);
str[sz++] = c;
- } while (c != 0 && c != 1);
- if (special != NULL) {
- *special = (c == 1);
- }
- if (c == 1) {
- str[sz - 1] = 0;
- }
+ } while (c != 0);
return str;
}
-static void read_buffer(input_stream *inp, char **buffer, size_t *length,
- bool *special) {
+static void read_buffer(input_stream *inp, char **buffer, size_t *length) {
*length = next_byte(inp);
- if (*length == 255) {
- if (special != NULL) *special = true;
- *length = next_byte(inp);
- } else {
- if (special != NULL) *special = false;
- }
*buffer = gpr_malloc(*length);
for (size_t i = 0; i < *length; i++) {
(*buffer)[i] = (char)next_byte(inp);
}
}
-static grpc_slice maybe_intern(grpc_slice s, bool intern) {
- grpc_slice r = intern ? grpc_slice_intern(s) : grpc_slice_ref(s);
- grpc_slice_unref(s);
- return r;
-}
-
-static grpc_slice read_string_like_slice(input_stream *inp) {
- bool special;
- char *s = read_string(inp, &special);
- grpc_slice r = maybe_intern(grpc_slice_from_copied_string(s), special);
- gpr_free(s);
- return r;
-}
-
-static grpc_slice read_buffer_like_slice(input_stream *inp) {
- char *buffer;
- size_t length;
- bool special;
- read_buffer(inp, &buffer, &length, &special);
- grpc_slice r =
- maybe_intern(grpc_slice_from_copied_buffer(buffer, length), special);
- gpr_free(buffer);
- return r;
-}
-
static uint32_t read_uint22(input_stream *inp) {
uint8_t b = next_byte(inp);
uint32_t x = b & 0x7f;
@@ -209,12 +170,12 @@ static grpc_channel_args *read_args(input_stream *inp) {
switch (next_byte(inp)) {
case 1:
args[i].type = GRPC_ARG_STRING;
- args[i].key = read_string(inp, NULL);
- args[i].value.string = read_string(inp, NULL);
+ args[i].key = read_string(inp);
+ args[i].value.string = read_string(inp);
break;
case 2:
args[i].type = GRPC_ARG_INTEGER;
- args[i].key = read_string(inp, NULL);
+ args[i].key = read_string(inp);
args[i].value.integer = read_int(inp);
break;
case 3:
@@ -256,7 +217,7 @@ static const char *read_cred_artifact(cred_artifact_ctx *ctx, input_stream *inp,
size_t num_builtins) {
uint8_t b = next_byte(inp);
if (b == 0) return NULL;
- if (b == 1) return ctx->release[ctx->num_release++] = read_string(inp, NULL);
+ if (b == 1) return ctx->release[ctx->num_release++] = read_string(inp);
if (b >= num_builtins + 1) {
end(inp);
return NULL;
@@ -547,7 +508,8 @@ typedef struct call_state {
grpc_status_code status;
grpc_metadata_array recv_initial_metadata;
grpc_metadata_array recv_trailing_metadata;
- grpc_slice recv_status_details;
+ char *recv_status_details;
+ size_t recv_status_details_capacity;
int cancelled;
int pending_ops;
grpc_call_details call_details;
@@ -561,11 +523,6 @@ typedef struct call_state {
size_t cap_to_free;
void **to_free;
- // array of slices to unref
- size_t num_slices_to_unref;
- size_t cap_slices_to_unref;
- grpc_slice *slices_to_unref;
-
struct call_state *next;
struct call_state *prev;
} call_state;
@@ -601,15 +558,12 @@ static call_state *maybe_delete_call_state(call_state *call) {
call->next->prev = call->prev;
grpc_metadata_array_destroy(&call->recv_initial_metadata);
grpc_metadata_array_destroy(&call->recv_trailing_metadata);
- grpc_slice_unref(call->recv_status_details);
+ gpr_free(call->recv_status_details);
grpc_call_details_destroy(&call->call_details);
for (size_t i = 0; i < call->num_to_free; i++) {
gpr_free(call->to_free[i]);
}
- for (size_t i = 0; i < call->num_slices_to_unref; i++) {
- grpc_slice_unref(call->slices_to_unref[i]);
- }
gpr_free(call->to_free);
gpr_free(call);
@@ -626,17 +580,6 @@ static void add_to_free(call_state *call, void *p) {
call->to_free[call->num_to_free++] = p;
}
-static grpc_slice *add_to_slice_unref(call_state *call, grpc_slice s) {
- if (call->num_slices_to_unref == call->cap_slices_to_unref) {
- call->cap_slices_to_unref = GPR_MAX(8, 2 * call->cap_slices_to_unref);
- call->slices_to_unref =
- gpr_realloc(call->slices_to_unref,
- sizeof(*call->slices_to_unref) * call->cap_slices_to_unref);
- }
- call->slices_to_unref[call->num_to_free++] = s;
- return &call->slices_to_unref[call->num_to_free - 1];
-}
-
static void read_metadata(input_stream *inp, size_t *count,
grpc_metadata **metadata, call_state *cs) {
*count = next_byte(inp);
@@ -644,11 +587,12 @@ static void read_metadata(input_stream *inp, size_t *count,
*metadata = gpr_malloc(*count * sizeof(**metadata));
memset(*metadata, 0, *count * sizeof(**metadata));
for (size_t i = 0; i < *count; i++) {
- (*metadata)[i].key = read_string_like_slice(inp);
- (*metadata)[i].value = read_buffer_like_slice(inp);
+ (*metadata)[i].key = read_string(inp);
+ read_buffer(inp, (char **)&(*metadata)[i].value,
+ &(*metadata)[i].value_length);
(*metadata)[i].flags = read_uint32(inp);
- add_to_slice_unref(cs, (*metadata)[i].key);
- add_to_slice_unref(cs, (*metadata)[i].value);
+ add_to_free(cs, (void *)(*metadata)[i].key);
+ add_to_free(cs, (void *)(*metadata)[i].value);
}
} else {
*metadata = gpr_malloc(1);
@@ -712,7 +656,7 @@ static validator *make_finished_batch_validator(call_state *cs,
}
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
- grpc_test_only_set_slice_hash_seed(0);
+ grpc_test_only_set_metadata_hash_seed(0);
if (squelch) gpr_set_log_function(dont_log);
input_stream inp = {data, data + size};
grpc_resolve_address = my_resolve_address;
@@ -798,7 +742,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// create an insecure channel
case 2: {
if (g_channel == NULL) {
- char *target = read_string(&inp, NULL);
+ char *target = read_string(&inp);
char *target_uri;
gpr_asprintf(&target_uri, "dns:%s", target);
grpc_channel_args *args = read_args(&inp);
@@ -927,8 +871,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
parent_call = g_active_call->call;
}
uint32_t propagation_mask = read_uint32(&inp);
- grpc_slice method = read_string_like_slice(&inp);
- grpc_slice host = read_string_like_slice(&inp);
+ char *method = read_string(&inp);
+ char *host = read_string(&inp);
gpr_timespec deadline =
gpr_time_add(gpr_now(GPR_CLOCK_REALTIME),
gpr_time_from_micros(read_uint32(&inp), GPR_TIMESPAN));
@@ -937,12 +881,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
call_state *cs = new_call(g_active_call, CLIENT);
cs->call =
grpc_channel_create_call(g_channel, parent_call, propagation_mask,
- cq, method, &host, deadline, NULL);
+ cq, method, host, deadline, NULL);
} else {
end(&inp);
}
- grpc_slice_unref(method);
- grpc_slice_unref(host);
+ gpr_free(method);
+ gpr_free(host);
break;
}
// switch the 'current' call
@@ -1007,8 +951,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
g_active_call);
op->data.send_status_from_server.status = next_byte(&inp);
op->data.send_status_from_server.status_details =
- add_to_slice_unref(g_active_call,
- read_buffer_like_slice(&inp));
+ read_string(&inp);
break;
case GRPC_OP_RECV_INITIAL_METADATA:
op->op = GRPC_OP_RECV_INITIAL_METADATA;
@@ -1028,6 +971,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
&g_active_call->recv_trailing_metadata;
op->data.recv_status_on_client.status_details =
&g_active_call->recv_status_details;
+ op->data.recv_status_on_client.status_details_capacity =
+ &g_active_call->recv_status_details_capacity;
break;
case GRPC_OP_RECV_CLOSE_ON_SERVER:
op->op = GRPC_OP_RECV_CLOSE_ON_SERVER;
@@ -1115,14 +1060,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
}
// enable a tracer
case 17: {
- char *tracer = read_string(&inp, NULL);
+ char *tracer = read_string(&inp);
grpc_tracer_set_enabled(tracer, 1);
gpr_free(tracer);
break;
}
// disable a tracer
case 18: {
- char *tracer = read_string(&inp, NULL);
+ char *tracer = read_string(&inp);
grpc_tracer_set_enabled(tracer, 0);
gpr_free(tracer);
break;
@@ -1164,7 +1109,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// create a secure channel
case 22: {
if (g_channel == NULL) {
- char *target = read_string(&inp, NULL);
+ char *target = read_string(&inp);
char *target_uri;
gpr_asprintf(&target_uri, "dns:%s", target);
grpc_channel_args *args = read_args(&inp);
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-30 18:40:22 +0000