From 3eaa96957cc9ab434eff1e044e8e833f2e828ee4 Mon Sep 17 00:00:00 2001
From: whitequark <pz@m-labs.hk>
Date: Sat, 24 Jun 2017 10:10:43 +0000
Subject: [PATCH] Add packet parser fuzzer.

---
 fuzz/.gitignore                               |   3 +++
 fuzz/Cargo.toml                               |  22 ++++++++++++++++++
 fuzz/corpus/packet_parser/arp.bin             | Bin 0 -> 60 bytes
 .../packet_parser/icmpv4_unreachable.bin      | Bin 0 -> 590 bytes
 fuzz/corpus/packet_parser/tcpv4_data.bin      | Bin 0 -> 166 bytes
 fuzz/corpus/packet_parser/tcpv4_fin.bin       | Bin 0 -> 54 bytes
 fuzz/corpus/packet_parser/tcpv4_rst.bin       | Bin 0 -> 54 bytes
 fuzz/corpus/packet_parser/tcpv4_syn.bin       | Bin 0 -> 74 bytes
 fuzz/corpus/packet_parser/udpv4.bin           | Bin 0 -> 122 bytes
 fuzz/fuzz_targets/packet_parser.rs            |   8 +++++++
 10 files changed, 33 insertions(+)
 create mode 100644 fuzz/.gitignore
 create mode 100644 fuzz/Cargo.toml
 create mode 100644 fuzz/corpus/packet_parser/arp.bin
 create mode 100644 fuzz/corpus/packet_parser/icmpv4_unreachable.bin
 create mode 100644 fuzz/corpus/packet_parser/tcpv4_data.bin
 create mode 100644 fuzz/corpus/packet_parser/tcpv4_fin.bin
 create mode 100644 fuzz/corpus/packet_parser/tcpv4_rst.bin
 create mode 100644 fuzz/corpus/packet_parser/tcpv4_syn.bin
 create mode 100644 fuzz/corpus/packet_parser/udpv4.bin
 create mode 100644 fuzz/fuzz_targets/packet_parser.rs

diff --git a/fuzz/.gitignore b/fuzz/.gitignore
new file mode 100644
index 0000000..a092511
--- /dev/null
+++ b/fuzz/.gitignore
@@ -0,0 +1,3 @@
+target
+corpus
+artifacts
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
new file mode 100644
index 0000000..bc69cac
--- /dev/null
+++ b/fuzz/Cargo.toml
@@ -0,0 +1,22 @@
+[package]
+name = "smoltcp-fuzz"
+version = "0.0.1"
+authors = ["Automatically generated"]
+publish = false
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies.smoltcp]
+path = ".."
+
+[dependencies.libfuzzer-sys]
+git = "https://github.com/rust-fuzz/libfuzzer-sys.git"
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "packet_parser"
+path = "fuzz_targets/packet_parser.rs"
diff --git a/fuzz/corpus/packet_parser/arp.bin b/fuzz/corpus/packet_parser/arp.bin
new file mode 100644
index 0000000000000000000000000000000000000000..63dff0410ac59b56ead011cd5501b0c9d8284db5
GIT binary patch
literal 60
pcmezW9|R1dtjhS^IM^5%IT+Yj7#Jb^11nMs7{CC?>V~k8NdQ|K4bT7p

literal 0
HcmV?d00001

diff --git a/fuzz/corpus/packet_parser/icmpv4_unreachable.bin b/fuzz/corpus/packet_parser/icmpv4_unreachable.bin
new file mode 100644
index 0000000000000000000000000000000000000000..f98eb862afd3b366fb892decd09fc85c62566b35
GIT binary patch
literal 590
zcmXX@J5mBc6dVC{8dqG13>0x;c4rZc46HICA+wAu0~0kf^B5k(Km$Vq4?t|fT`X`h
zv-`<bZM}NG?tVQt*DwD0@c!-cZu;cibXJ?p+s;ikvia=2R^$IwufJxF-_$h@*m0Bg
z$EWJ*JJ)?^_{Z~=A7d8-RK5hz$I|EU$nfJM;}KSV#D30tWDKkiv4^46TdXhG_vo=+
zKzW8+;tXsbC>Tq$QF6aPhf#ULsRi*`#;X{yi3{QvrXw}J9NXw}uEZ8~RNPO<U)f$H
z|B31O_JRD;TOuW%bV|>HcSx^zwI_YRG4o)!4rj(E9nz!y9Y*<(to=xN=P!9u>XRSx
zVINn-mmfKrcHfBok>xGRhvbnj1@YuV$@%`;FZm(9K4airJ-b7GEjiaAU**T#m)=PH
yXt;^t4d{EpT=(gnbeD7o&MObpC!O-EXLtO+OSJyVpAs*a4!yVTmVV(hiT?*}Vr};T

literal 0
HcmV?d00001

diff --git a/fuzz/corpus/packet_parser/tcpv4_data.bin b/fuzz/corpus/packet_parser/tcpv4_data.bin
new file mode 100644
index 0000000000000000000000000000000000000000..50fa6f7e9d12cc680d913565a91097378d2dd474
GIT binary patch
literal 166
zcmV;X09pUQ!NBP0!JM|x)qtZ207U=*m`7?r06+#oVZf+mYECabQ^b73Qk8|oN$uxk
zV}KY1q_Q6X0099A3MU0bwK4PtLl*-B0ACN|1TO5vBscl{!N(C@tDRJlS*T`#kqD}3
z&6RD@>q|XdkwHAw1UQ{Cdss|-Wd>b0K%p2~sVlT5+4ND!(mEtG(ZISe>>y`kD8c|1
U<AO=DhX|UL_l}lf(qt25`v!AI?f?J)

literal 0
HcmV?d00001

diff --git a/fuzz/corpus/packet_parser/tcpv4_fin.bin b/fuzz/corpus/packet_parser/tcpv4_fin.bin
new file mode 100644
index 0000000000000000000000000000000000000000..37713e5fcf0b81996f3a887b3e68ecc85951e037
GIT binary patch
literal 54
zcmV-60LlNr!NBP0!JM|x)qtZ207U=*DC4t006+%r+Q6t~YG@hS6{fBMyY#hZla~UY
M%1{vsq-b0K016}-b^rhX

literal 0
HcmV?d00001

diff --git a/fuzz/corpus/packet_parser/tcpv4_rst.bin b/fuzz/corpus/packet_parser/tcpv4_rst.bin
new file mode 100644
index 0000000000000000000000000000000000000000..d87d37b02ce7700887eae0e3adf5a2425fc75f59
GIT binary patch
literal 54
zcmbQU?ZVZD#Rm=^c=7Te2ZO5ygGPRc1A{5sM3GH)IqwdvNX=s0y|aJ;2=4s}um})g
KU}!L4U;qHNEfq=t

literal 0
HcmV?d00001

diff --git a/fuzz/corpus/packet_parser/tcpv4_syn.bin b/fuzz/corpus/packet_parser/tcpv4_syn.bin
new file mode 100644
index 0000000000000000000000000000000000000000..1353aaeef8a260b37fc41c7bd6d6ff8802ff122c
GIT binary patch
literal 74
zcmX?b@W6|g2j^_NaJ6AE2ZJjEgH0Zj1A_xwd)0vzsac!sa^CGMVBCH0Pk=cC5G-IS
c5^&99U|?cl-NM4e!KKb>X9^N$WM*au0F)XRkN^Mx

literal 0
HcmV?d00001

diff --git a/fuzz/corpus/packet_parser/udpv4.bin b/fuzz/corpus/packet_parser/udpv4.bin
new file mode 100644
index 0000000000000000000000000000000000000000..f04369b8ac4e596c9c3559b26112bded68e95314
GIT binary patch
literal 122
zcmV-=0EPdYw$Rmpqrkzy=;^@-07U`-Z1J=J05lQT{k*2y6TqltYU*Xa#sFBt5`X{z
z000D&#b83A*3T(iHgM^8{JS$ar?_Ft#Eu5cDnJnpskS=w+alr{HwTB$v466Z|94)1
c$S4GM%`m8cFM4ZtSS3LMu#C%lw~#Ww#bo?C&;S4c

literal 0
HcmV?d00001

diff --git a/fuzz/fuzz_targets/packet_parser.rs b/fuzz/fuzz_targets/packet_parser.rs
new file mode 100644
index 0000000..357e1f3
--- /dev/null
+++ b/fuzz/fuzz_targets/packet_parser.rs
@@ -0,0 +1,8 @@
+#![no_main]
+#[macro_use] extern crate libfuzzer_sys;
+extern crate smoltcp;
+
+fuzz_target!(|data: &[u8]| {
+    use smoltcp::wire::*;
+    format!("{}", PrettyPrinter::<EthernetFrame<&'static [u8]>>::new("", &data));
+});