Add FuzzTest set up and OSS-Fuzz integration

Adds a fuzzer using the FuzzTest framework. https://github.com/google/fuzztest The fuzzer is a migration of 8294639 to the fuzztest set up. This is also an effort to follow up on a recent OSS-Fuzz integration https://github.com/google/oss-fuzz/tree/master/projects/quiche Signed-off-by: David Korczynski <[email protected]>
google · Jun 5, 2023 · f8d2fad · f8d2fad
1 parent 661e3c8
commit f8d2fad
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 0 deletions.
diff --git a/WORKSPACE.bazel b/WORKSPACE.bazel
@@ -74,6 +74,13 @@ http_archive(
     urls = ["https://github.com/google/re2/archive/03da4fc0857c285e3a26782f6bc8931c4c950df4.zip"],
 )
 
+http_archive(
+    name = "com_google_fuzztest",
+    sha256 = "c75f224b34c3c62ee901381fb743f6326f7b91caae0ceb8fe62f3fd36f187627",
+    strip_prefix = "fuzztest-58b4e7065924f1a284952b84ea827ce35a87e4dc",
+    urls = ["https://github.com/google/fuzztest/archive/58b4e7065924f1a284952b84ea827ce35a87e4dc.zip"],
+)
+
 # -------- Load and call dependencies of underlying libraries --------
 
 load("@bazel_skylib//:workspace.bzl", "bazel_skylib_workspace")

diff --git a/quiche/BUILD.bazel b/quiche/BUILD.bazel
@@ -322,6 +322,31 @@ cc_library(
     ],
 )
 
+cc_test(
+    name = "http_frame_fuzzer",
+    srcs = ["http2/decoder/http2_frame_decoder_test.cc"],
+    deps = [
+        ":binary_http",
+        ":quiche_core",
+        ":quiche_platform_default_testonly",
+        ":quiche_protobufs_testonly_cc_proto",
+        ":quiche_tool_support",
+        ":quiche_test_support",
+        "@boringssl//:crypto",
+        "@boringssl//:ssl",
+        "@com_google_absl//absl/base:core_headers",
+        "@com_google_absl//absl/container:flat_hash_map",
+        "@com_google_absl//absl/container:flat_hash_set",
+        "@com_google_absl//absl/memory",
+        "@com_google_absl//absl/strings",
+        "@com_google_absl//absl/strings:str_format",
+        "@com_google_absl//absl/types:optional",
+        "@com_google_fuzztest//fuzztest",
+        "@com_google_fuzztest//fuzztest:fuzztest_gtest_main",
+        "@com_google_googleurl//url",
+    ],
+)
+
 test_suite_from_source_list(
     name = "quiche_tests",
     srcs = quiche_tests_srcs,

diff --git a/quiche/http2/decoder/http2_frame_decoder_test.cc b/quiche/http2/decoder/http2_frame_decoder_test.cc
@@ -18,6 +18,8 @@
 #include "quiche/http2/test_tools/verify_macros.h"
 #include "quiche/common/platform/api/quiche_logging.h"
 
+#include "fuzztest/fuzztest.h"
+
 using ::testing::AssertionSuccess;
 
 namespace http2 {
@@ -914,6 +916,14 @@ TEST_F(Http2FrameDecoderTest, WindowUpdateTooLong) {
   EXPECT_TRUE(DecodePayloadExpectingFrameSizeError(kFrameData, header));
 }
 
+void FuzzFrameDecoder(const std::string &s) {
+    http2::Http2FrameDecoderNoOpListener listener;
+    http2::Http2FrameDecoder decoder(&listener);
+    http2::DecodeBuffer db(reinterpret_cast<const char *>(s.c_str()), s.size());
+    decoder.DecodeFrame(&db);
+}
+FUZZ_TEST(Http2FrameDecoderFuzzTest, FuzzFrameDecoder);
+
 }  // namespace
 }  // namespace test
 }  // namespace http2