fuzz: make targets more resitant to allocation failures

src/tests/fuzz/fuzz_applayerparserparse.c

@@ -36,6 +36,7 @@ AppLayerParserThreadCtx *alp_tctx = NULL;
 const uint8_t separator[] = {0x01, 0xD5, 0xCA, 0x7A};
 SCInstance surifuzz;
 AppProto forceLayer = 0;
+SC_ATOMIC_EXTERN(unsigned int, engine_stage);
 
 int LLVMFuzzerInitialize(int *argc, char ***argv)
 {
@@ -75,10 +76,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     // otherwise overflows do not fail as they read the next packet
     uint8_t * isolatedBuffer;
 
-    if (size < HEADER_LEN) {
-        return 0;
-    }
-
     if (alp_tctx == NULL) {
         //Redirects logs to /dev/null
         setenv("SC_LOG_OP_IFACE", "file", 0);
@@ -97,6 +94,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 
         PostConfLoadedSetup(&surifuzz);
         alp_tctx = AppLayerParserThreadCtxAlloc();
+        SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);
+    }
+
+    if (size < HEADER_LEN) {
+        return 0;
     }
 
     if (data[0] >= ALPROTO_MAX) {
@@ -149,7 +151,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
             // only if we have some data
             isolatedBuffer = malloc(alnext - albuffer);
             if (isolatedBuffer == NULL) {
-                return 0;
+                goto bail;
             }
             memcpy(isolatedBuffer, albuffer, alnext - albuffer);
             (void) AppLayerParserParse(NULL, alp_tctx, f, f->alproto, flags, isolatedBuffer, alnext - albuffer);
@@ -192,13 +194,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         flags |= STREAM_EOF;
         isolatedBuffer = malloc(alsize);
         if (isolatedBuffer == NULL) {
-            return 0;
+            goto bail;
         }
         memcpy(isolatedBuffer, albuffer, alsize);
         (void) AppLayerParserParse(NULL, alp_tctx, f, f->alproto, flags, isolatedBuffer, alsize);
         free(isolatedBuffer);
     }
 
+bail:
     FLOWLOCK_UNLOCK(f);
     FlowFree(f);
 

src/tests/fuzz/fuzz_applayerprotodetectgetproto.c

@@ -23,6 +23,7 @@
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
 
 AppLayerProtoDetectThreadCtx *alpd_tctx = NULL;
+SC_ATOMIC_EXTERN(unsigned int, engine_stage);
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
@@ -32,10 +33,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     AppProto alproto;
     AppProto alproto2;
 
-    if (size < HEADER_LEN) {
-        return 0;
-    }
-
     if (alpd_tctx == NULL) {
         //global init
         InitGlobal();
@@ -50,6 +47,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         AppLayerParserSetup();
         AppLayerParserRegisterProtocolParsers();
         alpd_tctx = AppLayerProtoDetectGetCtxThread();
+        SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);
+    }
+
+    if (size < HEADER_LEN) {
+        return 0;
     }
 
     f = TestHelperBuildFlow(AF_INET, "1.2.3.4", "5.6.7.8", (uint16_t)((data[2] << 8) | data[3]),

src/tests/fuzz/fuzz_decodepcapfile.c

@@ -31,6 +31,7 @@ pcap-file:\n\
 
 ThreadVars *tv;
 DecodeThreadVars *dtv;
+SC_ATOMIC_EXTERN(unsigned int, engine_stage);
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
@@ -80,6 +81,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         extern uint16_t max_pending_packets;
         max_pending_packets = 128;
         PacketPoolInit();
+        SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);
 
         initialized = 1;
     }

src/tests/fuzz/fuzz_predefpcap_aware.c

@@ -40,6 +40,7 @@ DecodeThreadVars *dtv;
 // FlowWorkerThreadData
 void *fwd;
 SCInstance surifuzz;
+SC_ATOMIC_EXTERN(unsigned int, engine_stage);
 
 #include "confyaml.c"
 
@@ -103,6 +104,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
             return 0;
         }
 
+        SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);
         initialized = 1;
     }
 
@@ -117,7 +119,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
     // loop over packets
     r = FPC_next(&pkts, &header, &pkt);
     p = PacketGetFromAlloc();
-    if (r <= 0 || header.ts.tv_sec >= INT_MAX - 3600) {
+    if (p == NULL || r <= 0 || header.ts.tv_sec >= INT_MAX - 3600) {
         goto bail;
     }
     p->ts = SCTIME_FROM_TIMEVAL(&header.ts);
@@ -154,7 +156,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         p->pkt_src = PKT_SRC_WIRE;
     }
 bail:
-    PacketFree(p);
+    if (p != NULL) {
+        PacketFree(p);
+    }
     FlowReset();
 
     return 0;

src/tests/fuzz/fuzz_sigpcap.c

@@ -40,6 +40,7 @@ DecodeThreadVars *dtv;
 //FlowWorkerThreadData
 void *fwd;
 SCInstance surifuzz;
+SC_ATOMIC_EXTERN(unsigned int, engine_stage);
 
 #include "confyaml.c"
 
@@ -92,6 +93,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         extern uint16_t max_pending_packets;
         max_pending_packets = 128;
         PacketPoolInit();
+        SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);
         initialized = 1;
     }
 

src/tests/fuzz/fuzz_sigpcap_aware.c

@@ -40,6 +40,7 @@ DecodeThreadVars *dtv;
 // FlowWorkerThreadData
 void *fwd;
 SCInstance surifuzz;
+SC_ATOMIC_EXTERN(unsigned int, engine_stage);
 
 #include "confyaml.c"
 
@@ -118,6 +119,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         extern uint16_t max_pending_packets;
         max_pending_packets = 128;
         PacketPoolInit();
+        SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME);
         initialized = 1;
     }