diff --git a/src/tests/fuzz/fuzz_applayerparserparse.c b/src/tests/fuzz/fuzz_applayerparserparse.c index 3952c953a5..ac8dc03685 100644 --- a/src/tests/fuzz/fuzz_applayerparserparse.c +++ b/src/tests/fuzz/fuzz_applayerparserparse.c @@ -36,6 +36,7 @@ AppLayerParserThreadCtx *alp_tctx = NULL; const uint8_t separator[] = {0x01, 0xD5, 0xCA, 0x7A}; SCInstance surifuzz; AppProto forceLayer = 0; +SC_ATOMIC_EXTERN(unsigned int, engine_stage); int LLVMFuzzerInitialize(int *argc, char ***argv) { @@ -75,10 +76,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) // otherwise overflows do not fail as they read the next packet uint8_t * isolatedBuffer; - if (size < HEADER_LEN) { - return 0; - } - if (alp_tctx == NULL) { //Redirects logs to /dev/null setenv("SC_LOG_OP_IFACE", "file", 0); @@ -97,6 +94,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) PostConfLoadedSetup(&surifuzz); alp_tctx = AppLayerParserThreadCtxAlloc(); + SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME); + } + + if (size < HEADER_LEN) { + return 0; } if (data[0] >= ALPROTO_MAX) { @@ -149,7 +151,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) // only if we have some data isolatedBuffer = malloc(alnext - albuffer); if (isolatedBuffer == NULL) { - return 0; + goto bail; } memcpy(isolatedBuffer, albuffer, alnext - albuffer); (void) AppLayerParserParse(NULL, alp_tctx, f, f->alproto, flags, isolatedBuffer, alnext - albuffer); @@ -192,13 +194,14 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) flags |= STREAM_EOF; isolatedBuffer = malloc(alsize); if (isolatedBuffer == NULL) { - return 0; + goto bail; } memcpy(isolatedBuffer, albuffer, alsize); (void) AppLayerParserParse(NULL, alp_tctx, f, f->alproto, flags, isolatedBuffer, alsize); free(isolatedBuffer); } +bail: FLOWLOCK_UNLOCK(f); FlowFree(f); diff --git a/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c b/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c index 8e2da4b27b..598e7cc03f 100644 --- a/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c +++ b/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c @@ -23,6 +23,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); AppLayerProtoDetectThreadCtx *alpd_tctx = NULL; +SC_ATOMIC_EXTERN(unsigned int, engine_stage); int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { @@ -32,10 +33,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) AppProto alproto; AppProto alproto2; - if (size < HEADER_LEN) { - return 0; - } - if (alpd_tctx == NULL) { //global init InitGlobal(); @@ -50,6 +47,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) AppLayerParserSetup(); AppLayerParserRegisterProtocolParsers(); alpd_tctx = AppLayerProtoDetectGetCtxThread(); + SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME); + } + + if (size < HEADER_LEN) { + return 0; } f = TestHelperBuildFlow(AF_INET, "1.2.3.4", "5.6.7.8", (uint16_t)((data[2] << 8) | data[3]), diff --git a/src/tests/fuzz/fuzz_decodepcapfile.c b/src/tests/fuzz/fuzz_decodepcapfile.c index c4f2266a65..dbe042206f 100644 --- a/src/tests/fuzz/fuzz_decodepcapfile.c +++ b/src/tests/fuzz/fuzz_decodepcapfile.c @@ -31,6 +31,7 @@ pcap-file:\n\ ThreadVars *tv; DecodeThreadVars *dtv; +SC_ATOMIC_EXTERN(unsigned int, engine_stage); int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { @@ -80,6 +81,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) extern uint16_t max_pending_packets; max_pending_packets = 128; PacketPoolInit(); + SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME); initialized = 1; } diff --git a/src/tests/fuzz/fuzz_predefpcap_aware.c b/src/tests/fuzz/fuzz_predefpcap_aware.c index de0aa45f25..c20e3d341d 100644 --- a/src/tests/fuzz/fuzz_predefpcap_aware.c +++ b/src/tests/fuzz/fuzz_predefpcap_aware.c @@ -40,6 +40,7 @@ DecodeThreadVars *dtv; // FlowWorkerThreadData void *fwd; SCInstance surifuzz; +SC_ATOMIC_EXTERN(unsigned int, engine_stage); #include "confyaml.c" @@ -103,6 +104,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) return 0; } + SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME); initialized = 1; } @@ -117,7 +119,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) // loop over packets r = FPC_next(&pkts, &header, &pkt); p = PacketGetFromAlloc(); - if (r <= 0 || header.ts.tv_sec >= INT_MAX - 3600) { + if (p == NULL || r <= 0 || header.ts.tv_sec >= INT_MAX - 3600) { goto bail; } p->ts = SCTIME_FROM_TIMEVAL(&header.ts); @@ -154,7 +156,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) p->pkt_src = PKT_SRC_WIRE; } bail: - PacketFree(p); + if (p != NULL) { + PacketFree(p); + } FlowReset(); return 0; diff --git a/src/tests/fuzz/fuzz_sigpcap.c b/src/tests/fuzz/fuzz_sigpcap.c index dfebd1f5f6..e5bd56deb4 100644 --- a/src/tests/fuzz/fuzz_sigpcap.c +++ b/src/tests/fuzz/fuzz_sigpcap.c @@ -40,6 +40,7 @@ DecodeThreadVars *dtv; //FlowWorkerThreadData void *fwd; SCInstance surifuzz; +SC_ATOMIC_EXTERN(unsigned int, engine_stage); #include "confyaml.c" @@ -92,6 +93,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) extern uint16_t max_pending_packets; max_pending_packets = 128; PacketPoolInit(); + SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME); initialized = 1; } diff --git a/src/tests/fuzz/fuzz_sigpcap_aware.c b/src/tests/fuzz/fuzz_sigpcap_aware.c index 61e8c22c3c..d245476985 100644 --- a/src/tests/fuzz/fuzz_sigpcap_aware.c +++ b/src/tests/fuzz/fuzz_sigpcap_aware.c @@ -40,6 +40,7 @@ DecodeThreadVars *dtv; // FlowWorkerThreadData void *fwd; SCInstance surifuzz; +SC_ATOMIC_EXTERN(unsigned int, engine_stage); #include "confyaml.c" @@ -118,6 +119,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) extern uint16_t max_pending_packets; max_pending_packets = 128; PacketPoolInit(); + SC_ATOMIC_SET(engine_stage, SURICATA_RUNTIME); initialized = 1; }