|
|
|
|
@ -59,6 +59,9 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// arbitrary value
|
|
|
|
|
#define ALPROTO_MAXTX 4096
|
|
|
|
|
|
|
|
|
|
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
|
|
|
|
{
|
|
|
|
|
Flow * f;
|
|
|
|
|
@ -166,6 +169,31 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
AppLayerParserTransactionsCleanup(f);
|
|
|
|
|
|
|
|
|
|
if (f->alstate && f->alparser) {
|
|
|
|
|
// check if we have too many open transactions
|
|
|
|
|
const uint64_t total_txs = AppLayerParserGetTxCnt(f, f->alstate);
|
|
|
|
|
uint64_t min = 0;
|
|
|
|
|
AppLayerGetTxIterState state;
|
|
|
|
|
memset(&state, 0, sizeof(state));
|
|
|
|
|
uint64_t nbtx = 0;
|
|
|
|
|
AppLayerGetTxIteratorFunc IterFunc = AppLayerGetTxIterator(f->proto, f->alproto);
|
|
|
|
|
while (1) {
|
|
|
|
|
AppLayerGetTxIterTuple ires =
|
|
|
|
|
IterFunc(f->proto, f->alproto, f->alstate, min, total_txs, &state);
|
|
|
|
|
if (ires.tx_ptr == NULL)
|
|
|
|
|
break;
|
|
|
|
|
min = ires.tx_id + 1;
|
|
|
|
|
nbtx++;
|
|
|
|
|
if (nbtx > ALPROTO_MAXTX) {
|
|
|
|
|
printf("Too many open transactions for protocol %s\n",
|
|
|
|
|
AppProtoToString(f->alproto));
|
|
|
|
|
printf("Assertion failure: %s\n", AppProtoToString(f->alproto));
|
|
|
|
|
fflush(stdout);
|
|
|
|
|
abort();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
alsize -= alnext - albuffer + 4;
|
|
|
|
|
albuffer = alnext + 4;
|
|
|
|
|
|
Philippe Antoine
4 years ago
committed by
Victor Julien