test: Add fuzzer tests to the bazel build.

other/bootstrap_daemon/docker/tox-bootstrapd.sha256

@@ -1 +1 @@
-591106a972c27f19e72bd8927964e1ecc57976f4f4ff538699eaf3eb6236f9ea  /usr/local/bin/tox-bootstrapd
+ea4c271badeb89030e90c43e18507166fade28a924feb8fd5bfbd3f0e5f7c8d3  /usr/local/bin/tox-bootstrapd

other/bootstrap_daemon/websocket/websockify/BUILD.bazel

@@ -1,5 +1,7 @@
 load("@io_bazel_rules_go//go:def.bzl", "go_binary", "go_library")
 
+package(features = ["-layering_check"])
+
 go_library(
     name = "go_default_library",
     srcs = ["websockify.go"],

testing/fuzzing/BUILD.bazel

@@ -0,0 +1,23 @@
+load("@rules_cc//cc:defs.bzl", "cc_library")
+load("@rules_fuzzing//fuzzing:cc_defs.bzl", "cc_fuzz_test")
+
+cc_library(
+    name = "fuzz_adapter",
+    srcs = ["fuzz_adapter.c"],
+    hdrs = ["fuzz_adapter.h"],
+    visibility = ["//c-toxcore:__subpackages__"],
+)
+
+cc_fuzz_test(
+    name = "bootstrap_fuzzer",
+    srcs = ["bootstrap_harness.cc"],
+    corpus = ["//tools/toktok-fuzzer/corpus:bootstrap_fuzzer"],
+    deps = ["//c-toxcore/toxcore:tox"],
+)
+
+cc_fuzz_test(
+    name = "toxsave_fuzz_test",
+    srcs = ["toxsave_harness.cc"],
+    corpus = ["//tools/toktok-fuzzer/corpus:toxsave_fuzzer"],
+    deps = ["//c-toxcore/toxcore:tox"],
+)

testing/fuzzing/bootstrap_harness.cc

@@ -4,12 +4,13 @@
 #include "../../toxcore/tox.h"
 #include "fuzz_adapter.h"
 
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     network_adapter_init(data, size);
 
     Tox_Err_New error_new;
-    Tox *tox = tox_new(NULL, &error_new);
+    Tox *tox = tox_new(nullptr, &error_new);
 
     assert(tox != nullptr);
     assert(error_new == TOX_ERR_NEW_OK);

testing/fuzzing/fuzz_adapter.c

@@ -66,7 +66,7 @@ ssize_t fuzz_recvfrom(int sockfd, void *buf, size_t len,
         src_addr->sa_family = AF_INET;
 
         // We want an AF_INET address with dummy values
-        struct sockaddr_in *addr_in = (struct sockaddr_in *) src_addr;
+        struct sockaddr_in *addr_in = (struct sockaddr_in *)(void *)src_addr;
         addr_in->sin_port = 12356;
         addr_in->sin_addr.s_addr = INADDR_LOOPBACK + 1;
         *addr_len = sizeof(struct sockaddr);

testing/fuzzing/toxsave_harness.cc

@@ -2,6 +2,7 @@
 
 #include "../../toxcore/tox.h"
 
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
     Tox_Err_Options_New error_options;

toxcore/BUILD.bazel

@@ -1,4 +1,5 @@
 load("@rules_cc//cc:defs.bzl", "cc_test")
+load("@rules_fuzzing//fuzzing:cc_defs.bzl", "cc_fuzz_test")
 load("//tools:no_undefined.bzl", "cc_library")
 
 package(features = ["layering_check"])
@@ -51,6 +52,7 @@ cc_library(
     visibility = ["//c-toxcore:__subpackages__"],
     deps = [
         ":ccompat",
+        "//c-toxcore/testing/fuzzing:fuzz_adapter",
         "@libsodium",
     ],
 )
@@ -121,6 +123,7 @@ cc_library(
     ],
     deps = [
         ":ccompat",
+        "//c-toxcore/testing/fuzzing:fuzz_adapter",
         "@pthread",
     ],
 )
@@ -169,6 +172,7 @@ cc_library(
         ":logger",
         ":mono_time",
         ":util",
+        "//c-toxcore/testing/fuzzing:fuzz_adapter",
         "@libsodium",
         "@psocket",
         "@pthread",
@@ -561,6 +565,25 @@ cc_library(
     ],
 )
 
+cc_test(
+    name = "tox_events_test",
+    size = "small",
+    srcs = ["tox_events_test.cc"],
+    deps = [
+        ":crypto_core",
+        ":tox_events",
+        "@com_google_googletest//:gtest",
+        "@com_google_googletest//:gtest_main",
+    ],
+)
+
+cc_fuzz_test(
+    name = "tox_events_fuzz_test",
+    srcs = ["tox_events_fuzz_test.cc"],
+    corpus = ["//tools/toktok-fuzzer/corpus:tox_events_fuzz_test"],
+    deps = [":tox_events"],
+)
+
 cc_library(
     name = "tox_dispatch",
     srcs = ["tox_dispatch.c"],

toxcore/network.c

@@ -127,10 +127,12 @@ static bool should_ignore_recv_error(int err)
     return err == EWOULDBLOCK;
 }
 
+#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
 static bool should_ignore_connect_error(int err)
 {
     return err == EWOULDBLOCK || err == EINPROGRESS;
 }
+#endif
 
 non_null()
 static const char *inet_ntop4(const struct in_addr *addr, char *buf, size_t bufsize)
@@ -1033,7 +1035,7 @@ Networking_Core *new_networking_ex(const Logger *log, const IP *ip, uint16_t por
 
     for (uint16_t tries = port_from; tries <= port_to; ++tries) {
 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-        int res = 0;
+        int res = addrsize > 0 ? 0 : -1;
 #else
         int res = bind(temp->sock.sock, (struct sockaddr *)&addr, addrsize);
 #endif
@@ -1459,7 +1461,7 @@ bool net_connect(const Logger *log, Socket sock, const IP_Port *ip_port)
     }
 
 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-    return true;
+    return addrsize != 0;
 #else
     LOGGER_DEBUG(log, "connecting socket %d to %s:%d",
                  (int)sock.sock, ip_ntoa(&ip_port->ip, ip_str, sizeof(ip_str)), net_ntohs(ip_port->port));
@@ -1610,7 +1612,7 @@ bool bind_to_port(Socket sock, Family family, uint16_t port)
     }
 
 #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-    return true;
+    return addrsize != 0;
 #else
     return bind(sock.sock, (struct sockaddr *)&addr, addrsize) == 0;
 #endif

toxcore/tox_events.c

@@ -246,9 +246,9 @@ void tox_events_get_bytes(const Tox_Events *events, uint8_t *bytes)
 Tox_Events *tox_events_load(const uint8_t *bytes, uint32_t bytes_size)
 {
     msgpack_unpacked msg;
+    msgpack_unpacked_init(&msg);
 
     size_t offset = 0;
-    msgpack_unpacked_init(&msg);
     const msgpack_unpack_return result = msgpack_unpack_next(&msg, (const char *)bytes, bytes_size, &offset);
 
     if (result != MSGPACK_UNPACK_SUCCESS) {

toxcore/tox_events_fuzz_test.cc

@@ -0,0 +1,23 @@
+#include "tox_events.h"
+#include <cstdio>
+
+namespace {
+
+void TestUnpack(const uint8_t *data, size_t size)
+{
+    for (size_t i = 0; i < size; ++i) {
+        fprintf(stderr, "0x%02x,", data[i]);
+    }
+    fputs("\n", stderr);
+    tox_events_free(tox_events_load(data, size));
+}
+
+}  // namespace
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    TestUnpack(data, size);
+    return 0;
+}
+

toxcore/tox_events_test.cc

@@ -0,0 +1,40 @@
+#include "tox_events.h"
+
+#include <gtest/gtest.h>
+
+#include <array>
+
+#include "crypto_core.h"
+
+namespace {
+
+TEST(ToxEvents, UnpackRandomDataDoesntCrash)
+{
+    std::array<uint8_t, 128> data;
+    random_bytes(data.data(), data.size());
+    tox_events_free(tox_events_load(data.data(), data.size()));
+}
+
+TEST(ToxEvents, UnpackEmptyDataFails)
+{
+    std::array<uint8_t, 1> data;
+    Tox_Events *events = tox_events_load(data.end(), 0);
+    EXPECT_EQ(events, nullptr);
+}
+
+TEST(ToxEvents, UnpackEmptyArrayCreatesEmptyEvents)
+{
+    std::array<uint8_t, 1> data{0x90};  // empty msgpack array
+    Tox_Events *events = tox_events_load(data.data(), data.size());
+    ASSERT_NE(events, nullptr);
+    EXPECT_EQ(tox_events_get_conference_connected_size(events), 0);
+    tox_events_free(events);
+}
+
+TEST(ToxEvents, DealsWithHugeMsgpackArrays)
+{
+    std::vector<uint8_t> data{0xdd,0xff,0xff,0xff,0xff};
+    EXPECT_EQ(tox_events_load(data.data(), data.size()), nullptr);
+}
+
+}  // namespace