add var header fuzzing

Author: Cryptkeeper

.github/workflows/fuzz.yml

@@ -14,7 +14,7 @@ jobs:
 
     strategy:
       matrix:
-        test: [ "TFChannelRange_read", "TFCompressionBlock_read", "TFHeader_read" ]
+        test: [ "TFChannelRange_read", "TFCompressionBlock_read", "TFHeader_read", "TFVarHeader_read" ]
 
     steps:
       - uses: actions/checkout@v4

CMakeLists.txt

@@ -23,4 +23,8 @@ if (ENABLE_FUZZING)
     add_executable(fuzz_TFHeader_read fuzz/TFHeader_read.c)
     target_link_libraries(fuzz_TFHeader_read "-fsanitize=fuzzer")
     target_compile_options(fuzz_TFHeader_read PRIVATE "-fsanitize=fuzzer")
+
+    add_executable(fuzz_TFVarHeader_read fuzz/TFVarHeader_read.c)
+    target_link_libraries(fuzz_TFVarHeader_read "-fsanitize=fuzzer")
+    target_compile_options(fuzz_TFVarHeader_read PRIVATE "-fsanitize=fuzzer")
 endif ()

fuzz/TFChannelRange_read.c

@@ -4,7 +4,7 @@
 #include "../tinyfseq.h"
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, const size_t size) {
-    TFChannelRange range;
+    TFChannelRange range = {0};
     TFChannelRange_read(data, size, &range, NULL);
     return 0;
 }

fuzz/TFCompressionBlock_read.c

@@ -4,7 +4,7 @@
 #include "../tinyfseq.h"
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, const size_t size) {
-    TFCompressionBlock block;
+    TFCompressionBlock block = {0};
     TFCompressionBlock_read(data, size, &block, NULL);
     return 0;
 }

fuzz/TFHeader_read.c

@@ -4,7 +4,7 @@
 #include "../tinyfseq.h"
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, const size_t size) {
-    TFHeader header;
+    TFHeader header = {0};
     TFHeader_read(data, size, &header, NULL);
     return 0;
 }

fuzz/TFVarHeader_read.c

@@ -0,0 +1,26 @@
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+#define TINYFSEQ_IMPLEMENTATION
+#include "../tinyfseq.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, const size_t size) {
+    // attempt to read an initial header value
+    TFVarHeader header = {0};
+    if (TFVarHeader_read(data, size, &header, NULL, 0, NULL) != TF_OK) return 0;
+
+    if (header.size == 0) return 0;
+
+    // allocate a buffer for the variable data
+    // manually subtract 4 to account for the header base size
+    const uint16_t vdsize = header.size - 4;
+    uint8_t *vd           = malloc(vdsize);
+    assert(vd != NULL);
+
+    TFVarHeader_read(data, size, &header, vd, vdsize, NULL);
+
+    free(vd);
+
+    return 0;
+}