Green-Sky/tomato
1
0
Fork 1
Code Issues Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity

Merge commit '3105cc20ef3173b87fdc1688962ed6318a1fd039'

Browse Source
This commit is contained in:
Green Sky
2025-03-12 19:16:50 +01:00
parent dfcce8ea9d 3105cc20ef
commit a677637be6
130 changed files with 3604 additions and 1776 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
external/toxcore/c-toxcore/testing/fuzzing/CMakeLists.txt vendored
View File

@ -20,10 +20,13 @@ function(fuzz_test target source_dir)
endfunction()
fuzz_test(bootstrap .) # Fuzzes the bootstrap process
fuzz_test(toxsave .) # Fuzzes the bootstrap process
# TODO(iphydf): Fix this in the cmake build.
# fuzz_test(e2e .) # Fuzzes an end-to-end connection
fuzz_test(toxsave .) # Fuzzes tox_new and tox_get_savedata
fuzz_test(DHT ../../toxcore)
fuzz_test(forwarding ../../toxcore)
fuzz_test(group_announce ../../toxcore)
fuzz_test(group_moderation ../../toxcore)
fuzz_test(net_crypto ../../toxcore)
fuzz_test(tox_events ../../toxcore)

8
external/toxcore/c-toxcore/testing/fuzzing/bootstrap_fuzz_test.cc vendored
View File

@ -109,7 +109,7 @@ void TestBootstrap(Fuzz_Data &input)
[](Tox *tox, Tox_Log_Level level, const char *file, uint32_t line, const char *func,
const char *message, void *user_data) {
// Log to stdout.
if (Fuzz_Data::DEBUG) {
if (Fuzz_Data::FUZZ_DEBUG) {
std::printf("[tox1] %c %s:%d(%s): %s\n", tox_log_level_name(level), file, line,
func, message);
}
@ -161,6 +161,7 @@ void TestBootstrap(Fuzz_Data &input)
assert(dispatch != nullptr);
setup_callbacks(dispatch);
size_t input_size = input.size();
while (!input.empty()) {
Tox_Err_Events_Iterate error_iterate;
Tox_Events *events = tox_events_iterate(tox, true, &error_iterate);
@ -170,6 +171,11 @@ void TestBootstrap(Fuzz_Data &input)
// Move the clock forward a decent amount so all the time-based checks
// trigger more quickly.
sys.clock += 200;
// If no input was consumed, something went wrong.
assert(input_size != input.size());
input_size = input.size();
}
tox_dispatch_free(dispatch);

3
external/toxcore/c-toxcore/testing/fuzzing/e2e_fuzz_test.cc vendored
View File

@ -5,7 +5,6 @@
#include <cassert>
#include <cstdio>
#include <fstream>
#include <vector>
#include "../../toxcore/crypto_core.h"
@ -144,7 +143,7 @@ void TestEndToEnd(Fuzz_Data &input)
[](Tox *tox, Tox_Log_Level level, const char *file, uint32_t line, const char *func,
const char *message, void *user_data) {
// Log to stdout.
if (Fuzz_Data::DEBUG) {
if (Fuzz_Data::FUZZ_DEBUG) {
std::printf("[tox1] %c %s:%d(%s): %s\n", tox_log_level_name(level), file, line,
func, message);
}

53
external/toxcore/c-toxcore/testing/fuzzing/fuzz_support.cc vendored
View File

@ -57,13 +57,13 @@ static int recv_common(Fuzz_Data &input, uint8_t *buf, size_t buf_len)
if (fuzz_len == 0xffff) {
errno = EWOULDBLOCK;
if (Fuzz_Data::DEBUG) {
if (Fuzz_Data::FUZZ_DEBUG) {
std::printf("recvfrom: no data for tox1\n");
}
return -1;
}
if (Fuzz_Data::DEBUG) {
if (Fuzz_Data::FUZZ_DEBUG) {
std::printf(
"recvfrom: %zu (%02x, %02x) for tox1\n", fuzz_len, input.data()[-2], input.data()[-1]);
}
@ -77,7 +77,7 @@ static int recv_common(Fuzz_Data &input, uint8_t *buf, size_t buf_len)
static void *report_alloc(const char *name, const char *func, std::size_t size, void *ptr)
{
if (Fuzz_Data::DEBUG) {
if (Fuzz_Data::FUZZ_DEBUG) {
printf("%s: %s(%zu): %s\n", name, func, size, ptr == nullptr ? "false" : "true");
}
return ptr;
@ -175,13 +175,40 @@ static constexpr Network_Funcs fuzz_network_funcs = {
static constexpr Random_Funcs fuzz_random_funcs = {
/* .random_bytes = */
![](Fuzz_System *self, uint8_t *bytes, size_t length) {
// Amount of data is limited
const size_t bytes_read = std::min(length, self->data.size());
// Initialize everything to make MSAN and others happy
std::memset(bytes, 0, length);
CONSUME_OR_ABORT(const uint8_t *data, self->data, bytes_read);
std::copy(data, data + bytes_read, bytes);
if (Fuzz_Data::DEBUG) {
// Initialize the buffer with zeros in case there's no randomness left.
std::fill_n(bytes, length, 0);
// For integers, we copy bytes directly, because we want to control the
// exact values.
if (length == sizeof(uint8_t) || length == sizeof(uint16_t) || length == sizeof(uint32_t)
|| length == sizeof(uint64_t)) {
CONSUME_OR_RETURN(const uint8_t *data, self->data, length);
std::copy(data, data + length, bytes);
if (Fuzz_Data::FUZZ_DEBUG) {
if (length == 1) {
std::printf("rng: %d (0x%02x)\n", bytes[0], bytes[0]);
} else {
std::printf("rng: %02x..%02x[%zu]\n", bytes[0], bytes[length - 1], length);
}
}
return;
}
// For nonces and keys, we fill the buffer with the same 1-2 bytes
// repeated. We only need these to be different enough to not often be
// the same.
assert(length == 24 || length == 32);
// We must cover the case of having only 1 byte left in the input. In
// that case, we will use the same byte for all the bytes in the output.
const size_t chunk_size = std::max(self->data.size(), static_cast<std::size_t>(2));
CONSUME_OR_RETURN(const uint8_t *chunk, self->data, chunk_size);
if (chunk_size == 2) {
std::fill_n(bytes, length / 2, chunk[0]);
std::fill_n(bytes + length / 2, length / 2, chunk[1]);
} else {
std::fill_n(bytes, length, chunk[0]);
}
if (Fuzz_Data::FUZZ_DEBUG) {
if (length == 1) {
std::printf("rng: %d (0x%02x)\n", bytes[0], bytes[0]);
} else {
@ -364,7 +391,7 @@ static constexpr Network_Funcs record_network_funcs = {
if (self->recvq.empty()) {
self->push("\xff\xff");
errno = EWOULDBLOCK;
if (Fuzz_Data::DEBUG) {
if (Fuzz_Data::FUZZ_DEBUG) {
std::printf("%s: recvfrom: no data\n", self->name_);
}
return -1;
@ -387,7 +414,7 @@ static constexpr Network_Funcs record_network_funcs = {
assert(recvlen > 0 && recvlen <= INT_MAX);
self->push(uint8_t(recvlen >> 8));
self->push(uint8_t(recvlen & 0xff));
if (Fuzz_Data::DEBUG) {
if (Fuzz_Data::FUZZ_DEBUG) {
std::printf("%s: recvfrom: %zu (%02x, %02x)\n", self->name_, recvlen,
self->recording().end()[-2], self->recording().end()[-1]);
}
@ -428,7 +455,7 @@ static constexpr Random_Funcs record_random_funcs = {
bytes[i] = simple_rng(self->seed_) & 0xff;
self->push(bytes[i]);
}
if (Fuzz_Data::DEBUG) {
if (Fuzz_Data::FUZZ_DEBUG) {
std::printf(
"%s: rng: %02x..%02x[%zu]\n", self->name_, bytes[0], bytes[length - 1], length);
}

54
external/toxcore/c-toxcore/testing/fuzzing/fuzz_support.hh vendored
View File

@ -5,21 +5,21 @@
#ifndef C_TOXCORE_TESTING_FUZZING_FUZZ_SUPPORT_H
#define C_TOXCORE_TESTING_FUZZING_FUZZ_SUPPORT_H
#include <array>
#include <cassert>
#include <cstdint>
#include <cstdio>
#include <cstdlib>
#include <cstring>
#include <deque>
#include <memory>
#include <unordered_map>
#include <utility>
#include <vector>
#include "../../toxcore/tox.h"
#include "../../toxcore/tox_private.h"
struct Fuzz_Data {
static constexpr bool DEBUG = false;
static constexpr bool FUZZ_DEBUG = false;
static constexpr std::size_t TRACE_TRAP = -1; // 579;
private:
@ -47,7 +47,7 @@ public:
// Special case because memcpy causes UB for bool (which can't be
// anything other than 0 or 1).
const bool val = fd.data_[0];
if (DEBUG) {
if (FUZZ_DEBUG) {
std::printf("consume@%zu(%s): bool %s\n", fd.pos(), func, val ? "true" : "false");
}
++fd.data_;
@ -74,7 +74,7 @@ public:
const uint8_t *consume(const char *func, std::size_t count)
{
const uint8_t *val = data_;
if (DEBUG) {
if (FUZZ_DEBUG) {
if (pos() == TRACE_TRAP) {
__asm__("int $3");
}
@ -256,6 +256,38 @@ struct Null_System : System {
Null_System();
};
template <typename V>
class int_map {
public:
struct iterator {
std::pair<uint16_t, V> pair;
bool operator==(const iterator &rhs) const { return pair.first == rhs.pair.first; }
bool operator!=(const iterator &rhs) const { return pair.first != rhs.pair.first; }
std::pair<uint16_t, V> operator*() const { return pair; }
const std::pair<uint16_t, V> *operator->() const { return &pair; }
};
int_map() = default;
~int_map() = default;
iterator find(uint16_t key) const
{
if (!values[key]) {
return end();
}
return {{key, values[key]}};
}
iterator end() const { return {{static_cast<uint16_t>(values.size()), nullptr}}; }
void emplace(uint16_t key, V value) { values[key] = value; }
private:
std::array<V, UINT16_MAX> values;
};
/**
* A Tox_System implementation that records all I/O but does not actually
* perform any real I/O. Everything inside this system is hermetic in-process
@ -266,7 +298,7 @@ struct Null_System : System {
* initialised with the same seed will be identical (same keys, etc.).
*/
struct Record_System : System {
static constexpr bool DEBUG = Fuzz_Data::DEBUG;
static constexpr bool FUZZ_DEBUG = Fuzz_Data::FUZZ_DEBUG;
/** @brief State shared between all tox instances. */
struct Global {
@ -280,7 +312,7 @@ struct Record_System : System {
* toxcore sends packets to itself sometimes when doing onion routing
* with only 2 nodes in the network.
*/
std::unordered_map<uint16_t, Record_System *> bound;
int_map<Record_System *> bound;
};
Global &global_;
@ -300,7 +332,7 @@ struct Record_System : System {
void push(bool byte)
{
if (DEBUG) {
if (FUZZ_DEBUG) {
if (recording_.size() == Fuzz_Data::TRACE_TRAP) {
__asm__("int $3");
}
@ -312,7 +344,7 @@ struct Record_System : System {
void push(uint8_t byte)
{
if (DEBUG) {
if (FUZZ_DEBUG) {
if (recording_.size() == Fuzz_Data::TRACE_TRAP) {
__asm__("int $3");
}
@ -323,7 +355,7 @@ struct Record_System : System {
void push(const uint8_t *bytes, std::size_t size)
{
if (DEBUG) {
if (FUZZ_DEBUG) {
if (recording_.size() == Fuzz_Data::TRACE_TRAP) {
__asm__("int $3");
}
@ -352,7 +384,7 @@ private:
* everything down drastically. It's useful while developing the fuzzer and the
* protodump program.
*/
extern const bool DEBUG;
extern const bool FUZZ_DEBUG;
inline constexpr char tox_log_level_name(Tox_Log_Level level)
{

40
external/toxcore/c-toxcore/testing/fuzzing/protodump.cc vendored
View File

@ -31,8 +31,6 @@
#include "../../toxcore/tox_dispatch.h"
#include "../../toxcore/tox_events.h"
#include "../../toxcore/tox_private.h"
#include "../../toxcore/tox_struct.h"
#include "../../toxcore/util.h"
#include "fuzz_support.hh"
namespace {
@ -179,7 +177,7 @@ void dump(std::vector<uint8_t> recording, const char *filename)
void RecordBootstrap(const char *init, const char *bootstrap)
{
Record_System::Global global;
auto global = std::make_unique<Record_System::Global>();
Tox_Options *opts = tox_options_new(nullptr);
assert(opts != nullptr);
@ -198,9 +196,9 @@ void RecordBootstrap(const char *init, const char *bootstrap)
Tox_Err_New_Testing error_new_testing;
Tox_Options_Testing tox_options_testing;
Record_System sys1(global, 4, "tox1"); // fair dice roll
tox_options_set_log_user_data(opts, &sys1);
tox_options_testing.operating_system = sys1.sys.get();
auto sys1 = std::make_unique<Record_System>(*global, 4, "tox1"); // fair dice roll
tox_options_set_log_user_data(opts, sys1.get());
tox_options_testing.operating_system = sys1->sys.get();
Tox *tox1 = tox_new_testing(opts, &error_new, &tox_options_testing, &error_new_testing);
assert(tox1 != nullptr);
assert(error_new == TOX_ERR_NEW_OK);
@ -212,9 +210,9 @@ void RecordBootstrap(const char *init, const char *bootstrap)
std::array<uint8_t, TOX_PUBLIC_KEY_SIZE> dht_key1;
tox_self_get_dht_id(tox1, dht_key1.data());
Record_System sys2(global, 5, "tox2"); // unfair dice roll
tox_options_set_log_user_data(opts, &sys2);
tox_options_testing.operating_system = sys2.sys.get();
auto sys2 = std::make_unique<Record_System>(*global, 5, "tox2"); // unfair dice roll
tox_options_set_log_user_data(opts, sys2.get());
tox_options_testing.operating_system = sys2->sys.get();
Tox *tox2 = tox_new_testing(opts, &error_new, &tox_options_testing, &error_new_testing);
assert(tox2 != nullptr);
assert(error_new == TOX_ERR_NEW_OK);
@ -252,31 +250,31 @@ void RecordBootstrap(const char *init, const char *bootstrap)
Tox_Events *events;
events = tox_events_iterate(tox1, true, &error_iterate);
assert(tox_events_equal(sys1.sys.get(), events, events));
assert(tox_events_equal(sys1->sys.get(), events, events));
tox_dispatch_invoke(dispatch, events, &state1);
tox_events_free(events);
events = tox_events_iterate(tox2, true, &error_iterate);
assert(tox_events_equal(sys2.sys.get(), events, events));
assert(tox_events_equal(sys2->sys.get(), events, events));
tox_dispatch_invoke(dispatch, events, &state2);
tox_events_free(events);
// Move the clock forward a decent amount so all the time-based checks
// trigger more quickly.
sys1.clock += clock_increment;
sys2.clock += clock_increment;
sys1->clock += clock_increment;
sys2->clock += clock_increment;
if (Fuzz_Data::DEBUG) {
if (Fuzz_Data::FUZZ_DEBUG) {
printf("tox1: rng: %d (for clock)\n", clock_increment);
printf("tox2: rng: %d (for clock)\n", clock_increment);
}
sys1.push(clock_increment);
sys2.push(clock_increment);
sys1->push(clock_increment);
sys2->push(clock_increment);
};
while (tox_self_get_connection_status(tox1) == TOX_CONNECTION_NONE
|| tox_self_get_connection_status(tox2) == TOX_CONNECTION_NONE) {
if (Fuzz_Data::DEBUG) {
if (Fuzz_Data::FUZZ_DEBUG) {
std::printf("tox1: %d, tox2: %d\n", tox_self_get_connection_status(tox1),
tox_self_get_connection_status(tox2));
}
@ -291,7 +289,7 @@ void RecordBootstrap(const char *init, const char *bootstrap)
while (tox_friend_get_connection_status(tox2, friend_number, nullptr) == TOX_CONNECTION_NONE
|| tox_friend_get_connection_status(tox1, 0, nullptr) == TOX_CONNECTION_NONE) {
if (Fuzz_Data::DEBUG) {
if (Fuzz_Data::FUZZ_DEBUG) {
std::printf("tox1: %d, tox2: %d, tox1 -> tox2: %d, tox2 -> tox1: %d\n",
tox_self_get_connection_status(tox1), tox_self_get_connection_status(tox2),
tox_friend_get_connection_status(tox1, 0, nullptr),
@ -302,10 +300,10 @@ void RecordBootstrap(const char *init, const char *bootstrap)
std::printf("tox clients connected\n");
dump(sys1.take_recording(), init);
dump(sys1->take_recording(), init);
while (state1.done < MESSAGE_COUNT && state2.done < MESSAGE_COUNT) {
if (Fuzz_Data::DEBUG) {
if (Fuzz_Data::FUZZ_DEBUG) {
std::printf("tox1: %d, tox2: %d, tox1 -> tox2: %d, tox2 -> tox1: %d\n",
tox_self_get_connection_status(tox1), tox_self_get_connection_status(tox2),
tox_friend_get_connection_status(tox1, 0, nullptr),
@ -320,7 +318,7 @@ void RecordBootstrap(const char *init, const char *bootstrap)
tox_kill(tox2);
tox_kill(tox1);
dump(sys1.recording(), bootstrap);
dump(sys1->recording(), bootstrap);
}
}

2
external/toxcore/c-toxcore/testing/fuzzing/protodump_reduce.cc vendored
View File

@ -11,7 +11,7 @@
namespace {
constexpr bool PROTODUMP_DEBUG = Fuzz_Data::DEBUG;
constexpr bool PROTODUMP_DEBUG = Fuzz_Data::FUZZ_DEBUG;
void setup_callbacks(Tox_Dispatch *dispatch)
{

6
external/toxcore/c-toxcore/testing/fuzzing/rebuild_protodump vendored
View File

@ -1,6 +1,10 @@
#!/bin/sh
set -eux
set -eux -o pipefail
WORKSPACE_ROOT=$(bazel info workspace)
cd "$WORKSPACE_ROOT"
bazel test --config=asan-libfuzzer //c-toxcore/testing/fuzzing:protodump_reduce_test

2
external/toxcore/c-toxcore/testing/fuzzing/toxsave_fuzz_test.cc vendored
View File

@ -20,6 +20,8 @@ void TestSaveDataLoading(Fuzz_Data &input)
const size_t savedata_size = input.size();
CONSUME_OR_RETURN(const uint8_t *savedata, input, savedata_size);
tox_options_set_experimental_groups_persistence(tox_options, true);
// pass test data to Tox
tox_options_set_savedata_data(tox_options, savedata, savedata_size);
tox_options_set_savedata_type(tox_options, TOX_SAVEDATA_TYPE_TOX_SAVE);