This is an automated email from the ASF dual-hosted git repository.
kichan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new 3a7f0192f2 [Fuzzing] add fuzzing test (#10151)
3a7f0192f2 is described below
commit 3a7f0192f2ec8aa61cb19d882d68631b02c70c4b
Author: Arjun <[email protected]>
AuthorDate: Mon Sep 18 02:57:59 2023 +0530
[Fuzzing] add fuzzing test (#10151)
* [Fuzzing] add fuzzing test
Signed-off-by: Arjun Singh <[email protected]>
* [Fuzzing] try fix
Signed-off-by: Arjun Singh <[email protected]>
* [Fuzzing] try fix
Signed-off-by: Arjun Singh <[email protected]>
---------
Signed-off-by: Arjun Singh <[email protected]>
---
CMakeLists.txt | 11 +++
README.md | 20 ++++++
lib/fastlz/CMakeLists.txt | 2 +-
lib/yamlcpp/CMakeLists.txt | 4 ++
tests/fuzzing/CMakeLists.txt | 63 +++++++++++++++++
tests/fuzzing/fuzz_esi.cc | 64 +++++++++++++++++
tests/fuzzing/fuzz_esi_seed_corpus.zip | Bin 0 -> 2337 bytes
tests/fuzzing/fuzz_hpack.cc | 60 ++++++++++++++++
tests/fuzzing/fuzz_hpack_seed_corpus.zip | Bin 0 -> 410 bytes
tests/fuzzing/fuzz_http.cc | 80 ++++++++++++++++++++++
tests/fuzzing/fuzz_http_seed_corpus.zip | Bin 0 -> 1902 bytes
tests/fuzzing/fuzz_json.cc | 78 +++++++++++++++++++++
tests/fuzzing/fuzz_json_seed_corpus.zip | Bin 0 -> 867 bytes
tests/fuzzing/fuzz_proxy_protocol.cc | 44 ++++++++++++
tests/fuzzing/fuzz_proxy_protocol_seed_corpus.zip | Bin 0 -> 3659 bytes
tests/fuzzing/fuzz_rec_http.cc | 48 +++++++++++++
tests/fuzzing/fuzz_rec_http_seed_corpus.zip | Bin 0 -> 1015 bytes
tests/fuzzing/fuzz_yamlcpp.cc | 41 +++++++++++
tests/fuzzing/fuzz_yamlcpp_seed_corpus.zip | Bin 0 -> 1636 bytes
19 files changed, 514 insertions(+), 1 deletion(-)
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 922ace33b9..4fa39d39e9 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -63,6 +63,7 @@ auto_option(LUAJIT PACKAGE_DEPENDS LuaJIT)
auto_option(UNWIND FEATURE_VAR TS_USE_REMOTE_UNWINDING PACKAGE_DEPENDS unwind)
option(ENABLE_ASAN "Use address sanitizer (default OFF)")
+option(ENABLE_FUZZING "Enable fuzzing (default OFF)")
option(BUILD_REGRESSION_TESTING "Build regression tests (default ON)" ON)
option(BUILD_EXPERIMENTAL_PLUGINS "Build the experimental plugins (default
OFF)")
set(DEFAULT_STACK_SIZE 1048576 CACHE STRING "Default stack size (default
1048576)")
@@ -375,6 +376,13 @@ set(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
add_compile_definitions(${HOST_OS} PACKAGE_NAME="ats"
PACKAGE_VERSION="${TS_VERSION_STRING}")
add_compile_options($<$<COMPILE_LANGUAGE:CXX>:-Wno-invalid-offsetof>)
+# Enable fuzzing
+if(ENABLE_FUZZING)
+ if(NOT CMAKE_CXX_COMPILER_ID MATCHES "Clang")
+ message(FATAL_ERROR "Fuzzing is only supported with clang")
+ endif()
+endif()
+
# Common includes for everyone
include_directories(
${CMAKE_SOURCE_DIR}/include
@@ -448,6 +456,9 @@ add_subdirectory(src/tests)
if(ENABLE_AUTEST)
add_subdirectory(tests)
endif()
+if(ENABLE_FUZZING)
+ add_subdirectory(tests/fuzzing)
+endif()
add_subdirectory(plugins)
add_subdirectory(configs)
if(ENABLE_EXAMPLE)
diff --git a/README.md b/README.md
index 8126906c99..57068a2a57 100644
--- a/README.md
+++ b/README.md
@@ -276,6 +276,26 @@ software:
> The functionality of OpenSSL <http://www.openssl.org/> is
> utilized in parts of the software.
+## Fuzzing
+
+### FLAGS
+
+```bash
+export CC=clang
+export CXX=clang++
+export CFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only
-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address
-fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link"
+export CXXFLAGS="-O1 -fno-omit-frame-pointer -gline-tables-only
-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=address
-fsanitize-address-use-after-scope -fsanitize=fuzzer-no-link"
+export LIB_FUZZING_ENGINE=-fsanitize=fuzzer
+```
+
+### Compile
+
+```bash
+mkdir -p build && cd build/
+cmake -DENABLE_POSIX_CAP=OFF -DENABLE_FUZZING=ON -DYAML_BUILD_SHARED_LIBS=OFF
../.
+make -j$(nproc)
+```
+
## ADDITIONAL INFO
- Web page: https://trafficserver.apache.org/
diff --git a/lib/fastlz/CMakeLists.txt b/lib/fastlz/CMakeLists.txt
index 1a283f50e4..b08b6ba1a3 100644
--- a/lib/fastlz/CMakeLists.txt
+++ b/lib/fastlz/CMakeLists.txt
@@ -16,6 +16,6 @@
#######################
-add_library(fastlz)
+add_library(fastlz STATIC)
target_sources(fastlz PRIVATE fastlz.cc fastlz.h)
install(TARGETS fastlz)
diff --git a/lib/yamlcpp/CMakeLists.txt b/lib/yamlcpp/CMakeLists.txt
index 2d26ed1faf..c02fe28882 100644
--- a/lib/yamlcpp/CMakeLists.txt
+++ b/lib/yamlcpp/CMakeLists.txt
@@ -44,6 +44,10 @@ else()
set(yaml-cpp-label-postfix "static")
endif()
+if (NOT YAML_BUILD_SHARED_LIBS)
+ set(CMAKE_POSITION_INDEPENDENT_CODE ON)
+endif()
+
set(build-shared $<BOOL:${YAML_BUILD_SHARED_LIBS}>)
set(build-windows-dll $<AND:$<BOOL:${CMAKE_HOST_WIN32}>,${build-shared}>)
set(not-msvc $<NOT:$<CXX_COMPILER_ID:MSVC>>)
diff --git a/tests/fuzzing/CMakeLists.txt b/tests/fuzzing/CMakeLists.txt
new file mode 100644
index 0000000000..9e688a4a2f
--- /dev/null
+++ b/tests/fuzzing/CMakeLists.txt
@@ -0,0 +1,63 @@
+#######################
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
contributor license
+# agreements. See the NOTICE file distributed with this work for additional
information regarding
+# copyright ownership. The ASF licenses this file to you under the Apache
License, Version 2.0
+# (the "License"); you may not use this file except in compliance with the
License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
distributed under the License
+# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express
+# or implied. See the License for the specific language governing permissions
and limitations under
+# the License.
+#
+#######################
+
+set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS}
$ENV{LIB_FUZZING_ENGINE}")
+
+set(CMAKE_INSTALL_RPATH "$ORIGIN/lib")
+set(CMAKE_BUILD_WITH_INSTALL_RPATH TRUE)
+
+
+add_executable(fuzz_esi fuzz_esi.cc)
+add_executable(fuzz_hpack fuzz_hpack.cc)
+add_executable(fuzz_http fuzz_http.cc)
+add_executable(fuzz_json fuzz_json.cc)
+add_executable(fuzz_proxy_protocol fuzz_proxy_protocol.cc)
+add_executable(fuzz_rec_http fuzz_rec_http.cc)
+add_executable(fuzz_yamlcpp fuzz_yamlcpp.cc)
+
+
+target_link_libraries(fuzz_esi PRIVATE esi-common esicore)
+target_link_libraries(fuzz_hpack PRIVATE ts::http2 ts::hdrs ts::tsapi)
+target_link_libraries(fuzz_http PRIVATE ts::hdrs ts::tsapi)
+target_link_libraries(fuzz_json PRIVATE libswoc yaml-cpp ts::jsonrpc_protocol)
+target_link_libraries(fuzz_proxy_protocol PRIVATE inknet inkevent ts::tscore
yaml-cpp libswoc)
+target_link_libraries(fuzz_rec_http PRIVATE ts::records ts::tsapi)
+target_link_libraries(fuzz_yamlcpp PRIVATE yaml-cpp)
+
+
+target_include_directories(fuzz_json PRIVATE
+ ${CMAKE_SOURCE_DIR}/mgmt
+ ${CMAKE_SOURCE_DIR}/mgmt/rpc
+ ${IOCORE_INCLUDE_DIRS}
+ ${CMAKE_SOURCE_DIR}/lib
+ ${CMAKE_SOURCE_DIR}/proxy/hdrs
+ ${CMAKE_SOURCE_DIR}/proxy/http
+)
+target_include_directories(fuzz_proxy_protocol PRIVATE
+ ${CMAKE_SOURCE_DIR}/include
+ ${CMAKE_SOURCE_DIR}/iocore/net
+ ${CMAKE_SOURCE_DIR}/iocore/eventsystem
+ ${CATCH_INCLUDE_DIR}
+)
+
+
+file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/lib)
+add_custom_command(TARGET fuzz_esi POST_BUILD
+ COMMAND ${CMAKE_COMMAND} -E copy_if_different $<TARGET_FILE:libswoc>
${CMAKE_CURRENT_BINARY_DIR}/lib/
+ COMMAND ${CMAKE_COMMAND} -E copy_if_different $<TARGET_FILE:ts::tsapi>
${CMAKE_CURRENT_BINARY_DIR}/lib/
+ COMMAND ${CMAKE_COMMAND} -E copy_if_different
$<TARGET_FILE:ts::tscpputil> ${CMAKE_CURRENT_BINARY_DIR}/lib/
+)
diff --git a/tests/fuzzing/fuzz_esi.cc b/tests/fuzzing/fuzz_esi.cc
new file mode 100644
index 0000000000..ae032150fd
--- /dev/null
+++ b/tests/fuzzing/fuzz_esi.cc
@@ -0,0 +1,64 @@
+/** @file
+
+ fuzzing plugins/esi
+
+ @section license License
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#include "EsiParser.h"
+#include "Utils.h"
+#include "DocNode.h"
+
+#define kMinInputLength 10
+#define kMaxInputLength 1024
+
+void
+Debug(const char *tag, const char *fmt, ...)
+{
+}
+void
+Error(const char *fmt, ...)
+{
+}
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *input_data, size_t size_data)
+{
+ if (size_data < kMinInputLength || size_data > kMaxInputLength) {
+ return 1;
+ }
+
+ std::string input(reinterpret_cast<const char *>(input_data), size_data);
+
+ EsiLib::Utils::init(&Debug, &Error);
+ EsiParser parser("parser_fuzzing", &Debug, &Error);
+
+ EsiLib::DocNodeList node_list;
+ bool ret = parser.completeParse(node_list, input);
+
+ if (ret == true) {
+ EsiLib::DocNodeList node_list2;
+ std::string packed = node_list.pack();
+ node_list2.unpack(packed);
+ node_list2.clear();
+ }
+ node_list.clear();
+
+ return 0;
+}
diff --git a/tests/fuzzing/fuzz_esi_seed_corpus.zip
b/tests/fuzzing/fuzz_esi_seed_corpus.zip
new file mode 100644
index 0000000000..58a08240e3
Binary files /dev/null and b/tests/fuzzing/fuzz_esi_seed_corpus.zip differ
diff --git a/tests/fuzzing/fuzz_hpack.cc b/tests/fuzzing/fuzz_hpack.cc
new file mode 100644
index 0000000000..14951afa32
--- /dev/null
+++ b/tests/fuzzing/fuzz_hpack.cc
@@ -0,0 +1,60 @@
+/** @file
+
+ fuzzing proxy/http2
+
+ @section license License
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#include "HTTP2.h"
+#include "HuffmanCodec.h"
+#include "tscore/Diags.h"
+
+#define kMinInputLength 8
+#define kMaxInputLength 128
+
+#define INITIAL_TABLE_SIZE 4096
+#define MAX_REQUEST_HEADER_SIZE 131072
+#define MAX_TABLE_SIZE 4096
+
+extern int cmd_disable_pfreelist;
+int net_config_poll_timeout = 10;
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *input_data, size_t size_data)
+{
+ if (size_data < kMinInputLength || size_data > kMaxInputLength) {
+ return 0;
+ }
+
+ cmd_disable_pfreelist = true;
+ DiagsPtr::set(new Diags("fuzzing", "", "", nullptr));
+
+ hpack_huffman_init();
+
+ HpackIndexingTable indexing_table(INITIAL_TABLE_SIZE);
+ std::unique_ptr<HTTPHdr> headers(new HTTPHdr);
+ headers->create(HTTP_TYPE_REQUEST);
+
+ hpack_decode_header_block(indexing_table, headers.get(), input_data,
size_data, MAX_REQUEST_HEADER_SIZE, MAX_TABLE_SIZE);
+
+ headers->destroy();
+ delete diags();
+
+ return 0;
+}
diff --git a/tests/fuzzing/fuzz_hpack_seed_corpus.zip
b/tests/fuzzing/fuzz_hpack_seed_corpus.zip
new file mode 100644
index 0000000000..47e4feeded
Binary files /dev/null and b/tests/fuzzing/fuzz_hpack_seed_corpus.zip differ
diff --git a/tests/fuzzing/fuzz_http.cc b/tests/fuzzing/fuzz_http.cc
new file mode 100644
index 0000000000..d255d69159
--- /dev/null
+++ b/tests/fuzzing/fuzz_http.cc
@@ -0,0 +1,80 @@
+/** @file
+
+ fuzzing proxy/hdrs & proxy/http
+
+ @section license License
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#include "HTTP.h"
+#include "HttpCompat.h"
+#include "tscore/Diags.h"
+
+#define kMinInputLength 10
+#define kMaxInputLength 1024
+
+extern int cmd_disable_pfreelist;
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *input_data, size_t size_data)
+{
+ if (size_data < kMinInputLength || size_data > kMaxInputLength) {
+ return 0;
+ }
+
+ std::string input(reinterpret_cast<const char *>(input_data), size_data);
+ char const *start = input.c_str();
+ char const *end = input.c_str() + input.size();
+
+ cmd_disable_pfreelist = true;
+ DiagsPtr::set(new Diags("fuzzing", "", "", nullptr));
+
+ http_init();
+
+ HTTPParser parser;
+ HTTPHdr req_hdr, rsp_hdr, req_hdr_2;
+
+ req_hdr.create(HTTP_TYPE_REQUEST);
+ rsp_hdr.create(HTTP_TYPE_RESPONSE);
+ req_hdr_2.create(HTTP_TYPE_REQUEST, HTTP_2_0);
+
+ {
+ http_parser_init(&parser);
+ req_hdr.parse_req(&parser, &start, end, true);
+ http_parser_clear(&parser);
+ }
+ {
+ http_parser_init(&parser);
+ rsp_hdr.parse_resp(&parser, &start, end, true);
+ http_parser_clear(&parser);
+ }
+ {
+ http_parser_init(&parser);
+
+ req_hdr_2.parse_req(&parser, &start, end, true);
+ http_parser_clear(&parser);
+ }
+
+ req_hdr.destroy();
+ rsp_hdr.destroy();
+ req_hdr_2.destroy();
+
+ delete diags();
+
+ return 0;
+}
diff --git a/tests/fuzzing/fuzz_http_seed_corpus.zip
b/tests/fuzzing/fuzz_http_seed_corpus.zip
new file mode 100644
index 0000000000..f511e6eb5f
Binary files /dev/null and b/tests/fuzzing/fuzz_http_seed_corpus.zip differ
diff --git a/tests/fuzzing/fuzz_json.cc b/tests/fuzzing/fuzz_json.cc
new file mode 100644
index 0000000000..0538ebbd6d
--- /dev/null
+++ b/tests/fuzzing/fuzz_json.cc
@@ -0,0 +1,78 @@
+/** @file
+
+ fuzzing mgmt/rpc/jsonrpc
+
+ @section license License
+
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ */
+
+#include "rpc/jsonrpc/JsonRPCManager.h"
+#include "rpc/jsonrpc/JsonRPC.h"
+#include "rpc/handlers/common/ErrorUtils.h"
+#include "tscore/Diags.h"
+
+#define kMinInputLength 5
+#define kMaxInputLength 1024
+
+// Not using the singleton logic.
+struct JsonRpcUnitTest : rpc::JsonRPCManager {
+ JsonRpcUnitTest() : JsonRPCManager() {}
+ using base = JsonRPCManager;
+ bool
+ remove_handler(std::string const &name)
+ {
+ return base::remove_handler(name);
+ }
+ template <typename Func>
+ bool
+ add_notification_handler(const std::string &name, Func &&call)
+ {
+ return base::add_notification_handler(name, std::forward<Func>(call),
nullptr, {});
+ }
+ template <typename Func>
+ bool
+ add_method_handler(const std::string &name, Func &&call)
+ {
+ return base::add_method_handler(name, std::forward<Func>(call), nullptr,
{});
+ }
+
+ std::optional<std::string>
+ handle_call(std::string const &jsonString)
+ {
+ return base::handle_call(rpc::Context{}, jsonString);
+ }
+};
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *input_data, size_t size_data)
+{
+ if (size_data < kMinInputLength || size_data > kMaxInputLength) {
+ return 1;
+ }
+
+ std::string input(reinterpret_cast<const char *>(input_data), size_data);
+
+ DiagsPtr::set(new Diags("fuzzing", "", "", nullptr));
+
+ JsonRpcUnitTest rpc;
+ rpc.handle_call(input);
+
+ delete diags();
+
+ return 0;
+}
diff --git a/tests/fuzzing/fuzz_json_seed_corpus.zip
b/tests/fuzzing/fuzz_json_seed_corpus.zip
new file mode 100644
index 0000000000..69e7fba5d4
Binary files /dev/null and b/tests/fuzzing/fuzz_json_seed_corpus.zip differ
diff --git a/tests/fuzzing/fuzz_proxy_protocol.cc
b/tests/fuzzing/fuzz_proxy_protocol.cc
new file mode 100644
index 0000000000..eba625b2ab
--- /dev/null
+++ b/tests/fuzzing/fuzz_proxy_protocol.cc
@@ -0,0 +1,44 @@
+/** @file
+
+ fuzzing iocore/net/ProxyProtocol
+
+ @section license License
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements.
+ See the NOTICE file distributed with this work for additional information
regarding copyright
+ ownership. The ASF licenses this file to you under the Apache License,
Version 2.0 (the
+ "License"); you may not use this file except in compliance with the
License. You may obtain a
+ copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
distributed under the License
+ is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express
+ or implied. See the License for the specific language governing permissions
and limitations under
+ the License.
+*/
+
+#include "ProxyProtocol.h"
+#include "tscore/Diags.h"
+
+#define kMinInputLength 8
+#define kMaxInputLength 1024
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *input_data, size_t size_data)
+{
+ if (size_data < kMinInputLength || size_data > kMaxInputLength) {
+ return 1;
+ }
+
+ swoc::TextView tv(reinterpret_cast<char *>((char *)input_data), size_data);
+
+ DiagsPtr::set(new Diags("fuzzing", "", "", nullptr));
+
+ ProxyProtocol pp_info;
+ proxy_protocol_parse(&pp_info, tv);
+
+ delete diags();
+
+ return 0;
+}
diff --git a/tests/fuzzing/fuzz_proxy_protocol_seed_corpus.zip
b/tests/fuzzing/fuzz_proxy_protocol_seed_corpus.zip
new file mode 100644
index 0000000000..da0a59a93c
Binary files /dev/null and b/tests/fuzzing/fuzz_proxy_protocol_seed_corpus.zip
differ
diff --git a/tests/fuzzing/fuzz_rec_http.cc b/tests/fuzzing/fuzz_rec_http.cc
new file mode 100644
index 0000000000..49a1bf0906
--- /dev/null
+++ b/tests/fuzzing/fuzz_rec_http.cc
@@ -0,0 +1,48 @@
+/** @file
+
+ fuzzing src/records/HdrsUtils.cc
+
+ @section license License
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements.
+ See the NOTICE file distributed with this work for additional information
regarding copyright
+ ownership. The ASF licenses this file to you under the Apache License,
Version 2.0 (the
+ "License"); you may not use this file except in compliance with the
License. You may obtain a
+ copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
distributed under the License
+ is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express
+ or implied. See the License for the specific language governing permissions
and limitations under
+ the License.
+*/
+
+#include "records/I_RecHttp.h"
+#include "tscore/ink_defs.h"
+#include "tscore/Diags.h"
+
+#define kMinInputLength 8
+#define kMaxInputLength 1024
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *input_data, size_t Size)
+{
+ if (Size < kMinInputLength || Size > kMaxInputLength) {
+ return 1;
+ }
+
+ std::string alpn_input((char *)input_data, Size);
+
+ unsigned char alpn_wire_format[MAX_ALPN_STRING] = {0xab};
+ int alpn_wire_format_len = MAX_ALPN_STRING;
+
+ DiagsPtr::set(new Diags("fuzzing", "", "", nullptr));
+ ts_session_protocol_well_known_name_indices_init();
+
+ convert_alpn_to_wire_format(alpn_input, alpn_wire_format,
alpn_wire_format_len);
+
+ delete diags();
+
+ return 0;
+}
diff --git a/tests/fuzzing/fuzz_rec_http_seed_corpus.zip
b/tests/fuzzing/fuzz_rec_http_seed_corpus.zip
new file mode 100644
index 0000000000..ff8fadde96
Binary files /dev/null and b/tests/fuzzing/fuzz_rec_http_seed_corpus.zip differ
diff --git a/tests/fuzzing/fuzz_yamlcpp.cc b/tests/fuzzing/fuzz_yamlcpp.cc
new file mode 100644
index 0000000000..c3bf2bbea0
--- /dev/null
+++ b/tests/fuzzing/fuzz_yamlcpp.cc
@@ -0,0 +1,41 @@
+/** @file
+
+ fuzzing lib/yamlcpp
+
+ @section license License
+
+ Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements.
+ See the NOTICE file distributed with this work for additional information
regarding copyright
+ ownership. The ASF licenses this file to you under the Apache License,
Version 2.0 (the
+ "License"); you may not use this file except in compliance with the
License. You may obtain a
+ copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
distributed under the License
+ is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express
+ or implied. See the License for the specific language governing permissions
and limitations under
+ the License.
+*/
+
+#include "yaml-cpp/yaml.h"
+
+#define kMinInputLength 8
+#define kMaxInputLength 1024
+
+extern "C" int
+LLVMFuzzerTestOneInput(const uint8_t *input_data, size_t size_data)
+{
+ if (size_data < kMinInputLength || size_data > kMaxInputLength) {
+ return 1;
+ }
+
+ std::string input(reinterpret_cast<const char *>(input_data), size_data);
+
+ try {
+ YAML::Node doc = YAML::Load(input);
+ } catch (...) { /*...*/
+ }
+
+ return 0;
+}
diff --git a/tests/fuzzing/fuzz_yamlcpp_seed_corpus.zip
b/tests/fuzzing/fuzz_yamlcpp_seed_corpus.zip
new file mode 100644
index 0000000000..dab3139015
Binary files /dev/null and b/tests/fuzzing/fuzz_yamlcpp_seed_corpus.zip differ
