From d8bc5df102eeab3328c558f1a51b9c1228d8f56d Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Tue, 7 Feb 2023 23:27:28 +0000
Subject: [PATCH] Fuzzing: db_dump alternate option fuzz targets

---
 fuzzing/db_dump/Makefile                      | 16 ++++-
 .../db_dump_fuzz_load_client_stats.cpp        | 64 +++++++++++++++++++
 fuzzing/db_dump/db_dump_fuzz_load_stats.cpp   | 64 +++++++++++++++++++
 3 files changed, 142 insertions(+), 2 deletions(-)
 create mode 100644 fuzzing/db_dump/db_dump_fuzz_load_client_stats.cpp
 create mode 100644 fuzzing/db_dump/db_dump_fuzz_load_stats.cpp

diff --git a/fuzzing/db_dump/Makefile b/fuzzing/db_dump/Makefile
index 753f5a96..5bf901b3 100644
--- a/fuzzing/db_dump/Makefile
+++ b/fuzzing/db_dump/Makefile
@@ -2,7 +2,9 @@ R=../..
 .PHONY: all clean
 
 FUZZERS:= \
-	db_dump_fuzz_load
+	db_dump_fuzz_load \
+	db_dump_fuzz_load_client_stats \
+	db_dump_fuzz_load_stats
 
 LOCAL_CPPFLAGS:=$(CPPFLAGS)
 LOCAL_CXXFLAGS:=$(CXXFLAGS) -g -Wall -Werror -pthread
@@ -14,7 +16,17 @@ all: $(FUZZERS)
 db_dump_fuzz_load : db_dump_fuzz_load.cpp
 	$(CXX) $(LOCAL_CXXFLAGS) $(LOCAL_CPPFLAGS) $(LOCAL_LDFLAGS) -o $@ $^ $(LOCAL_LIBADD)
 	install $@ ${OUT}/$@
-	cp ${R}/fuzzing/corpora/db_dump_seed_corpus.zip ${OUT}/
+	cp ${R}/fuzzing/corpora/db_dump_seed_corpus.zip ${OUT}/$@_seed_corpus.zip
+
+db_dump_fuzz_load_client_stats : db_dump_fuzz_load_client_stats.cpp
+	$(CXX) $(LOCAL_CXXFLAGS) $(LOCAL_CPPFLAGS) $(LOCAL_LDFLAGS) -o $@ $^ $(LOCAL_LIBADD)
+	install $@ ${OUT}/$@
+	cp ${R}/fuzzing/corpora/db_dump_seed_corpus.zip ${OUT}/$@_seed_corpus.zip
+
+db_dump_fuzz_load_stats : db_dump_fuzz_load_stats.cpp
+	$(CXX) $(LOCAL_CXXFLAGS) $(LOCAL_CPPFLAGS) $(LOCAL_LDFLAGS) -o $@ $^ $(LOCAL_LIBADD)
+	install $@ ${OUT}/$@
+	cp ${R}/fuzzing/corpora/db_dump_seed_corpus.zip ${OUT}/$@_seed_corpus.zip
 
 clean:
 	rm -f *.o $(FUZZERS)
diff --git a/fuzzing/db_dump/db_dump_fuzz_load_client_stats.cpp b/fuzzing/db_dump/db_dump_fuzz_load_client_stats.cpp
new file mode 100644
index 00000000..070e4af6
--- /dev/null
+++ b/fuzzing/db_dump/db_dump_fuzz_load_client_stats.cpp
@@ -0,0 +1,64 @@
+/*
+Copyright (c) 2023 Cedalo GmbH
+
+All rights reserved. This program and the accompanying materials
+are made available under the terms of the Eclipse Public License 2.0
+and Eclipse Distribution License v1.0 which accompany this distribution.
+
+The Eclipse Public License is available at
+   https://www.eclipse.org/legal/epl-2.0/
+and the Eclipse Distribution License is available at
+  http://www.eclipse.org/org/documents/edl-v10.php.
+
+SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+
+Contributors:
+   Roger Light - initial implementation and documentation.
+*/
+
+#include <cstdio>
+#include <cstdint>
+#include <cstdlib>
+#include <cstring>
+#include <unistd.h>
+
+/*
+ * Test loading a file, with client stats
+ */
+
+
+/* The fuzz-only main function. */
+extern "C" int db_dump_fuzz_main(int argc, char *argv[]);
+
+void run_db_dump(char *filename)
+{
+	char *argv[3];
+	int argc = 3;
+
+	argv[0] = strdup("mosquitto_db_dump");
+	argv[1] = strdup("--client-stats");
+	argv[2] = filename;
+
+	db_dump_fuzz_main(argc, argv);
+
+	free(argv[0]);
+	free(argv[1]);
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	char filename[100];
+	FILE *fptr;
+
+	snprintf(filename, sizeof(filename), "/tmp/db_dump_client_stats_%d.db", getpid());
+	fptr = fopen(filename, "wb");
+	if(!fptr) return 1;
+	fwrite(data, 1, size, fptr);
+	fclose(fptr);
+
+	run_db_dump(filename);
+
+	unlink(filename);
+
+	return 0;
+}
diff --git a/fuzzing/db_dump/db_dump_fuzz_load_stats.cpp b/fuzzing/db_dump/db_dump_fuzz_load_stats.cpp
new file mode 100644
index 00000000..e0709864
--- /dev/null
+++ b/fuzzing/db_dump/db_dump_fuzz_load_stats.cpp
@@ -0,0 +1,64 @@
+/*
+Copyright (c) 2023 Cedalo GmbH
+
+All rights reserved. This program and the accompanying materials
+are made available under the terms of the Eclipse Public License 2.0
+and Eclipse Distribution License v1.0 which accompany this distribution.
+
+The Eclipse Public License is available at
+   https://www.eclipse.org/legal/epl-2.0/
+and the Eclipse Distribution License is available at
+  http://www.eclipse.org/org/documents/edl-v10.php.
+
+SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause
+
+Contributors:
+   Roger Light - initial implementation and documentation.
+*/
+
+#include <cstdio>
+#include <cstdint>
+#include <cstdlib>
+#include <cstring>
+#include <unistd.h>
+
+/*
+ * Test loading a file
+ */
+
+
+/* The fuzz-only main function. */
+extern "C" int db_dump_fuzz_main(int argc, char *argv[]);
+
+void run_db_dump(char *filename)
+{
+	char *argv[3];
+	int argc = 3;
+
+	argv[0] = strdup("mosquitto_db_dump");
+	argv[1] = strdup("--stats");
+	argv[2] = filename;
+
+	db_dump_fuzz_main(argc, argv);
+
+	free(argv[0]);
+	free(argv[1]);
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+	char filename[100];
+	FILE *fptr;
+
+	snprintf(filename, sizeof(filename), "/tmp/db_dump_stats_%d.db", getpid());
+	fptr = fopen(filename, "wb");
+	if(!fptr) return 1;
+	fwrite(data, 1, size, fptr);
+	fclose(fptr);
+
+	run_db_dump(filename);
+
+	unlink(filename);
+
+	return 0;
+}