From a5dfc5bae8c16e2a7caf564758d812c7672480b5 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 30 Jan 2021 16:32:29 +1100 Subject: [PATCH] allow a fuzz case to contain more than one request loop until input buffer empty, no message consumed or 256 messages processed --- regress/misc/fuzz-harness/agent_fuzz_helper.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/regress/misc/fuzz-harness/agent_fuzz_helper.c b/regress/misc/fuzz-harness/agent_fuzz_helper.c index 1ea157637..1d419820c 100644 --- a/regress/misc/fuzz-harness/agent_fuzz_helper.c +++ b/regress/misc/fuzz-harness/agent_fuzz_helper.c @@ -147,10 +147,12 @@ reset_sockettab(int devnull) assert(sockets[0].fd == fd); } +#define MAX_MESSAGES 256 void test_one(const uint8_t* s, size_t slen) { static int devnull = -1; + size_t i, olen, nlen; if (devnull == -1) { log_init(__progname, SYSLOG_LEVEL_DEBUG3, @@ -163,7 +165,13 @@ test_one(const uint8_t* s, size_t slen) reset_idtab(); reset_sockettab(devnull); (void)sshbuf_put(sockets[0].input, s, slen); - process_message(0); + for (i = 0; i < MAX_MESSAGES; i++) { + olen = sshbuf_len(sockets[0].input); + process_message(0); + nlen = sshbuf_len(sockets[0].input); + if (nlen == 0 || nlen == olen) + break; + } cleanup_idtab(); cleanup_sockettab(); }