FreeRDP
Loading...
Searching...
No Matches
TestFuzzChannelCliprdr.c
1
6#include <stddef.h>
7#include <stdint.h>
8
9#include <winpr/crt.h>
10#include <winpr/stream.h>
11#include <winpr/wlog.h>
12
13#include <freerdp/channels/cliprdr.h>
14
15#include "../../cliprdr_common.h"
16
17static wLog* g_Log = nullptr;
18
19static UINT32 fuzz_stream_len_u32(wStream* s)
20{
21 const size_t remaining = Stream_GetRemainingLength(s);
22 return (remaining > UINT32_MAX) ? UINT32_MAX : (UINT32)remaining;
23}
24
25static void fuzz_format_list(wStream* s, BOOL longNames)
26{
27 CLIPRDR_FORMAT_LIST list = WINPR_C_ARRAY_INIT;
28 list.common.dataLen = fuzz_stream_len_u32(s);
29
30 if (cliprdr_read_format_list(g_Log, s, &list, longNames) == CHANNEL_RC_OK)
31 cliprdr_free_format_list(&list);
32}
33
34static void fuzz_format_data_request(wStream* s)
35{
36 CLIPRDR_FORMAT_DATA_REQUEST request = WINPR_C_ARRAY_INIT;
37 request.common.dataLen = fuzz_stream_len_u32(s);
38 (void)cliprdr_read_format_data_request(s, &request);
39}
40
41static void fuzz_format_data_response(wStream* s)
42{
43 CLIPRDR_FORMAT_DATA_RESPONSE response = WINPR_C_ARRAY_INIT;
44 response.common.dataLen = fuzz_stream_len_u32(s);
45 (void)cliprdr_read_format_data_response(s, &response);
46}
47
48static void fuzz_file_contents_request(wStream* s)
49{
50 CLIPRDR_FILE_CONTENTS_REQUEST request = WINPR_C_ARRAY_INIT;
51 request.common.dataLen = fuzz_stream_len_u32(s);
52 (void)cliprdr_read_file_contents_request(s, &request);
53}
54
55static void fuzz_file_contents_response(wStream* s)
56{
57 CLIPRDR_FILE_CONTENTS_RESPONSE response = WINPR_C_ARRAY_INIT;
58 const UINT32 dataLen = fuzz_stream_len_u32(s);
59
60 response.common.dataLen = (dataLen >= 4) ? dataLen : 4;
61 (void)cliprdr_read_file_contents_response(s, &response);
62}
63
64static void fuzz_unlock(wStream* s)
65{
66 CLIPRDR_UNLOCK_CLIPBOARD_DATA data = WINPR_C_ARRAY_INIT;
67 data.common.dataLen = fuzz_stream_len_u32(s);
68 (void)cliprdr_read_unlock_clipdata(s, &data);
69}
70
71int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
72{
73 if (size < 2)
74 return 0;
75 if (size > (1u << 20))
76 return 0;
77
78 if (!g_Log)
79 g_Log = WLog_Get("fuzz.cliprdr");
80
81 BOOL longNames = (data[1] & 0x1) != 0;
82 const uint8_t* body = data + 2;
83
84 wStream buffer = WINPR_C_ARRAY_INIT;
85 wStream* s = Stream_StaticConstInit(&buffer, body, size - 2);
86 if (!s)
87 return 0;
88
89 switch (data[0] % 6)
90 {
91 case 0:
92 fuzz_format_list(s, longNames);
93 break;
94 case 1:
95 fuzz_format_data_request(s);
96 break;
97 case 2:
98 fuzz_format_data_response(s);
99 break;
100 case 3:
101 fuzz_file_contents_request(s);
102 break;
103 case 4:
104 fuzz_file_contents_response(s);
105 break;
106 case 5:
107 fuzz_unlock(s);
108 break;
109 default:
110 break;
111 }
112
113 return 0;
114}