FreeRDP
Loading...
Searching...
No Matches
TestFuzzChannelRail.c
1
6#include <stddef.h>
7#include <stdint.h>
8
9#include <winpr/crt.h>
10#include <winpr/stream.h>
11#include <winpr/wlog.h>
12
13#include <freerdp/client/rail.h>
14
15#include "../rail_main.h"
16#include "../rail_orders.h"
17
18int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
19{
20 if (size < 2)
21 return 0;
22 if (size > (1u << 20))
23 return 0;
24
25 int rc = -1;
26 railPlugin* g_rail = (railPlugin*)calloc(1, sizeof(railPlugin));
27 RailClientContext* context = (RailClientContext*)calloc(1, sizeof(RailClientContext));
28 wStream* s = Stream_New(nullptr, size);
29 if (!g_rail || !context || !s)
30 goto fail;
31
32 g_rail->log = WLog_Get("fuzz.rail");
33
34 /* A context is required (handlers bail on nullptr); nullptr callbacks skip dispatch. */
35
36 g_rail->context = context;
37 g_rail->channelEntryPoints.pInterface = context;
38
39 /* rail_order_recv owns and frees the stream (Stream_Free(s, TRUE)); give it an owned copy. */
40
41 Stream_Write(s, data, size);
42 Stream_SealLength(s);
43 if (!Stream_SetPosition(s, 0))
44 goto fail;
45
46 (void)rail_order_recv(g_rail, s);
47 s = nullptr; // Freed up by rail_order_recv
48
49 rc = 0;
50
51fail:
52 Stream_Free(s, TRUE);
53 free(context);
54 free(g_rail);
55 return rc;
56}