Add fuzzing tests

2026-04-27 02:16:29 +03:00 · 2022-12-27 09:17:19 +00:00
parent 1e351bd05f
commit 4a982fe632
11 changed files with 3573 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@
 - Don't parse the message again after detached signatures validation #3862
 - Move format=flowed support to a separate crate #3869
 - cargo: bump quick-xml from 0.23.0 to 0.26.0 #3722
+- Add fuzzing tests #3853

 ### API-Changes
 - jsonrpc: add python API for webxdc updates #3872
--- a/README.md
+++ b/README.md
@@ -115,6 +115,29 @@ use the `--ignored` argument to the test binary (not to cargo itself):
 $ cargo test -- --ignored
 ```

+### Fuzzing
+
+Install [`cargo-bolero`](https://github.com/camshaft/bolero) with
+```sh
+$ cargo install cargo-bolero
+```
+
+Run fuzzing tests with
+```sh
+$ cd fuzz
+$ cargo bolero test fuzz_mailparse --release=false -s NONE
+```
+
+Corpus is created at `fuzz/fuzz_targets/corpus`,
+you can add initial inputs there.
+For `fuzz_mailparse` target corpus can be populated with
+`../test-data/message/*.eml`.
+
+To run with AFL instead of libFuzzer:
+```sh
+$ cargo bolero test fuzz_format_flowed --release=false -e afl -s NONE
+```
+
 ## Features

 - `vendored`: When using Openssl for TLS, this bundles a vendored version.
--- a/format-flowed/src/lib.rs
+++ b/format-flowed/src/lib.rs
@@ -182,6 +182,12 @@ mod tests {

        let text = "   Foo bar baz";
        assert_eq!(format_flowed(text), "    Foo bar baz");
+
+        let text =
+            "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA";
+        let expected =
+            "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA \r\nAAAAAA";
+        assert_eq!(format_flowed(text), expected);
    }

    #[test]
--- a/fuzz/Cargo.lock
+++ b/fuzz/Cargo.lock
--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@@ -0,0 +1,36 @@
+[package]
+name = "deltachat-fuzz"
+version = "0.0.0"
+publish = false
+edition = "2021"
+
+[dev-dependencies]
+bolero = "0.8"
+
+[dependencies]
+mailparse = "0.13"
+deltachat = { path = ".." }
+format-flowed = { path = "../format-flowed" }
+
+[workspace]
+members = ["."]
+
+[[test]]
+name = "fuzz_dateparse"
+path = "fuzz_targets/fuzz_dateparse.rs"
+harness = false
+
+[[test]]
+name = "fuzz_simplify"
+path = "fuzz_targets/fuzz_simplify.rs"
+harness = false
+
+[[test]]
+name = "fuzz_mailparse"
+path = "fuzz_targets/fuzz_mailparse.rs"
+harness = false
+
+[[test]]
+name = "fuzz_format_flowed"
+path = "fuzz_targets/fuzz_format_flowed.rs"
+harness = false
--- a/fuzz/fuzz_targets/fuzz_dateparse.rs
+++ b/fuzz/fuzz_targets/fuzz_dateparse.rs
@@ -0,0 +1,10 @@
+use bolero::check;
+
+fn main() {
+    check!().for_each(|data: &[u8]| match std::str::from_utf8(data) {
+        Ok(input) => {
+            mailparse::dateparse(input).ok();
+        }
+        Err(_err) => {}
+    });
+}
--- a/fuzz/fuzz_targets/fuzz_format_flowed.rs
+++ b/fuzz/fuzz_targets/fuzz_format_flowed.rs
@@ -0,0 +1,25 @@
+use bolero::check;
+use format_flowed::{format_flowed, unformat_flowed};
+
+fn round_trip(input: &str) -> String {
+    let mut input = format_flowed(input);
+    input.retain(|c| c != '\r');
+    unformat_flowed(&input, false)
+}
+
+fn main() {
+    check!().for_each(|data: &[u8]| {
+        if let Ok(input) = std::str::from_utf8(data.into()) {
+            let mut input = input.to_string();
+
+            // Only consider inputs that don't contain quotes.
+            input.retain(|c| c != '>');
+
+            // Only consider inputs that are the result of unformatting format=flowed text.
+            // At least this means that lines don't contain any trailing whitespace.
+            let input = round_trip(&input);
+            let output = round_trip(&input);
+            assert_eq!(input, output);
+        }
+    });
+}
--- a/fuzz/fuzz_targets/fuzz_mailparse.rs
+++ b/fuzz/fuzz_targets/fuzz_mailparse.rs
@@ -0,0 +1,7 @@
+use bolero::check;
+
+fn main() {
+    check!().for_each(|data: &[u8]| {
+        mailparse::parse_mail(data).ok();
+    });
+}
--- a/fuzz/fuzz_targets/fuzz_simplify.rs
+++ b/fuzz/fuzz_targets/fuzz_simplify.rs
@@ -0,0 +1,13 @@
+use bolero::check;
+
+use deltachat::fuzzing::simplify;
+
+fn main() {
+    check!().for_each(|data: &[u8]| match String::from_utf8(data.to_vec()) {
+        Ok(input) => {
+            simplify(input.clone(), true);
+            simplify(input, false);
+        }
+        Err(_err) => {}
+    });
+}
--- a/src/fuzzing.rs
+++ b/src/fuzzing.rs
@@ -0,0 +1,8 @@
+/// Fuzzing target for simplify().
+///
+/// Calls simplify() and panics if simplify() panics.
+/// Does not return any vaule to avoid exposing internal crate types.
+#[cfg(fuzzing)]
+pub fn simplify(mut input: String, is_chat_message: bool) {
+    crate::simplify::simplify(input, is_chat_message);
+}
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -117,3 +117,6 @@ pub const DCC_MIME_DEBUG: &str = "DCC_MIME_DEBUG";
 mod test_utils;
 #[cfg(test)]
 mod tests;
+
+#[cfg(fuzzing)]
+pub mod fuzzing;