fuzz: qpack_decode now checks encoder as well

commit: fe87e498eb03e3794988d8482dbba49b6bda4ad8 [log] [tgz]
author: Alexandre Rebert <alex@forallsecure.com> Wed Nov 13 16:21:58 2019 -0500
committer: Alessandro Ghedini <alessandro@ghedini.me> Tue Nov 26 00:59:48 2019 +0800
tree: 2c9ad8b636c8a3405c2730362b038fab04818d0d
parent: bc410e03a63bce7fdcea8d33e3af7f2d51eebffc [diff]
diff --git a/fuzz/src/qpack_decode.rs b/fuzz/src/qpack_decode.rs
index 50d650c..28266c3 100644
--- a/fuzz/src/qpack_decode.rs
+++ b/fuzz/src/qpack_decode.rs

@@ -3,9 +3,26 @@
 #[macro_use]
 extern crate libfuzzer_sys;
 
+// Fuzzer for qpack codec. Checks that decode(encode(hdrs)) == hdrs. To get the
+// initial hdrs, the fuzzer deserializes the input, and skips inputs where
+// deserialization fails.
+//
+// The fuzzer could have been written to instead check encode(decode(input)) ==
+// input. However, that transformation is not guaranteed to be the identify
+// function, as there are multiple ways the same hdr list could be encoded.
 fuzz_target!(|data: &[u8]| {
-    let mut buf = data.to_vec();
     let mut decoder = quiche::h3::qpack::Decoder::new();
+    let mut encoder = quiche::h3::qpack::Encoder::new();
+    let hdrs = match decoder.decode(&mut data.to_vec(), std::u64::MAX) {
+        Err(_) => return,
+        Ok(hdrs) => hdrs,
+    };
+    let mut encoded_hdrs = vec![0; data.len() * 10 + 1000];
+    let encoded_size = encoder.encode(&hdrs, &mut encoded_hdrs).unwrap();
 
-    decoder.decode(&mut buf, std::u64::MAX).ok();
+    let decoded_hdrs = decoder
+        .decode(&mut encoded_hdrs[..encoded_size], std::u64::MAX)
+        .unwrap();
+
+    assert_eq!(hdrs, decoded_hdrs)
 });
commit	fe87e498eb03e3794988d8482dbba49b6bda4ad8	[log] [tgz]
author	Alexandre Rebert <alex@forallsecure.com>	Wed Nov 13 16:21:58 2019 -0500
committer	Alessandro Ghedini <alessandro@ghedini.me>	Tue Nov 26 00:59:48 2019 +0800
tree	2c9ad8b636c8a3405c2730362b038fab04818d0d
parent	bc410e03a63bce7fdcea8d33e3af7f2d51eebffc [diff]