fuzz: qpack_decode now checks encoder as well
diff --git a/fuzz/src/qpack_decode.rs b/fuzz/src/qpack_decode.rs
index 50d650c..28266c3 100644
--- a/fuzz/src/qpack_decode.rs
+++ b/fuzz/src/qpack_decode.rs
@@ -3,9 +3,26 @@
#[macro_use]
extern crate libfuzzer_sys;
+// Fuzzer for qpack codec. Checks that decode(encode(hdrs)) == hdrs. To get the
+// initial hdrs, the fuzzer deserializes the input, and skips inputs where
+// deserialization fails.
+//
+// The fuzzer could have been written to instead check encode(decode(input)) ==
+// input. However, that transformation is not guaranteed to be the identify
+// function, as there are multiple ways the same hdr list could be encoded.
fuzz_target!(|data: &[u8]| {
- let mut buf = data.to_vec();
let mut decoder = quiche::h3::qpack::Decoder::new();
+ let mut encoder = quiche::h3::qpack::Encoder::new();
+ let hdrs = match decoder.decode(&mut data.to_vec(), std::u64::MAX) {
+ Err(_) => return,
+ Ok(hdrs) => hdrs,
+ };
+ let mut encoded_hdrs = vec![0; data.len() * 10 + 1000];
+ let encoded_size = encoder.encode(&hdrs, &mut encoded_hdrs).unwrap();
- decoder.decode(&mut buf, std::u64::MAX).ok();
+ let decoded_hdrs = decoder
+ .decode(&mut encoded_hdrs[..encoded_size], std::u64::MAX)
+ .unwrap();
+
+ assert_eq!(hdrs, decoded_hdrs)
});