From adb62e97ffe10d00be1f6fa0744d568cbda631c9 Mon Sep 17 00:00:00 2001
From: Alex Chernyakhovsky <alex@achernya.com>
Date: Mon, 30 May 2022 20:01:52 -0400
Subject: [PATCH] Add fuzzer for the terminal

This commit adds a fuzzer for more of the terminal pipeline, adding
coverage for the input and output portions of the terminal
framebuffer.
---
 src/fuzz/Makefile.am                           |   6 +++++-
 .../3769c52698d426976ee402b9dbc3c2a7bd5e5485   | Bin 0 -> 128 bytes
 .../3a52ce780950d4d969792a2559cd519d7ee8c727   |   1 +
 .../3facad9d449f8b10a2d18ef821325639214afc3c   | Bin 0 -> 33 bytes
 .../433f367f36f48f78570c2013fef7a4f4b52b7c0c   |   1 +
 .../5ba93c9db0cff93f52b521d7420e43f6eda2784f   | Bin 0 -> 1 bytes
 .../64b6cc492319c39d017963ee8f5863520eb7b6b9   | Bin 0 -> 129 bytes
 .../7c4d33785daa5c2370201ffa236b427aa37c9996   |   1 +
 .../7fff5c5bdfcaecbe749a7eda1f831a4b0ac6c285   | Bin 0 -> 5 bytes
 .../94fc46a4dd7043c8a22bc85f24aafdf0bc963125   | Bin 0 -> 4 bytes
 .../9a78211436f6d425ec38f5c4e02270801f3524f8   |   1 +
 .../a70a7fcfa8e88039504b6a798314285419f51e16   |   3 +++
 .../adc83b19e793491b1c6ea0fd8b46cd9f32e592fc   |   1 +
 .../bf72240ede73688a77e62c38b4a112f15cb61802   | Bin 0 -> 17 bytes
 .../c822a8bc8c7d9f938990c2bfd0b24fd9d48af917   | Bin 0 -> 8 bytes
 .../e0d3c08cb28736844512c52dc05fa4e4efd91490   |   2 ++
 .../f195c020a28dfc5f2fb6af256b524ddcd93756ed   |   1 +
 src/fuzz/terminal_fuzzer.cc                    |  17 +++++++++++++++++
 18 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 src/fuzz/terminal_corpus/3769c52698d426976ee402b9dbc3c2a7bd5e5485
 create mode 100644 src/fuzz/terminal_corpus/3a52ce780950d4d969792a2559cd519d7ee8c727
 create mode 100644 src/fuzz/terminal_corpus/3facad9d449f8b10a2d18ef821325639214afc3c
 create mode 100644 src/fuzz/terminal_corpus/433f367f36f48f78570c2013fef7a4f4b52b7c0c
 create mode 100644 src/fuzz/terminal_corpus/5ba93c9db0cff93f52b521d7420e43f6eda2784f
 create mode 100644 src/fuzz/terminal_corpus/64b6cc492319c39d017963ee8f5863520eb7b6b9
 create mode 100644 src/fuzz/terminal_corpus/7c4d33785daa5c2370201ffa236b427aa37c9996
 create mode 100644 src/fuzz/terminal_corpus/7fff5c5bdfcaecbe749a7eda1f831a4b0ac6c285
 create mode 100644 src/fuzz/terminal_corpus/94fc46a4dd7043c8a22bc85f24aafdf0bc963125
 create mode 100644 src/fuzz/terminal_corpus/9a78211436f6d425ec38f5c4e02270801f3524f8
 create mode 100644 src/fuzz/terminal_corpus/a70a7fcfa8e88039504b6a798314285419f51e16
 create mode 100644 src/fuzz/terminal_corpus/adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
 create mode 100644 src/fuzz/terminal_corpus/bf72240ede73688a77e62c38b4a112f15cb61802
 create mode 100644 src/fuzz/terminal_corpus/c822a8bc8c7d9f938990c2bfd0b24fd9d48af917
 create mode 100644 src/fuzz/terminal_corpus/e0d3c08cb28736844512c52dc05fa4e4efd91490
 create mode 100644 src/fuzz/terminal_corpus/f195c020a28dfc5f2fb6af256b524ddcd93756ed
 create mode 100644 src/fuzz/terminal_fuzzer.cc

diff --git a/src/fuzz/Makefile.am b/src/fuzz/Makefile.am
index af220f1..8dccf7a 100644
--- a/src/fuzz/Makefile.am
+++ b/src/fuzz/Makefile.am
@@ -1,7 +1,11 @@
 AM_CXXFLAGS = $(WARNING_CXXFLAGS) $(PICKY_CXXFLAGS) $(HARDEN_CFLAGS) $(MISC_CXXFLAGS) $(CODE_COVERAGE_CXXFLAGS) $(FUZZING_CFLAGS)
 
-noinst_PROGRAMS = terminal_parser_fuzzer
+noinst_PROGRAMS = terminal_parser_fuzzer terminal_fuzzer
 
 terminal_parser_fuzzer_CPPFLAGS = -I$(srcdir)/../terminal -I$(srcdir)/../util
 terminal_parser_fuzzer_LDADD = ../terminal/libmoshterminal.a ../util/libmoshutil.a
 terminal_parser_fuzzer_SOURCES = terminal_parser_fuzzer.cc
+
+terminal_fuzzer_CPPFLAGS = -I$(srcdir)/../terminal -I$(srcdir)/../util -I$(srcdir)/../statesync -I../protobufs
+terminal_fuzzer_LDADD = ../terminal/libmoshterminal.a ../util/libmoshutil.a ../statesync/libmoshstatesync.a ../protobufs/libmoshprotos.a $(TINFO_LIBS) $(protobuf_LIBS)
+terminal_fuzzer_SOURCES = terminal_fuzzer.cc
diff --git a/src/fuzz/terminal_corpus/3769c52698d426976ee402b9dbc3c2a7bd5e5485 b/src/fuzz/terminal_corpus/3769c52698d426976ee402b9dbc3c2a7bd5e5485
new file mode 100644
index 0000000000000000000000000000000000000000..9397a72469d7282459a9986485690c8094b6b8b5
GIT binary patch
literal 128
zcmXX;u?@g53}VT`&>yNu8FGRr9_jxlbab&(7QhDh4BQx^NUbbfF@g3LlN)wCBrTw0
d#hHBt0xfhb72!f>^Ie`JQ|Ym4_<@@I@d3rE8KM9H

literal 0
HcmV?d00001

diff --git a/src/fuzz/terminal_corpus/3a52ce780950d4d969792a2559cd519d7ee8c727 b/src/fuzz/terminal_corpus/3a52ce780950d4d969792a2559cd519d7ee8c727
new file mode 100644
index 0000000..945c9b4
--- /dev/null
+++ b/src/fuzz/terminal_corpus/3a52ce780950d4d969792a2559cd519d7ee8c727
@@ -0,0 +1 @@
+.
\ No newline at end of file
diff --git a/src/fuzz/terminal_corpus/3facad9d449f8b10a2d18ef821325639214afc3c b/src/fuzz/terminal_corpus/3facad9d449f8b10a2d18ef821325639214afc3c
new file mode 100644
index 0000000000000000000000000000000000000000..a5b7543990f59cf62740c9bac41ffadbfc3ce182
GIT binary patch
literal 33
jcmZRu|No!M;lCCG1A`R<0~ZiDaDg}sTn<)10R{#De!~St

literal 0
HcmV?d00001

diff --git a/src/fuzz/terminal_corpus/433f367f36f48f78570c2013fef7a4f4b52b7c0c b/src/fuzz/terminal_corpus/433f367f36f48f78570c2013fef7a4f4b52b7c0c
new file mode 100644
index 0000000..09f34bd
--- /dev/null
+++ b/src/fuzz/terminal_corpus/433f367f36f48f78570c2013fef7a4f4b52b7c0c
@@ -0,0 +1 @@
+&ÿÿÿÿÿ:#
\ No newline at end of file
diff --git a/src/fuzz/terminal_corpus/5ba93c9db0cff93f52b521d7420e43f6eda2784f b/src/fuzz/terminal_corpus/5ba93c9db0cff93f52b521d7420e43f6eda2784f
new file mode 100644
index 0000000000000000000000000000000000000000..f76dd238ade08917e6712764a16a22005a50573d
GIT binary patch
literal 1
IcmZPo000310RR91

literal 0
HcmV?d00001

diff --git a/src/fuzz/terminal_corpus/64b6cc492319c39d017963ee8f5863520eb7b6b9 b/src/fuzz/terminal_corpus/64b6cc492319c39d017963ee8f5863520eb7b6b9
new file mode 100644
index 0000000000000000000000000000000000000000..8405e1533167a7cb61bcc03936303f9f1e2a216d
GIT binary patch
literal 129
zcmbV@u?+wq5CW+wT*BlFN3df5g)9+u11W%z18T#rHakhFfFwmBHoI@J*CWnq2S)gT
MD7TFMkSZr&14XGtkN^Mx

literal 0
HcmV?d00001

diff --git a/src/fuzz/terminal_corpus/7c4d33785daa5c2370201ffa236b427aa37c9996 b/src/fuzz/terminal_corpus/7c4d33785daa5c2370201ffa236b427aa37c9996
new file mode 100644
index 0000000..00b15c0
--- /dev/null
+++ b/src/fuzz/terminal_corpus/7c4d33785daa5c2370201ffa236b427aa37c9996
@@ -0,0 +1 @@
+&
\ No newline at end of file
diff --git a/src/fuzz/terminal_corpus/7fff5c5bdfcaecbe749a7eda1f831a4b0ac6c285 b/src/fuzz/terminal_corpus/7fff5c5bdfcaecbe749a7eda1f831a4b0ac6c285
new file mode 100644
index 0000000000000000000000000000000000000000..2c99af55fc81581f75fab0b924032caabbfa39f8
GIT binary patch
literal 5
Mcmd<mVqjnZ007?rH2?qr

literal 0
HcmV?d00001

diff --git a/src/fuzz/terminal_corpus/94fc46a4dd7043c8a22bc85f24aafdf0bc963125 b/src/fuzz/terminal_corpus/94fc46a4dd7043c8a22bc85f24aafdf0bc963125
new file mode 100644
index 0000000000000000000000000000000000000000..7933d3b385cf522e109cdf4b552458c83f59233f
GIT binary patch
literal 4
LcmdO5U{C`90MY<a

literal 0
HcmV?d00001

diff --git a/src/fuzz/terminal_corpus/9a78211436f6d425ec38f5c4e02270801f3524f8 b/src/fuzz/terminal_corpus/9a78211436f6d425ec38f5c4e02270801f3524f8
new file mode 100644
index 0000000..b516b2c
--- /dev/null
+++ b/src/fuzz/terminal_corpus/9a78211436f6d425ec38f5c4e02270801f3524f8
@@ -0,0 +1 @@
+@
\ No newline at end of file
diff --git a/src/fuzz/terminal_corpus/a70a7fcfa8e88039504b6a798314285419f51e16 b/src/fuzz/terminal_corpus/a70a7fcfa8e88039504b6a798314285419f51e16
new file mode 100644
index 0000000..25fedb2
--- /dev/null
+++ b/src/fuzz/terminal_corpus/a70a7fcfa8e88039504b6a798314285419f51e16
@@ -0,0 +1,3 @@
+
+
+@
\ No newline at end of file
diff --git a/src/fuzz/terminal_corpus/adc83b19e793491b1c6ea0fd8b46cd9f32e592fc b/src/fuzz/terminal_corpus/adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
new file mode 100644
index 0000000..8b13789
--- /dev/null
+++ b/src/fuzz/terminal_corpus/adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
@@ -0,0 +1 @@
+
diff --git a/src/fuzz/terminal_corpus/bf72240ede73688a77e62c38b4a112f15cb61802 b/src/fuzz/terminal_corpus/bf72240ede73688a77e62c38b4a112f15cb61802
new file mode 100644
index 0000000000000000000000000000000000000000..103e679dd3b02f6de1f14fec5f6a71e261304e23
GIT binary patch
literal 17
Xcmeya#%HC>#pS@j<?#PMkjVf5Dl`O;

literal 0
HcmV?d00001

diff --git a/src/fuzz/terminal_corpus/c822a8bc8c7d9f938990c2bfd0b24fd9d48af917 b/src/fuzz/terminal_corpus/c822a8bc8c7d9f938990c2bfd0b24fd9d48af917
new file mode 100644
index 0000000000000000000000000000000000000000..67cf503e56cd9bc03fe94ff62ee797c4b03cd7c1
GIT binary patch
literal 8
Pcmd<$;&O0MV_*OP1B?L0

literal 0
HcmV?d00001

diff --git a/src/fuzz/terminal_corpus/e0d3c08cb28736844512c52dc05fa4e4efd91490 b/src/fuzz/terminal_corpus/e0d3c08cb28736844512c52dc05fa4e4efd91490
new file mode 100644
index 0000000..85a0e06
--- /dev/null
+++ b/src/fuzz/terminal_corpus/e0d3c08cb28736844512c52dc05fa4e4efd91490
@@ -0,0 +1,2 @@
+
+@
\ No newline at end of file
diff --git a/src/fuzz/terminal_corpus/f195c020a28dfc5f2fb6af256b524ddcd93756ed b/src/fuzz/terminal_corpus/f195c020a28dfc5f2fb6af256b524ddcd93756ed
new file mode 100644
index 0000000..b1d81e7
--- /dev/null
+++ b/src/fuzz/terminal_corpus/f195c020a28dfc5f2fb6af256b524ddcd93756ed
@@ -0,0 +1 @@
+Ÿ
\ No newline at end of file
diff --git a/src/fuzz/terminal_fuzzer.cc b/src/fuzz/terminal_fuzzer.cc
new file mode 100644
index 0000000..e3506f8
--- /dev/null
+++ b/src/fuzz/terminal_fuzzer.cc
@@ -0,0 +1,17 @@
+#include <cstddef>
+#include <cstdint>
+
+#include "parser.h"
+#include "completeterminal.h"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+  Terminal::Display display(false);
+  Terminal::Complete complete(80, 24);
+  Terminal::Framebuffer state(80, 24);
+  for (size_t i = 0; i < size; i++) {
+    complete.act(Parser::UserByte(data[i]));
+  }
+  display.new_frame(true, state, complete.get_fb());
+  
+  return 0;
+}