From 00509da286fa4b91b96408b27ff22afc15a4777a Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Fri, 19 Jun 2020 11:34:44 +0200
Subject: [PATCH] fuzz: improves fuzz target applayerparserparse

Does not proceed final chunk if we got an error previously
Flips the direction for last chunk as usual
---
 src/tests/fuzz/fuzz_applayerparserparse.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/tests/fuzz/fuzz_applayerparserparse.c b/src/tests/fuzz/fuzz_applayerparserparse.c
index e91ac4138b..ae9beaaf8c 100644
--- a/src/tests/fuzz/fuzz_applayerparserparse.c
+++ b/src/tests/fuzz/fuzz_applayerparserparse.c
@@ -126,6 +126,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
             free(isolatedBuffer);
             flags &= ~(STREAM_START);
             if (f->alparser && AppLayerParserStateIssetFlag(f->alparser, APP_LAYER_PARSER_EOF)) {
+                //no final chunk
+                alsize = 0;
                 break;
             }
         }
@@ -137,6 +139,15 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
         alnext = memmem(albuffer, alsize, separator, 4);
     }
     if (alsize > 0 ) {
+        if (flip) {
+            flags |= STREAM_TOCLIENT;
+            flags &= ~(STREAM_TOSERVER);
+            flip = 0;
+        } else {
+            flags |= STREAM_TOSERVER;
+            flags &= ~(STREAM_TOCLIENT);
+            flip = 1;
+        }
         flags |= STREAM_EOF;
         isolatedBuffer = malloc(alsize);
         if (isolatedBuffer == NULL) {