fuzz: do not use timestamps at the end of times

so as not to have integer overflows
3 years ago · a58ffe5b3e
parent 190c945e67
commit a58ffe5b3e
3 changed files with 21 additions and 0 deletions
--- a/src/tests/fuzz/fuzz_predefpcap_aware.c
+++ b/src/tests/fuzz/fuzz_predefpcap_aware.c
@ -117,6 +117,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
    // loop over packets
    r = FPC_next(&pkts, &header, &pkt);
    p = PacketGetFromAlloc();
+    if (header.ts.tv_sec >= INT_MAX - 3600) {
+        goto bail;
+    }
    p->ts.tv_sec = header.ts.tv_sec;
    p->ts.tv_usec = header.ts.tv_usec % 1000000;
    p->datalink = pkts.datalink;
@ -140,6 +143,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
            }
        }
        r = FPC_next(&pkts, &header, &pkt);
+        if (header.ts.tv_sec >= INT_MAX - 3600) {
+            goto bail;
+        }
        PacketRecycle(p);
        p->ts.tv_sec = header.ts.tv_sec;
        p->ts.tv_usec = header.ts.tv_usec % 1000000;
@ -147,6 +153,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
        pcap_cnt++;
        p->pcap_cnt = pcap_cnt;
    }
+bail:
    PacketFree(p);
    FlowReset();

--- a/src/tests/fuzz/fuzz_sigpcap.c
+++ b/src/tests/fuzz/fuzz_sigpcap.c
@ -160,6 +160,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
    //loop over packets
    r = pcap_next_ex(pkts, &header, &pkt);
    p = PacketGetFromAlloc();
+    if (header->ts.tv_sec >= INT_MAX - 3600) {
+        goto bail;
+    }
    p->ts.tv_sec = header->ts.tv_sec;
    p->ts.tv_usec = header->ts.tv_usec % 1000000;
    p->datalink = pcap_datalink(pkts);
@ -184,6 +187,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
            }
        }
        r = pcap_next_ex(pkts, &header, &pkt);
+        if (header->ts.tv_sec >= INT_MAX - 3600) {
+            goto bail;
+        }
        PacketRecycle(p);
        p->ts.tv_sec = header->ts.tv_sec;
        p->ts.tv_usec = header->ts.tv_usec % 1000000;
@ -192,6 +198,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
        pcap_cnt++;
        p->pcap_cnt = pcap_cnt;
    }
+bail:
    //close structure
    pcap_close(pkts);
    PacketFree(p);
--- a/src/tests/fuzz/fuzz_sigpcap_aware.c
+++ b/src/tests/fuzz/fuzz_sigpcap_aware.c
@ -157,6 +157,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
    // loop over packets
    r = FPC_next(&pkts, &header, &pkt);
    p = PacketGetFromAlloc();
+    if (header.ts.tv_sec >= INT_MAX - 3600) {
+        goto bail;
+    }
    p->pkt_src = PKT_SRC_WIRE;
    p->ts.tv_sec = header.ts.tv_sec;
    p->ts.tv_usec = header.ts.tv_usec % 1000000;
@ -181,6 +184,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
            }
        }
        r = FPC_next(&pkts, &header, &pkt);
+        if (header.ts.tv_sec >= INT_MAX - 3600) {
+            goto bail;
+        }
        PacketRecycle(p);
        p->pkt_src = PKT_SRC_WIRE;
        p->ts.tv_sec = header.ts.tv_sec;
@ -189,6 +195,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
        pcap_cnt++;
        p->pcap_cnt = pcap_cnt;
    }
+bail:
    PacketFree(p);
    FlowReset();