FreeRDP
Loading...
Searching...
No Matches
TestFuzzChannelCliprdr.c
1
6#include <stddef.h>
7#include <stdint.h>
8
9#include <winpr/crt.h>
10#include <winpr/stream.h>
11#include <winpr/wlog.h>
12
13#include <freerdp/channels/cliprdr.h>
14
15#include "../../cliprdr_common.h"
16
17static wLog* g_Log = nullptr;
18
19static UINT32 fuzz_stream_len_u32(wStream* s)
20{
21 const size_t remaining = Stream_GetRemainingLength(s);
22 return (remaining > UINT32_MAX) ? UINT32_MAX : (UINT32)remaining;
23}
24
25static void fuzz_format_list(wStream* s, BOOL longNames)
26{
27 CLIPRDR_FORMAT_LIST list = WINPR_C_ARRAY_INIT;
28 list.common.dataLen = fuzz_stream_len_u32(s);
29
30 if (cliprdr_read_format_list(g_Log, s, &list, longNames) == CHANNEL_RC_OK)
31 cliprdr_free_format_list(&list);
32}
33
34static void fuzz_format_data_request(wStream* s)
35{
36 CLIPRDR_FORMAT_DATA_REQUEST request = WINPR_C_ARRAY_INIT;
37 request.common.dataLen = fuzz_stream_len_u32(s);
38 (void)cliprdr_read_format_data_request(s, &request);
39}
40
41static void fuzz_format_data_response(wStream* s)
42{
43 CLIPRDR_FORMAT_DATA_RESPONSE response = WINPR_C_ARRAY_INIT;
44 response.common.dataLen = fuzz_stream_len_u32(s);
45 (void)cliprdr_read_format_data_response(s, &response);
46}
47
48static void fuzz_file_contents_request(wStream* s)
49{
50 CLIPRDR_FILE_CONTENTS_REQUEST request = WINPR_C_ARRAY_INIT;
51 request.common.dataLen = fuzz_stream_len_u32(s);
52 (void)cliprdr_read_file_contents_request(s, &request);
53}
54
55static void fuzz_file_contents_response(wStream* s)
56{
57 CLIPRDR_FILE_CONTENTS_RESPONSE response = WINPR_C_ARRAY_INIT;
58 const UINT32 dataLen = fuzz_stream_len_u32(s);
59
60 response.common.dataLen = (dataLen >= 4) ? dataLen : 4;
61 (void)cliprdr_read_file_contents_response(s, &response);
62}
63
64static void fuzz_unlock(wStream* s)
65{
66 CLIPRDR_UNLOCK_CLIPBOARD_DATA data = WINPR_C_ARRAY_INIT;
67 data.common.dataLen = fuzz_stream_len_u32(s);
68 (void)cliprdr_read_unlock_clipdata(s, &data);
69}
70
71int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
72{
73 if (size < 2)
74 return 0;
75 if (size > (1u << 20))
76 return 0;
77
78 if (!g_Log)
79 g_Log = WLog_Get("fuzz.cliprdr");
80
81 BOOL longNames = (data[1] & 0x1) != 0;
82 const uint8_t* body = data + 2;
83 wStream* s = Stream_New((BYTE*)body, size - 2);
84 if (!s)
85 return 0;
86
87 switch (data[0] % 6)
88 {
89 case 0:
90 fuzz_format_list(s, longNames);
91 break;
92 case 1:
93 fuzz_format_data_request(s);
94 break;
95 case 2:
96 fuzz_format_data_response(s);
97 break;
98 case 3:
99 fuzz_file_contents_request(s);
100 break;
101 case 4:
102 fuzz_file_contents_response(s);
103 break;
104 case 5:
105 fuzz_unlock(s);
106 break;
107 default:
108 break;
109 }
110
111 Stream_Free(s, FALSE);
112 return 0;
113}
CLIPRDR_FILE_CONTENTS_REQUEST
Definition channels/cliprdr.h:187
CLIPRDR_FILE_CONTENTS_RESPONSE
Definition channels/cliprdr.h:201
CLIPRDR_FORMAT_DATA_REQUEST
Definition channels/cliprdr.h:173
CLIPRDR_FORMAT_DATA_RESPONSE
Definition channels/cliprdr.h:180
CLIPRDR_FORMAT_LIST
Definition channels/cliprdr.h:146
CLIPRDR_UNLOCK_CLIPBOARD_DATA
Definition channels/cliprdr.h:166