From 1b91b09802eccb220a7661faca3c245639ab542b Mon Sep 17 00:00:00 2001
From: Kiddo <kiddo.pwn@gmail.com>
Date: Wed, 14 Aug 2024 18:15:28 +0900
Subject: [PATCH] v1.6_develop fuzz integration (#515)

* - FUZZ: add mms related fuzzers

* - FUZZ: add acse parse fuzzer

* - FUZZ: fix incorrect source code name
---
 fuzz/fuzz_acse_parse.c | 14 ++++++++++++++
 fuzz/fuzz_mms_encode.c | 35 +++++++++++++++++++++++++++++++++++
 fuzz/fuzz_mms_print.c  | 30 ++++++++++++++++++++++++++++++
 3 files changed, 79 insertions(+)
 create mode 100644 fuzz/fuzz_acse_parse.c
 create mode 100644 fuzz/fuzz_mms_encode.c
 create mode 100644 fuzz/fuzz_mms_print.c

diff --git a/fuzz/fuzz_acse_parse.c b/fuzz/fuzz_acse_parse.c
new file mode 100644
index 00000000..cf08381e
--- /dev/null
+++ b/fuzz/fuzz_acse_parse.c
@@ -0,0 +1,14 @@
+#include "acse.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    AcseConnection acseConnection;
+    AcseConnection_init(&acseConnection, NULL, NULL, NULL);
+
+    ByteBuffer* acseBuffer = ByteBuffer_create(NULL, size);
+    ByteBuffer_append(acseBuffer, data, size);
+    AcseConnection_parseMessage(&acseConnection, acseBuffer);
+    
+    ByteBuffer_destroy(acseBuffer);
+    return 0;
+}
diff --git a/fuzz/fuzz_mms_encode.c b/fuzz/fuzz_mms_encode.c
new file mode 100644
index 00000000..1a40db3f
--- /dev/null
+++ b/fuzz/fuzz_mms_encode.c
@@ -0,0 +1,35 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "iec61850_server.h"
+#include "hal_thread.h"
+#include "lib_memory.h"
+
+int LLVMFuzzerTestOneInput(const char *data, size_t size) {
+    int out;
+    MmsValue* mmsValue = NULL;
+    mmsValue = MmsValue_decodeMmsData(data, 0, size, &out);
+    if (mmsValue == NULL) {
+        return 0;
+    }
+
+    int dataSize = MmsValue_encodeMmsData(mmsValue, NULL, 0, false);
+    if (dataSize <= 0) {
+        return 0;
+    }
+    
+    uint8_t *mmsBuffer = (uint8_t *)GLOBAL_MALLOC(dataSize);
+    if (mmsBuffer == NULL) {
+        return 0;
+    }
+
+    MmsValue_encodeMmsData(mmsValue, mmsBuffer, 0, true);
+    
+    GLOBAL_FREEMEM(mmsBuffer);
+
+    if (mmsValue != NULL) {
+        MmsValue_delete(mmsValue);
+    }
+
+    return 0;
+}
\ No newline at end of file
diff --git a/fuzz/fuzz_mms_print.c b/fuzz/fuzz_mms_print.c
new file mode 100644
index 00000000..6aa6aa19
--- /dev/null
+++ b/fuzz/fuzz_mms_print.c
@@ -0,0 +1,30 @@
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "iec61850_server.h"
+#include "hal_thread.h"
+
+#define kBufSize 4096
+
+int LLVMFuzzerTestOneInput(const char *data, size_t size) {
+    int out;
+    MmsValue* mmsValue = NULL;
+    mmsValue = MmsValue_decodeMmsData(data, 0, size, &out);
+    if (mmsValue == NULL) {
+        return 0;
+    }
+
+    int dataSize = MmsValue_encodeMmsData(mmsValue, NULL, 0, false);
+    if (dataSize <= 0) {
+        return 0;
+    }
+    
+    char printBuffer[kBufSize];
+    MmsValue_printToBuffer(mmsValue, printBuffer, kBufSize);
+
+    if (mmsValue != NULL) {
+        MmsValue_delete(mmsValue);
+    }
+
+    return 0;
+}
\ No newline at end of file