fuzz: Provide correct length to assist fuzzer for v2 transport

dhruv · dhruv · commit c0c1ee958a2e · 2021-11-23T12:14:59.000-08:00
before commit:
121493 REDUCE cov: 1744 ft: 2328 corp: 30/9789b lim: 976 exec/s: 979 rss: 443Mb L: 733/779

after commit:
121218 REDUCE cov: 1889 ft: 2574 corp: 36/2305b lim: 877 exec/s: 939 rss: 442Mb L: 345/345
diff --git a/src/test/fuzz/p2p_v2_transport_serialization.cpp b/src/test/fuzz/p2p_v2_transport_serialization.cpp
@@ -2,10 +2,12 @@
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
+#include <compat/endian.h>
 #include <crypto/chacha_poly_aead.h>
 #include <key.h>
 #include <net.h>
 #include <netmessagemaker.h>
+#include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 
 #include <cassert>
@@ -18,9 +20,20 @@ FUZZ_TARGET(p2p_v2_transport_serialization)
     // Construct deserializer, with a dummy NodeId
     V2TransportDeserializer deserializer{(NodeId)0, k1, k2};
     V2TransportSerializer serializer{k1, k2};
+    FuzzedDataProvider fuzzed_data_provider{buffer.data(), buffer.size()};
 
-    while (buffer.size() > 0) {
-        const int handled = deserializer.Read(buffer);
+    bool length_assist = fuzzed_data_provider.ConsumeBool();
+    auto payload_bytes = fuzzed_data_provider.ConsumeRemainingBytes<uint8_t>();
+
+    if (length_assist && payload_bytes.size() >= CHACHA20_POLY1305_AEAD_AAD_LEN + CHACHA20_POLY1305_AEAD_TAG_LEN) {
+        uint32_t packet_length = payload_bytes.size() - CHACHA20_POLY1305_AEAD_AAD_LEN - CHACHA20_POLY1305_AEAD_TAG_LEN;
+        packet_length = htole32(packet_length);
+        memcpy(payload_bytes.data(), &packet_length, 3);
+    }
+
+    Span<const uint8_t> msg_bytes{payload_bytes};
+    while (msg_bytes.size() > 0) {
+        const int handled = deserializer.Read(msg_bytes);
         if (handled < 0) {
             break;
         }
