Move fuzzer-kex initialisation into a constructor function

Hopefully this can avoid hitting AFL timeouts https://github.com/google/oss-fuzz/pull/2474
2025-06-26 18:17:32 +00:00 · 2020-10-29 23:00:52 +08:00 · 2020-10-29 23:00:52 +08:00 · b8352f8164
commit b8352f8164
parent 6aa065b1b4
3 changed files with 65 additions and 72 deletions
--- a/fuzz/fuzzer-kexcurve25519.c
+++ b/fuzz/fuzzer-kexcurve25519.c
@ -6,16 +6,14 @@
 #include "algo.h"
 #include "bignum.h"
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 	static int once = 0;
 static struct key_context* keep_newkeys = NULL;
-	/* number of generated parameters is limited by the timeout for the first run.
+/* An arbitrary limit */
-	   TODO move this to the libfuzzer initialiser function instead if the timeout
+#define NUM_PARAMS 80
 	   doesn't apply there */
 	#define NUM_PARAMS 20
 static struct kex_curve25519_param *curve25519_params[NUM_PARAMS];
-	if (!once) {
+static void setup() __attribute__((constructor));
 // Perform initial setup here to avoid hitting timeouts on first run
 static void setup() {
 	fuzz_common_setup();
 	fuzz_svr_setup();
@ -29,10 +27,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 	for (i = 0; i < NUM_PARAMS; i++) {
 		curve25519_params[i] = gen_kexcurve25519_param();
 	}
 		once = 1;
 }
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 	if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
 		return 0;
 	}
--- a/fuzz/fuzzer-kexdh.c
+++ b/fuzz/fuzzer-kexdh.c
@ -6,16 +6,13 @@
 #include "algo.h"
 #include "bignum.h"
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 	static int once = 0;
 static struct key_context* keep_newkeys = NULL;
-	/* number of generated parameters is limited by the timeout for the first run.
+#define NUM_PARAMS 80
 	   TODO move this to the libfuzzer initialiser function instead if the timeout
 	   doesn't apply there */
 	#define NUM_PARAMS 20
 static struct kex_dh_param *dh_params[NUM_PARAMS];
-	if (!once) {
+static void setup() __attribute__((constructor));
 // Perform initial setup here to avoid hitting timeouts on first run
 static void setup() {
 	fuzz_common_setup();
 	fuzz_svr_setup();
@ -29,10 +26,9 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 	for (i = 0; i < NUM_PARAMS; i++) {
 		dh_params[i] = gen_kexdh_param();
 	}
 		once = 1;
 }
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 	if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
 		return 0;
 	}
--- a/fuzz/fuzzer-kexecdh.c
+++ b/fuzz/fuzzer-kexecdh.c
@ -6,15 +6,15 @@
 #include "algo.h"
 #include "bignum.h"
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 	static int once = 0;
 static const struct dropbear_kex *ecdh[3]; /* 256, 384, 521 */
 static struct key_context* keep_newkeys = NULL;
-	/* number of generated parameters is limited by the timeout for the first run */
+/* number of generated parameters. An arbitrary limit, but will delay startup */
 #define NUM_PARAMS 80
 static struct kex_ecdh_param *ecdh_params[NUM_PARAMS];
-	if (!once) {
+static void setup() __attribute__((constructor));
 // Perform initial setup here to avoid hitting timeouts on first run
 static void setup() {
 	fuzz_common_setup();
 	fuzz_svr_setup();
@ -35,10 +35,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 		ses.newkeys->algo_kex = ecdh[i % 3];
 		ecdh_params[i] = gen_kexecdh_param();
 	}
 		once = 1;
 }
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 	if (fuzz_set_input(Data, Size) == DROPBEAR_FAILURE) {
 		return 0;
 	}