1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
/******************************************************************************
**
** Copyright (C) 2019 The Qt Company Ltd.
** Contact: https://www.qt.io/licensing/
**
** This file is part of the QtMqtt module.
**
** $QT_BEGIN_LICENSE:GPL-EXCEPT$
** Commercial License Usage
** Licensees holding valid commercial Qt licenses may use this file in
** accordance with the commercial license agreement provided with the
** Software or, alternatively, in accordance with the terms contained in
** a written agreement between you and The Qt Company. For licensing terms
** and conditions see https://www.qt.io/terms-conditions. For further
** information use the contact form at https://www.qt.io/contact-us.
**
** GNU General Public License Usage
** Alternatively, this file may be used under the terms of the GNU
** General Public License version 3 as published by the Free Software
** Foundation with exceptions as appearing in the file LICENSE.GPL3-EXCEPT
** included in the packaging of this file. Please review the following
** information to ensure the GNU General Public License requirements will
** be met: https://www.gnu.org/licenses/gpl-3.0.html.
**
** $QT_END_LICENSE$
**
******************************************************************************/
#include <QtMqtt/private/qmqttcontrolpacket_p.h>
#include <QtMqtt>
#include <QtTest>
#include <QtCore>
Q_DECLARE_METATYPE(QMqttSubscription::SubscriptionState)
class FakeServer : public QIODevice
{
Q_OBJECT
public:
explicit FakeServer(QObject *parent);
qint64 readData(char *data, qint64 maxlen) override;
qint64 writeData(const char *data, qint64 len) override;
int m_messageState{0};
QByteArray m_readBuffer;
};
FakeServer::FakeServer(QObject *parent)
: QIODevice(parent)
{
m_messageState = 0;
open(QIODevice::ReadWrite | QIODevice::Unbuffered);
}
qint64 FakeServer::readData(char *data, qint64 maxlen)
{
const qint64 dataToWrite = qMax<qint64>(0, qMin<qint64>(maxlen, m_readBuffer.size()));
memcpy(data, m_readBuffer.constData(), static_cast<size_t>(dataToWrite));
m_readBuffer = m_readBuffer.mid(static_cast<int>(dataToWrite));
return dataToWrite;
}
void bufferAppend(QByteArray &buffer, quint16 value)
{
const quint16 msb = qToBigEndian<quint16>(value);
const char * msb_c = reinterpret_cast<const char*>(&msb);
buffer.append(msb_c, 2);
}
qint64 FakeServer::writeData(const char *data, qint64 len)
{
if (m_messageState == 0) { // Received CONNECT
QByteArray response;
response += 0x20;
response += quint8(2); // Payload size
response += char(0); // ackFlags
response += char(0); // result
m_readBuffer = response;
emit readyRead();
m_messageState = 1;
} else if (m_messageState == 1) { // Received SUBSCRIBE
// Byte 0 == 0x82 (0x80 SUBSCRIBE 0x02 standard)
quint8 msg = reinterpret_cast<const quint8 *>(data)[0];
if (msg != quint8(0x82))
qFatal("Expected subscribe message");
// Byte 1+2 == ID
const quint16 id_big = *reinterpret_cast<const quint16 *>(&data[2]);
const quint16 id = qFromBigEndian<quint16>(id_big);
QMqttControlPacket packet(QMqttControlPacket::SUBACK);
packet.append(id);
const quint8 qosLevel = 1;
packet.append(static_cast<char>(qosLevel));
m_readBuffer = packet.serialize();
// We need to be async to have QMqttConnection prepare its internals
QMetaObject::invokeMethod(this, "readyRead", Qt::QueuedConnection);
m_messageState = 2;
}
// Ignore any follow up data
return len;
}
extern "C" int LLVMFuzzerTestOneInput(const char *Data, size_t Size)
{
static int argc = 1;
static char *argv_1[] = {qstrdup("fuzzprepare")};
static char **argv = argv_1;
static QCoreApplication a(argc, argv);
FakeServer serv(&a);
QMqttClient client;
client.setHostname(QLatin1String("localhost"));
client.setPort(1883);
client.setTransport(&serv, QMqttClient::IODevice);
client.connectToHost();
QSignalSpy spy(&client, &QMqttClient::connected);
spy.wait(5);
if (client.state() != QMqttClient::Connected) {
qFatal("Not able to run test propertly");
return -1;
}
auto sub = client.subscribe(QLatin1String("a"), 1);
qRegisterMetaType<QMqttSubscription::SubscriptionState>("SubscriptionState");
QSignalSpy subSpy(sub, &QMqttSubscription::stateChanged);
spy.wait(5);
if (sub->state() != QMqttSubscription::Subscribed)
spy.wait(10);
if (sub->state() != QMqttSubscription::Subscribed)
qFatal("Could not subscribe");
serv.m_readBuffer = QByteArray(Data, static_cast<int>(Size));
QMetaObject::invokeMethod(&serv, "readyRead");
QCoreApplication::processEvents();
return 0;
}
#include "main.moc"
|
