test: Experiment with cargo fuzz

Cargo.toml

@@ -1,5 +1,6 @@
 [workspace]
 members = [
+  "fuzz",
   "neqo-bin",
   "neqo-common",
   "neqo-crypto",

fuzz/.gitignore

@@ -0,0 +1,4 @@
+target
+corpus
+artifacts
+coverage

fuzz/Cargo.toml

@@ -0,0 +1,37 @@
+[package]
+name = "neqo-fuzz"
+authors.workspace = true
+homepage.workspace = true
+repository.workspace = true
+version.workspace = true
+edition.workspace = true
+rust-version.workspace = true
+license.workspace = true
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+neqo-common = { path = "../neqo-common" }
+neqo-crypto = { path = "../neqo-crypto" }
+neqo-transport = { path = "../neqo-transport", features = ["fuzzing"] }
+
+[target.'cfg(not(windows))'.dependencies]
+libfuzzer-sys = { version = "0.4" }
+
+[lints]
+workspace = true
+
+[[bin]]
+name = "packet"
+path = "fuzz_targets/packet.rs"
+test = false
+doc = false
+bench = false
+
+[[bin]]
+name = "frame"
+path = "fuzz_targets/frame.rs"
+test = false
+doc = false
+bench = false

fuzz/fuzz_targets/frame.rs

@@ -0,0 +1,17 @@
+#![cfg_attr(not(windows), no_main)]
+
+#[cfg(not(windows))]
+use libfuzzer_sys::fuzz_target;
+
+#[cfg(not(windows))]
+fuzz_target!(|data: &[u8]| {
+    use neqo_common::Decoder;
+    use neqo_transport::frame::Frame;
+
+    // Run the fuzzer
+    let mut decoder = Decoder::new(data);
+    let _ = Frame::decode(&mut decoder);
+});
+
+#[cfg(windows)]
+fn main() {}

fuzz/fuzz_targets/packet.rs

@@ -0,0 +1,29 @@
+#![cfg_attr(not(windows), no_main)]
+
+#[cfg(not(windows))]
+use libfuzzer_sys::fuzz_target;
+
+#[cfg(not(windows))]
+fuzz_target!(|data: &[u8]| {
+    use std::sync::Once;
+
+    use neqo_transport::{packet::PublicPacket, RandomConnectionIdGenerator};
+
+    static INIT: Once = Once::new();
+    static mut DECODER: Option<neqo_transport::RandomConnectionIdGenerator> = None;
+
+    // Initialize things
+    unsafe {
+        INIT.call_once(|| {
+            neqo_crypto::init();
+            DECODER = Some(RandomConnectionIdGenerator::new(20));
+        });
+    }
+    let decoder = unsafe { DECODER.as_ref().unwrap() };
+
+    // Run the fuzzer
+    let _ = PublicPacket::decode(data, decoder);
+});
+
+#[cfg(windows)]
+fn main() {}

neqo-transport/Cargo.toml

@@ -28,6 +28,7 @@ test-fixture = { path = "../test-fixture" }
 [features]
 bench = []
 disable-encryption = ["neqo-crypto/disable-encryption"]
+fuzzing = []
 
 [lib]
 # See https://github.com/bheisler/criterion.rs/blob/master/book/src/faq.md#cargo-bench-gives-unrecognized-option-errors-for-valid-command-line-options

neqo-transport/src/lib.rs

@@ -17,8 +17,14 @@ mod connection;
 mod crypto;
 mod events;
 mod fc;
+#[cfg(feature = "fuzzing")]
+pub mod frame;
+#[cfg(not(feature = "fuzzing"))]
 mod frame;
 mod pace;
+#[cfg(feature = "fuzzing")]
+pub mod packet;
+#[cfg(not(feature = "fuzzing"))]
 mod packet;
 mod path;
 mod qlog;

neqo-transport/src/packet/mod.rs

@@ -737,6 +737,7 @@ impl<'a> PublicPacket<'a> {
     }
 
     #[must_use]
+    #[allow(clippy::len_without_is_empty)]
     pub fn len(&self) -> usize {
         self.data.len()
     }