From 745e51ac4fb88c3dac679161b52b6f83368279e5 Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Tue, 25 Aug 2020 12:41:40 +0700
Subject: [PATCH] use the fuzzing helper functions to generate the header seed
 corpus

---
 .gitignore                     |   2 --
 fuzzing/header/cmd/corpus.go   |  52 ++++++++++++---------------------
 fuzzing/header/corpus/header-0 | Bin 223 -> 0 bytes
 fuzzing/header/corpus/header-1 | Bin 936 -> 0 bytes
 fuzzing/header/corpus/header-2 | Bin 416 -> 0 bytes
 fuzzing/header/corpus/header-3 | Bin 689 -> 0 bytes
 fuzzing/header/corpus/header-4 | Bin 56 -> 0 bytes
 fuzzing/header/corpus/header-5 | Bin 780 -> 0 bytes
 fuzzing/header/corpus/header-6 |   2 --
 fuzzing/header/corpus/header-7 | Bin 1026 -> 0 bytes
 fuzzing/header/corpus/header-8 | Bin 1027 -> 0 bytes
 fuzzing/header/corpus/header-9 |   1 -
 fuzzing/header/corpus/vnp-0    | Bin 46 -> 0 bytes
 fuzzing/header/corpus/vnp-1    | Bin 27 -> 0 bytes
 fuzzing/header/corpus/vnp-2    | Bin 434 -> 0 bytes
 fuzzing/header/corpus/vnp-3    | Bin 95 -> 0 bytes
 fuzzing/header/corpus/vnp-4    | Bin 42 -> 0 bytes
 fuzzing/header/fuzz.go         |   8 +++--
 18 files changed, 25 insertions(+), 40 deletions(-)
 delete mode 100644 fuzzing/header/corpus/header-0
 delete mode 100644 fuzzing/header/corpus/header-1
 delete mode 100644 fuzzing/header/corpus/header-2
 delete mode 100644 fuzzing/header/corpus/header-3
 delete mode 100644 fuzzing/header/corpus/header-4
 delete mode 100644 fuzzing/header/corpus/header-5
 delete mode 100644 fuzzing/header/corpus/header-6
 delete mode 100644 fuzzing/header/corpus/header-7
 delete mode 100644 fuzzing/header/corpus/header-8
 delete mode 100644 fuzzing/header/corpus/header-9
 delete mode 100644 fuzzing/header/corpus/vnp-0
 delete mode 100644 fuzzing/header/corpus/vnp-1
 delete mode 100644 fuzzing/header/corpus/vnp-2
 delete mode 100644 fuzzing/header/corpus/vnp-3
 delete mode 100644 fuzzing/header/corpus/vnp-4

diff --git a/.gitignore b/.gitignore
index 8cccd3485..2923d5631 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,7 +11,5 @@ fuzzing/*/crashers
 fuzzing/*/sonarprofile
 fuzzing/*/suppressions
 fuzzing/*/corpus/
-fuzzing/*-fuzz.zip
 !fuzzing/frames/single-frame*
 !fuzzing/frames/multiple-frame*
-!fuzzing/header/header*
diff --git a/fuzzing/header/cmd/corpus.go b/fuzzing/header/cmd/corpus.go
index 6e3f1cd5b..2422afcc8 100644
--- a/fuzzing/header/cmd/corpus.go
+++ b/fuzzing/header/cmd/corpus.go
@@ -2,10 +2,11 @@ package main
 
 import (
 	"bytes"
-	"fmt"
+	"log"
 	"math/rand"
-	"os"
 
+	"github.com/lucas-clemente/quic-go/fuzzing/header"
+	"github.com/lucas-clemente/quic-go/fuzzing/internal/helper"
 	"github.com/lucas-clemente/quic-go/internal/protocol"
 	"github.com/lucas-clemente/quic-go/internal/wire"
 )
@@ -25,16 +26,14 @@ func getVNP(src, dest protocol.ConnectionID, numVersions int) []byte {
 	}
 	data, err := wire.ComposeVersionNegotiation(src, dest, versions)
 	if err != nil {
-		panic(err)
+		log.Fatal(err)
 	}
 	return data
 }
 
 func main() {
-	rand.Seed(1337)
-
 	headers := []wire.Header{
-		wire.Header{ // Initial without token
+		{ // Initial without token
 			IsLongHeader:     true,
 			SrcConnectionID:  protocol.ConnectionID(getRandomData(3)),
 			DestConnectionID: protocol.ConnectionID(getRandomData(8)),
@@ -42,14 +41,14 @@ func main() {
 			Length:           protocol.ByteCount(rand.Intn(1000)),
 			Version:          version,
 		},
-		wire.Header{ // Initial without token, with zero-length src conn id
+		{ // Initial without token, with zero-length src conn id
 			IsLongHeader:     true,
 			DestConnectionID: protocol.ConnectionID(getRandomData(8)),
 			Type:             protocol.PacketTypeInitial,
 			Length:           protocol.ByteCount(rand.Intn(1000)),
 			Version:          version,
 		},
-		wire.Header{ // Initial with Token
+		{ // Initial with Token
 			IsLongHeader:     true,
 			SrcConnectionID:  protocol.ConnectionID(getRandomData(10)),
 			DestConnectionID: protocol.ConnectionID(getRandomData(19)),
@@ -58,7 +57,7 @@ func main() {
 			Version:          version,
 			Token:            getRandomData(25),
 		},
-		wire.Header{ // Handshake packet
+		{ // Handshake packet
 			IsLongHeader:     true,
 			SrcConnectionID:  protocol.ConnectionID(getRandomData(5)),
 			DestConnectionID: protocol.ConnectionID(getRandomData(10)),
@@ -66,14 +65,14 @@ func main() {
 			Length:           protocol.ByteCount(rand.Intn(1000)),
 			Version:          version,
 		},
-		wire.Header{ // Handshake packet, with zero-length src conn id
+		{ // Handshake packet, with zero-length src conn id
 			IsLongHeader:     true,
 			DestConnectionID: protocol.ConnectionID(getRandomData(12)),
 			Type:             protocol.PacketTypeHandshake,
 			Length:           protocol.ByteCount(rand.Intn(1000)),
 			Version:          version,
 		},
-		wire.Header{ // 0-RTT packet
+		{ // 0-RTT packet
 			IsLongHeader:     true,
 			SrcConnectionID:  protocol.ConnectionID(getRandomData(8)),
 			DestConnectionID: protocol.ConnectionID(getRandomData(9)),
@@ -81,7 +80,7 @@ func main() {
 			Length:           protocol.ByteCount(rand.Intn(1000)),
 			Version:          version,
 		},
-		wire.Header{ // Retry Packet, with empty orig dest conn id
+		{ // Retry Packet, with empty orig dest conn id
 			IsLongHeader:     true,
 			SrcConnectionID:  protocol.ConnectionID(getRandomData(8)),
 			DestConnectionID: protocol.ConnectionID(getRandomData(9)),
@@ -89,12 +88,12 @@ func main() {
 			Token:            getRandomData(1000),
 			Version:          version,
 		},
-		wire.Header{ // Short-Header
+		{ // Short-Header
 			DestConnectionID: protocol.ConnectionID(getRandomData(8)),
 		},
 	}
 
-	for i, h := range headers {
+	for _, h := range headers {
 		extHdr := &wire.ExtendedHeader{
 			Header:          h,
 			PacketNumberLen: protocol.PacketNumberLen(rand.Intn(4) + 1),
@@ -102,7 +101,7 @@ func main() {
 		}
 		b := &bytes.Buffer{}
 		if err := extHdr.Write(b, version); err != nil {
-			panic(err)
+			log.Fatal(err)
 		}
 		if h.Type == protocol.PacketTypeRetry {
 			b.Write([]byte{1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16})
@@ -111,8 +110,8 @@ func main() {
 			b.Write(make([]byte, h.Length))
 		}
 
-		if err := writeCorpusFile(fmt.Sprintf("header-%d", i), b.Bytes()); err != nil {
-			panic(err)
+		if err := helper.WriteCorpusFileWithPrefix("corpus", b.Bytes(), header.PrefixLen); err != nil {
+			log.Fatal(err)
 		}
 	}
 
@@ -144,22 +143,9 @@ func main() {
 		),
 	}
 
-	for i, vnp := range vnps {
-		if err := writeCorpusFile(fmt.Sprintf("vnp-%d", i), vnp); err != nil {
-			panic(err)
+	for _, vnp := range vnps {
+		if err := helper.WriteCorpusFileWithPrefix("corpus", vnp, header.PrefixLen); err != nil {
+			log.Fatal(err)
 		}
 	}
-
-}
-
-func writeCorpusFile(name string, data []byte) error {
-	file, err := os.Create("corpus/" + name)
-	if err != nil {
-		return err
-	}
-	data = append(getRandomData(1), data...)
-	if _, err := file.Write(data); err != nil {
-		return err
-	}
-	return file.Close()
 }
diff --git a/fuzzing/header/corpus/header-0 b/fuzzing/header/corpus/header-0
deleted file mode 100644
index 9bf45bc0d7a0ecc39c4e7fa385f8e2dd756df998..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 223
jcmX?pFwouqKZk@?W0lia*VD{uN0%@-9M@jJFgySNmDvhk

diff --git a/fuzzing/header/corpus/header-1 b/fuzzing/header/corpus/header-1
deleted file mode 100644
index f553487eedb500fc6313cef8c0b8243fbb993d64..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 936
ncmZ2=Akf|aKgY3+XPZCu+IurFI8S-bFbYOPU^D~<RR{n8-g61(

diff --git a/fuzzing/header/corpus/header-2 b/fuzzing/header/corpus/header-2
deleted file mode 100644
index 178c6b6ced208b1234a10b341d1efc8b6ff03419..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 416
zcmXRp80hZ*UszH<ChoWud)gCrL)}~xFV&gbH*oR3(LH{XIfp?mNb-n7eDM5RFTS)Z
e*QzIdQV98QX=VM^&%!e69b**|7)Al@LI40*r5tYn

diff --git a/fuzzing/header/corpus/header-3 b/fuzzing/header/corpus/header-3
deleted file mode 100644
index b544ea2a123dff4960defd810b044e87d9fb70e0..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 689
qcmccgAkf|aKi5Rd<}ZEgCpS<1&f2dY)IP~+dOX7@7!85J7XkpiT@4`s

diff --git a/fuzzing/header/corpus/header-4 b/fuzzing/header/corpus/header-4
deleted file mode 100644
index 9a5db557937e999524527548fb4be026beb6e039..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 56
icmdn-DA3*iKaW?L&-Sw!i>f?wS+_7KxVc<nAOHa1i3*DV

diff --git a/fuzzing/header/corpus/header-5 b/fuzzing/header/corpus/header-5
deleted file mode 100644
index d13e69ab687ee19614f367cb1f46102eddb06217..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 780
scmeCZ5a{mzpHtW6)}{Z4W>y7rBm{0hZ1t;pt<#5YhEXsY0wX8{0DMOd-2eap

diff --git a/fuzzing/header/corpus/header-6 b/fuzzing/header/corpus/header-6
deleted file mode 100644
index aa8d1dca1..000000000
--- a/fuzzing/header/corpus/header-6
+++ /dev/null
@@ -1,2 +0,0 @@
-ÉðQGOÿ	aF­'jaeÙñý&aïT*l
-Þ÷~Øfò	»¡E!U‘sÓG x
\ No newline at end of file
diff --git a/fuzzing/header/corpus/header-7 b/fuzzing/header/corpus/header-7
deleted file mode 100644
index cd11f832ca513b34cc45a5b5f5431613d41caef9..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1026
zcmV+d1pWKu@KHxk{|Wwv2Py;_^mV5Q9<|Vz7X+xI0Bh+;4!c_Ik(30iuJNd{=mFjE
zz$^#DG|xBXh}<WH8j!`6loa=vYCQX1JSlgd428Y~V@)2URlGDLdg!xNph@s|=*Ha^
zS`}cv<?~bgEJv^NAhscT6&tsU{Px><K>@L1?b!oZkgI!xbt@e};Y|`*xP0wcMCq5@
z9^1Nwz4LM0HmDWWJb*W8S0W|LQ2P#<->1~&nZj|`3fQ>~t$n0P7NFFxv1bW#<3Q0g
z(lfrwmKi;q)gP4|f@g#|P3LI*DQyD+BB=sXGQKQ@<EA0aI0HQl6p{7WiZPR<x4_bR
zsNGV&Htxk}fxm{9NpngmrzJ#3p~^egd&QR;SR@R;dBp~#lKSw})=Ar=A>tI4bzKjp
zX%@)I#`o4<Ac9NV!b%^tGv!lssVw5?4onT`HLIh%cgj1&jTny_k1m%>mmCoccTV26
z8Xk5H{OK<JaV}``tFf!ZlD)Q!UKP-1_EL9Y0z&SC15P4CQFs2z@XmFcX4ZMa>jq?G
z+#((E4_oe*$&j>xeP4YTfo^vqlAturgtkUDv=xd^LCwWL-1J3xke@g5ANc8|?83v*
zZb$$L_wzI@9oR%;vJ}uH)hAa<WYv9)q&Mm#$94lKmFb)aLUd(rqDj9Y=>EDNt11-u
z&F5O=_b~!Rdc0mmbD|5}d!MEb^xE@dYl1f}Oupu81FX9mXO-y5l*e~+7?4I_c#JXb
zLtO}6ayCoSNW6sV2kqqj8c`#!1(Ued;U?w&h3<VrYsK#oB=n#eG3h-bNq^li)GG}<
zBLZpvvZzO*tIWqfnqNTvZ^w68F$)gOK_ZqAx4P|q+-EajOqCPK`<d@w979^oW);-R
zMZ{4eX)Jxg=f?rC1Ty&Oi4KyxQc{XBo7wX0;lYU_ppty$tr_Sgj^HAs0do#IG~9*&
z!Y^#2)BbAc!CXJL_9S_M3Z3MsCyd_De=j3_2xUP_KiGYdgDpp=7sYD%Ejj)}D{H6a
z9YGDluDl#Cyq;ey^M-o+!EN_#b}{#qJn3vw6y0OG+3aN`n)U6R7(<{>PkEa@Ale4I
zsNeby)n0ytX-AJCTvn&W8%LbXxy+g5ldEg4)I=WZw52}|a5F=ul-oOB|5AE;tn^s?
zvB|f`{Y|rF>=_0s>}5rtA8lgJFItKobcmR%N6xT%&iw8=uc1s`jP5Rfh}r>w1uV4N
zhw^`V^WIHH#3b|d9PilOD{UW&y2Fdx96Mx9Y-@nvtIyUL;;!MDVX0qWUXv!>#$vsZ
wX+sM_BWl|_H%bLtxjew0(GDHeENJDBU5&ZYpd6|-N1BdkW9gC+@qWt*9gl(ncK`qY

diff --git a/fuzzing/header/corpus/header-8 b/fuzzing/header/corpus/header-8
deleted file mode 100644
index fc5983eddc96401262c92f7270f2599e53f2f592..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 1027
zcmV+e1pNC`@KHxk{{RTFB?q2_J1^S`0<v4(y=x87f)T9+4+LoPIFVP8C2+4*zG+wM
zD`urdPLlMx45aOM?wa4dt8(d<>b{StgW&c$f&s<(9(ePdXf$mqXg={Oa7E0tBFe;Q
z?<0#=jRkAr2)TshxfjS3vWf_BrUvkr#rxSRLDoHZkfCAJb__VA^#uz#uF)GS59_D8
z&eNMGR`yNIJSyeH&d0%fkV!n?S5o=A;5o+dTmmvyW1rH~Tv^BLtP<ndY6+8<cP-h&
z1JOzj@HUqFHoA3p+cJxQzJo4*j(y%|i^w^N-6}ZD_~6R+uj@v=-NtPm-r%FmPXfIs
za*}Y8|8j@DCNTS%wX%X6uu`W2$RA)j&bjOxsm4mb@#^?eG@nw_X%c4+I+>1arID4~
z;m7VxD#<U=jCYw!=(i37)0Mg+cASP@mqTNFQx;%nfY;&);rMw86c<=!BBcQ9Lm1R?
z*)+^InR578)L0?xEuDVEmIxOo#!8{~tvO~;)8hG0(g*W{@^VbqECOrf&{#@?Iz+mF
z7g7}TFZB7S4|Cy&mzO#gS-HJo#AyVnyM|#=B7co{VNjqXwG``qTUhTcv;?&!xxEGs
z&q5^{rcJnXRF-3~`!Cyj_zg84AoI)GNkHyZE3=uR7p}$6;U*C6qG!U~p>p@?cz^=T
zhO)o!WwYIf35Ti>C8n|VzHBR5nRN_q&$>`><0Bzqtevk+n3yzD>6g2twKKP)tY*tw
zTbQ$(V{5VW&_U;l{xBwr6f(^&dTSvVtSoyiGBw;ytdcFEYNlNnx3hC8hyw(|Qi1P*
zibq$Zk@uKrP)`}5wpwDkiBJV+S*EF6I|p}bA_c*GyYsD}tZq($hZcSn8EdzSwd;)z
zC!r}%FoIHk(8E(r9WW9KZ=8>}?FfjXbl5Ie_mvX(P+5TGC}2+MLQU0JVF;ZcF=B}^
zG~*X_fqz)-6t>qo&^~N2X4XFDJ8py`zP6;G?E*WHjTsvpxytoBfSTN(ZELMuW!fif
zTjwATt;VNRtdrmcN9p_Oz_tTfLF)0x9L}MXS)a#4jFRqT`pD0V{10s8GK8jqP3iro
z^Rq@xF&TxHgc2AAMs(972HC<WHT`Nz8PB_a%9}^q5M2bn#D3_XNSe?FwT}SLu>M|+
z(U@r(8j3~0kW~f^AIT<sv(!Gkt%2yk?uzZqjn<jTebnF0)ZdEk1;$+eMbjGX-$HJz
z({f!k#q+CF%dk_4U&C=}MWlPz<UI?B8!aY6?4vz0*jLYGJ8KCeb1mo^TV)c21~7y7
xPa?6aH9H1*X>50W@P72ZLFL)JI*T@cERb{Jp3U>oApJwbzApI}I2v=g<%j&K1b+Yk

diff --git a/fuzzing/header/corpus/header-9 b/fuzzing/header/corpus/header-9
deleted file mode 100644
index dfaa9ab8f..000000000
--- a/fuzzing/header/corpus/header-9
+++ /dev/null
@@ -1 +0,0 @@
-E@ð1tQí£ÿ‡
\ No newline at end of file
diff --git a/fuzzing/header/corpus/vnp-0 b/fuzzing/header/corpus/vnp-0
deleted file mode 100644
index a34a522c62b87b6c08c2f9f2c07e0469f1b4a30c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 46
zcmY$o!T<yue8*hpT9(ch;|jg(t#VZMjNOWqr>8Q-cjb87Dqnwper5PGv8bq7zW{(w
B6NUf)

diff --git a/fuzzing/header/corpus/vnp-1 b/fuzzing/header/corpus/vnp-1
deleted file mode 100644
index 472eb346084eda8a13408c617b022b0e152aa4f0..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 27
icmeBs%K!vi3@eVVW@DapTxTKc#GLQ^T&q^issaFj0SZq5

diff --git a/fuzzing/header/corpus/vnp-2 b/fuzzing/header/corpus/vnp-2
deleted file mode 100644
index c829a42174f203d4e81e8d69f9ba2d286a5c1d5b..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 434
zcmV;j0Zsm(^8f$<00a6OI1_{%%m9`4V^S~ClT7mik~3|NcZFYSNA7?nJxP|5IAo26
zRQy%uun=~Na`*hTOik$@!ik@96&_~{;l9t(k>i&NWZuElP_sj$VJ;bN8c~Rh-W}kA
zZSJJO=xl3KrV9*>huKxJ-uPX?oOg`0e|)b+m{ZGh&)yFdJrOq3Q~yg`ApCG4f9Gf&
zYuw8p8+0SQRV@Vw8aHh9yI8x*Vo_!%8K*tW;X?;@(lP3`JVHejLrNwn6aO+Mn!80f
z+`5XIN<^!lNZW#Qeb#fi*9XBcq>S<a_+%5;U*e~7gR7-`!vqVPsNIgPyg=9&F?9aO
zmT^!#Z~@C(R?DvnX-2-tG5W@DSKh2tpDIEHh;IWGNijx6+l5HyV&*5h;Ma}&TcEs4
zWVF9kz(xpqjQ|4iH)guj(a;r<dt)B2c6K)VxXaNJBGM{p>5FXuKP$Zn>6kQJD*04u
zals|7xS^z8VkPDKfZdgN?IfyC0W)P~{K4<R4nv~il@C*7M-_d{qSH>GXKtWczE-r0
c1?wkuI|Y^rpY9hSO5jjQ{jD?SV3cw7@LQ76WB>pF

diff --git a/fuzzing/header/corpus/vnp-3 b/fuzzing/header/corpus/vnp-3
deleted file mode 100644
index e89bd6e9c314cf68d1fb71ce1c1e2c746eb46f5e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 95
zcmV-l0HFU7`v3p{00RzCvjA-01mO~<^LB13u^bHi`V<NZ8XB9fVu$;BD<71b_y!ft
zlu_##P<Ro4#ws`CqSqk{WrECo^mFQVtTVdF@k1#)6GG(4;%39HOd4VDo2}3jc^or&
BDn<YR

diff --git a/fuzzing/header/corpus/vnp-4 b/fuzzing/header/corpus/vnp-4
deleted file mode 100644
index 339076bff0be27471dfdd2d0f480cd5bce7ef62c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 42
wcmb<;&j12kJ9!hQ)v`W&6Qs1PxV63P@cQEmx%Z@LzFt3_DP~vft*BF80AvOdumAu6

diff --git a/fuzzing/header/fuzz.go b/fuzzing/header/fuzz.go
index 75b477f58..d3d937d81 100644
--- a/fuzzing/header/fuzz.go
+++ b/fuzzing/header/fuzz.go
@@ -10,13 +10,17 @@ import (
 
 const version = protocol.VersionTLS
 
+// PrefixLen is the number of bytes used for configuration
+const PrefixLen = 1
+
+// Fuzz fuzzes the QUIC header.
 //go:generate go run ./cmd/corpus.go
 func Fuzz(data []byte) int {
-	if len(data) < 1 {
+	if len(data) < PrefixLen {
 		return 0
 	}
 	connIDLen := int(data[0] % 21)
-	data = data[1:]
+	data = data[PrefixLen:]
 
 	if wire.IsVersionNegotiationPacket(data) {
 		return fuzzVNP(data)