Fuzz the hasher object to include the invalid state

cppalliance · Oct 21, 2024 · e7e4679 · e7e4679
1 parent f71fdee
commit e7e4679
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 0 deletions.
diff --git a/fuzzing/fuzz_md5.cpp b/fuzzing/fuzz_md5.cpp
@@ -27,6 +27,14 @@ extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data, std::size_t size
         std::span data_span {c_data, size};
         boost::crypt::md5(data_span);
         #endif
+
+        // Fuzz the hasher object
+        boost::crypt::md5_hasher hasher;
+        hasher.process_bytes(data, size);
+        hasher.process_bytes(data, size);
+        hasher.process_bytes(data, size);
+        hasher.get_digest();
+        hasher.process_bytes(data, size); // State is invalid but should not crash
     }
     catch(...)
     {

diff --git a/fuzzing/fuzz_sha1.cpp b/fuzzing/fuzz_sha1.cpp
@@ -27,6 +27,14 @@ extern "C" int LLVMFuzzerTestOneInput(const std::uint8_t* data, std::size_t size
         std::span data_span {c_data, size};
         boost::crypt::sha1(data_span);
         #endif
+
+        // Fuzz the hasher object
+        boost::crypt::sha1_hasher hasher;
+        hasher.process_bytes(data, size);
+        hasher.process_bytes(data, size);
+        hasher.process_bytes(data, size);
+        hasher.get_digest();
+        hasher.process_bytes(data, size); // State is invalid but should not crash
     }
     catch(...)
     {