1 // Protocol Buffers - Google's data interchange format
2 // Copyright 2023 Google LLC. All rights reserved.
3 //
4 // Use of this source code is governed by a BSD-style
5 // license that can be found in the LICENSE file or at
6 // https://developers.google.com/open-source/licenses/bsd
7
8 #include "upb/test/fuzz_util.h"
9
10 #include <stddef.h>
11
12 #include <vector>
13
14 #include "upb/base/descriptor_constants.h"
15 #include "upb/base/status.hpp"
16 #include "upb/mem/arena.h"
17 #include "upb/mini_descriptor/decode.h"
18 #include "upb/mini_table/enum.h"
19 #include "upb/mini_table/extension.h"
20 #include "upb/mini_table/extension_registry.h"
21 #include "upb/mini_table/field.h"
22 #include "upb/mini_table/message.h"
23 #include "upb/mini_table/sub.h"
24
25 // Must be last
26 #include "upb/port/def.inc"
27
28 namespace upb {
29 namespace fuzz {
30
31 namespace {
32
33 class Builder {
34 public:
Builder(const MiniTableFuzzInput & input,upb_Arena * arena)35 Builder(const MiniTableFuzzInput& input, upb_Arena* arena)
36 : input_(&input), arena_(arena) {}
37
Build(upb_ExtensionRegistry ** exts)38 const upb_MiniTable* Build(upb_ExtensionRegistry** exts) {
39 BuildMessages();
40 BuildEnums();
41 BuildExtensions(exts);
42 if (!LinkMessages()) return nullptr;
43 return mini_tables_.empty() ? nullptr : mini_tables_.front();
44 }
45
46 private:
47 void BuildMessages();
48 void BuildEnums();
49 void BuildExtensions(upb_ExtensionRegistry** exts);
50 bool LinkExtension(upb_MiniTableExtension* ext);
51 bool LinkMessages();
52
NextLink()53 size_t NextLink() {
54 if (input_->links.empty()) return 0;
55 if (link_ == input_->links.size()) link_ = 0;
56 return input_->links[link_++];
57 }
58
NextMiniTable()59 const upb_MiniTable* NextMiniTable() {
60 return mini_tables_.empty()
61 ? nullptr
62 : mini_tables_[NextLink() % mini_tables_.size()];
63 }
64
NextEnumTable()65 const upb_MiniTableEnum* NextEnumTable() {
66 return enum_tables_.empty()
67 ? nullptr
68 : enum_tables_[NextLink() % enum_tables_.size()];
69 }
70
71 const MiniTableFuzzInput* input_;
72 upb_Arena* arena_;
73 std::vector<const upb_MiniTable*> mini_tables_;
74 std::vector<const upb_MiniTableEnum*> enum_tables_;
75 size_t link_ = 0;
76 };
77
BuildMessages()78 void Builder::BuildMessages() {
79 upb::Status status;
80 mini_tables_.reserve(input_->mini_descriptors.size());
81 for (const auto& d : input_->mini_descriptors) {
82 upb_MiniTable* table =
83 upb_MiniTable_Build(d.data(), d.size(), arena_, status.ptr());
84 if (table) mini_tables_.push_back(table);
85 }
86 }
87
BuildEnums()88 void Builder::BuildEnums() {
89 upb::Status status;
90 enum_tables_.reserve(input_->enum_mini_descriptors.size());
91 for (const auto& d : input_->enum_mini_descriptors) {
92 upb_MiniTableEnum* enum_table =
93 upb_MiniTableEnum_Build(d.data(), d.size(), arena_, status.ptr());
94 if (enum_table) enum_tables_.push_back(enum_table);
95 }
96 }
97
LinkExtension(upb_MiniTableExtension * ext)98 bool Builder::LinkExtension(upb_MiniTableExtension* ext) {
99 upb_MiniTableField* field = &ext->UPB_PRIVATE(field);
100 if (upb_MiniTableField_CType(field) == kUpb_CType_Message) {
101 auto mt = NextMiniTable();
102 if (!mt) field->UPB_PRIVATE(descriptortype) = kUpb_FieldType_Int32;
103 ext->UPB_PRIVATE(sub) = upb_MiniTableSub_FromMessage(mt);
104 }
105 if (upb_MiniTableField_IsClosedEnum(field)) {
106 auto et = NextEnumTable();
107 if (!et) field->UPB_PRIVATE(descriptortype) = kUpb_FieldType_Int32;
108 ext->UPB_PRIVATE(sub) = upb_MiniTableSub_FromEnum(et);
109 }
110 return true;
111 }
112
BuildExtensions(upb_ExtensionRegistry ** exts)113 void Builder::BuildExtensions(upb_ExtensionRegistry** exts) {
114 upb::Status status;
115 if (input_->extensions.empty()) {
116 *exts = nullptr;
117 } else {
118 *exts = upb_ExtensionRegistry_New(arena_);
119 const char* ptr = input_->extensions.data();
120 const char* end = ptr + input_->extensions.size();
121 // Iterate through the buffer, building extensions as long as we can.
122 while (ptr < end) {
123 upb_MiniTableExtension* ext = reinterpret_cast<upb_MiniTableExtension*>(
124 upb_Arena_Malloc(arena_, sizeof(*ext)));
125 upb_MiniTableSub sub;
126 const upb_MiniTable* extendee = NextMiniTable();
127 if (!extendee) break;
128 ptr = upb_MiniTableExtension_Init(ptr, end - ptr, ext, extendee, sub,
129 status.ptr());
130 if (!ptr) break;
131 if (!LinkExtension(ext)) continue;
132 if (upb_ExtensionRegistry_Lookup(*exts, ext->UPB_PRIVATE(extendee),
133 upb_MiniTableExtension_Number(ext)))
134 continue;
135 upb_ExtensionRegistry_AddArray(
136 *exts, const_cast<const upb_MiniTableExtension**>(&ext), 1);
137 }
138 }
139 }
140
LinkMessages()141 bool Builder::LinkMessages() {
142 for (auto* t : mini_tables_) {
143 upb_MiniTable* table = const_cast<upb_MiniTable*>(t);
144 // For each field that requires a sub-table, assign one as appropriate.
145 for (size_t i = 0; i < table->UPB_PRIVATE(field_count); i++) {
146 upb_MiniTableField* field =
147 const_cast<upb_MiniTableField*>(&table->UPB_PRIVATE(fields)[i]);
148 if (link_ == input_->links.size()) link_ = 0;
149 if (upb_MiniTableField_CType(field) == kUpb_CType_Message &&
150 !upb_MiniTable_SetSubMessage(table, field, NextMiniTable())) {
151 return false;
152 }
153 if (upb_MiniTableField_IsClosedEnum(field)) {
154 auto* et = NextEnumTable();
155 if (et) {
156 if (!upb_MiniTable_SetSubEnum(table, field, et)) return false;
157 } else {
158 // We don't have any sub-enums. Override the field type so that it is
159 // not needed.
160 field->UPB_PRIVATE(descriptortype) = kUpb_FieldType_Int32;
161 }
162 }
163 }
164 }
165 return true;
166 }
167
168 } // namespace
169
BuildMiniTable(const MiniTableFuzzInput & input,upb_ExtensionRegistry ** exts,upb_Arena * arena)170 const upb_MiniTable* BuildMiniTable(const MiniTableFuzzInput& input,
171 upb_ExtensionRegistry** exts,
172 upb_Arena* arena) {
173 Builder builder(input, arena);
174 return builder.Build(exts);
175 }
176
177 } // namespace fuzz
178 } // namespace upb
179