Initial fuzz testing and fix

Initial fuzz testing of pgproto3 found a panic
2022-07-23 15:21:34 -05:00 · 2022-07-23 15:21:34 -05:00 · 9d0f27bc4b
parent 2da0a11c52
commit 9d0f27bc4b
3 changed files with 38 additions and 1 deletions
--- a/pgproto3/frontend.go
+++ b/pgproto3/frontend.go
@ -223,7 +223,13 @@ func (f *Frontend) Receive() (BackendMessage, error) {
 		}

 		f.msgType = header[0]
-		f.bodyLen = int(binary.BigEndian.Uint32(header[1:])) - 4
+
+		msgLength := int(binary.BigEndian.Uint32(header[1:]))
+		if msgLength < 4 {
+			return nil, fmt.Errorf("invalid message length: %d", msgLength)
+		}
+
+		f.bodyLen = msgLength - 4
 		f.partialMsg = true
 	}

--- a/pgproto3/fuzz_test.go
+++ b/pgproto3/fuzz_test.go
@ -0,0 +1,29 @@
+package pgproto3_test
+
+import (
+	"bytes"
+	"testing"
+
+	"github.com/jackc/pgx/v5/pgproto3"
+	"github.com/stretchr/testify/require"
+)
+
+func FuzzFrontend(f *testing.F) {
+	testcases := [][]byte{
+		{'Z', 0, 0, 0, 5},
+	}
+	for _, tc := range testcases {
+		f.Add(tc)
+	}
+	f.Fuzz(func(t *testing.T, encodedMsg []byte) {
+		r := &bytes.Buffer{}
+		w := &bytes.Buffer{}
+		fe := pgproto3.NewFrontend(r, w)
+
+		_, err := r.Write(encodedMsg)
+		require.NoError(t, err)
+
+		// Not checking anything other than no panic.
+		fe.Receive()
+	})
+}
--- a/pgproto3/testdata/fuzz/FuzzFrontend/65d91093341a68b16f04605e392b0501847a9b35d3857e67872046dbdc04913e
+++ b/pgproto3/testdata/fuzz/FuzzFrontend/65d91093341a68b16f04605e392b0501847a9b35d3857e67872046dbdc04913e
@ -0,0 +1,2 @@
+go test fuzz v1
+[]byte("0\x00\x00\x00\x02")