fuzz: some improvements and add two new fuzzers (#1881)

Remove `FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION` define from
`fuzz/Makefile.am`; it is already included by the main configure script
(when fuzzing).

Add a knob to force disabling of AESNI optimizations: this way we can
fuzz also no-aesni crypto code.

Move CRC32 algorithm into the library.

Add some fake traces to extend fuzzing coverage. Note that these traces
are hand-made (via scapy/curl) and must not be used as "proof" that the
dissectors are really able to identify this kind of traffic.

Some small updates to some dissectors:

CSGO: remove a wrong rule (never triggered, BTW). Any UDP packet starting
with "VS01" will be classified as STEAM (see steam.c around line 111).
Googling it, it seems right so.

XBOX: XBOX only analyses UDP flows while HTTP only TCP ones; therefore
that condition is false.

RTP, STUN: removed useless "break"s

Zattoo: `flow->zattoo_stage` is never set to any values greater or equal
to 5, so these checks are never true.

PPStream: `flow->l4.udp.ppstream_stage` is never read. Delete it.

TeamSpeak: we check for `flow->packet_counter == 3` just above, so the
following check `flow->packet_counter >= 3` is always false.

.gitignore

@@ -58,13 +58,15 @@
 /fuzz/fuzz_alg_hll
 /fuzz/fuzz_alg_hw_rsi_outliers_da
 /fuzz/fuzz_alg_jitter
+/fuzz/fuzz_alg_crc32_md5
 /fuzz/fuzz_alg_ses_des
 /fuzz/fuzz_config
 /fuzz/fuzz_community_id
 /fuzz/fuzz_serialization
 /fuzz/fuzz_ds_patricia
 /fuzz/fuzz_ds_libcache
 /fuzz/fuzz_ds_tree
+/fuzz/fuzz_ds_ptree
 /fuzz/fuzz_ds_ahocorasick
 /fuzz/fuzz_ndpi_reader_alloc_fail_seed_corpus.zip
 /fuzz/fuzz_ndpi_reader_seed_corpus.zip
@@ -76,10 +78,12 @@
 /fuzz/fuzz_alg_bins_seed_corpus.zip
 /fuzz/fuzz_alg_hll_seed_corpus.zip
 /fuzz/fuzz_alg_jitter_seed_corpus.zip
+/fuzz/fuzz_alg_crc32_md5_seed_corpus.zip
 /fuzz/fuzz_alg_hw_rsi_outliers_da_seed_corpus.zip
 /fuzz/fuzz_ds_patricia_seed_corpus.zip
 /fuzz/fuzz_ds_libcache_seed_corpus.zip
 /fuzz/fuzz_ds_tree_seed_corpus.zip
+/fuzz/fuzz_ds_ptree_seed_corpus.zip
 /fuzz/fuzz_ds_ahocorasick_seed_corpus.zip
 /fuzz/fuzz_*.dict
 /influxdb/Makefile

example/ndpiReader.c

@@ -4034,7 +4034,7 @@ static void ndpi_process_packet(u_char *args,
     trailer->master_protocol = htons(p.master_protocol), trailer->app_protocol = htons(p.app_protocol);
     ndpi_protocol2name(ndpi_thread_info[thread_id].workflow->ndpi_struct, p, trailer->name, sizeof(trailer->name));
     crc = (uint32_t*)&extcap_buf[h.caplen+sizeof(struct ndpi_packet_trailer)];
-    *crc = ethernet_crc32((const void*)extcap_buf, h.caplen+sizeof(struct ndpi_packet_trailer));
+    *crc = ndpi_crc32((const void*)extcap_buf, h.caplen+sizeof(struct ndpi_packet_trailer));
     h.caplen += delta, h.len += delta;
 
 #ifdef DEBUG_TRACE

example/reader_util.c

@@ -2253,55 +2253,6 @@ struct ndpi_proto ndpi_workflow_process_packet(struct ndpi_workflow * workflow,
 			   flow_risk));
 }
 
-/* ********************************************************** */
-/*       http://home.thep.lu.se/~bjorn/crc/crc32_fast.c       */
-/* ********************************************************** */
-
-static uint32_t crc32_for_byte(uint32_t r) {
-  int j;
-  for(j = 0; j < 8; ++j)
-    r = ((r & 1) ? 0 : (uint32_t)0xEDB88320L) ^ r >> 1;
-  return r ^ (uint32_t)0xFF000000L;
-}
-
-/* Any unsigned integer type with at least 32 bits may be used as
- * accumulator type for fast crc32-calulation, but unsigned long is
- * probably the optimal choice for most systems. */
-typedef unsigned long accum_t;
-
-static void init_tables(uint32_t* table, uint32_t* wtable) {
-  size_t i, j, k, w;
-  for(i = 0; i < 0x100; ++i)
-    table[i] = crc32_for_byte(i);
-  for(k = 0; k < sizeof(accum_t); ++k)
-    for(i = 0; i < 0x100; ++i) {
-      for(j = w = 0; j < sizeof(accum_t); ++j)
-	w = table[(uint8_t)(j == k? w ^ i: w)] ^ w >> 8;
-      wtable[(k << 8) + i] = w ^ (k? wtable[0]: 0);
-    }
-}
-
-static void __crc32(const void* data, size_t n_bytes, uint32_t* crc) {
-  static uint32_t table[0x100], wtable[0x100*sizeof(accum_t)];
-  size_t n_accum = n_bytes/sizeof(accum_t);
-  size_t i, j;
-  if(!*table)
-    init_tables(table, wtable);
-  for(i = 0; i < n_accum; ++i) {
-    accum_t a = *crc ^ ((accum_t*)data)[i];
-    for(j = *crc = 0; j < sizeof(accum_t); ++j)
-      *crc ^= wtable[(j << 8) + (uint8_t)(a >> 8*j)];
-  }
-  for(i = n_accum*sizeof(accum_t); i < n_bytes; ++i)
-    *crc = table[(uint8_t)*crc ^ ((uint8_t*)data)[i]] ^ *crc >> 8;
-}
-
-u_int32_t ethernet_crc32(const void* data, size_t n_bytes) {
-  u_int32_t crc = 0;
-  __crc32(data, n_bytes, &crc);
-  return crc;
-}
-
 /* *********************************************** */
 
 #ifdef USE_DPDK

example/reader_util.h

@@ -392,7 +392,6 @@ int ndpi_is_datalink_supported(int datalink_type);
 /* compare two nodes in workflow */
 int ndpi_workflow_node_cmp(const void *a, const void *b);
 void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_flow_info *flow);
-u_int32_t ethernet_crc32(const void* data, size_t n_bytes);
 void ndpi_flow_info_free_data(struct ndpi_flow_info *flow);
 void ndpi_flow_info_freer(void *node);
 const char* print_cipher_id(u_int32_t cipher);

fuzz/Makefile.am

@@ -1,8 +1,8 @@
 bin_PROGRAMS = fuzz_process_packet fuzz_ndpi_reader fuzz_ndpi_reader_alloc_fail fuzz_quic_get_crypto_data fuzz_config fuzz_community_id fuzz_serialization
 #Alghoritms
-bin_PROGRAMS += fuzz_alg_bins fuzz_alg_hll fuzz_alg_hw_rsi_outliers_da fuzz_alg_jitter fuzz_alg_ses_des
+bin_PROGRAMS += fuzz_alg_bins fuzz_alg_hll fuzz_alg_hw_rsi_outliers_da fuzz_alg_jitter fuzz_alg_ses_des fuzz_alg_crc32_md5
 #Data structures
-bin_PROGRAMS += fuzz_ds_patricia fuzz_ds_ahocorasick fuzz_ds_libcache fuzz_ds_tree
+bin_PROGRAMS += fuzz_ds_patricia fuzz_ds_ahocorasick fuzz_ds_libcache fuzz_ds_tree fuzz_ds_ptree
 
 fuzz_process_packet_SOURCES = fuzz_process_packet.c fuzz_common_code.c
 fuzz_process_packet_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
@@ -31,7 +31,7 @@ fuzz_ndpi_reader_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
     $(fuzz_ndpi_reader_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
 fuzz_ndpi_reader_alloc_fail_SOURCES = fuzz_ndpi_reader.c fuzz_common_code.c ../example/reader_util.c
-fuzz_ndpi_reader_alloc_fail_CFLAGS = -I../example/ @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -DENABLE_MEM_ALLOC_FAILURES
+fuzz_ndpi_reader_alloc_fail_CFLAGS = -I../example/ @NDPI_CFLAGS@ $(CXXFLAGS) -DENABLE_MEM_ALLOC_FAILURES -DCRYPT_FORCE_NO_AESNI
 fuzz_ndpi_reader_alloc_fail_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
 fuzz_ndpi_reader_alloc_fail_LDFLAGS = $(PCAP_LIB) $(LIBS)
 if HAS_FUZZLDFLAGS
@@ -57,8 +57,8 @@ fuzz_quic_get_crypto_data_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS)
     $(fuzz_quic_get_crypto_data_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
 fuzz_config_SOURCES = fuzz_config.cpp fuzz_common_code.c
-fuzz_config_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-fuzz_config_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+fuzz_config_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_config_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
 fuzz_config_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
 fuzz_config_LDFLAGS = $(LIBS)
 if HAS_FUZZLDFLAGS
@@ -72,8 +72,8 @@ fuzz_config_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
     $(fuzz_config_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
 fuzz_community_id_SOURCES = fuzz_community_id.cpp fuzz_common_code.c
-fuzz_community_id_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-fuzz_community_id_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+fuzz_community_id_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_community_id_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
 fuzz_community_id_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
 fuzz_community_id_LDFLAGS = $(LIBS)
 if HAS_FUZZLDFLAGS
@@ -87,8 +87,8 @@ fuzz_community_id_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
     $(fuzz_community_id_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
 fuzz_serialization_SOURCES = fuzz_serialization.cpp fuzz_common_code.c
-fuzz_serialization_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-fuzz_serialization_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+fuzz_serialization_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_serialization_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
 fuzz_serialization_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
 fuzz_serialization_LDFLAGS = $(LIBS)
 if HAS_FUZZLDFLAGS
@@ -102,8 +102,8 @@ fuzz_serialization_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
     $(fuzz_serialization_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
 fuzz_alg_bins_SOURCES = fuzz_alg_bins.cpp fuzz_common_code.c
-fuzz_alg_bins_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-fuzz_alg_bins_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+fuzz_alg_bins_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_alg_bins_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
 fuzz_alg_bins_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
 fuzz_alg_bins_LDFLAGS = $(LIBS)
 if HAS_FUZZLDFLAGS
@@ -117,8 +117,8 @@ fuzz_alg_bins_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
     $(fuzz_alg_bins_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
 fuzz_alg_hll_SOURCES = fuzz_alg_hll.cpp fuzz_common_code.c
-fuzz_alg_hll_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-fuzz_alg_hll_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+fuzz_alg_hll_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_alg_hll_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
 fuzz_alg_hll_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
 fuzz_alg_hll_LDFLAGS = $(LIBS)
 if HAS_FUZZLDFLAGS
@@ -132,8 +132,8 @@ fuzz_alg_hll_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
     $(fuzz_alg_hll_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
 fuzz_alg_hw_rsi_outliers_da_SOURCES = fuzz_alg_hw_rsi_outliers_da.cpp fuzz_common_code.c
-fuzz_alg_hw_rsi_outliers_da_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-fuzz_alg_hw_rsi_outliers_da_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+fuzz_alg_hw_rsi_outliers_da_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_alg_hw_rsi_outliers_da_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
 fuzz_alg_hw_rsi_outliers_da_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
 fuzz_alg_hw_rsi_outliers_da_LDFLAGS = $(LIBS)
 if HAS_FUZZLDFLAGS
@@ -147,8 +147,8 @@ fuzz_alg_hw_rsi_outliers_da_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAG
     $(fuzz_alg_hw_rsi_outliers_da_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
 fuzz_alg_jitter_SOURCES = fuzz_alg_jitter.cpp fuzz_common_code.c
-fuzz_alg_jitter_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-fuzz_alg_jitter_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+fuzz_alg_jitter_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_alg_jitter_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
 fuzz_alg_jitter_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
 fuzz_alg_jitter_LDFLAGS = $(LIBS)
 if HAS_FUZZLDFLAGS
@@ -161,9 +161,22 @@ fuzz_alg_jitter_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
     $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \
     $(fuzz_alg_jitter_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
+fuzz_alg_crc32_md5_SOURCES = fuzz_alg_crc32_md5.c
+fuzz_alg_crc32_md5_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_alg_crc32_md5_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
+fuzz_alg_crc32_md5_LDFLAGS = $(LIBS)
+if HAS_FUZZLDFLAGS
+fuzz_alg_crc32_md5_CFLAGS += $(LIB_FUZZING_ENGINE)
+fuzz_alg_crc32_md5_LDFLAGS += $(LIB_FUZZING_ENGINE)
+endif
+# force usage of CXX for linker
+fuzz_alg_crc32_md5_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+    $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \
+    $(fuzz_alg_crc32_md5_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
+
 fuzz_alg_ses_des_SOURCES = fuzz_alg_ses_des.cpp fuzz_common_code.c
-fuzz_alg_ses_des_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-fuzz_alg_ses_des_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+fuzz_alg_ses_des_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_alg_ses_des_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
 fuzz_alg_ses_des_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
 fuzz_alg_ses_des_LDFLAGS = $(LIBS)
 if HAS_FUZZLDFLAGS
@@ -177,8 +190,8 @@ fuzz_alg_ses_des_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
     $(fuzz_alg_ses_des_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
 fuzz_ds_patricia_SOURCES = fuzz_ds_patricia.cpp fuzz_common_code.c
-fuzz_ds_patricia_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-fuzz_ds_patricia_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+fuzz_ds_patricia_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_ds_patricia_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
 fuzz_ds_patricia_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
 fuzz_ds_patricia_LDFLAGS = $(LIBS)
 if HAS_FUZZLDFLAGS
@@ -192,8 +205,8 @@ fuzz_ds_patricia_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
     $(fuzz_ds_patricia_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
 fuzz_ds_ahocorasick_SOURCES = fuzz_ds_ahocorasick.cpp fuzz_common_code.c
-fuzz_ds_ahocorasick_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-fuzz_ds_ahocorasick_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+fuzz_ds_ahocorasick_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_ds_ahocorasick_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
 fuzz_ds_ahocorasick_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
 fuzz_ds_ahocorasick_LDFLAGS = $(LIBS)
 if HAS_FUZZLDFLAGS
@@ -207,8 +220,8 @@ fuzz_ds_ahocorasick_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
     $(fuzz_ds_ahocorasick_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
 fuzz_ds_libcache_SOURCES = fuzz_ds_libcache.cpp fuzz_common_code.c
-fuzz_ds_libcache_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-fuzz_ds_libcache_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+fuzz_ds_libcache_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_ds_libcache_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
 fuzz_ds_libcache_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
 fuzz_ds_libcache_LDFLAGS = $(LIBS)
 if HAS_FUZZLDFLAGS
@@ -222,8 +235,8 @@ fuzz_ds_libcache_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
     $(fuzz_ds_libcache_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
 fuzz_ds_tree_SOURCES = fuzz_ds_tree.cpp fuzz_common_code.c
-fuzz_ds_tree_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-fuzz_ds_tree_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS) -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+fuzz_ds_tree_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_ds_tree_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
 fuzz_ds_tree_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
 fuzz_ds_tree_LDFLAGS = $(LIBS)
 if HAS_FUZZLDFLAGS
@@ -236,6 +249,21 @@ fuzz_ds_tree_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
     $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \
     $(fuzz_ds_tree_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
 
+fuzz_ds_ptree_SOURCES = fuzz_ds_ptree.cpp fuzz_common_code.c
+fuzz_ds_ptree_CXXFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_ds_ptree_CFLAGS = @NDPI_CFLAGS@ $(CXXFLAGS)
+fuzz_ds_ptree_LDADD = ../src/lib/libndpi.a $(ADDITIONAL_LIBS)
+fuzz_ds_ptree_LDFLAGS = $(LIBS)
+if HAS_FUZZLDFLAGS
+fuzz_ds_ptree_CXXFLAGS += $(LIB_FUZZING_ENGINE)
+fuzz_ds_ptree_CFLAGS += $(LIB_FUZZING_ENGINE)
+fuzz_ds_ptree_LDFLAGS += $(LIB_FUZZING_ENGINE)
+endif
+# force usage of CXX for linker
+fuzz_ds_ptree_LINK=$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
+    $(LIBTOOLFLAGS) --mode=link $(CXX) @NDPI_CFLAGS@ $(AM_CXXFLAGS) $(CXXFLAGS) \
+    $(fuzz_ds_ptree_LDFLAGS) @NDPI_LDFLAGS@ $(LDFLAGS) -o $@
+
 
 # required for Google oss-fuzz
 # see https://github.com/google/oss-fuzz/tree/master/projects/ndpi
@@ -302,6 +330,11 @@ files_corpus_fuzz_alg_jitter :=  $(wildcard corpus/fuzz_alg_jitter/*)
 fuzz_alg_jitter_seed_corpus.zip: $(files_corpus_fuzz_alg_jitter)
 	zip -j fuzz_alg_jitter_seed_corpus.zip $(files_corpus_fuzz_alg_jitter)
 
+files_corpus_fuzz_alg_crc32_md5 :=  $(wildcard corpus/fuzz_alg_crc32_md5/*)
+
+fuzz_alg_crc32_md5_seed_corpus.zip: $(files_corpus_fuzz_alg_crc32_md5)
+	zip -j fuzz_alg_crc32_md5_seed_corpus.zip $(files_corpus_fuzz_alg_crc32_md5)
+
 files_corpus_fuzz_ds_libcache :=  $(wildcard corpus/fuzz_ds_libcache/*)
 
 fuzz_ds_libcache_seed_corpus.zip: $(files_corpus_fuzz_ds_libcache)
@@ -312,7 +345,13 @@ files_corpus_fuzz_ds_tree :=  $(wildcard corpus/fuzz_ds_tree/*)
 fuzz_ds_tree_seed_corpus.zip: $(files_corpus_fuzz_ds_tree)
 	zip -j fuzz_ds_tree_seed_corpus.zip $(files_corpus_fuzz_ds_tree)
 
-corpus: fuzz_ndpi_reader_seed_corpus.zip fuzz_ndpi_reader_alloc_fail_seed_corpus.zip fuzz_quic_get_crypto_data_seed_corpus.zip fuzz_config_seed_corpus.zip fuzz_ds_patricia_seed_corpus.zip fuzz_ds_ahocorasick_seed_corpus.zip fuzz_alg_ses_des_seed_corpus.zip fuzz_alg_hw_rsi_outliers_da_seed_corpus.zip fuzz_alg_bins_seed_corpus.zip fuzz_alg_hll_seed_corpus.zip fuzz_alg_jitter_seed_corpus.zip fuzz_ds_libcache_seed_corpus.zip fuzz_community_id_seed_corpus.zip fuzz_ds_tree_seed_corpus.zip fuzz_serialization_seed_corpus.zip
+files_corpus_fuzz_ds_ptree :=  $(wildcard corpus/fuzz_ds_ptree/*)
+
+fuzz_ds_ptree_seed_corpus.zip: $(files_corpus_fuzz_ds_ptree)
+	zip -j fuzz_ds_ptree_seed_corpus.zip $(files_corpus_fuzz_ds_ptree)
+
+
+corpus: fuzz_ndpi_reader_seed_corpus.zip fuzz_ndpi_reader_alloc_fail_seed_corpus.zip fuzz_quic_get_crypto_data_seed_corpus.zip fuzz_config_seed_corpus.zip fuzz_ds_patricia_seed_corpus.zip fuzz_ds_ahocorasick_seed_corpus.zip fuzz_alg_ses_des_seed_corpus.zip fuzz_alg_hw_rsi_outliers_da_seed_corpus.zip fuzz_alg_bins_seed_corpus.zip fuzz_alg_hll_seed_corpus.zip fuzz_alg_jitter_seed_corpus.zip fuzz_ds_libcache_seed_corpus.zip fuzz_community_id_seed_corpus.zip fuzz_ds_tree_seed_corpus.zip fuzz_serialization_seed_corpus.zip fuzz_ds_ptree_seed_corpus.zip fuzz_alg_crc32_md5_seed_corpus.zip
 
 #Create dictionaries exactly as expected by oss-fuzz.
 #This way, if we need to change/update/add something,
@@ -337,10 +376,12 @@ distdir:
 		-o -path './corpus/fuzz_alg_bins/*' \
 		-o -path './corpus/fuzz_alg_hll/*' \
 		-o -path './corpus/fuzz_alg_jitter/*' \
+		-o -path './corpus/fuzz_alg_crc32_md5/*' \
 		-o -path './corpus/fuzz_alg_hw_rsi_outliers_da/*' \
 		-o -path './corpus/fuzz_ds_ahocorasick/*' \
 		-o -path './corpus/fuzz_ds_libcache/*' \
 		-o -path './corpus/fuzz_ds_tree/*' \
+		-o -path './corpus/fuzz_ds_ptree/*' \
 		-o -path './corpus/fuzz_ds_patricia/*' | xargs -I'{}' cp -r '{}' '$(distdir)/{}'
 
 all: corpus dictionaries

fuzz/corpus/fuzz_alg_crc32_md5/82bb3eab86d4063ea4a3cb97821feb07cecf7b72

@@ -0,0 +1 @@
+�

fuzz/corpus/fuzz_config/8ce8bfe5ac7addf5e2c5da6794cf5934678dd06c

@@ -0,0 +1,3 @@
+�P7
��돝!�A�V�#�K�QX���)����)!a����,��q��58�e!�A�V�#�K�QX���)����)!a����,��q��58�e��.V߻P��*Wy��"ڬ��]�%Y�q䠀k��ў
+T��;J3s�O[����5P���v ֈ��3�;k& ��K���,�!+�1�^'��Th���T�4H+-�A3:=���W�0R������]�'�*b;()��O���"2v���G��������������������������������������������������������������������=s���c�p��������.V߻P��*Wy��"ڬ��]�%Y�q䠀k��ў
+T��;J3s�O[����5P���v ֈ��3�;k& ��K���,�!+�1�^'��Th���T�4H+-�A3:=���W�0R������]�'�*b;()��O���"2v���G��������������������������������������������������������������������=s���c�p������x�fQ�'����,�?��^BT7�7���OP�6[hw�!^W\��q&k�Q����(����hJi�%�hQK�-����h�	pj�@�