Skip to content

OSS-Fuzz: Fix fuzz-sip for endpoint fuzzing#4976

Open
arthurscchan wants to merge 2 commits into
pjsip:masterfrom
arthurscchan:fix-sip
Open

OSS-Fuzz: Fix fuzz-sip for endpoint fuzzing#4976
arthurscchan wants to merge 2 commits into
pjsip:masterfrom
arthurscchan:fix-sip

Conversation

@arthurscchan
Copy link
Copy Markdown
Contributor

@arthurscchan arthurscchan commented May 8, 2026

This PR fixes the fuzz-sip for endpoint fuzzing.

@arthurscchan
OSS-Fuzz: Fix fuzz-sip for endpoint fuzzing
8ee1940 
Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
@sauwming sauwming requested a review from Copilot May 8, 2026 23:01
Copilot AI reviewed May 8, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the SIP fuzzer harness (tests/fuzz/fuzz-sip.c) to better support “endpoint fuzzing” by constructing more realistic pjsip_rx_data packet metadata, acquiring a loop-dgram transport, and routing parsed messages through the endpoint’s module pipeline.

Changes:

  • Tighten transaction-layer/UAC transaction preconditions to use rdata->msg_info.* header shortcuts.
  • Populate rdata.pkt_info.src_name/src_port and set Via: received= (recvd_param) for request messages.
  • Acquire PJSIP_TRANSPORT_LOOP_DGRAM transport and run pjsip_endpt_process_rx_data() + pjsip_endpt_handle_events() to exercise the full endpoint pipeline.

Comment thread tests/fuzz/fuzz-sip.c
/* Route through the full endpoint module pipeline */
if (rdata.tp_info.transport &&
rdata.msg_info.from && rdata.msg_info.to &&
rdata.msg_info.via && rdata.msg_info.cseq && rdata.msg_info.cid) {
Comment thread tests/fuzz/fuzz-sip.c Outdated
@sauwming sauwming added this to the release-2.18 milestone May 11, 2026
@sauwming
Potential fix for pull request finding
34ff6ee 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@sauwming sauwming requested a review from Copilot May 13, 2026 23:48
Copilot AI reviewed May 13, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

Comment thread tests/fuzz/fuzz-sip.c
Comment on lines +461 to 465
/* Acquire loop datagram transport */
if (pjsip_endpt_acquire_transport(endpt, PJSIP_TRANSPORT_LOOP_DGRAM,
(pj_sockaddr_t *)&remote_addr,
sizeof(remote_addr),
NULL, &fake_transport) == PJ_SUCCESS) {
Comment thread tests/fuzz/fuzz-sip.c

if (msg->type == PJSIP_REQUEST_MSG && rdata.msg_info.via) {
pj_strdup2(pool, &rdata.msg_info.via->recvd_param,
rdata.pkt_info.src_name);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

component: unit-tests

Projects

None yet

Milestone

release-2.18

Development

Successfully merging this pull request may close these issues.

3 participants

@arthurscchan @sauwming