From 460d6378904a2b956750a584018ffcc585af9896 Mon Sep 17 00:00:00 2001
From: Craig Tiller <ctiller@google.com>
Date: Mon, 27 Jan 2025 14:10:26 -0800
Subject: [PATCH] [fuzzer] Regression fix for server_fuzzer, connector_fuzzer
 (#38580)

We shouldn't try to send 2 gigabytes one byte at a time in a fuzzer...

Closes #38580

COPYBARA_INTEGRATE_REVIEW=https://github.com/grpc/grpc/pull/38580 from ctiller:fuzzreg 36570046a50507bde2cbecf1d1e42e2e0a2b4489
PiperOrigin-RevId: 720302734
---
 test/core/end2end/fuzzers/connector_fuzzer.cc | 42 ++++++++++++++++---
 test/core/end2end/fuzzers/network_input.cc    |  7 ++--
 test/core/end2end/fuzzers/server_fuzzer.cc    |  6 ---
 3 files changed, 40 insertions(+), 15 deletions(-)

diff --git a/test/core/end2end/fuzzers/connector_fuzzer.cc b/test/core/end2end/fuzzers/connector_fuzzer.cc
index a42c3da0fe00f..8ec4228fec492 100644
--- a/test/core/end2end/fuzzers/connector_fuzzer.cc
+++ b/test/core/end2end/fuzzers/connector_fuzzer.cc
@@ -12,9 +12,12 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+#include <google/protobuf/text_format.h>
+
 #include <memory>
 
 #include "fuzztest/fuzztest.h"
+#include "gtest/gtest.h"
 #include "src/core/ext/transport/chttp2/client/chttp2_connector.h"
 #include "src/core/lib/address_utils/parse_address.h"
 #include "src/core/lib/event_engine/channel_args_endpoint_config.h"
@@ -30,9 +33,6 @@
 #include "test/core/test_util/fuzz_config_vars.h"
 #include "test/core/test_util/test_config.h"
 
-bool squelch = true;
-bool leak_check = true;
-
 using ::grpc_event_engine::experimental::ChannelArgsEndpointConfig;
 using ::grpc_event_engine::experimental::EventEngine;
 using ::grpc_event_engine::experimental::FuzzingEventEngine;
@@ -171,9 +171,6 @@ void RunConnectorFuzzer(
     absl::FunctionRef<RefCountedPtr<grpc_channel_security_connector>()>
         make_security_connector,
     absl::FunctionRef<OrphanablePtr<SubchannelConnector>()> make_connector) {
-  if (squelch && !GetEnv("GRPC_TRACE_FUZZER").has_value()) {
-    grpc_disable_all_absl_logs();
-  }
   static const int once = []() {
     ForceEnableExperiment("event_engine_client", true);
     ForceEnableExperiment("event_engine_listener", true);
@@ -185,6 +182,12 @@ void RunConnectorFuzzer(
   ConnectorFuzzer(msg, make_security_connector, make_connector).Run();
 }
 
+auto ParseTestProto(const std::string& proto) {
+  fuzzer_input::Msg msg;
+  CHECK(google::protobuf::TextFormat::ParseFromString(proto, &msg));
+  return msg;
+}
+
 void Chttp2(fuzzer_input::Msg msg) {
   RunConnectorFuzzer(
       msg, []() { return RefCountedPtr<grpc_channel_security_connector>(); },
@@ -205,5 +208,32 @@ void Chttp2Fakesec(fuzzer_input::Msg msg) {
 }
 FUZZ_TEST(ConnectorFuzzers, Chttp2Fakesec);
 
+TEST(ConnectorFuzzers, Chttp2FakesecTimeout1) {
+  Chttp2Fakesec(ParseTestProto(R"pb(network_input {
+                                      input_segments {
+                                        segments { delay_ms: 1 }
+                                        segments {
+                                          delay_ms: 1
+                                          chaotic_good {
+                                            known_type: SETTINGS
+                                            payload_empty_of_length: 2147483647
+                                          }
+                                        }
+                                      }
+                                      connect_delay_ms: -1603816748
+                                      connect_timeout_ms: 3
+                                    }
+                                    event_engine_actions {
+                                      run_delay: 1
+                                      assign_ports: 1
+                                      assign_ports: 2147483647
+                                      connections {}
+                                    }
+                                    config_vars {
+                                      verbosity: ""
+                                      experiments: 9223372036854775807
+                                    })pb"));
+}
+
 }  // namespace
 }  // namespace grpc_core
diff --git a/test/core/end2end/fuzzers/network_input.cc b/test/core/end2end/fuzzers/network_input.cc
index 67f4e6b8c28b3..369efe10199ef 100644
--- a/test/core/end2end/fuzzers/network_input.cc
+++ b/test/core/end2end/fuzzers/network_input.cc
@@ -251,9 +251,10 @@ SliceBuffer ChaoticGoodFrame(const fuzzer_input::ChaoticGoodFrame& frame) {
       suffix.Append(Slice::FromCopiedString(frame.payload_raw_bytes()));
       break;
     case fuzzer_input::ChaoticGoodFrame::kPayloadEmptyOfLength:
-      h.payload_length = frame.payload_empty_of_length();
-      suffix.Append(Slice::FromCopiedString(
-          std::string(frame.payload_empty_of_length(), 'a')));
+      h.payload_length =
+          std::min<uint32_t>(65536, frame.payload_empty_of_length());
+      suffix.Append(
+          Slice::FromCopiedString(std::string(h.payload_length, 'a')));
       break;
     case fuzzer_input::ChaoticGoodFrame::kPayloadOtherConnectionId:
       h.payload_connection_id =
diff --git a/test/core/end2end/fuzzers/server_fuzzer.cc b/test/core/end2end/fuzzers/server_fuzzer.cc
index 508deaa5dd56a..ffa46bfa166aa 100644
--- a/test/core/end2end/fuzzers/server_fuzzer.cc
+++ b/test/core/end2end/fuzzers/server_fuzzer.cc
@@ -37,9 +37,6 @@
 #include "test/core/test_util/fuzz_config_vars.h"
 #include "test/core/test_util/test_config.h"
 
-bool squelch = true;
-bool leak_check = true;
-
 namespace grpc_core {
 namespace testing {
 
@@ -97,9 +94,6 @@ void RunServerFuzzer(
     const fuzzer_input::Msg& msg,
     absl::FunctionRef<void(grpc_server*, int, const ChannelArgs&)>
         server_setup) {
-  if (squelch && !GetEnv("GRPC_TRACE_FUZZER").has_value()) {
-    grpc_disable_all_absl_logs();
-  }
   static const int once = []() {
     ForceEnableExperiment("event_engine_client", true);
     ForceEnableExperiment("event_engine_listener", true);