From c52df0f15199c751b4cc3b7a463941cd07e6800b Mon Sep 17 00:00:00 2001
From: Arjun Singh <ajsinghyadav00@gmail.com>
Date: Fri, 21 Jul 2023 09:26:09 +0530
Subject: [PATCH 1/2] [Fuzzing] Update the fuzzing suite to native Go-Fuzz

Signed-off-by: Arjun Singh <ajsinghyadav00@gmail.com>
---
 Makefile     |  4 ++++
 fuzz.go      | 23 -----------------------
 read_test.go | 13 +++++++++++++
 3 files changed, 17 insertions(+), 23 deletions(-)
 delete mode 100644 fuzz.go

diff --git a/Makefile b/Makefile
index 7dc71bc..efc1838 100644
--- a/Makefile
+++ b/Makefile
@@ -19,6 +19,10 @@ fmt: ## Run go fmt against code
 tests: ## Run all tests and requires a running rabbitmq-server. Use GO_TEST_FLAGS to add extra flags to go test
 	go test -race -v -tags integration $(GO_TEST_FLAGS)
 
+.PHONY: fuzzing
+fuzzing: ## Run fuzzing tests
+	go test -fuzz=FuzzReadFrame .
+
 .PHONY: tests-docker
 tests-docker: rabbitmq-server
 	RABBITMQ_RABBITMQCTL_PATH="DOCKER:$(CONTAINER_NAME)" go test -race -v -tags integration $(GO_TEST_FLAGS)
diff --git a/fuzz.go b/fuzz.go
deleted file mode 100644
index c9f03ea..0000000
--- a/fuzz.go
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright (c) 2021 VMware, Inc. or its affiliates. All Rights Reserved.
-// Copyright (c) 2012-2021, Sean Treadway, SoundCloud Ltd.
-// Use of this source code is governed by a BSD-style
-// license that can be found in the LICENSE file.
-
-//go:build gofuzz
-// +build gofuzz
-
-package amqp091
-
-import "bytes"
-
-func Fuzz(data []byte) int {
-	r := reader{bytes.NewReader(data)}
-	frame, err := r.ReadFrame()
-	if err != nil {
-		if frame != nil {
-			panic("frame is not nil")
-		}
-		return 0
-	}
-	return 1
-}
diff --git a/read_test.go b/read_test.go
index fb44cb1..110a243 100644
--- a/read_test.go
+++ b/read_test.go
@@ -6,6 +6,7 @@
 package amqp091
 
 import (
+	"bytes"
 	"strings"
 	"testing"
 )
@@ -29,3 +30,15 @@ func TestGoFuzzCrashers(t *testing.T) {
 		}
 	}
 }
+
+func FuzzReadFrame(f *testing.F) {
+
+	f.Add([]byte("\b000000"))
+	f.Add([]byte("\x02\x16\x10�[��\t\xbdui�" + "\x10\x01\x00\xff\xbf\xef\xbfｻn\x99\x00\x10r"))
+	f.Add([]byte("\x0300\x00\x00\x00\x040000"))
+
+	f.Fuzz(func(t *testing.T, input_data []byte) {
+		r := reader{bytes.NewReader(input_data)}
+		_, _ = r.ReadFrame()
+	})
+}

From 23b76857c363bc8caddf675c1e087abcd59b34e4 Mon Sep 17 00:00:00 2001
From: Luke Bakken <luke@bakken.io>
Date: Mon, 24 Jul 2023 17:56:11 -0700
Subject: [PATCH 2/2] Try to limit message size with an artificially low number

---
 read.go  | 6 ++++++
 types.go | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/read.go b/read.go
index a8bed13..bd5e198 100644
--- a/read.go
+++ b/read.go
@@ -114,6 +114,12 @@ func readLongstr(r io.Reader) (v string, err error) {
 		return
 	}
 
+	// LRB TODO obviously this is not realistic
+	if length > 65536 {
+		err = ErrMsgSize
+		return
+	}
+
 	bytes := make([]byte, length)
 	if _, err = io.ReadFull(r, bytes); err != nil {
 		return
diff --git a/types.go b/types.go
index 8f43a72..d4637d1 100644
--- a/types.go
+++ b/types.go
@@ -63,6 +63,9 @@ var (
 
 	// ErrFieldType is returned when writing a message containing a Go type unsupported by AMQP.
 	ErrFieldType = &Error{Code: SyntaxError, Reason: "unsupported table field type"}
+
+	// ErrMsgSize is returned when the length specifier for a frame or its data exceeds 128 MiB
+	ErrMsgSize = &Error{Code: FrameError, Reason: "frame or message is too large"}
 )
 
 // internal errors used inside the library