From e62973de7947815add465eb7dbc3827a3d6b3a67 Mon Sep 17 00:00:00 2001
From: Francois Beutin <francois.beutin@ledger.fr>
Date: Tue, 21 May 2024 12:13:52 +0200
Subject: [PATCH 1/2] Improve fuzzig cmake

---
 fuzzing/CMakeLists.txt | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/fuzzing/CMakeLists.txt b/fuzzing/CMakeLists.txt
index dc4f430a..5f2e4d55 100644
--- a/fuzzing/CMakeLists.txt
+++ b/fuzzing/CMakeLists.txt
@@ -81,22 +81,24 @@ include_directories(
     ${SRC_DIR}
 )
 
+# Take all source files from the application and the sdk
+file(GLOB_RECURSE APPLICATION_SRC
+    # Take all plugin sources
+    ${SRC_DIR}/*.c
+
+    # Take all sdk sources
+    ${ETH_DIR}/src/*.c
+)
+# Filter out main.c from the SDK, the fuzzing has its own main
+list(FILTER APPLICATION_SRC EXCLUDE REGEX "${ETH_DIR}/src/main")
+
 add_executable(fuzz
+    ${APPLICATION_SRC}
+
+    # fuzzing specific files
     fuzz_plugin.c
     mocks.c
 
-    ${SRC_DIR}/plugin.c
-    ${SRC_DIR}/handle_init_contract.c
-    ${SRC_DIR}/handle_provide_parameter.c
-    ${SRC_DIR}/handle_finalize.c
-    ${SRC_DIR}/handle_provide_token.c
-    ${SRC_DIR}/handle_query_contract_ui.c
-    ${SRC_DIR}/handle_query_contract_id.c
-
-    # Ethereum SDK
-    ${ETH_DIR}/src/common_utils.c
-    ${ETH_DIR}/src/plugin_utils.c
-
     # sdk utils
     ${BOLOS_SDK}/src/ledger_assert.c
     ${BOLOS_SDK}/lib_standard_app/format.c

From 27d4565332e3cc335f404edbdbb84f10015209a1 Mon Sep 17 00:00:00 2001
From: Francois Beutin <francois.beutin@ledger.fr>
Date: Tue, 21 May 2024 13:54:35 +0200
Subject: [PATCH 2/2] Fix fuzzer not initializing the pluginSharedRO and
 pluginSharedRW memory

---
 fuzzing/fuzz_plugin.c | 50 +++++++++++++++++++++++++++----------------
 1 file changed, 31 insertions(+), 19 deletions(-)

diff --git a/fuzzing/fuzz_plugin.c b/fuzzing/fuzz_plugin.c
index 82da199f..d86a4864 100644
--- a/fuzzing/fuzz_plugin.c
+++ b/fuzzing/fuzz_plugin.c
@@ -52,6 +52,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 
     init_contract.interfaceVersion = ETH_PLUGIN_INTERFACE_VERSION_LATEST;
     init_contract.selector = data;
+    init_contract.pluginSharedRO = &shared_ro;
+    init_contract.pluginSharedRW = &shared_rw;
     init_contract.pluginContext = (uint8_t *) &context;
     init_contract.pluginContextLength = sizeof(context);
 
@@ -66,6 +68,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
         provide_param.parameter = data + i;
         provide_param.parameterOffset = i;
         provide_param.pluginContext = (uint8_t *) &context;
+        provide_param.pluginSharedRO = &shared_ro;
+        provide_param.pluginSharedRW = &shared_rw;
         handle_provide_parameter(&provide_param);
         if (provide_param.result != ETH_PLUGIN_RESULT_OK) {
             return 0;
@@ -75,38 +79,46 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
 
     finalize.pluginContext = (uint8_t *) &context;
     finalize.address = address;
+    finalize.pluginSharedRO = &shared_ro;
+    finalize.pluginSharedRW = &shared_rw;
     handle_finalize(&finalize);
     if (finalize.result != ETH_PLUGIN_RESULT_OK) {
         return 0;
     }
 
-    provide_info.pluginContext = (uint8_t *) &context;
-    if (finalize.tokenLookup1) {
-        if (size - i >= sizeof(extraInfo_t)) {
-            provide_info.item1 = &item1;
-
-            memcpy(provide_info.item1, data + i, sizeof(extraInfo_t));
-            provide_info.item1->token.ticker[MAX_TICKER_LEN - 1] = '\0';
-            i += sizeof(extraInfo_t);
+    if (finalize.tokenLookup1 || finalize.tokenLookup2) {
+        provide_info.pluginContext = (uint8_t *) &context;
+        provide_info.pluginSharedRO = &shared_ro;
+        provide_info.pluginSharedRW = &shared_rw;
+        if (finalize.tokenLookup1) {
+            if (size - i >= sizeof(extraInfo_t)) {
+                provide_info.item1 = &item1;
+
+                memcpy(provide_info.item1, data + i, sizeof(extraInfo_t));
+                provide_info.item1->token.ticker[MAX_TICKER_LEN - 1] = '\0';
+                i += sizeof(extraInfo_t);
+            }
         }
-    }
 
-    if (finalize.tokenLookup2) {
-        if (size - i >= sizeof(extraInfo_t)) {
-            provide_info.item2 = &item2;
+        if (finalize.tokenLookup2) {
+            if (size - i >= sizeof(extraInfo_t)) {
+                provide_info.item2 = &item2;
 
-            memcpy(provide_info.item2, data + i, sizeof(extraInfo_t));
-            provide_info.item2->token.ticker[MAX_TICKER_LEN - 1] = '\0';
-            i += sizeof(extraInfo_t);
+                memcpy(provide_info.item2, data + i, sizeof(extraInfo_t));
+                provide_info.item2->token.ticker[MAX_TICKER_LEN - 1] = '\0';
+                i += sizeof(extraInfo_t);
+            }
         }
-    }
 
-    handle_provide_token(&provide_info);
-    if (provide_info.result != ETH_PLUGIN_RESULT_OK) {
-        return 0;
+        handle_provide_token(&provide_info);
+        if (provide_info.result != ETH_PLUGIN_RESULT_OK) {
+            return 0;
+        }
     }
 
     query_id.pluginContext = (uint8_t *) &context;
+    query_id.pluginSharedRO = &shared_ro;
+    query_id.pluginSharedRW = &shared_rw;
     query_id.name = name;
     query_id.nameLength = sizeof(name);
     query_id.version = version;