Skip to content

Comments

feat: Fuzz Infrastructure Setup (TASK-500)#98

Merged
copyleftdev merged 1 commit intomainfrom
feat/TASK-500-fuzz-infrastructure
Jan 11, 2026
Merged

feat: Fuzz Infrastructure Setup (TASK-500)#98
copyleftdev merged 1 commit intomainfrom
feat/TASK-500-fuzz-infrastructure

Conversation

@copyleftdev
Copy link
Owner

@copyleftdev copyleftdev commented Jan 11, 2026

Summary

  • Added comprehensive fuzz testing infrastructure for all parsers
  • Created 4 new fuzz test files (HTTP/1.1, HTTP/2 frame, HPACK decoder, Scenario parser)
  • Added 60+ corpus seed files organized in 5 target directories
  • Fixed parser robustness issues discovered by fuzzing

Changes

New Files

  • tests/fuzz/http1_parser_fuzz.zig - HTTP/1.1 parser fuzz tests (5 tests, 1M+ iterations)
  • tests/fuzz/http2_frame_fuzz.zig - HTTP/2 frame parser fuzz tests (5 tests, 1M iterations)
  • tests/fuzz/hpack_decoder_fuzz.zig - HPACK decoder fuzz tests (6 tests, 1M iterations)
  • tests/fuzz/scenario_parser_fuzz.zig - Scenario parser fuzz tests (5 tests, 100k iterations)
  • scripts/run-fuzz.sh - Script to run all fuzz targets
  • scripts/minimize-corpus.sh - Placeholder for corpus management
  • corpus/ - Seed files for all fuzz targets

Bug Fixes

  • Fixed HPACK decoder assertion crash on empty input (now returns error)
  • Fixed HTTP/2 frame parser assertion crash on short input (now returns error)

Build System

  • Implemented fuzz-targets build step with all fuzz test targets
  • Exported HTTP2_MAX_FRAME_SIZE constant from z6.zig

Test Results

Target Tests Iterations Status
HPACK Decoder 6/6 1,000,000 ✅ Pass
HTTP/2 Frame 5/5 1,000,000 ✅ Pass
HTTP/1.1 Parser 5 - ⏸️ Blocked (Zig 0.14 API)
Scenario Parser 5 - ⏸️ Blocked (Zig 0.14 API)
Event Serialization 5 - ⏸️ Blocked (Zig 0.14 API)

Note: HTTP/1.1, Scenario, and Event tests are blocked by pre-existing Zig 0.14 ArrayList API compatibility issues in the main codebase that need separate fixes.

Test plan

  • HPACK fuzz tests pass with 1M iterations
  • HTTP/2 frame fuzz tests pass with 1M iterations
  • No memory leaks detected
  • Corpus directories properly organized
  • Build step zig build fuzz-targets works

Closes #64

🤖 Generated with Claude Code

@copyleftdev @claude
feat: Fuzz Infrastructure Setup (TASK-500)
fee5587 
Comprehensive fuzz testing infrastructure for parser robustness:

- Created 4 new fuzz test files for HTTP/1.1, HTTP/2, HPACK, and Scenario parsers
- Added 60+ corpus seed files across 5 target directories (http1_response, http2_frame, hpack, scenario, event)
- Implemented fuzz-targets build step in build.zig
- Added scripts/run-fuzz.sh for running fuzz tests
- Added scripts/minimize-corpus.sh for corpus management (placeholder)
- Fixed parser assertions that caused crashes during fuzzing:
  - HPACK decodeString: removed assertion, use error return for empty input
  - HTTP/2 parseHeader: moved assertion after input validation
- Exported HTTP2_MAX_FRAME_SIZE constant from z6.zig

Test results:
- HPACK decoder: 6/6 tests pass, 1M iterations
- HTTP/2 frame: 5/5 tests pass, 1M iterations

Note: HTTP/1.1, Scenario, and Event fuzz tests have pre-existing Zig 0.14
API compatibility issues (ArrayList.deinit signature) in the main codebase
that need separate fixes.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@copyleftdev copyleftdev merged commit 4ecc4c8 into main Jan 11, 2026
1 check failed
@copyleftdev copyleftdev deleted the feat/TASK-500-fuzz-infrastructure branch January 11, 2026 21:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

TASK-500: Fuzz Infrastructure Setup

1 participant

@copyleftdev