From 106be19c3ef35aff0d464135ef9ed29a8b79f589 Mon Sep 17 00:00:00 2001
From: yhirose <yuji.hirose.bug@gmail.com>
Date: Sat, 30 Jul 2022 23:27:29 -0400
Subject: [PATCH] Issue 49512: cpp-httplib:server_fuzzer: Timeout in
 server_fuzzer

---
 httplib.h                                     |  68 ++++++++----------
 ...e-minimized-server_fuzzer-6007379124158464 | Bin 0 -> 452123 bytes
 2 files changed, 28 insertions(+), 40 deletions(-)
 create mode 100644 test/fuzzing/corpus/clusterfuzz-testcase-minimized-server_fuzzer-6007379124158464

diff --git a/httplib.h b/httplib.h
index 792b92c..94ec8a2 100644
--- a/httplib.h
+++ b/httplib.h
@@ -3797,7 +3797,11 @@ class MultipartFormDataParser {
 public:
   MultipartFormDataParser() = default;
 
-  void set_boundary(std::string &&boundary) { boundary_ = boundary; }
+  void set_boundary(std::string &&boundary) {
+    boundary_ = boundary;
+    dash_boundary_crlf_ = dash_ + boundary_ + crlf_;
+    crlf_dash_boundary_ = crlf_ + dash_ + boundary_;
+  }
 
   bool is_valid() const { return is_valid_; }
 
@@ -3809,19 +3813,15 @@ public:
         R"~(^Content-Disposition:\s*form-data;\s*name="(.*?)"(?:;\s*filename="(.*?)")?(?:;\s*filename\*=\S+)?\s*$)~",
         std::regex_constants::icase);
 
-    static const std::string dash_ = "--";
-    static const std::string crlf_ = "\r\n";
-
     buf_append(buf, n);
 
     while (buf_size() > 0) {
       switch (state_) {
       case 0: { // Initial boundary
-        auto pattern = dash_ + boundary_ + crlf_;
-        buf_erase(buf_find(pattern));
-        if (pattern.size() > buf_size()) { return true; }
-        if (!buf_start_with(pattern)) { return false; }
-        buf_erase(pattern.size());
+        buf_erase(buf_find(dash_boundary_crlf_));
+        if (dash_boundary_crlf_.size() > buf_size()) { return true; }
+        if (!buf_start_with(dash_boundary_crlf_)) { return false; }
+        buf_erase(dash_boundary_crlf_.size());
         state_ = 1;
         break;
       }
@@ -3856,7 +3856,6 @@ public:
               file_.filename = m[2];
             }
           }
-
           buf_erase(pos + crlf_.size());
           pos = buf_find(crlf_);
         }
@@ -3864,40 +3863,25 @@ public:
         break;
       }
       case 3: { // Body
-        {
-          auto pattern = crlf_ + dash_;
-          if (pattern.size() > buf_size()) { return true; }
-
-          auto pos = buf_find(pattern);
-
+        if (crlf_dash_boundary_.size() > buf_size()) { return true; }
+        auto pos = buf_find(crlf_dash_boundary_);
+        if (pos < buf_size()) {
           if (!content_callback(buf_data(), pos)) {
             is_valid_ = false;
             return false;
           }
-
-          buf_erase(pos);
-        }
-        {
-          auto pattern = crlf_ + dash_ + boundary_;
-          if (pattern.size() > buf_size()) { return true; }
-
-          auto pos = buf_find(pattern);
-          if (pos < buf_size()) {
-            if (!content_callback(buf_data(), pos)) {
+          buf_erase(pos + crlf_dash_boundary_.size());
+          state_ = 4;
+        } else {
+          auto len = buf_size() - crlf_dash_boundary_.size();
+          if (len > 0) {
+            if (!content_callback(buf_data(), len)) {
               is_valid_ = false;
               return false;
             }
-
-            buf_erase(pos + pattern.size());
-            state_ = 4;
-          } else {
-            if (!content_callback(buf_data(), pattern.size())) {
-              is_valid_ = false;
-              return false;
-            }
-
-            buf_erase(pattern.size());
+            buf_erase(len);
           }
+          return true;
         }
         break;
       }
@@ -3907,10 +3891,9 @@ public:
           buf_erase(crlf_.size());
           state_ = 1;
         } else {
-          auto pattern = dash_ + crlf_;
-          if (pattern.size() > buf_size()) { return true; }
-          if (buf_start_with(pattern)) {
-            buf_erase(pattern.size());
+          if (dash_crlf_.size() > buf_size()) { return true; }
+          if (buf_start_with(dash_crlf_)) {
+            buf_erase(dash_crlf_.size());
             is_valid_ = true;
             buf_erase(buf_size()); // Remove epilogue
           } else {
@@ -3941,7 +3924,12 @@ private:
     return true;
   }
 
+  const std::string dash_ = "--";
+  const std::string crlf_ = "\r\n";
+  const std::string dash_crlf_ = "--\r\n";
   std::string boundary_;
+  std::string dash_boundary_crlf_;
+  std::string crlf_dash_boundary_;
 
   size_t state_ = 0;
   bool is_valid_ = false;
diff --git a/test/fuzzing/corpus/clusterfuzz-testcase-minimized-server_fuzzer-6007379124158464 b/test/fuzzing/corpus/clusterfuzz-testcase-minimized-server_fuzzer-6007379124158464
new file mode 100644
index 0000000000000000000000000000000000000000..4c4c57e819e60fbc67e1ecc8a554ad13112ba739
GIT binary patch
literal 452123
zcmeI*!D}1Y9ROg{gSQMF$gNOV(8a<SCXPwsBr02BvSyWo6SF8#=%tD^c15L;Iv&;W
z!j|l^E-cj7o<n<T3WbtOZ>5J`dfk$Lp!Z(VbKQ|_*|EE8?6svx&i4{ant5-2@4atE
zFOwPhY4zg=g>Iozt**{5T)z<p_uEMpCs|b8?!={5x0y9MwKSVwZ>O!OUdw7v+TEmH
zOSeC09hF^9*4p((vQgUjq|ph3)yLJs(jer*QL%o=TBp-&tktqcJDGnPZEbBu{m|XC
z8TX>Z^`r9pVIOXk>hXHBmc?NZ26uOZd)F#cbF+gK1k*42X*bxND+KxD(EgkVTnfYB
z@aO%5*YAbF)YRVIR4+}xk>4vDomd`h|12*%c>TRWnW=v4!Rr2V&$Uyi?CkHW9JZR)
zlFjuvjh2(WEDy4GEdBRjskhmugWb{F!;j9shr=L>T4B)N<(2kk_Ua(LeEFZ3Y100A
zW3b}YtCwl~_u}7*KPY}$yjFZ#{AIE8-G3B|#co=>y}GiJx9%XV<Z0$f`K$7y@)zZ}
z{KN9E^2ciVU!Rvh>M#5@U;L`Ss#X5U(%M?Qxf%5i%Cy~#mYU7>R&+m&>-izts5LkD
zH~DpWzk7#=&hpbvBaJts>M_3o?NFbG8vN*Z8-2${R`-uC)VBxg(ZhBUM=P~#?Pq6e
z^B3P@pZz#LCet*|hoyWViynOVb#2byp@-wc*X3Wzy8SAC*GsRTKl`lz;`jZ>Qy%{C
zMxN2yXl=9}!8>&nqrvFwFj}9-+-QB`Bzkyf>mm~%Kw$U+7aY<qxcTt=rv?H92oNAZ
zfB*pk1PBlqH-X+Q+Hq@>_7J$*0yB#@UBe+jfB*pk1PBlyK!5;&5efWeMD<+l|H<kd
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5)WLjonY+6fRKK!5-N0t5&UAV7e?
z6%nX5TKRnT2lI_TN*f!E<cjp{9lB6qkBz0k>{zzS`+@)g0t5&U7*By6XAT4i5FkK+
z009C72oNAZfB*pklPb{rqUTN)eVBjEch+dd<9Yo_s|XMvK!5-N0t5&UAV7cs0RjXF
zjHAGplX_K9y9p2=K!5-N0;dX`nmLZAW!gl5009C72oNAZfB*pk1PBlyFwO$2kE?~H
zLZw<=onN@V5C-?#NfswrRNd~xrCO)cY^>F?Mmw2*8f|TDMeFUf6?M~QoUFC$as8<L
za&JZB;YO(*uQ&6LzlT8>+}#cCU8_vZ%??r!Ouy)-Tx71`N*4hF1PGiEII(!%e?Bg_
z`FX2To&W&?1PBlyK!5-N0t5&UAVA>q1ZEao+#x`K009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zFwp{EPIT)p@2g5hB0zuu0RjXF92ansM1TMR0t5&UAV7cs0RjXF5FkK+z-0@3=lDf9
zO9TiIAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB=C>5xDGMyA+QA0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZ;0g)+^a}N5QYH-5P67l75FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C7-mXBQTln)ItE=-1*KdTu{dSVYNfuSNJ8`MiZDx&5EzRcF+i5GR
z*RtA^b~mZl((MmgM`f3jwRXLcY?L-WX>`J1^>MYZRH#&YA@AP0wRq>&ts8f4-nnt_
z_U(nmh1=H`_P6|JzCk@+Z`QIn48q{<ZgB5fWomAAkb+=(_C+t{I&*~!ebzfDh2j3s
z`v=eOg~8O+UjOgZ^uf9?%=;7uQItP*lYXa<HXH=VpWk?S82A6zeg9bAzYps;40+BT
z4YpfNYa6Xvuf7ZQp%j*ayeCJE+}clX_fS+j0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5;&^9r2v_jb=4UU>qS
zE3o5;B|v}x0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
zzz79`5!Q9NpS~82009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7csf%6NPpqu~!0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7e?Pz7cdZw@v7
z`KREr1pxvC2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk
z1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlqld1A5_5=X}1PBly
zK!5;&@fR4Av*+=L(n10R2oNAZfB*pk1PBlyK!5-N0t5&UAV7e?Xar{6zac<?009C7
z2oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0%IdEHVxU;5&~xs
z*f~QP#}WYo1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72u!BH<IYA}tH;rUWHVmt
zrg8Lf{EKe9nQgjPOn?9Z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5Fl`>
zKyYgAWX@Ho)dUC-AV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PFYSfC<V85FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72n<zVX7T1w<A2jc
zTh<dGK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U7?ywuwg?a)K!5-N0t5&UAV7cs
z0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZ
zfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&U
zAV7cs0RjX@C@{jRPWwL0%4wPM2oNAZfB*pkJ%NYqtgzCqH`W_*od|)qFEA!&(r+I^
z3kVP(K!5-N0t5&UAV7cs0RjXF5FkK+009EyAu#Ly4FLiK2oNAZfB*pk1PBlyK!5-N
z0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+
z009C72oNAZfB*pk1PBlyK!5-N0t5&UAV7cs0RjXF5FkK+009C72oNAZfB*pk1PBly
zK!5-N0t5&UAV7cs0RjXF5Fjw20u$QoUG08H1$N%iemmj`5FkK+009C72oNAZfB*pk
n1PBlyK;Y~Gub+SR*V9Vp`F}YrUmk&>3A}#(>`&j~UdR6cN!|%Z

literal 0
HcmV?d00001