From 30527c58c2ac336b48b32dd9288147df8cf33b0a Mon Sep 17 00:00:00 2001
From: Marten Seemann <martenseemann@gmail.com>
Date: Tue, 13 Jun 2023 23:44:25 +0300
Subject: [PATCH] frame fuzzer: handle frames one by one (#3884)

This more closely matches what the connection does.
---
 fuzzing/frames/fuzz.go | 37 ++++++++++++++++---------------------
 1 file changed, 16 insertions(+), 21 deletions(-)

diff --git a/fuzzing/frames/fuzz.go b/fuzzing/frames/fuzz.go
index 355a114f..44d2eee3 100644
--- a/fuzzing/frames/fuzz.go
+++ b/fuzzing/frames/fuzz.go
@@ -36,28 +36,17 @@ func Fuzz(data []byte) int {
 	parser := wire.NewFrameParser(true)
 	parser.SetAckDelayExponent(protocol.DefaultAckDelayExponent)
 
-	initialLen := len(data)
-
-	var frames []wire.Frame
-
+	var numFrames int
+	var b []byte
 	for len(data) > 0 {
+		initialLen := len(data)
 		l, f, err := parser.ParseNext(data, encLevel, version)
 		if err != nil {
 			break
 		}
 		data = data[l:]
-		frames = append(frames, f)
-	}
-	parsedLen := initialLen - len(data)
-
-	if len(frames) == 0 {
-		return 0
-	}
-
-	var b []byte
-	for _, f := range frames {
+		numFrames++
 		if f == nil { // PADDING frame
-			b = append(b, 0)
 			continue
 		}
 		// We accept empty STREAM frames, but we don't write them.
@@ -67,21 +56,27 @@ func Fuzz(data []byte) int {
 				continue
 			}
 		}
-		lenBefore := len(b)
-		b, err := f.Append(b, version)
+
+		startLen := len(b)
+		parsedLen := initialLen - len(data)
+		b, err = f.Append(b, version)
 		if err != nil {
 			panic(fmt.Sprintf("Error writing frame %#v: %s", f, err))
 		}
-		frameLen := len(b) - lenBefore
-		if f.Length(version) != protocol.ByteCount(frameLen) {
+		frameLen := protocol.ByteCount(len(b) - startLen)
+		if f.Length(version) != frameLen {
 			panic(fmt.Sprintf("Inconsistent frame length for %#v: expected %d, got %d", f, frameLen, f.Length(version)))
 		}
 		if sf, ok := f.(*wire.StreamFrame); ok {
 			sf.PutBack()
 		}
+		if frameLen > protocol.ByteCount(parsedLen) {
+			panic(fmt.Sprintf("Serialized length (%d) is longer than parsed length (%d)", len(b), parsedLen))
+		}
 	}
-	if len(b) > parsedLen {
-		panic(fmt.Sprintf("Serialized length (%d) is longer than parsed length (%d)", len(b), parsedLen))
+
+	if numFrames == 0 {
+		return 0
 	}
 	return 1
 }