fuzz: Add FUZZED_SOCKET_FAKE_LATENCY mode to FuzzedSock to allow for fuzzing timeout logic

2 files changed, 13 insertions, 0 deletions

diff --git a/src/test/fuzz/socks5.cpp b/src/test/fuzz/socks5.cpp
index 1f2f8ee7c3..123ee042ee 100644
--- a/src/test/fuzz/socks5.cpp
+++ b/src/test/fuzz/socks5.cpp
@@ -11,9 +11,16 @@
 #include <string>
 #include <vector>
 
+namespace {
+int default_socks5_recv_timeout;
+};
+
+extern int g_socks5_recv_timeout;
+
 void initialize_socks5()
 {
     static const auto testing_setup = MakeNoLogFileContext<const BasicTestingSetup>();
+    default_socks5_recv_timeout = g_socks5_recv_timeout;
 }
 
 FUZZ_TARGET_INIT(socks5, initialize_socks5)
@@ -23,6 +30,9 @@ FUZZ_TARGET_INIT(socks5, initialize_socks5)
     proxy_credentials.username = fuzzed_data_provider.ConsumeRandomLengthString(512);
     proxy_credentials.password = fuzzed_data_provider.ConsumeRandomLengthString(512);
     InterruptSocks5(fuzzed_data_provider.ConsumeBool());
+    // Set FUZZED_SOCKET_FAKE_LATENCY=1 to exercise recv timeout code paths. This
+    // will slow down fuzzing.
+    g_socks5_recv_timeout = (fuzzed_data_provider.ConsumeBool() && std::getenv("FUZZED_SOCKET_FAKE_LATENCY") != nullptr) ? 1 : default_socks5_recv_timeout;
     FuzzedSock fuzzed_sock = ConsumeSock(fuzzed_data_provider);
     // This Socks5(...) fuzzing harness would have caught CVE-2017-18350 within
     // a few seconds of fuzzing.
diff --git a/src/test/fuzz/util.h b/src/test/fuzz/util.h
index 4b7b4c88c8..daded0959f 100644
--- a/src/test/fuzz/util.h
+++ b/src/test/fuzz/util.h
@@ -642,6 +642,9 @@ public:
             }
             return len;
         }
+        if (m_fuzzed_data_provider.ConsumeBool() && std::getenv("FUZZED_SOCKET_FAKE_LATENCY") != nullptr) {
+            std::this_thread::sleep_for(std::chrono::milliseconds{2});
+        }
         return random_bytes.size();
     }