From 4a9e7eeeea4bc1eaff499324d49dfc5dc3457a5d Mon Sep 17 00:00:00 2001
From: Amir Livneh <alivneh@fb.com>
Date: Wed, 8 Jan 2025 06:19:19 -0500
Subject: [PATCH] fuzz: Fuzz connection shutdown

---
 fuzz/fuzz_http3serverreq.cc | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/fuzz/fuzz_http3serverreq.cc b/fuzz/fuzz_http3serverreq.cc
index 1d1595a..0947495 100644
--- a/fuzz/fuzz_http3serverreq.cc
+++ b/fuzz/fuzz_http3serverreq.cc
@@ -298,6 +298,13 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     return 0;
   }
 
+  auto shutdown_started = false;
+
+  rv = nghttp3_conn_bind_control_stream(conn, 3);
+  if (rv != 0) {
+    goto fin;
+  }
+
   nghttp3_conn_set_max_client_streams_bidi(
     conn, fuzzed_data_provider.ConsumeIntegral<uint64_t>());
 
@@ -330,7 +337,21 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
       }
     }
 
-    if (set_stream_priorities(conn, &fuzzed_data_provider) != 0) {
+    if (!shutdown_started && fuzzed_data_provider.ConsumeBool()) {
+      if (nghttp3_conn_submit_shutdown_notice(conn) != 0) {
+        goto fin;
+      }
+    }
+
+    if (!shutdown_started && fuzzed_data_provider.ConsumeBool()) {
+      shutdown_started = true;
+
+      if (nghttp3_conn_shutdown(conn) != 0) {
+        goto fin;
+      }
+    }
+
+    if (set_stream_priorities(conn, fuzzed_data_provider) != 0) {
       goto fin;
     }