blob: a4e48a9d1fba7b57aeaaca04523070fe6f1a14a3 [file] [log] [blame]
// Copyright 2019 The Fuchsia Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <string>
#include "lib/cmdline.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
// Break input up into 2 halves, one to pass to Append(), and the second to do
// lookups.
std::string input(data, data + size / 2);
std::string lookups(data + size / 2, data + size);
// The rounding is tricky here, so this bound will need to be updated if this
// maximum changes.
static_assert(Cmdline::kCmdlineMax == 4096, "need to update early out below");
// Limit the input size, because Cmdline will intentionally panic if its limit
// exceeded. The maximum expansion happens in the case of an input string
// like: [a a a ...], which turns into [a=\0a=\0a=\0...], that is, an
// expansion by a third. Additionally, there's an extra trailing terminator
// that must fit into the buffer.
//
// Two-thirds of 4096 is 1365 1/3, so, the maximum possible number of "a " is
// 1365*2 = 2730. Each "a " turns into "a=\0", for a total of 1365*3=4095
// long. So, there's already one extra space available for the extra
// terminator due to rounding, so there's no need to subtract one more.
//
// See KernelCmdLineTest.MaximumExpansion for a unittest of this logic.
constexpr size_t kMaxInputSize = 2730;
if (input.size() > kMaxInputSize) {
return 0;
}
Cmdline c;
c.Append(input.c_str());
const char* p = lookups.c_str();
for (;;) {
c.GetString(p);
p = strchr(p, 0) + 1;
if (p >= &lookups[lookups.size()]) {
break;
}
}
return 0;
}