fuchsia / fuchsia / 02930bf563b779128de0a25695432be8a6d0e5c2 / . / zircon / system / utest / kernel-cmdline / kernel_cmdline_fuzztest.cc

// Copyright 2019 The Fuchsia Authors. All rights reserved. | |

// Use of this source code is governed by a BSD-style license that can be | |

// found in the LICENSE file. | |

#include <string> | |

#include "lib/cmdline.h" | |

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { | |

// Break input up into 2 halves, one to pass to Append(), and the second to do | |

// lookups. | |

std::string input(data, data + size / 2); | |

std::string lookups(data + size / 2, data + size); | |

// The rounding is tricky here, so this bound will need to be updated if this | |

// maximum changes. | |

static_assert(Cmdline::kCmdlineMax == 4096, "need to update early out below"); | |

// Limit the input size, because Cmdline will intentionally panic if its limit | |

// exceeded. The maximum expansion happens in the case of an input string | |

// like: [a a a ...], which turns into [a=\0a=\0a=\0...], that is, an | |

// expansion by a third. Additionally, there's an extra trailing terminator | |

// that must fit into the buffer. | |

// | |

// Two-thirds of 4096 is 1365 1/3, so, the maximum possible number of "a " is | |

// 1365*2 = 2730. Each "a " turns into "a=\0", for a total of 1365*3=4095 | |

// long. So, there's already one extra space available for the extra | |

// terminator due to rounding, so there's no need to subtract one more. | |

// | |

// See KernelCmdLineTest.MaximumExpansion for a unittest of this logic. | |

constexpr size_t kMaxInputSize = 2730; | |

if (input.size() > kMaxInputSize) { | |

return 0; | |

} | |

Cmdline c; | |

c.Append(input.c_str()); | |

const char* p = lookups.c_str(); | |

for (;;) { | |

c.GetString(p); | |

p = strchr(p, 0) + 1; | |

if (p >= &lookups[lookups.size()]) { | |

break; | |

} | |

} | |

return 0; | |

} |