examples/fuzzer/fuzzed-data-provider.cc - fuchsia - Git at Google

 // Copyright 2019 The Fuchsia Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 // A fuzzer that uses the FuzzedDataProvider library to consume fuzzing input.
 // more info:
 // https://github.com/google/fuzzing/blob/master/docs/split-inputs.md#fuzzed-data-provider
 // https://github.com/llvm/llvm-project/blob/master/compiler-rt/include/fuzzer/FuzzedDataProvider.h
 #include <stddef.h>
 #include <stdint.h>
 #include <string.h>

 #include <fuzzer/FuzzedDataProvider.h>

 // In order to consume Enums in FuzzedDataProvider, your enums need
 // an element named kMaxValue, pointing to the maximum value of the enum.
 enum Color { kRed, kBlue, kYellow, kMaxValue = kYellow };

 using bar = struct {
   uint32_t anint;
   double adouble;
   const char *str;
   Color color;
 };

 static const uint16_t kVal1Threshold = 15000;
 static const uint16_t kMinVal1 = 13000;
 static const uint16_t kMaxVal1 = 16000;
 static const uint8_t kVal2Magic = 105;
 static const uint32_t kUint32Magic = 313131;
 static const char *kMagicString = "magicstring";
 static const size_t kMaxStrLen = 20;
 static const double kDoubleThreshold = 100;

 int foo_function(uint16_t val1, uint8_t val2, bool val3, bar *val4) {
   // This code is irrelevant, just uses the values received as parameters.
   if (val4 == nullptr || val4->str == nullptr) {
     return 0;
   }
   if (val1 > kVal1Threshold && val2 == kVal2Magic && !val3 && val4->anint == kUint32Magic) {
     __builtin_trap();
   }
   if (strncmp(val4->str, kMagicString, strlen(kMagicString) + 1) == 0 &&
       val4->adouble < kDoubleThreshold) {
     __builtin_trap();
   }

   return 0;
 }

 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
   FuzzedDataProvider fuzzed_data(data, size);

   auto val1 = fuzzed_data.ConsumeIntegralInRange<uint16_t>(kMinVal1, kMaxVal1);
   auto val2 = fuzzed_data.ConsumeIntegral<uint8_t>();
   auto val3 = fuzzed_data.ConsumeBool();
   auto str = fuzzed_data.ConsumeRandomLengthString(kMaxStrLen);

   bar val4 = {.anint = fuzzed_data.ConsumeIntegral<uint32_t>(),
               .adouble = fuzzed_data.ConsumeFloatingPoint<double>(),
               .str = str.c_str(),
               .color = fuzzed_data.ConsumeEnum<Color>()};

   return foo_function(val1, val2, val3, &val4);
 }
	// Copyright 2019 The Fuchsia Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	// A fuzzer that uses the FuzzedDataProvider library to consume fuzzing input.
	// more info:
	// https://github.com/google/fuzzing/blob/master/docs/split-inputs.md#fuzzed-data-provider
	// https://github.com/llvm/llvm-project/blob/master/compiler-rt/include/fuzzer/FuzzedDataProvider.h
	#include <stddef.h>
	#include <stdint.h>
	#include <string.h>

	#include <fuzzer/FuzzedDataProvider.h>

	// In order to consume Enums in FuzzedDataProvider, your enums need
	// an element named kMaxValue, pointing to the maximum value of the enum.
	enum Color { kRed, kBlue, kYellow, kMaxValue = kYellow };

	using bar = struct {
	uint32_t anint;
	double adouble;
	const char *str;
	Color color;
	};

	static const uint16_t kVal1Threshold = 15000;
	static const uint16_t kMinVal1 = 13000;
	static const uint16_t kMaxVal1 = 16000;
	static const uint8_t kVal2Magic = 105;
	static const uint32_t kUint32Magic = 313131;
	static const char *kMagicString = "magicstring";
	static const size_t kMaxStrLen = 20;
	static const double kDoubleThreshold = 100;

	int foo_function(uint16_t val1, uint8_t val2, bool val3, bar *val4) {
	// This code is irrelevant, just uses the values received as parameters.
	if (val4 == nullptr \|\| val4->str == nullptr) {
	return 0;
	}
	if (val1 > kVal1Threshold && val2 == kVal2Magic && !val3 && val4->anint == kUint32Magic) {
	__builtin_trap();
	}
	if (strncmp(val4->str, kMagicString, strlen(kMagicString) + 1) == 0 &&
	val4->adouble < kDoubleThreshold) {
	__builtin_trap();
	}

	return 0;
	}

	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
	FuzzedDataProvider fuzzed_data(data, size);

	auto val1 = fuzzed_data.ConsumeIntegralInRange<uint16_t>(kMinVal1, kMaxVal1);
	auto val2 = fuzzed_data.ConsumeIntegral<uint8_t>();
	auto val3 = fuzzed_data.ConsumeBool();
	auto str = fuzzed_data.ConsumeRandomLengthString(kMaxStrLen);

	bar val4 = {.anint = fuzzed_data.ConsumeIntegral<uint32_t>(),
	.adouble = fuzzed_data.ConsumeFloatingPoint<double>(),
	.str = str.c_str(),
	.color = fuzzed_data.ConsumeEnum<Color>()};

	return foo_function(val1, val2, val3, &val4);
	}