blob: 9060edbf21720b5bf26f73722a2f215f15419004 [file] [log] [blame]
// Copyright 2020 The Fuchsia Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
// A simple fuzzer that should quickly OOM.
// The code under test. Normally this would be in a separate library.
namespace {
const size_t kLeakSize = 10UL << 20; // 10 MiB
void leaker(uint8_t num) {
// Simulate a fuzzer that only leaks on a specific input
if (num != 42) {
return;
}
// Note: In addition to allocating, we must also write to the memory to ensure
// it is committed
memset(malloc(kLeakSize), 42, kLeakSize);
printf("Leaked %zu bytes\n", kLeakSize);
// RssThread in libFuzzer only checks RSS once per second, so let's not go
// so fast that we risk OOMing the system before that check happens
usleep(100e3); // 0.1 seconds
}
} // namespace
// The fuzz target function
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
if (size != 0) {
leaker(data[0]);
}
return 0;
}