• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // This file is distributed under the University of Illinois Open Source
2 // License. See LICENSE.TXT for details.
3 
4 // Simple test for a fuzzer.
5 // Try to find the target using the indirect caller-callee pairs.
6 #include <cstdint>
7 #include <cstdlib>
8 #include <cstddef>
9 #include <cstring>
10 #include <iostream>
11 
12 typedef void (*F)();
13 static F t[256];
14 
f34()15 void f34() {
16   std::cerr << "BINGO\n";
17   exit(1);
18 }
f23()19 void f23() { t[(unsigned)'d'] = f34;}
f12()20 void f12() { t[(unsigned)'c'] = f23;}
f01()21 void f01() { t[(unsigned)'b'] = f12;}
f00()22 void f00() {}
23 
24 static F t0[256] = {
25   f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
26   f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
27   f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
28   f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
29   f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
30   f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
31   f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
32   f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
33   f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
34   f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
35   f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
36   f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
37   f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
38   f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
39   f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
40   f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00, f00,
41 };
42 
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)43 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
44   if (Size < 4) return 0;
45   // Spoof the counters.
46   for (int i = 0; i < 200; i++) {
47     f23();
48     f12();
49     f01();
50   }
51   memcpy(t, t0, sizeof(t));
52   t[(unsigned)'a'] = f01;
53   t[Data[0]]();
54   t[Data[1]]();
55   t[Data[2]]();
56   t[Data[3]]();
57   return 0;
58 }
59 
60